From 4341a1bd0412ff6c99d6a2a0ef8a61b595c2205e Mon Sep 17 00:00:00 2001 From: Marc Koderer Date: Wed, 7 Aug 2013 11:39:29 +0200 Subject: [PATCH 0001/2267] Add fastcgi as vhost configuration option Adds to the existing vhost modules the fastcgi module. Signed-off-by: Marc Koderer --- manifests/mod/fastcgi.pp | 4 ++++ manifests/vhost.pp | 12 +++++++++++- spec/classes/mod/fastcgi_spec.rb | 17 +++++++++++++++++ templates/vhost.conf.erb | 1 + templates/vhost/_fastcgi.erb | 19 +++++++++++++++++++ 5 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 manifests/mod/fastcgi.pp create mode 100644 spec/classes/mod/fastcgi_spec.rb create mode 100644 templates/vhost/_fastcgi.erb diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp new file mode 100644 index 0000000000..f3bfbc3a43 --- /dev/null +++ b/manifests/mod/fastcgi.pp @@ -0,0 +1,4 @@ +class apache::mod::fastcgi { + apache::mod { 'fastcgi': + package => 'libapache2-mod-fastcgi'} +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index aa77ff94f2..f3e368b98c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -109,7 +109,10 @@ $setenvif = [], $block = [], $ensure = 'present', - $custom_fragment = undef + $custom_fragment = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -269,6 +272,13 @@ } } + # Load mod_fastci if needed and not yet loaded + if $fastcgi_server and $fastcgi_socket { + if ! defined(Class['apache::mod::fastcgi']) { + include apache::mod::fastcgi + } + } + # Configure the defaultness of a vhost if $priority { $priority_real = $priority diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb new file mode 100644 index 0000000000..462201247e --- /dev/null +++ b/spec/classes/mod/fastcgi_spec.rb @@ -0,0 +1,17 @@ +describe 'apache::mod::fastcgi', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fastcgi') } + it { should contain_package("libapache2-mod-fastcgi") } + end +end diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 8a5a705d35..8e3a1bb3ba 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -40,4 +40,5 @@ <%= scope.function_template(['apache/vhost/_ssl.erb']) -%> <%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> <%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> +<%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%> diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb new file mode 100644 index 0000000000..388b3462dd --- /dev/null +++ b/templates/vhost/_fastcgi.erb @@ -0,0 +1,19 @@ +<% if @fastcgi_server -%> + + FastCgiExternalServer <%= @fastcgi_server -%> -socket <%= @fastcgi_socket -%> +<% end -%> + +<% if @fastcgi_dir -%> + + > + Options +ExecCGI + AllowOverride All + SetHandler fastcgi-script + Order allow,deny + Allow from all + AuthBasicAuthoritative Off + + + AllowEncodedSlashes On + ServerSignature Off +<% end -%> From 48fb00e52a48ebb54363546dcab14dd9c32d707d Mon Sep 17 00:00:00 2001 From: Thomas Pierson Date: Fri, 16 Aug 2013 18:06:07 +0200 Subject: [PATCH 0002/2267] Add support for the 'mod_fastcgi' apache module. --- manifests/mod/fastcgi.pp | 24 ++++++++++++++++++++++++ manifests/params.pp | 2 ++ spec/classes/mod/fastcgi_spec.rb | 29 +++++++++++++++++++++++++++++ templates/mod/fastcgi.conf.erb | 6 ++++++ 4 files changed, 61 insertions(+) create mode 100644 manifests/mod/fastcgi.pp create mode 100644 spec/classes/mod/fastcgi_spec.rb create mode 100644 templates/mod/fastcgi.conf.erb diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp new file mode 100644 index 0000000000..52d249235c --- /dev/null +++ b/manifests/mod/fastcgi.pp @@ -0,0 +1,24 @@ +class apache::mod::fastcgi { + Class['apache::mod::worker'] -> Class['apache::mod::fastcgi'] + + # Debian specifies it's fastcgi lib path, but RedHat uses the default value + # with no config file + $fastcgi_lib_path = $::osfamily ? { + 'debian' => '/var/lib/apache2/fastcgi', + default => undef, + } + + apache::mod { 'fastcgi': } + + if $fastcgi_lib_path { + file { 'fastcgi.conf': + ensure => file, + path => "${apache::mod_dir}/fastcgi.conf", + content => template('apache/mod/fastcgi.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], + } + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 110eeebd43..c4b33d805f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -53,6 +53,7 @@ $passenger_ruby = '/usr/bin/ruby' $mod_packages = { 'auth_kerb' => 'mod_auth_kerb', + 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', @@ -97,6 +98,7 @@ $passenger_ruby = '/usr/bin/ruby' $mod_packages = { 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb new file mode 100644 index 0000000000..4f4408aca6 --- /dev/null +++ b/spec/classes/mod/fastcgi_spec.rb @@ -0,0 +1,29 @@ +describe 'apache::mod::fastcgi', :type => :class do + let :pre_condition do + 'class { "apache": mpm_module => worker, }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fastcgi') } + it { should contain_package("libapache2-mod-fastcgi") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fastcgi') } + it { should contain_package("mod_fastcgi") } + end +end diff --git a/templates/mod/fastcgi.conf.erb b/templates/mod/fastcgi.conf.erb new file mode 100644 index 0000000000..d02b12f77f --- /dev/null +++ b/templates/mod/fastcgi.conf.erb @@ -0,0 +1,6 @@ +# The Fastcgi Apache module configuration file is being +# managed by Puppet and changes will be overwritten. + + AddHandler fastcgi-script .fcgi + FastCgiIpcDir <%= @fastcgi_lib_path %> + From 04e5e5bde2868a79a39ebe652768adbee76006bc Mon Sep 17 00:00:00 2001 From: Thomas Pierson Date: Mon, 19 Aug 2013 16:01:59 +0200 Subject: [PATCH 0003/2267] mod_fastcgi has no hard depend on apache::mod::worker --- manifests/mod/fastcgi.pp | 1 - spec/classes/mod/fastcgi_spec.rb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index 52d249235c..6025fbfffc 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -1,5 +1,4 @@ class apache::mod::fastcgi { - Class['apache::mod::worker'] -> Class['apache::mod::fastcgi'] # Debian specifies it's fastcgi lib path, but RedHat uses the default value # with no config file diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 4f4408aca6..707f737b6a 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -1,6 +1,6 @@ describe 'apache::mod::fastcgi', :type => :class do let :pre_condition do - 'class { "apache": mpm_module => worker, }' + 'class { "apache": }' end context "on a Debian OS" do let :facts do From ccb353ccdbba4b02ca5eca6bc0f710c141c9ad61 Mon Sep 17 00:00:00 2001 From: John Bartko Date: Sun, 8 Sep 2013 18:02:14 -0500 Subject: [PATCH 0004/2267] initial mod_authnz_ldap --- manifests/mod/authnz_ldap.pp | 12 +++++++ manifests/params.pp | 50 ++++++++++++++++-------------- templates/mod/authnz_ldap.conf.erb | 1 + 3 files changed, 39 insertions(+), 24 deletions(-) create mode 100644 manifests/mod/authnz_ldap.pp create mode 100644 templates/mod/authnz_ldap.conf.erb diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp new file mode 100644 index 0000000000..039f96ec08 --- /dev/null +++ b/manifests/mod/authnz_ldap.pp @@ -0,0 +1,12 @@ +class apache::mod::authnz_ldap( + $ldap_conf = 'apache/mod/authnz_ldap.conf.erb' +) { + apache::mod { 'authnz_ldap': } + file { 'authnz_ldap.conf': + ensure => file, + path => "${apache::mod_dir}/authnz_ldap.conf", + content => template($ldap_conf), + before => File[$apache::mod_dir], + notify => Service['httpd'], + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 7bf4a5fa33..913687eb79 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -59,22 +59,23 @@ $suphp_engine = 'off' $suphp_configpath = undef $mod_packages = { - 'auth_kerb' => 'mod_auth_kerb', - 'fcgid' => 'mod_fcgid', - 'passenger' => 'mod_passenger', - 'perl' => 'mod_perl', - 'php5' => $distrelease ? { + 'auth_kerb' => 'mod_auth_kerb', + 'authnz_ldap' => 'mod_authz_ldap', + 'fcgid' => 'mod_fcgid', + 'passenger' => 'mod_passenger', + 'perl' => 'mod_perl', + 'php5' => $distrelease ? { '5' => 'php53', default => 'php', }, - 'proxy_html' => 'mod_proxy_html', - 'python' => 'mod_python', - 'shibboleth' => 'shibboleth', - 'ssl' => 'mod_ssl', - 'wsgi' => 'mod_wsgi', - 'dav_svn' => 'mod_dav_svn', - 'suphp' => 'mod_suphp', - 'xsendfile' => 'mod_xsendfile', + 'proxy_html' => 'mod_proxy_html', + 'python' => 'mod_python', + 'shibboleth' => 'shibboleth', + 'ssl' => 'mod_ssl', + 'wsgi' => 'mod_wsgi', + 'dav_svn' => 'mod_dav_svn', + 'suphp' => 'mod_suphp', + 'xsendfile' => 'mod_xsendfile', } $mod_libs = { 'php5' => 'libphp5.so', @@ -108,17 +109,18 @@ $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $mod_packages = { - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'fcgid' => 'libapache2-mod-fcgid', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'php5' => 'libapache2-mod-php5', - 'proxy_html' => 'libapache2-mod-proxy-html', - 'python' => 'libapache2-mod-python', - 'wsgi' => 'libapache2-mod-wsgi', - 'dav_svn' => 'libapache2-svn', - 'suphp' => 'libapache2-mod-suphp', - 'xsendfile' => 'libapache2-mod-xsendfile', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'authnz_ldap' => 'libapache2-mod-authz-ldap', + 'fcgid' => 'libapache2-mod-fcgid', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'php5' => 'libapache2-mod-php5', + 'proxy_html' => 'libapache2-mod-proxy-html', + 'python' => 'libapache2-mod-python', + 'wsgi' => 'libapache2-mod-wsgi', + 'dav_svn' => 'libapache2-svn', + 'suphp' => 'libapache2-mod-suphp', + 'xsendfile' => 'libapache2-mod-xsendfile', } $mod_libs = { 'php5' => 'libphp5.so', diff --git a/templates/mod/authnz_ldap.conf.erb b/templates/mod/authnz_ldap.conf.erb new file mode 100644 index 0000000000..b95f62b7a3 --- /dev/null +++ b/templates/mod/authnz_ldap.conf.erb @@ -0,0 +1 @@ +LDAPVerifyServerCert off From 4027cdd1c246ea519631cfa3a0e4138f351e1f0c Mon Sep 17 00:00:00 2001 From: John Bartko Date: Sun, 8 Sep 2013 18:15:52 -0500 Subject: [PATCH 0005/2267] include ldap prereq --- manifests/mod/authnz_ldap.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 039f96ec08..239283deae 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,6 +1,7 @@ class apache::mod::authnz_ldap( $ldap_conf = 'apache/mod/authnz_ldap.conf.erb' ) { + include apache::mod::ldap apache::mod { 'authnz_ldap': } file { 'authnz_ldap.conf': ensure => file, From c2a7d5f2d6a18a5e3f444bf859983efeb9d1a195 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 2 Oct 2013 08:57:13 -0600 Subject: [PATCH 0006/2267] default to validate certs, add rpsec tests --- manifests/mod/authnz_ldap.pp | 23 +++++++--- spec/classes/mod/authnz_ldap_spec.rb | 65 ++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 7 deletions(-) create mode 100644 spec/classes/mod/authnz_ldap_spec.rb diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 239283deae..9533b45a0f 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,13 +1,22 @@ class apache::mod::authnz_ldap( - $ldap_conf = 'apache/mod/authnz_ldap.conf.erb' + $verifyServerCert = true, ) { include apache::mod::ldap apache::mod { 'authnz_ldap': } - file { 'authnz_ldap.conf': - ensure => file, - path => "${apache::mod_dir}/authnz_ldap.conf", - content => template($ldap_conf), - before => File[$apache::mod_dir], - notify => Service['httpd'], + + if $verifyServerCert == true { + file { 'authnz_ldap.conf': + ensure => absent, + path => "${apache::mod_dir}/authnz_ldap.conf", + notify => Service['httpd'], + } + } else { + file { 'authnz_ldap.conf': + ensure => file, + path => "${apache::mod_dir}/authnz_ldap.conf", + content => 'LDAPVerifyServerCert off', + before => File[$apache::mod_dir], + notify => Service['httpd'], + } } } diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb new file mode 100644 index 0000000000..9c52e28586 --- /dev/null +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -0,0 +1,65 @@ +describe 'apache::mod::authnz_ldap', :type => :class do + let :pre_condition do + 'include apache' + end + + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should include_class("apache::mod::ldap") } + it { should contain_apache__mod('authnz_ldap') } + + context 'default verifyServerCert' do + it { should contain_file('authnz_ldap.conf').with_ensure('absent') } + end + + context 'verifyServerCert = false' do + let(:params) { { :verifyServerCert => false } } + it { should contain_file('authnz_ldap.conf').with_content('LDAPVerifyServerCert off') } + end + + context 'verifyServerCert = wrong' do + let(:params) { { :verifyServerCert => 'wrong' } } + it 'should raise an error' do + expect { should raise_error Puppet::Error } + end + end + end #Debian + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should include_class("apache::mod::ldap") } + it { should contain_apache__mod('authnz_ldap') } + + context 'default verifyServerCert' do + it { should contain_file('authnz_ldap.conf').with_ensure('absent') } + end + + context 'verifyServerCert = false' do + let(:params) { { :verifyServerCert => false } } + it { should contain_file('authnz_ldap.conf').with_content('LDAPVerifyServerCert off') } + end + + context 'verifyServerCert = wrong' do + let(:params) { { :verifyServerCert => 'wrong' } } + it 'should raise an error' do + expect { should raise_error Puppet::Error } + end + end + end # Redhat + +end + From 568d4ee9a996435ed79e125c6a515a5f00ac69bd Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 2 Oct 2013 08:59:02 -0600 Subject: [PATCH 0007/2267] remove unuzed authnz template --- templates/mod/authnz_ldap.conf.erb | 1 - 1 file changed, 1 deletion(-) delete mode 100644 templates/mod/authnz_ldap.conf.erb diff --git a/templates/mod/authnz_ldap.conf.erb b/templates/mod/authnz_ldap.conf.erb deleted file mode 100644 index b95f62b7a3..0000000000 --- a/templates/mod/authnz_ldap.conf.erb +++ /dev/null @@ -1 +0,0 @@ -LDAPVerifyServerCert off From e34ea78fd6ebd3cfe8e52e7b2432216bc164307e Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 2 Oct 2013 10:40:30 -0600 Subject: [PATCH 0008/2267] update readme --- README.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 14705fa351..58311b0ecd 100644 --- a/README.md +++ b/README.md @@ -301,11 +301,11 @@ Allows the configuration of a trailing footer line under server-generated docume #####`manage_user` -Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error. +Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error. #####`manage_group` -Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error. +Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error. #####`package_ensure` @@ -345,6 +345,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `dir`* * `disk_cache` * `fcgid` +* `fastcgi` * `info` * `ldap` * `mime` @@ -686,6 +687,18 @@ Sends all error log messages to syslog. Defaults to 'undef'. Specifies if the vhost file is present or absent. +#####`fastcgi_server` + +Specifies the filename as an external FastCGI application. Defaults to 'undef'. + +#####`fastcgi_socket` + +Filename used to communicate with the web server. Defaults to 'undef'. + +#####`fastcgi_dir` + +Directory to enable for FastCGI. Defaults to 'undef'. + #####`ip` The IP address the vhost listens on. Defaults to 'undef'. From be3e87e88e0697370a6f08466b8b35f62509659d Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 2 Oct 2013 15:06:44 -0600 Subject: [PATCH 0009/2267] added "template uses" documentation --- manifests/mod/fastcgi.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index fd38c6daa2..28673d7bbe 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -7,6 +7,10 @@ apache::mod { 'fastcgi': } if $fastcgi_lib_path { + # Template uses: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir file { 'fastcgi.conf': ensure => file, path => "${apache::mod_dir}/fastcgi.conf", From 05080f317d0d450d8787b4330c74e0fbd2e03cc5 Mon Sep 17 00:00:00 2001 From: Juan Treminio Date: Mon, 21 Oct 2013 11:23:09 -0500 Subject: [PATCH 0010/2267] Calling apache::mod::rewrite instead of Apache::Mod class directly. Fixes redmine 22922 and github #411 --- manifests/vhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e07bdb4fe8..75873a81f2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -273,8 +273,8 @@ # Load mod_rewrite if needed and not yet loaded if $rewrite_rule { - if ! defined(Apache::Mod['rewrite']) { - apache::mod { 'rewrite': } + if ! defined(Class['apache::mod::rewrite']) { + include apache::mod::rewrite } } From f799a3127c0b663be8dcc891477521042de0a628 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 21 Oct 2013 14:21:32 -0600 Subject: [PATCH 0011/2267] document/whitespace cleanup --- manifests/vhost.pp | 4 ++++ templates/vhost/_fastcgi.erb | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 83e9cd822b..6f1422e650 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -364,6 +364,10 @@ # directories fragment: # - $passenger_enabled # - $directories (a list of key-value hashes is expected) + # fastcgi fragment: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir # proxy fragment: # - $proxy_dest # - $no_proxy_uris diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index 388b3462dd..cd9baac31f 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -2,10 +2,9 @@ FastCgiExternalServer <%= @fastcgi_server -%> -socket <%= @fastcgi_socket -%> <% end -%> - <% if @fastcgi_dir -%> - > + > Options +ExecCGI AllowOverride All SetHandler fastcgi-script From b1c92dbd64288bb685ea0abe7c5d13836c417989 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 21 Oct 2013 14:26:12 -0600 Subject: [PATCH 0012/2267] prevent newline stripping --- templates/vhost/_fastcgi.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index cd9baac31f..3bde06658f 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -1,6 +1,6 @@ <% if @fastcgi_server -%> - FastCgiExternalServer <%= @fastcgi_server -%> -socket <%= @fastcgi_socket -%> + FastCgiExternalServer <%= @fastcgi_server -%> -socket <%= @fastcgi_socket %> <% end -%> <% if @fastcgi_dir -%> From 3faa5d5196c12a77b35ee6042df9d7261b646a19 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 21 Oct 2013 15:23:30 -0600 Subject: [PATCH 0013/2267] remove newline strip --- templates/vhost/_fastcgi.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index 3bde06658f..f0ff72c6b2 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -1,10 +1,10 @@ <% if @fastcgi_server -%> - FastCgiExternalServer <%= @fastcgi_server -%> -socket <%= @fastcgi_socket %> + FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket %> <% end -%> <% if @fastcgi_dir -%> - > + > Options +ExecCGI AllowOverride All SetHandler fastcgi-script From 4d84eb52d98b5342255f667d0c906d66b77000e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 22 Oct 2013 21:40:38 +0200 Subject: [PATCH 0014/2267] document `provider` parameter for `directories` In directories we can set provider to either directory (default), files, or location to create different kinds of blocks. At the time this feature was added, we neglected to document it. This commit fixes #372 --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fcf48d2406..7ecacaf9d9 100644 --- a/README.md +++ b/README.md @@ -466,7 +466,7 @@ Sets a given `apache::vhost` as the default to serve requests that do not match #####`directories` -Passes a list of hashes to the vhost to create `...` directive blocks as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#directory). The `path` key is required in these hashes. Usage will typically look like: +Passes a list of hashes to the vhost to create `...` directive blocks as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#directory). The `path` key is required in these hashes. An optional `provider` defaults to `directory`. Usage will typically look like: ```puppet apache::vhost { 'sample.example.net': @@ -482,7 +482,18 @@ Passes a list of hashes to the vhost to create `.. *Note:* If not defined a single default `` block will be created that matches the `docroot` parameter. -The directives will be embedded within the `Directory` directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives: +`provider` can be set to any of `directory`, `files`, or `location`. If the [pathspec starts with a `~`](https://httpd.apache.org/docs/2.2/mod/core.html#files), httpd will interpret this as the equivalent of `DirectoryMatch`, `FilesMatch`, or `LocationMatch`, respectively. + +```puppet + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { path => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, + ], + } +``` + +The directives will be embedded within the `Directory` (`Files`, or `Location`) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives: ######`addhandlers` From 3d9085604c40876c6180dc8893c5ec4e3e0e6610 Mon Sep 17 00:00:00 2001 From: Justin Clayton Date: Wed, 23 Oct 2013 16:29:45 -0700 Subject: [PATCH 0015/2267] default_mods now pulls in mod_rewrite correctly --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index fc0006a09d..02d3bd156a 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -24,6 +24,7 @@ include apache::mod::mime include apache::mod::mime_magic include apache::mod::vhost_alias + include apache::mod::rewrite apache::mod { 'actions': } apache::mod { 'auth_digest': } apache::mod { 'authn_alias': } @@ -36,7 +37,6 @@ apache::mod { 'ext_filter': } apache::mod { 'include': } apache::mod { 'logio': } - apache::mod { 'rewrite': } apache::mod { 'speling': } apache::mod { 'substitute': } apache::mod { 'suexec': } From a7de8ad56f2e7236acc2399e5736bdb650a247b0 Mon Sep 17 00:00:00 2001 From: Daniel Beckham Date: Thu, 17 Oct 2013 16:15:48 -0500 Subject: [PATCH 0016/2267] Correct broken mime_magic config for Debian The location "conf/magic" in the mime_magic.conf template is RedHat specific and is broken under Debian/Ubuntu. Added a class parameter with an os agnostic default and matching template usage. Added full testing and updated `README.md` to indicated this module has settings and template parameters. --- README.md | 2 +- manifests/mod/mime_magic.pp | 6 +- spec/classes/mod/mime_magic_spec.rb | 93 +++++++++++++++++++++++++++++ templates/mod/mime_magic.conf.erb | 2 +- 4 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 spec/classes/mod/mime_magic_spec.rb diff --git a/README.md b/README.md index d78ecc9b39..32c46224a5 100644 --- a/README.md +++ b/README.md @@ -353,7 +353,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `info` * `ldap` * `mime` -* `mime_magic` +* `mime_magic`* * `mpm_event` * `negotiation` * `passenger`* diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index c0ff0a7f67..5539d20e65 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -1,6 +1,8 @@ -class apache::mod::mime_magic { +class apache::mod::mime_magic ( + $magic_file = "${apache::params::conf_dir}/magic" +) { apache::mod { 'mime_magic': } - # Template uses no variables + # Template uses $magic_file file { 'mime_magic.conf': ensure => file, path => "${apache::mod_dir}/mime_magic.conf", diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb new file mode 100644 index 0000000000..30e91ef097 --- /dev/null +++ b/spec/classes/mod/mime_magic_spec.rb @@ -0,0 +1,93 @@ +# This function is called inside the OS specific contexts +def general_mime_magic_specs + it { should contain_apache__mod("mime_magic") } +end + +describe 'apache::mod::mime_magic', :type => :class do + let :pre_condition do + 'include apache' + end + + context "On a Debian OS with default params" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + general_mime_magic_specs() + + it do + should contain_file("mime_magic.conf").with_content( + "MIMEMagicFile /etc/apache2/magic\n" + ) + end + + it { should contain_file("mime_magic.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/mime_magic.conf', + } ) } + it { should contain_file("mime_magic.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/mime_magic.conf', + } ) } + + context "with magic_file => /tmp/Debian_magic" do + let :params do + { :magic_file => "/tmp/Debian_magic" } + end + + it do + should contain_file("mime_magic.conf").with_content( + "MIMEMagicFile /tmp/Debian_magic\n" + ) + end + end + + end + + context "on a RedHat OS with default params" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + general_mime_magic_specs() + + it do + should contain_file("mime_magic.conf").with_content( + "MIMEMagicFile /etc/httpd/conf/magic\n" + ) + end + + it { should contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") } + + end + + context "with magic_file => /tmp/magic" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + let :params do + { :magic_file => "/tmp/magic" } + end + + it do + should contain_file("mime_magic.conf").with_content( + "MIMEMagicFile /tmp/magic\n" + ) + end + end + + +end diff --git a/templates/mod/mime_magic.conf.erb b/templates/mod/mime_magic.conf.erb index ee69bca4ae..4826a765c9 100644 --- a/templates/mod/mime_magic.conf.erb +++ b/templates/mod/mime_magic.conf.erb @@ -1 +1 @@ -MIMEMagicFile conf/magic +MIMEMagicFile <%= @magic_file %> From 3138a1bf88f0422b74b9b758f598471cded872c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Sat, 26 Oct 2013 16:47:09 +0200 Subject: [PATCH 0017/2267] satisfy mod_php inter-module dependencies we try to make sure that mod_php's inter-module dependencies (mod_dir and mod_mime) are satisfied before we try to implement any changes in the config that would trigger those. This fixes #408. --- manifests/mod/php.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 690cb01b91..f4e01fe3b4 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -7,6 +7,11 @@ apache::mod { 'php5': package_ensure => $package_ensure, } + + include apache::mod::mime + include apache::mod::dir + Class['apache::mod::mime'] -> Class['apache::mod::dir'] -> Class['apache::mod::php'] + file { 'php5.conf': ensure => file, path => "${apache::mod_dir}/php5.conf", From 3330e177192cdfc7a024b22ddc2b674eddf34839 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 2 Oct 2013 14:52:22 -0600 Subject: [PATCH 0018/2267] add scriptaliases parameter for multiple script aliases closes #368 --- README.md | 26 ++++++++++++++++++++++++++ manifests/vhost.pp | 4 +++- spec/defines/vhost_spec.rb | 28 ++++++++++++++++++++++++++-- templates/vhost/_scriptalias.erb | 28 ++++++++++++++++++++++++---- 4 files changed, 79 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 32c46224a5..889374797d 100644 --- a/README.md +++ b/README.md @@ -870,6 +870,32 @@ Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to spe Defines a directory of CGI scripts to be aliased to the path '/cgi-bin' +#####`scriptaliases` + +Takes an array hashes with the keys containing the alias and path. For example: + +Usage will typically look like: + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + scriptaliases => [ + { + alias => '/myscript/', + path => '/usr/share/myscript', + }, + { + alias => '/oldscript/', + path => '/usr/share/myscript', + }, + { + alias => '/neatscript/', + path => '/usr/share/neatscript', + }, + ] + } +``` + #####`serveradmin` Specifies the email address Apache will display when it renders one of its error pages. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f249b5ada3..f50e88852e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -103,6 +103,7 @@ $error_log_syslog = undef, $fallbackresource = undef, $scriptalias = undef, + $scriptaliases = [], $proxy_dest = undef, $proxy_pass = undef, $sslproxyengine = false, @@ -282,7 +283,7 @@ } # Load mod_alias if needed and not yet loaded - if $scriptalias or ($redirect_source and $redirect_dest) { + if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { if ! defined(Class['apache::mod::alias']) { include apache::mod::alias } @@ -387,6 +388,7 @@ # - $rewrite_cond # scriptalias fragment: # - $scriptalias + # - $scriptaliases # - $ssl # serveralias fragment: # - $serveraliases diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 27de85c5ba..cc56f93342 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -198,10 +198,34 @@ :notmatch => /ErrorLog.+$/, }, { - :title => 'should accept scriptaliases', + :title => 'should accept a scriptalias', :attr => 'scriptalias', :value => '/usr/scripts', - :match => ' ScriptAlias /cgi-bin/ "/usr/scripts/"', + :match => [ + ' ScriptAlias /cgi-bin/ "/usr/scripts/"', + ' ', + ], + }, + { + :title => 'should accept a single scriptaliases', + :attr => 'scriptaliases', + :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, + :match => [ + ' ScriptAlias /blah/ "/usr/scripts/"', + ' ', + ], + :nomatch => /ScriptAlias \/cgi\-bin\// + }, + { + :title => 'should accept multiple scriptaliases', + :attr => 'scriptaliases', + :value => [ { 'alias' => '/blah/', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts' } ], + :match => [ + ' ScriptAlias /blah/ "/usr/scripts/"', + ' ScriptAlias /blah2/ "/usr/scripts/"', + ' ', + ], + :nomatch => /ScriptAlias \/cgi\-bin\// }, { :title => 'should accept proxy destinations', diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index 0262055f37..098d495dd2 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -1,8 +1,26 @@ -<% if @scriptalias -%> - +<% if @scriptaliases.is_a?(Array) -%> +<% aliases = @scriptaliases -%> +<% elsif @scriptaliases.is_a?(Hash) -%> +<% aliases = [@scriptaliases] -%> +<% else -%> +<% # Nothing to do with any other data type -%> +<% aliases = [] -%> +<% end -%> +<% if @scriptalias or !aliases.empty? -%> +<%# Combine scriptalais and scriptaliases into a single data structure -%> +<%# for backward compatibility and ease of implementation -%> +<% aliases << { 'alias' => '/cgi-bin/', 'path' => @scriptalias } if @scriptalias -%> +<% aliases.flatten.compact! %> +<%# Multiple paths could be provided for the same directory, make sure we only -%> +<%# add a single entry per path -%> +<% dirs = aliases.map { |h| h['path'] }.uniq.compact -%> +<% aliases.each do |salias| -%> ## Script alias directives - ScriptAlias /cgi-bin/ "<%= @scriptalias %>/" - "> + ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>/" +<% end -%> + +<% dirs.sort.each do |dir| -%> + "> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny @@ -12,3 +30,5 @@ <% end -%> <% end -%> + +<% end -%> From 5048acd2f182d5763dd07686d395f05a11be6927 Mon Sep 17 00:00:00 2001 From: Juan Treminio Date: Mon, 28 Oct 2013 16:32:52 -0500 Subject: [PATCH 0019/2267] Checked that Package declaration has not been defined yet. Fixes #424 --- manifests/mod.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index f8f564dc9c..25ac9fa6f6 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -31,7 +31,7 @@ } elsif "${mod_package}" { $package_REAL = $mod_package } - if $package_REAL { + if $package_REAL and ! defined(Package[$package_REAL]) { # $package_REAL may be an array package { $package_REAL: ensure => $package_ensure, From 40a2241cebfdc34e8f079202c107d7eae969e939 Mon Sep 17 00:00:00 2001 From: Terri Haber Date: Wed, 30 Oct 2013 16:38:15 -0700 Subject: [PATCH 0020/2267] fixing php test --- tests/php.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/php.pp b/tests/php.pp index 618e0ebd2d..1d926bfb46 100644 --- a/tests/php.pp +++ b/tests/php.pp @@ -1 +1,4 @@ -include apache::php +class { 'apache': + mpm_module => 'prefork', +} +include apache::mod::php From f327c63bfa5175dd19579f4b9e74886934c03511 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 4 Nov 2013 14:29:12 -0700 Subject: [PATCH 0021/2267] allow allow_from to be set for mod_status --- manifests/mod/status.pp | 4 +++- spec/classes/mod/status_spec.rb | 40 +++++++++++++++++++++++++++++++++ templates/mod/status.conf.erb | 2 +- 3 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 spec/classes/mod/status_spec.rb diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 084d84eeac..f9f63f56fc 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -1,4 +1,6 @@ -class apache::mod::status { +class apache::mod::status ( + $allow_from = ['127.0.0.1','::1'], +){ apache::mod { 'status': } # Template uses no variables file { 'status.conf': diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb new file mode 100644 index 0000000000..1a475d3530 --- /dev/null +++ b/spec/classes/mod/status_spec.rb @@ -0,0 +1,40 @@ +require 'spec_helper' + +describe 'apache::mod::status', :type => :class do + let :pre_condition do + 'include apache' + end + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + it { should contain_apache__mod('status') } + + context 'default' do + it { should contain_file('status.conf').with_content(/Allow from 127\.0\.0\.1 ::1/) } + end + + context 'custom allow_from (string)' do + let :params do + { + :allow_from => '1.2.3.4' + } + end + it { should contain_file('status.conf').with_content(/Allow from 1\.2\.3\.4/) } + end + + context 'custom allow_from (array)' do + let :params do + { + :allow_from => [ '1.2.3.4', '2.3.4.5' ] + } + end + it { should contain_file('status.conf').with_content(/Allow from 1\.2\.3\.4 2\.3\.4\.5/) } + end + +end diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index b29324ee99..ad88279330 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -2,7 +2,7 @@ SetHandler server-status Order deny,allow Deny from all - Allow from 127.0.0.1 ::1 + Allow from <%= Array(@allow_from).join(" ") %> ExtendedStatus On From 8493febdc4a65737456ca9bc21f543bb51ec1a5e Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 4 Nov 2013 14:51:41 -0700 Subject: [PATCH 0022/2267] ensure default vhost config files are removed when false --- manifests/init.pp | 47 ++++++++++++++++++++++--------------- spec/classes/apache_spec.rb | 27 +++++++++++++++++++++ 2 files changed, 55 insertions(+), 19 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3d7f368bab..560c0d9606 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ } validate_bool($default_vhost) + validate_bool($default_ssl_vhost) # true/false is sufficient for both ensure and enable validate_bool($service_enable) if $mpm_module { @@ -247,26 +248,34 @@ if $mpm_module { class { "apache::mod::${mpm_module}": } } - if $default_vhost { - apache::vhost { 'default': - port => 80, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => $access_log_file, - priority => '15', - } + + $default_vhost_ensure = $default_vhost ? { + true => 'present', + false => 'absent' } - if $default_ssl_vhost { - apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - priority => '15', - } + $default_ssl_vhost_ensure = $default_ssl_vhost ? { + true => 'present', + false => 'absent' + } + + apache::vhost { 'default': + ensure => $default_vhost_ensure, + port => 80, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => $access_log_file, + priority => '15', + } + apache::vhost { 'default-ssl': + ensure => $default_ssl_vhost_ensure, + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + priority => '15', } } } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 51218cfd1b..1dd0ba1808 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -356,4 +356,31 @@ end end end + context 'on all OSes' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context 'default vhost defaults' do + it { should contain_apache__vhost('default').with_ensure('present') } + it { should contain_apache__vhost('default-ssl').with_ensure('absent') } + end + context 'without default non-ssl vhost' do + let :params do { + :default_vhost => false + } + end + it { should contain_apache__vhost('default').with_ensure('absent') } + end + context 'with default ssl vhost' do + let :params do { + :default_ssl_vhost => true + } + end + it { should contain_apache__vhost('default').with_ensure('present') } + end + end end From b87ce2d598e729729a5ef4f7b5c88230f9ba7b07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Mon, 4 Nov 2013 22:58:28 +0100 Subject: [PATCH 0023/2267] add $root_group parameter --- manifests/init.pp | 2 +- manifests/mod.pp | 6 +++--- manifests/mod/itk.pp | 2 +- manifests/mod/prefork.pp | 2 +- manifests/mod/worker.pp | 2 +- manifests/params.pp | 2 ++ manifests/vhost.pp | 6 +++--- 7 files changed, 12 insertions(+), 10 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3d7f368bab..74f3ceec1a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -177,7 +177,7 @@ concat { $ports_file: owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', notify => Class['Apache::Service'], require => Package['httpd'], diff --git a/manifests/mod.pp b/manifests/mod.pp index f8f564dc9c..7494d90c01 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -44,7 +44,7 @@ ensure => file, path => "${mod_dir}/${mod}.load", owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', content => "LoadModule ${mod}_module ${lib_path}/${lib_REAL}\n", require => [ @@ -62,7 +62,7 @@ path => "${enable_dir}/${mod}.load", target => "${mod_dir}/${mod}.load", owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', require => [ File["${mod}.load"], @@ -80,7 +80,7 @@ path => "${enable_dir}/${mod}.conf", target => "${mod_dir}/${mod}.conf", owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', require => [ File["${mod}.conf"], diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index ba61bd9001..a2f4b5c707 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -14,7 +14,7 @@ } File { owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 5c6a7def97..d9cc2b6b3c 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -14,7 +14,7 @@ } File { owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 3966ed23d5..77c244264f 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -15,7 +15,7 @@ } File { owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', } diff --git a/manifests/params.pp b/manifests/params.pp index 2827e5baf1..07380e5355 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -35,6 +35,7 @@ if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' + $root_group = 'root' $apache_name = 'httpd' $httpd_dir = '/etc/httpd' $conf_dir = "${httpd_dir}/conf" @@ -85,6 +86,7 @@ } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' + $root_group = 'root' $apache_name = 'apache2' $httpd_dir = '/etc/apache2' $conf_dir = $httpd_dir diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f50e88852e..7ed0744ffe 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -65,7 +65,7 @@ $ip_based = false, $add_listen = true, $docroot_owner = 'root', - $docroot_group = 'root', + $docroot_group = $apache::params::root_group, $serveradmin = false, $ssl = false, $ssl_cert = $apache::default_ssl_cert, @@ -420,7 +420,7 @@ path => "${apache::vhost_dir}/${priority_real}-${filename}.conf", content => template('apache/vhost.conf.erb'), owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', require => [ Package['httpd'], @@ -440,7 +440,7 @@ path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", target => "${apache::vhost_dir}/${priority_real}-${filename}.conf", owner => 'root', - group => 'root', + group => $apache::params::root_group, mode => '0644', require => File["${priority_real}-${filename}.conf"], notify => Service['httpd'], From d9b67b1a800cffc9225f454fbe252143b8e991a9 Mon Sep 17 00:00:00 2001 From: Ken Geis Date: Mon, 4 Nov 2013 14:59:31 -0800 Subject: [PATCH 0024/2267] According to Apache docs http://httpd.apache.org/docs/current/mod/core.html#allowoverride "AllowOverride is valid only in sections specified without regular expressions, not in , or sections." --- templates/vhost/_directories.erb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 9f98c9c977..ab6c09fce4 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -15,10 +15,12 @@ <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> - <%- if directory['allow_override'] -%> + <%- if directory['provider'] == 'directory' %> + <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> - <%- else -%> + <%- else -%> AllowOverride None + <%- end -%> <%- end -%> <%- if directory['order'] and directory['order'] != '' -%> Order <%= Array(directory['order']).join(',') %> From 4df57e598302297f74feade60964ca1336a2f5ff Mon Sep 17 00:00:00 2001 From: Ken Geis Date: Mon, 4 Nov 2013 15:10:33 -0800 Subject: [PATCH 0025/2267] provider is capitalized --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index ab6c09fce4..8d6ef68615 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -15,7 +15,7 @@ <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> - <%- if directory['provider'] == 'directory' %> + <%- if directory['provider'] == 'Directory' %> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> <%- else -%> From 1444797c274882c079a91e8e46ee155522d9511c Mon Sep 17 00:00:00 2001 From: Stan Borbat Date: Wed, 6 Nov 2013 22:03:58 -0500 Subject: [PATCH 0026/2267] Fixed a typo. The directory provider should be lower case to match the manifests. --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 8d6ef68615..ab6c09fce4 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -15,7 +15,7 @@ <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> - <%- if directory['provider'] == 'Directory' %> + <%- if directory['provider'] == 'directory' %> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> <%- else -%> From 7899e8f52e73b0716ccd0f38edba0e47836f31af Mon Sep 17 00:00:00 2001 From: Maarten van Schaik Date: Fri, 25 Oct 2013 16:20:06 +0200 Subject: [PATCH 0027/2267] Remove AllowOverride header for non-directories When adding a dir with a different provider than directory (e.g. files, or location), the AllowOverride header still added. This causes a warning in apache. --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 8d6ef68615..6625c0f068 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -18,7 +18,7 @@ <%- if directory['provider'] == 'Directory' %> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> - <%- else -%> + <%- elsif provider == 'Directory' -%> AllowOverride None <%- end -%> <%- end -%> From bf316539a94a8c3a34a492bdf34bd07cdcfc3be6 Mon Sep 17 00:00:00 2001 From: Maarten Date: Sun, 27 Oct 2013 11:57:39 +0000 Subject: [PATCH 0028/2267] Add unit tests --- spec/defines/vhost_spec.rb | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index cc56f93342..988b7f1f07 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -447,6 +447,36 @@ ' ', ], }, + { + :title => 'should accept location for provider', + :attr => 'directories', + :value => { + 'path' => '/', + 'provider' => 'location', + }, + :notmatch => ' AllowOverride None', + :match => [ + ' ', + ' Order allow,deny', + ' Allow from all', + ' ', + ], + }, + { + :title => 'should accept files for provider', + :attr => 'directories', + :value => { + 'path' => 'index.html', + 'provider' => 'files', + }, + :notmatch => ' AllowOverride None', + :match => [ + ' ', + ' Order allow,deny', + ' Allow from all', + ' ', + ], + }, { :title => 'should contain virtual_docroot', :attr => 'virtual_docroot', From 88d35a8777af2cfdbec71c9b8f73bc91d8b960bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Mon, 4 Nov 2013 23:15:02 +0100 Subject: [PATCH 0029/2267] added $service_name parameter --- README.md | 4 ++++ manifests/init.pp | 2 ++ manifests/params.pp | 2 ++ manifests/service.pp | 7 ++++++- spec/classes/service_spec.rb | 15 +++++++++++++++ 5 files changed, 29 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 889374797d..a184af71e6 100644 --- a/README.md +++ b/README.md @@ -227,6 +227,10 @@ The default certificate revocation list path, which is automatically set to 'und The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +#####`service_name` + +Name of apache service to run. Defaults to: `'httpd'` on RedHat and `'apache2'` on Debian. + #####`service_enable` Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'. diff --git a/manifests/init.pp b/manifests/init.pp index edadadf9ad..87deb3e5a8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,6 +13,7 @@ # Sample Usage: # class apache ( + $service_name = $apache::params::service_name, $default_mods = true, $default_vhost = true, $default_ssl_vhost = false, @@ -86,6 +87,7 @@ } class { 'apache::service': + service_name => $service_name, service_enable => $service_enable, service_ensure => $service_ensure, } diff --git a/manifests/params.pp b/manifests/params.pp index 07380e5355..bef2acc5ce 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -37,6 +37,7 @@ $group = 'apache' $root_group = 'root' $apache_name = 'httpd' + $service_name = 'httpd' $httpd_dir = '/etc/httpd' $conf_dir = "${httpd_dir}/conf" $confd_dir = "${httpd_dir}/conf.d" @@ -88,6 +89,7 @@ $group = 'www-data' $root_group = 'root' $apache_name = 'apache2' + $service_name = 'apache2' $httpd_dir = '/etc/apache2' $conf_dir = $httpd_dir $confd_dir = "${httpd_dir}/conf.d" diff --git a/manifests/service.pp b/manifests/service.pp index c95d3ca484..82a0b8ca61 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -17,14 +17,19 @@ # # class apache::service ( + $service_name = $apache::params::service_name, $service_enable = true, $service_ensure = 'running', ) { + # The base class must be included first because parameter defaults depend on it + if ! defined(Class['apache::params']) { + fail('You must include the apache::params class before using any apache defined resources') + } validate_bool($service_enable) service { 'httpd': ensure => $service_ensure, - name => $apache::apache_name, + name => $service_name, enable => $service_enable, } } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 037790eab1..836ac27b79 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -1,6 +1,9 @@ require 'spec_helper' describe 'apache::service', :type => :class do + let :pre_condition do + 'include apache::params' + end context "on a Debian OS" do let :facts do { @@ -10,14 +13,24 @@ } end it { should contain_service("httpd").with( + 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' ) } + context "with $service_name => 'foo'" do + let (:params) {{ :service_name => 'foo' }} + it { should contain_service("httpd").with( + 'name' => 'foo' + ) + } + end + context "with $service_enable => true" do let (:params) {{ :service_enable => true }} it { should contain_service("httpd").with( + 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' ) @@ -27,6 +40,7 @@ context "with $service_enable => false" do let (:params) {{ :service_enable => false }} it { should contain_service("httpd").with( + 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'false' ) @@ -70,6 +84,7 @@ } end it { should contain_service("httpd").with( + 'name' => 'httpd', 'ensure' => 'running', 'enable' => 'true' ) From f61deb70ace4f1c6f11fd657a0ef85278750d102 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Mon, 4 Nov 2013 23:52:41 +0100 Subject: [PATCH 0030/2267] added peruser and event mpms --- manifests/mod/event.pp | 54 +++++++++++++++++++++++ manifests/mod/itk.pp | 6 +++ manifests/mod/peruser.pp | 73 ++++++++++++++++++++++++++++++++ manifests/mod/prefork.pp | 10 ++++- manifests/mod/worker.pp | 11 +++++ spec/classes/apache_spec.rb | 6 +++ spec/classes/mod/event_spec.rb | 6 +++ spec/classes/mod/peruser_spec.rb | 6 +++ templates/mod/event.conf.erb | 9 ++++ templates/mod/peruser.conf.erb | 12 ++++++ 10 files changed, 191 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/event.pp create mode 100644 manifests/mod/peruser.pp create mode 100644 spec/classes/mod/event_spec.rb create mode 100644 spec/classes/mod/peruser_spec.rb create mode 100644 templates/mod/event.conf.erb create mode 100644 templates/mod/peruser.conf.erb diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp new file mode 100644 index 0000000000..473f7c24cd --- /dev/null +++ b/manifests/mod/event.pp @@ -0,0 +1,54 @@ +class apache::mod::event ( + $startservers = '2', + $maxclients = '150', + $minsparethreads = '25', + $maxsparethreads = '75', + $threadsperchild = '25', + $maxrequestsperchild = '0', + $serverlimit = '25', +) { + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::event and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::peruser']) { + fail('May not include both apache::mod::event and apache::mod::peruser on the same node') + } + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::event and apache::mod::prefork on the same node') + } + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::event and apache::mod::worker on the same node') + } + File { + owner => 'root', + group => $apache::params::root_group, + mode => '0644', + } + + # Template uses: + # - $startservers + # - $maxclients + # - $minsparethreads + # - $maxsparethreads + # - $threadsperchild + # - $maxrequestsperchild + # - $serverlimit + file { "${apache::mod_dir}/event.conf": + ensure => file, + content => template('apache/mod/event.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], + } + + case $::osfamily { + 'freebsd' : { + class { 'apache::package': + mpm_module => 'event' + } + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } +} diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index a2f4b5c707..8abbb1c18a 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -6,6 +6,12 @@ $maxclients = '256', $maxrequestsperchild = '4000', ) { + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::itk and apache::mod::event on the same node') + } + if defined(Class['apache::mod::peruser']) { + fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') + } if defined(Class['apache::mod::prefork']) { fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp new file mode 100644 index 0000000000..fafeff23a9 --- /dev/null +++ b/manifests/mod/peruser.pp @@ -0,0 +1,73 @@ +class apache::mod::peruser ( + $minspareprocessors = '2', + $minprocessors = '2', + $maxprocessors = '10', + $maxclients = '150', + $maxrequestsperchild = '1000', + $idletimeout = '120', + $expiretimeout = '120', + $keepalive = 'Off', +) { + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::peruser and apache::mod::event on the same node') + } + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') + } + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') + } + File { + owner => 'root', + group => $apache::params::root_group, + mode => '0644', + } + + $mod_dir = $apache::mod_dir + + # Template uses: + # - $minspareprocessors + # - $minprocessors + # - $maxprocessors + # - $maxclients + # - $maxrequestsperchild + # - $idletimeout + # - $expiretimeout + # - $keepalive + # - $mod_dir + file { "${apache::mod_dir}/peruser.conf": + ensure => file, + content => template('apache/mod/peruser.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], + } + file { "${apache::mod_dir}/peruser": + ensure => directory, + require => File[$apache::mod_dir], + } + file { "${apache::mod_dir}/peruser/multiplexers": + ensure => directory, + require => File["${apache::mod_dir}/peruser"], + } + file { "${apache::mod_dir}/peruser/processors": + ensure => directory, + require => File["${apache::mod_dir}/peruser"], + } + + apache::peruser::multiplexer { '01-default': } + + case $::osfamily { + 'freebsd' : { + class { 'apache::package': + mpm_module => 'peruser' + } + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } +} diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index d9cc2b6b3c..91f0f1c30b 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -6,11 +6,17 @@ $maxclients = '256', $maxrequestsperchild = '4000', ) { + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::prefork and apache::mod::event on the same node') + } if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::peruser']) { + fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node') } if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::worker and apache::mod::prefork on the same node') + fail('May not include both apache::mod::prefork and apache::mod::worker on the same node') } File { owner => 'root', diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 77c244264f..272891176c 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -7,9 +7,15 @@ $maxrequestsperchild = '0', $serverlimit = '25', ) { + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::worker and apache::mod::event on the same node') + } if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::worker and apache::mod::itk on the same node') } + if defined(Class['apache::mod::peruser']) { + fail('May not include both apache::mod::worker and apache::mod::peruser on the same node') + } if defined(Class['apache::mod::prefork']) { fail('May not include both apache::mod::worker and apache::mod::prefork on the same node') } @@ -57,6 +63,11 @@ ensure => present, } } + 'freebsd' : { + class { 'apache::package': + mpm_module => 'worker' + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 1dd0ba1808..919b4ec0c5 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -239,7 +239,9 @@ { :mpm_module => false } end it 'should not declare mpm modules' do + should_not contain_class('apache::mod::event') should_not contain_class('apache::mod::itk') + should_not contain_class('apache::mod::peruser') should_not contain_class('apache::mod::prefork') should_not contain_class('apache::mod::worker') end @@ -249,7 +251,9 @@ { :mpm_module => 'prefork' } end it { should contain_class('apache::mod::prefork') } + it { should_not contain_class('apache::mod::event') } it { should_not contain_class('apache::mod::itk') } + it { should_not contain_class('apache::mod::peruser') } it { should_not contain_class('apache::mod::worker') } end context "when declaring mpm_module => worker" do @@ -257,7 +261,9 @@ { :mpm_module => 'worker' } end it { should contain_class('apache::mod::worker') } + it { should_not contain_class('apache::mod::event') } it { should_not contain_class('apache::mod::itk') } + it { should_not contain_class('apache::mod::peruser') } it { should_not contain_class('apache::mod::prefork') } end context "when declaring mpm_module => breakme" do diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb new file mode 100644 index 0000000000..75c0e70b4c --- /dev/null +++ b/spec/classes/mod/event_spec.rb @@ -0,0 +1,6 @@ +describe 'apache::mod::event', :type => :class do + let :pre_condition do + 'class { "apache": mpm_module => false, }' + end + # TBD +end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb new file mode 100644 index 0000000000..370d0fd2ba --- /dev/null +++ b/spec/classes/mod/peruser_spec.rb @@ -0,0 +1,6 @@ +describe 'apache::mod::peruser', :type => :class do + let :pre_condition do + 'class { "apache": mpm_module => false, }' + end + # TBD +end diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb new file mode 100644 index 0000000000..40099543d5 --- /dev/null +++ b/templates/mod/event.conf.erb @@ -0,0 +1,9 @@ + + ServerLimit <%= @serverlimit %> + StartServers <%= @startservers %> + MaxClients <%= @maxclients %> + MinSpareThreads <%= @minsparethreads %> + MaxSpareThreads <%= @maxsparethreads %> + ThreadsPerChild <%= @threadsperchild %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + diff --git a/templates/mod/peruser.conf.erb b/templates/mod/peruser.conf.erb new file mode 100644 index 0000000000..8f44c72b0b --- /dev/null +++ b/templates/mod/peruser.conf.erb @@ -0,0 +1,12 @@ + + MinSpareProcessors <%= @minspareprocessors %> + MinProcessors <%= @minprocessors %> + MaxProcessors <%= @maxprocessors %> + MaxClients <%= @maxclients %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + IdleTimeout <%= @idletimeout %> + ExpireTimeout <%= @expiretimeout %> + KeepAlive <%= @keepalive %> + Include <%= @mod_dir %>/peruser/multiplexers/*.conf + Include <%= @mod_dir %>/peruser/processors/*.conf + From 7aaa9000cde67356e60a996792eddbb098c7bc60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Thu, 7 Nov 2013 11:05:32 +0100 Subject: [PATCH 0031/2267] Workaround for apxs-loaded modules On some OSes (FreeBSD) apxs tool is used to put LoadModule directives into httpd.conf during apache package (and apache modules) insallation/reinstallation. The apxs expects some LoadModule directives to be already present in httpd.conf (they may be commented-out) in order to decide where to put its own directives. This PR puts fake LoadModule directive (commented out) to httpd.conf. The $apxs_workaround boolean parameter in apache class decides, whether to use this workaround or not. This is used on FreeBSD, where apxs is used by ports package provider (and perhaps all other). Without this, the apache installation/reinstallation/deinstallation as well as installation of additional modules would fail. This PR was created in order to split #342 into smaller parts to make review process easier, see https://github.com/puppetlabs/puppetlabs-apache/pull/342#issuecomment-25423813 --- manifests/init.pp | 7 +++++++ templates/httpd.conf.erb | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index edadadf9ad..9da86c22fe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -210,6 +210,12 @@ fail("Unsupported osfamily ${::osfamily}") } } + + $apxs_workaround = $::osfamily ? { + 'freebsd' => true, + default => false + } + # Template uses: # - $httpd_dir # - $pidfile @@ -224,6 +230,7 @@ # - $vhost_dir # - $error_documents # - $error_documents_path + # - $apxs_workaround # - $keepalive # - $keepalive_timeout file { "${apache::params::conf_dir}/${apache::params::conf_file}": diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 0345f1cf4c..5f04b8a592 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -33,6 +33,14 @@ LogLevel warn EnableSendfile <%= @sendfile %> #Listen 80 + +<% if @apxs_workaround -%> +# Workaround: without this hack apxs would be confused about where to put +# LoadModule directives and fail entire procedure of apache package +# installation/reinstallation. This problem was observed on FreeBSD (apache22). +#LoadModule fake_module libexec/apache22/mod_fake.so +<% end -%> + Include <%= @mod_load_dir %>/*.load <% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> Include <%= @mod_load_dir %>/*.conf From 6811d92c86cd9c66278dab463e67e6cf0b6a61f7 Mon Sep 17 00:00:00 2001 From: Martin Hellmich Date: Tue, 27 Aug 2013 12:04:15 +0200 Subject: [PATCH 0032/2267] allow to choose the mpm_event mod from the init.pp added a mod/event.pp manifest and edited the spec test of the prefork/worker/event modules. --- manifests/init.pp | 2 +- manifests/mod/mpm_event.pp | 11 ----------- spec/system/prefork_worker_spec.rb | 25 +++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 12 deletions(-) delete mode 100644 manifests/mod/mpm_event.pp diff --git a/manifests/init.pp b/manifests/init.pp index 43b7e15d90..af8f87c325 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -64,7 +64,7 @@ # true/false is sufficient for both ensure and enable validate_bool($service_enable) if $mpm_module { - validate_re($mpm_module, '(prefork|worker|itk)') + validate_re($mpm_module, '(prefork|worker|itk|event)') } validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) diff --git a/manifests/mod/mpm_event.pp b/manifests/mod/mpm_event.pp deleted file mode 100644 index 92e558e17f..0000000000 --- a/manifests/mod/mpm_event.pp +++ /dev/null @@ -1,11 +0,0 @@ -class apache::mod::mpm_event { - # Template uses no variables - file { 'mpm_event.conf': - ensure => file, - path => "${apache::mod_dir}/mpm_event.conf", - content => template('apache/mod/mpm_event.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], - notify => Service['httpd'], - } -} diff --git a/spec/system/prefork_worker_spec.rb b/spec/system/prefork_worker_spec.rb index 69e87532d9..d7715737d3 100644 --- a/spec/system/prefork_worker_spec.rb +++ b/spec/system/prefork_worker_spec.rb @@ -9,6 +9,31 @@ raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" end +describe 'apache::mod::event class' do + describe 'running puppet code' do + # Using puppet_apply as a helper + it 'should work with no errors' do + pp = <<-EOS + class { 'apache': + mpm_module => 'event', + } + EOS + + # Run it twice and test for idempotency + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + r.refresh + r.exit_code.should be_zero + end + end + end + + describe service(servicename) do + it { should be_running } + it { should be_enabled } + end +end + describe 'apache::mod::worker class' do describe 'running puppet code' do # Using puppet_apply as a helper From 447c36106f5d2bc35c188147304af54729b6d4c6 Mon Sep 17 00:00:00 2001 From: Jonathan Underwood Date: Tue, 29 Oct 2013 18:45:33 +0000 Subject: [PATCH 0033/2267] Add initial support for nss module (no directives in vhost template yet) --- README.md | 1 + manifests/mod/nss.pp | 25 ++++ manifests/params.pp | 3 + templates/mod/nss.conf.erb | 228 +++++++++++++++++++++++++++++++++++++ 4 files changed, 257 insertions(+) create mode 100644 manifests/mod/nss.pp create mode 100644 templates/mod/nss.conf.erb diff --git a/README.md b/README.md index a184af71e6..fa4dfbd21d 100644 --- a/README.md +++ b/README.md @@ -360,6 +360,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `mime_magic`* * `mpm_event` * `negotiation` +* `nss`* * `passenger`* * `perl` * `php` (requires [`mpm_module`](#mpm_module) set to `prefork`) diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp new file mode 100644 index 0000000000..d96c11e9bd --- /dev/null +++ b/manifests/mod/nss.pp @@ -0,0 +1,25 @@ +class apache::mod::nss ( + $transfer_log = "${::apache::params::logroot}/access.log", + $error_log = "${::apache::params::logroot}/error.log", + $passwd_file = undef + ) { + include apache::mod::mime + + apache::mod { 'nss': } + + $httpd_dir = $apache::httpd_dir + + # Template uses: + # $transfer_log + # $error_log + # $http_dir + # passwd_file + file { 'nss.conf': + ensure => file, + path => "${apache::mod_dir}/nss.conf", + content => template('apache/mod/nss.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], + } +} diff --git a/manifests/params.pp b/manifests/params.pp index bef2acc5ce..22728aa7cd 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -76,9 +76,11 @@ 'dav_svn' => 'mod_dav_svn', 'suphp' => 'mod_suphp', 'xsendfile' => 'mod_xsendfile', + 'nss' => 'mod_nss', } $mod_libs = { 'php5' => 'libphp5.so', + 'nss' => 'libmodnss.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -125,6 +127,7 @@ 'dav_svn' => 'libapache2-svn', 'suphp' => 'libapache2-mod-suphp', 'xsendfile' => 'libapache2-mod-xsendfile', + 'nss' => 'libapache2-mod-nss', } $mod_libs = { 'php5' => 'libphp5.so', diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb new file mode 100644 index 0000000000..8fd538b761 --- /dev/null +++ b/templates/mod/nss.conf.erb @@ -0,0 +1,228 @@ +# +# This is the Apache server configuration file providing SSL support using. +# the mod_nss plugin. It contains the configuration directives to instruct +# the server how to serve pages over an https connection. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +#LoadModule nss_module modules/libmodnss.so + +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443" +# +Listen 8443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +<% if @passwd_file -%> +NSSPassPhraseDialog file:<%= @passwd_file %> +<% else -%> +NSSPassPhraseDialog builtin +<% end -%> + +# Pass Phrase Helper: +# This helper program stores the token password pins between +# restarts of Apache. +NSSPassPhraseHelper /usr/sbin/nss_pcache + +# Configure the SSL Session Cache. +# NSSSessionCacheSize is the number of entries in the cache. +# NSSSessionCacheTimeout is the SSL2 session timeout (in seconds). +# NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds). +NSSSessionCacheSize 10000 +NSSSessionCacheTimeout 100 +NSSSession3CacheTimeout 86400 + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. Those platforms usually also provide a non-blocking +# device, /dev/urandom, which may be used instead. +# +# This does not support seeding the RNG with each connection. + +NSSRandomSeed startup builtin +#NSSRandomSeed startup file:/dev/random 512 +#NSSRandomSeed startup file:/dev/urandom 512 + +# +# TLS Negotiation configuration under RFC 5746 +# +# Only renegotiate if the peer's hello bears the TLS renegotiation_info +# extension. Default off. +NSSRenegotiation off + +# Peer must send Signaling Cipher Suite Value (SCSV) or +# Renegotiation Info (RI) extension in ALL handshakes. Default: off +NSSRequireSafeNegotiation off + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host +#DocumentRoot "/etc/httpd/htdocs" +#ServerName www.example.com:8443 +#ServerAdmin you@example.com + +# mod_nss can log to separate log files, you can choose to do that if you'd like +# LogLevel is not inherited from httpd.conf. +ErrorLog <%= @error_log %> +TransferLog <%= @transfer_log %> +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +NSSEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_nss documentation for a complete list. + +# SSL 3 ciphers. SSL 2 is disabled by default. +NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + +# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. +# +# Comment out the NSSCipherSuite line above and use the one below if you have +# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography +#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha + +# SSL Protocol: +# Cryptographic protocols that provide communication security. +# NSS handles the specified protocols as "ranges", and automatically +# negotiates the use of the strongest protocol for a connection starting +# with the maximum specified protocol and downgrading as necessary to the +# minimum specified protocol that can be used between two processes. +# Since all protocol ranges are completely inclusive, and no protocol in the +# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1" +# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1". +NSSProtocol SSLv3,TLSv1.0,TLSv1.1 + +# SSL Certificate Nickname: +# The nickname of the RSA server certificate you are going to use. +NSSNickname Server-Cert + +# SSL Certificate Nickname: +# The nickname of the ECC server certificate you are going to use, if you +# have an ECC-enabled version of NSS and mod_nss +#NSSECCNickname Server-Cert-ecc + +# Server Certificate Database: +# The NSS security database directory that holds the certificates and +# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. +# Provide the directory that these files exist. +NSSCertificateDatabase <%= @httpd_dir -%>/alias + +# Database Prefix: +# In order to be able to store multiple NSS databases in one directory +# they need unique names. This option sets the database prefix used for +# cert8.db and key3.db. +#NSSDBPrefix my-prefix- + +# Client Authentication (Type): +# Client certificate verification type. Types are none, optional and +# require. +#NSSVerifyClient none + +# +# Online Certificate Status Protocol (OCSP). +# Verify that certificates have not been revoked before accepting them. +#NSSOCSP off + +# +# Use a default OCSP responder. If enabled this will be used regardless +# of whether one is included in a client certificate. Note that the +# server certificate is verified during startup. +# +# NSSOCSPDefaultURL defines the service URL of the OCSP responder +# NSSOCSPDefaultName is the nickname of the certificate to trust to +# sign the OCSP responses. +#NSSOCSPDefaultResponder on +#NSSOCSPDefaultURL http://example.com/ocsp/status +#NSSOCSPDefaultName ocsp-nickname + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_nss documentation +# for more details. +# +#NSSRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "NSSRequireSSL" or "NSSRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire + + NSSOptions +StdEnvVars + + + NSSOptions +StdEnvVars + + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \ +# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + From 57ab09eebbd584c0483455365566012093e0051b Mon Sep 17 00:00:00 2001 From: Trevor Bramble Date: Mon, 21 Oct 2013 11:09:12 -0700 Subject: [PATCH 0034/2267] only apply Directory defaults when provider is a directory --- templates/vhost/_directories.erb | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 646c589d5e..2de6a752ae 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,11 +1,13 @@ <% if @_directories and ! @_directories.empty? -%> <%- [@_directories].flatten.compact.each do |directory| -%> - <%- if directory['path'] and directory['path'] != ''-%> + <%- if directory['path'] and directory['path'] != '' -%> - <%- provider = 'Directory' -%> <%- if directory['provider'] and [ 'directory', 'location', 'files' ].include?(directory['provider']) -%> <%- provider = directory['provider'].capitalize -%> + <%- else -%> + <%- provider = 'Directory' -%> <%- end -%> + <<%= provider + ' ' + directory['path'] %>> <%- if directory['headers'] -%> <%- Array(directory['headers']).each do |header| -%> @@ -24,7 +26,7 @@ <%- end -%> <%- if directory['order'] and directory['order'] != '' -%> Order <%= Array(directory['order']).join(',') %> - <%- else -%> + <%- elsif provider == 'Directory' -%> Order allow,deny <%- end -%> <%- if directory['deny'] and directory['deny'] != '' -%> @@ -32,7 +34,7 @@ <%- end -%> <%- if directory['allow'] and directory['allow'] != '' -%> Allow <%= directory['allow'] %> - <%- else -%> + <%- elsif provider == 'Directory' -%> Allow from all <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> @@ -92,6 +94,7 @@ <%= directory['custom_fragment'] %> <%- end -%> > + <%- end -%> <%- end -%> <% end -%> From c88f0b208409ce207065f10a8a0427b4dec54311 Mon Sep 17 00:00:00 2001 From: Trevor Bramble Date: Mon, 21 Oct 2013 11:12:32 -0700 Subject: [PATCH 0035/2267] Expand vhost/_directories.pp directive support Added ForceType (from core), and the mod_expires directives. --- templates/vhost/_directories.erb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 2de6a752ae..2dbfe8e03e 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -89,6 +89,19 @@ <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> + <%- if directory['expires_active'] -%> + ExpiresActive <%= directory['expires_active'] %> + <%- end -%> + <%- if directory['expires_default'] -%> + ExpiresDefault <%= directory['expires_default'] %> + <%- end -%> + <%- if directory['expires_by_type'] -%> + <%- Array(directory['expires_by_type']).each do |rule| -%> + ExpiresByType <%= rule %> + <%- end -%> + <%- end -%> + <%- if directory['force_type'] -%> + ForceType <%= directory['force_type'] %> <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> From 0b3af3aa897850950c88be13f7ed19b9fb356328 Mon Sep 17 00:00:00 2001 From: Trevor Bramble Date: Wed, 23 Oct 2013 14:13:53 -0700 Subject: [PATCH 0036/2267] nested conditinals are usually indented with good reason --- templates/vhost/_directories.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 2dbfe8e03e..96c5c3d2b7 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -89,6 +89,7 @@ <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> + <%- end -%> <%- if directory['expires_active'] -%> ExpiresActive <%= directory['expires_active'] %> <%- end -%> From c734e8073e89b5006ab933ec0c37da0febd47baa Mon Sep 17 00:00:00 2001 From: Trevor Bramble Date: Tue, 5 Nov 2013 10:01:07 -0800 Subject: [PATCH 0037/2267] pull back some of the conditional defaults --- templates/vhost/_directories.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 96c5c3d2b7..a17327332b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -26,7 +26,7 @@ <%- end -%> <%- if directory['order'] and directory['order'] != '' -%> Order <%= Array(directory['order']).join(',') %> - <%- elsif provider == 'Directory' -%> + <%- else -%> Order allow,deny <%- end -%> <%- if directory['deny'] and directory['deny'] != '' -%> @@ -34,7 +34,7 @@ <%- end -%> <%- if directory['allow'] and directory['allow'] != '' -%> Allow <%= directory['allow'] %> - <%- elsif provider == 'Directory' -%> + <%- else -%> Allow from all <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> From 7a1263414c8dcd45af8a45c1c1d0755db5caecdd Mon Sep 17 00:00:00 2001 From: Daniel Beckham Date: Thu, 17 Oct 2013 17:29:13 -0500 Subject: [PATCH 0038/2267] Add Allow and ExtendedStatus support to mod_status I've extended the apache::mod::status class to accept an `$allow_from` parameter similar to the existing apache::mod::info class, as well as added an `$extended_status` parameter to control the ExtendedStatus directive. Added module docs and full testing support as well as updated the README.md to indicate that the status class accepts additional parameters. --- README.md | 2 +- manifests/mod/status.pp | 32 ++++++- spec/classes/mod/status_spec.rb | 156 +++++++++++++++++++++++++++++--- templates/mod/status.conf.erb | 2 +- 4 files changed, 173 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index fa4dfbd21d..21cf32497b 100644 --- a/README.md +++ b/README.md @@ -373,7 +373,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `reqtimeout` * `setenvif` * `ssl`* (see [apache::mod::ssl](#class-apachemodssl) below) -* `status` +* `status`* * `suphp` * `userdir`* * `worker`* diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index f9f63f56fc..ed73b99fdb 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -1,8 +1,36 @@ +# Class: apache::mod::status +# +# This class enables and configures Apache mod_status +# See: http://httpd.apache.org/docs/current/mod/mod_status.html +# +# Parameters: +# - $allow_from is an array of hosts, ip addresses, partial network numbers +# or networks in CIDR notation specifying what hosts can view the special +# /server-status URL. Defaults to ['127.0.0.1', '::1']. +# - $extended_status track and display extended status information. Valid +# values are 'On' or 'Off'. Defaults to 'On'. +# +# Actions: +# - Enable and configure Apache mod_status +# +# Requires: +# - The apache class +# +# Sample Usage: +# +# # Simple usage allowing access from localhost and a private subnet +# class { 'apache::mod::status': +# $allow_from => ['127.0.0.1', '10.10.10.10/24'], +# } +# class apache::mod::status ( - $allow_from = ['127.0.0.1','::1'], + $allow_from = ['127.0.0.1','::1'], + $extended_status = 'On', ){ + validate_array($allow_from) + validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") apache::mod { 'status': } - # Template uses no variables + # Template uses $allow_from, $extended_status file { 'status.conf': ensure => file, path => "${apache::mod_dir}/status.conf", diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 1a475d3530..0a06588792 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -1,40 +1,166 @@ require 'spec_helper' +# Helper function for testing the contents of `status.conf` +def status_conf_spec(allow_from, extended_status) + it do + should contain_file("status.conf").with_content( + "\n"\ + " SetHandler server-status\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from #{Array(allow_from).join(' ')}\n"\ + "\n"\ + "ExtendedStatus #{extended_status}\n"\ + "\n"\ + "\n"\ + " # Show Proxy LoadBalancer status in mod_status\n"\ + " ProxyStatus On\n"\ + "\n" + ) + end +end + describe 'apache::mod::status', :type => :class do let :pre_condition do 'include apache' end - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - } + context "on a Debian OS with default params" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + it { should contain_apache__mod("status") } + + status_conf_spec(["127.0.0.1", "::1"], "On") + + it { should contain_file("status.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/status.conf', + } ) } + + it { should contain_file("status.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/status.conf', + } ) } + end - it { should contain_apache__mod('status') } + context "on a RedHat OS with default params" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + it { should contain_apache__mod("status") } + + status_conf_spec(["127.0.0.1", "::1"], "On") + + it { should contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } - context 'default' do - it { should contain_file('status.conf').with_content(/Allow from 127\.0\.0\.1 ::1/) } end - context 'custom allow_from (string)' do + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end let :params do { - :allow_from => '1.2.3.4' + :allow_from => ['10.10.10.10','11.11.11.11'], + :extended_status => 'Off', } end - it { should contain_file('status.conf').with_content(/Allow from 1\.2\.3\.4/) } + + status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off") + end - context 'custom allow_from (array)' do + context "with valid parameter type $allow_from => ['10.10.10.10']" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end let :params do + { :allow_from => ['10.10.10.10'] } + end + it 'should expect to succeed array validation' do + expect { + should contain_file("status.conf") + }.not_to raise_error() + end + end + + context "with invalid parameter type $allow_from => '10.10.10.10'" do + let :facts do { - :allow_from => [ '1.2.3.4', '2.3.4.5' ] + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', } end - it { should contain_file('status.conf').with_content(/Allow from 1\.2\.3\.4 2\.3\.4\.5/) } + let :params do + { :allow_from => '10.10.10.10' } + end + it 'should expect to fail array validation' do + expect { + should contain_file("status.conf") + }.to raise_error(Puppet::Error) + end + end + + # Only On or Off are valid options + ['On', 'Off'].each do |valid_param| + context "with valid value $extended_status => '#{valid_param}'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :params do + { :extended_status => valid_param } + end + it 'should expect to succeed regular expression validation' do + expect { + should contain_file("status.conf") + }.not_to raise_error() + end + end + end + + ['Yes', 'No'].each do |invalid_param| + context "with invalid value $extended_status => '#{invalid_param}'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :params do + { :extended_status => invalid_param } + end + it 'should expect to fail regular expression validation' do + expect { + should contain_file("status.conf") + }.to raise_error(Puppet::Error) + end + end end end diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index ad88279330..c00c16a78d 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -4,7 +4,7 @@ Deny from all Allow from <%= Array(@allow_from).join(" ") %> -ExtendedStatus On +ExtendedStatus <%= @extended_status %> # Show Proxy LoadBalancer status in mod_status From 45779d2df8a0d4336196a952b07e684206c2c971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Thu, 7 Nov 2013 10:34:44 +0100 Subject: [PATCH 0039/2267] added $server_root parameter Previously, the $httpd_dir was used as ServerRoot in httpd.conf template. On some installations httpd_dir is not same as ServerRoot, for example on FreeBSD apache22 (installed via ports) has ServerRoot set to /usr/local by default. This PR adds $server_root parameter to apache::params. Its purpose is to be substituted in httpd.conf as ServerRoot. This parameter is used in #342. The purpose of the whole thing is to plit #342 into smaller parts to make review process easier, see https://github.com/puppetlabs/puppetlabs-apache/pull/342#issuecomment-25423813 --- README.md | 4 ++++ manifests/.params.pp.swp | Bin 0 -> 16384 bytes manifests/init.pp | 2 ++ manifests/params.pp | 2 ++ templates/httpd.conf.erb | 2 +- 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 manifests/.params.pp.swp diff --git a/README.md b/README.md index fa4dfbd21d..1765c41ffe 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,10 @@ Sets the servername. Defaults to fqdn provided by facter. Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'. +#####`server_root` + +A value to be set as `ServerRoot` in main configuration file (`httpd.conf`). Defaults to `/etc/httpd` on RedHat and `/etc/apache2` on Debian. + #####`error_documents` Enables custom error documents. Defaults to 'false'. diff --git a/manifests/.params.pp.swp b/manifests/.params.pp.swp new file mode 100644 index 0000000000000000000000000000000000000000..8dee9947fc03a0cda259981cd033541963871ecd GIT binary patch literal 16384 zcmeHOU5F${9WUcY{5mfh{6HmEc1Pwe?#$fo<`NuS<7o^hoOs@Og5F0{GhH*&w>{l` zT{W|}x7h?Vf*?Ub@}dwliZ4Ehd64*^5rV!1KM?Uj5D~>Y1Tly{oCNguudeEz=^ke< zFQU*5zn!V7-~XfjRb5^6pWfcFPk!X1{Qma64A&iuJ@MB4Gyiz(o$MR0U@Xz`coGKN z)U@orE+a7TWJ4qT}mVK={$s|dnZjEDq5=vJLMNhRvBKjlQ8H*?wNJUhUim_@Z zNv^N{Qb(YUz)Ok1A-1`(evBkmSMKI_zUkac5w5v)1nLOX5vU_jN1%>C9f3Lmbp+}N z{GUfaC%3Uj(TCe?KL+;mWu?!T+wwj3b69G(#rmU;KplZP0(AuH2-Fd%BTz@6jzArO zIs$bB>Il>k_#cdb@ELn0{Q5o}`0@L{JOAG}%-ElRXMrC8-vJ&6E(3P~hk)nbz}T07 z2Z0w4G4@a3ufSh`-vhq`eh&N;_#W_a;BCOo*E9A9U=P>v(VC$H23| z*MZLhec&Q+6u2F@fn>^0fTw^*feXME@DAW65;4C7z72dH_%zS}UcmU!7(L?>GaOfA zI*OI{{2-+gU0Zymu{Y8>@u_ydqXI4QF2z&?c&Q?kD~w1Dyl&yih$^gXSquc#${7BP z%#5L`DI-(1)Q_WqafR&CRklQgwzENn+1`NN$UDPGyrE<|m8qA;v8FO9Y<8sXce3|I zHkyno3n?nmwU|cQg1+=3F_w-tuP7@O1X485AXmI$8c!0V!I+{t>&a}3GqJO?)AEHD zmNJ1GRyO;9jakY*m!S#bR47`_goTu{K4l+Uw&NuW zmP3YUo|D3Q%_A1{#lNz%vn2X7&t|_ zCR3SHlnQf3PNB+zF$#LUIFxz>BDtfAiky_}>QQXn$<^4(f|SNrcfFAwlS$Vxyp825 z9dX}%;T*F^OhRqg6qTZ-iScrsrvcl{+nQ9&I|VxpKTtZAp%hB;2kgLMQY11hI-mPP zmCj5v5elO=lqu=UDS2hi8({AH&ZgsKl?5leMGCiR{Ox^HSQHaIimrK~FE9t3CaSb` zxjL%zwrQ%*xK>nVJTrOmGTXKo%3=b$$=fiq%A7=)7Mh`*75;{?7rx!#Wsh^KWv?$&t!9^YvPsK!vK@4Es5*vV1?-ITNN`(PFUtZ+8ceYW zb;7tWLV66gL0zDL6q|mQ6&Q;%;{DVG$(K_spp^k@n&qv9RvB7D<7Dh%3gO*F8%p|s zp(K@qINi3axdqt~!OA3+W5sw>xTo3-t1}fT+#F`Bt0gBf#gkSt$25lV@ORJ9{f^<7 z)!075O;bsRye*b(tG%+VAR|kk+;kt!?G6rv#$_iagClNdyH|OJzed-%j}b|DeHFWj-wJWXnP{vE+mV3K^$E1Bani@ z5lB(t=&arWHl{~bJ``d(KX3O{-EQ`#Z}Vc8pNsHa(MFYDpxw{Bv-Ww?<&C}n)V9BJ z)EMV?&p(1_%QW{)LZ@PtdLm85?)hUEsW~rW(x@a1H1%My3v12u7djW(7n@{lm49Ls zD83VfA@50koFaW6k0YK%evJw#-x*1HZI`OEZQL4P-=O*{6A@_LzDb1> zW>D5R7R@&6Q^0sO7hJp$)>XF3&kF3$BtNI{xapdjGxEwLNTte3C;B>wBU@;}RmmIX z&cYupBds`m*Qm|Q@xYW%m>06C8c(VTO&WMbs|k!+J$CM6g>*{HJeXHt*3UQ@!xqQN zn2I#ObJ4E1g)UnBZRHYWXV0FhisG@iOw?)BBcVC=KGVRLK0kf(G>l`rLmQQ#H=*to z-q@a*?%4RucFn28$-1RU!|43~8Jve7!Wo&)|M%D&#q&7de-lu^N#M=E z-*L`=3g`nXz)hUxe*-)Xd;ti72Y`12f5X}Rhrr{&CEz{4i#WIc4EPFg8F(LXC-6s{ z+rJAu20Q}zz(c?XfWyEG@a^NO6*PdT&W;Z*r%%7>MnO!=an!G^JbD8gs%VWV8oL;KA-erki z=v$WMMRT?TUY_F3vVN2?!^WNp%Tl;51D3@tPY{#yxU7=Q>IVITXlr>U7Zzv9x02K? ziI^-}kp*ZWqY3Ol~(5 zsitw=1YVHBb;%hiiGxnR05D znkg-d)A#a}>@3lxVjc!JwvJX(vRnK-EixiWaZ(T0 zDJ$DtGwTkj@}gT2Y(CboD7S<4v68xlLp#XX;&+CO0PV%kXe2@&Q;5;v#|ZmZJdc&*+nbvyIpZaG1k{UV(Iw)<~>tdr9K literal 0 HcmV?d00001 diff --git a/manifests/init.pp b/manifests/init.pp index af8f87c325..484e927c35 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -32,6 +32,7 @@ $error_documents = false, $timeout = '120', $httpd_dir = $apache::params::httpd_dir, + $server_root = $apache::params::server_root, $confd_dir = $apache::params::confd_dir, $vhost_dir = $apache::params::vhost_dir, $vhost_enable_dir = $apache::params::vhost_enable_dir, @@ -235,6 +236,7 @@ # - $apxs_workaround # - $keepalive # - $keepalive_timeout + # - $server_root file { "${apache::params::conf_dir}/${apache::params::conf_file}": ensure => file, content => template($conf_template), diff --git a/manifests/params.pp b/manifests/params.pp index 22728aa7cd..3a041e5b39 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -39,6 +39,7 @@ $apache_name = 'httpd' $service_name = 'httpd' $httpd_dir = '/etc/httpd' + $server_root = '/etc/httpd' $conf_dir = "${httpd_dir}/conf" $confd_dir = "${httpd_dir}/conf.d" $mod_dir = "${httpd_dir}/conf.d" @@ -93,6 +94,7 @@ $apache_name = 'apache2' $service_name = 'apache2' $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' $conf_dir = $httpd_dir $confd_dir = "${httpd_dir}/conf.d" $mod_dir = "${httpd_dir}/mods-available" diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 5f04b8a592..98c214b059 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -4,7 +4,7 @@ ServerSignature <%= @server_signature %> TraceEnable Off ServerName "<%= @servername %>" -ServerRoot "<%= @httpd_dir %>" +ServerRoot "<%= @server_root %>" PidFile <%= @pidfile %> Timeout <%= @timeout %> KeepAlive <%= @keepalive %> From 9d19e7ab27195d136fb518f3f77cf95b40f7a82f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Fri, 8 Nov 2013 03:48:04 +0100 Subject: [PATCH 0040/2267] Allow apache::mod to specify module id and path Add $id, $path and $lib_path parameters to apache::mod. These parameters are used in #342. The purpose of the whole thing is to plit #342 into smaller parts to make review process easier, see https://github.com/puppetlabs/puppetlabs-apache/pull/342#issuecomment-25423813 This PR covers all changes introduced by #271 to manifests/mod.pp. I just don't have test/mod_load_params.pp as in #271. --- manifests/mod.pp | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 8ae5edaf8e..7cb62e5977 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -1,7 +1,10 @@ define apache::mod ( $package = undef, $package_ensure = 'present', - $lib = undef + $lib = undef, + $lib_path = $apache::params::lib_path, + $id = undef, + $path = undef, ) { if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -9,31 +12,43 @@ $mod = $name #include apache #This creates duplicate resources in rspec-puppet - $lib_path = $apache::params::lib_path $mod_dir = $apache::mod_dir # Determine if we have special lib $mod_libs = $apache::params::mod_libs $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { - $lib_REAL = $lib + $_lib = $lib } elsif "${mod_lib}" { - $lib_REAL = $mod_lib + $_lib = $mod_lib } else { - $lib_REAL = "mod_${mod}.so" + $_lib = "mod_${mod}.so" + } + + # Determine if declaration specified a path to the module + if $path { + $_path = $path + } else { + $_path = "${lib_path}/${_lib}" + } + + if $id { + $_id = $id + } else { + $_id = "${mod}_module" } # Determine if we have a package $mod_packages = $apache::params::mod_packages $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { - $package_REAL = $package + $_package = $package } elsif "${mod_package}" { - $package_REAL = $mod_package + $_package = $mod_package } - if $package_REAL and ! defined(Package[$package_REAL]) { - # $package_REAL may be an array - package { $package_REAL: + if $_package and ! defined(Package[$_package]) { + # $_package may be an array + package { $_package: ensure => $package_ensure, require => Package['httpd'], before => File["${mod_dir}/${mod}.load"], @@ -46,7 +61,7 @@ owner => 'root', group => $apache::params::root_group, mode => '0644', - content => "LoadModule ${mod}_module ${lib_path}/${lib_REAL}\n", + content => "LoadModule ${_id} ${_path}\n", require => [ Package['httpd'], Exec["mkdir ${mod_dir}"], From 803a04d0d97d14d2bfd0b8216e744bdc87c80b55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Fri, 8 Nov 2013 10:57:02 +0100 Subject: [PATCH 0041/2267] Add new params to apache::mod::mime class This changeset adds $mime_support_package and $mime_types_config parameters to class `apache::mod::mime`. Their purpose is following: - $mime_support_package - install this package, as it provides mime.conf file (definition of mime types used by mod_mime), - $mime_types_config - used to substitute TypesConfig in mod/mime.conf.erb template. This PR was created in order to plit #342 into smaller parts to make review process easier, see https://github.com/puppetlabs/puppetlabs-apache/pull/342#issuecomment-25423813 --- manifests/mod/mime.pp | 13 +++++++++++-- manifests/params.pp | 4 ++++ templates/mod/mime.conf.erb | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index ba62ebc638..5c9f4b7ada 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -1,6 +1,9 @@ -class apache::mod::mime { +class apache::mod::mime ( + $mime_support_package = $apache::params::mime_support_package, + $mime_types_config = $apache::params::mime_types_config, +) { apache::mod { 'mime': } - # Template uses no variables + # Template uses $mime_types_config file { 'mime.conf': ensure => file, path => "${apache::mod_dir}/mime.conf", @@ -9,4 +12,10 @@ before => File[$apache::mod_dir], notify => Service['httpd'], } + if $mime_support_package { + package { $mime_support_package: + ensure => 'installed', + before => File["${apache::mod_dir}/mime.conf"], + } + } } diff --git a/manifests/params.pp b/manifests/params.pp index 3a041e5b39..8a00856214 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -87,6 +87,8 @@ $keepalive = 'Off' $keepalive_timeout = 15 $fastcgi_lib_path = undef + $mime_support_package = 'mailcap' + $mime_types_config = '/etc/mime.types' } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -138,6 +140,8 @@ $keepalive = 'Off' $keepalive_timeout = 15 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $mime_support_package = 'mime-support' + $mime_types_config = '/etc/mime.types' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/templates/mod/mime.conf.erb b/templates/mod/mime.conf.erb index 34f4add924..a69a424a6a 100644 --- a/templates/mod/mime.conf.erb +++ b/templates/mod/mime.conf.erb @@ -1,4 +1,4 @@ -TypesConfig /etc/mime.types +TypesConfig <%= @mime_types_config %> AddType application/x-compress .Z AddType application/x-gzip .gz .tgz From 3f4ea723d1970d7376a3c7d03a9969cc57d3f72f Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 8 Nov 2013 13:58:45 -0500 Subject: [PATCH 0042/2267] Include mime if ssl is in use. Without the default_mods we still try to setup an SSL vhost that fails because AddType is used in the template. Rather than trying to make AddType conditional on the inclusion of the class we just require mime as a standard mod no matter what you say. --- manifests/vhost.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7ed0744ffe..7f0d91c881 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -174,6 +174,8 @@ if $ssl { include apache::mod::ssl + # Required for the AddType lines. + include apache::mod::mime } if $virtual_docroot { From 6db8322758f9813da558e70969739d407ba589f4 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 8 Nov 2013 13:59:46 -0500 Subject: [PATCH 0043/2267] Wrap the event test in a check for FreeBSD. It seems this only works on FreeBSD currently. In the future we'll rework testing to test for 2.2 vs 2.4 or something. --- spec/system/prefork_worker_spec.rb | 39 ++++++++++++++++-------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/spec/system/prefork_worker_spec.rb b/spec/system/prefork_worker_spec.rb index d7715737d3..b455d748fa 100644 --- a/spec/system/prefork_worker_spec.rb +++ b/spec/system/prefork_worker_spec.rb @@ -9,28 +9,31 @@ raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" end -describe 'apache::mod::event class' do - describe 'running puppet code' do - # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS - class { 'apache': - mpm_module => 'event', - } - EOS +case node.facts['osfamily'] +when 'FreeBSD' + describe 'apache::mod::event class' do + describe 'running puppet code' do + # Using puppet_apply as a helper + it 'should work with no errors' do + pp = <<-EOS + class { 'apache': + mpm_module => 'event', + } + EOS - # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero + # Run it twice and test for idempotency + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + r.refresh + r.exit_code.should be_zero + end end end - end - describe service(servicename) do - it { should be_running } - it { should be_enabled } + describe service(servicename) do + it { should be_running } + it { should be_enabled } + end end end From 112437730f70e18daf3aed9cedffd0c46348204d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Thu, 5 Sep 2013 14:44:09 +0200 Subject: [PATCH 0044/2267] Support for FreeBSD and few other features Summary of the changes: Overview: * added support for FreeBSD * added MPMs: event, peruser, itk (PR #304 + FreeBSD support) * added `apache::package` to choose and install apache package, * allow apache::mod to specify mod identifier and module path (#271) * revisited specs for apache::dev and apache::mod::dev Details: * "${apache::params::conf_dir}/Includes" as $apache::confd_dir for FreeBSD, * "${apache::params::conf_dir}/Modules" as $apache::mod_dir FreeBSD, * "${apache::params::conf_dir}/Vhosts" as $apache::vhost_dir FreeBSD, * added to apache::params: $root_group, $apache_package, $service_name, $server_root, $mime_support_package, $mime_types_config * httpd.erb now uses $server_root (instead of $httpd_dir) as ServerRoot * added $mime_support_package parameter to apache::mod::mime class, * apache::mod::mime installs $mime_support_package package if needed, * added $magic_file parameter to apache::mod::mime_magic class, * added 'default_confd_files.pp', and confd template infrastructure to allow putting some files under conf.d/ (Includes/ under FreeBSD) by default (FreeBSD's apache22 installs Includes/no-accf.conf for example but puppet normally would purge it afterward), * adjusted documentation (README.md), * apache::dev requires apache::package on FreeBSD * other (minor or forgotten) changes and additions, --- README.md | 34 +++++++++++--- manifests/confd/no_accf.pp | 10 ++++ manifests/default_confd_files.pp | 12 +++++ manifests/default_mods.pp | 36 ++++++++++++++- manifests/dev.pp | 3 ++ manifests/init.pp | 49 ++++++++++++++++---- manifests/mod.pp | 13 +++++- manifests/mod/alias.pp | 5 +- manifests/mod/cgid.pp | 5 +- manifests/mod/dav_fs.pp | 5 +- manifests/mod/dav_svn.pp | 1 + manifests/mod/disk_cache.pp | 11 +++-- manifests/mod/itk.pp | 5 ++ manifests/mod/passenger.pp | 8 +++- manifests/mod/prefork.pp | 5 ++ manifests/mod/proxy_html.pp | 3 ++ manifests/mod/ssl.pp | 10 ++-- manifests/package.pp | 48 +++++++++++++++++++ manifests/params.pp | 55 ++++++++++++++++++++++ manifests/peruser/multiplexer.pp | 17 +++++++ manifests/peruser/processor.pp | 17 +++++++ manifests/vhost.pp | 5 +- spec/classes/apache_spec.rb | 72 +++++++++++++++++++++++++++++ spec/classes/dev_spec.rb | 12 +++++ spec/classes/mod/auth_kerb_spec.rb | 12 +++++ spec/classes/mod/dav_svn_spec.rb | 12 +++++ spec/classes/mod/dev_spec.rb | 42 ++++++++--------- spec/classes/mod/dir_spec.rb | 29 +++++++++++- spec/classes/mod/event_spec.rb | 13 +++++- spec/classes/mod/fcgid_spec.rb | 12 +++++ spec/classes/mod/info_spec.rb | 18 ++++++++ spec/classes/mod/itk_spec.rb | 12 +++++ spec/classes/mod/passenger_spec.rb | 12 +++++ spec/classes/mod/perl_spec.rb | 12 +++++ spec/classes/mod/peruser_spec.rb | 13 +++++- spec/classes/mod/php_spec.rb | 27 +++++++++++ spec/classes/mod/prefork_spec.rb | 12 +++++ spec/classes/mod/proxy_html_spec.rb | 12 +++++ spec/classes/mod/python_spec.rb | 12 +++++ spec/classes/mod/ssl_spec.rb | 12 +++++ spec/classes/mod/worker_spec.rb | 12 +++++ spec/classes/mod/wsgi_spec.rb | 12 +++++ spec/classes/service_spec.rb | 16 +++++++ spec/defines/mod_spec.rb | 26 +++++++++++ spec/defines/vhost_spec.rb | 17 +++++++ spec/system/class_spec.rb | 3 ++ spec/system/default_mods_spec.rb | 2 + spec/system/itk_spec.rb | 2 + spec/system/mod_php_spec.rb | 7 ++- spec/system/prefork_worker_spec.rb | 2 + spec/system/vhost_spec.rb | 4 ++ templates/confd/no-accf.conf.erb | 4 ++ tests/mod_load_params.pp | 11 +++++ 53 files changed, 757 insertions(+), 64 deletions(-) create mode 100644 manifests/confd/no_accf.pp create mode 100644 manifests/default_confd_files.pp create mode 100644 manifests/package.pp create mode 100644 manifests/peruser/multiplexer.pp create mode 100644 manifests/peruser/processor.pp create mode 100644 templates/confd/no-accf.conf.erb create mode 100644 tests/mod_load_params.pp diff --git a/README.md b/README.md index 1765c41ffe..a13b7c8f0f 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -53,7 +54,8 @@ The defaults are determined by your operating system (e.g. Debian systems have o ```puppet class { 'apache': - default_mods => false, + default_mods => false, + default_confd_files => false, } ``` @@ -186,6 +188,10 @@ Sets up Apache with default settings based on your OS. Defaults to 'true', set t Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`default_confd_files` + +Generates default set of include-able apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with apache package on given platform. + #####`default_ssl_vhost` Sets up a default SSL virtual host. Defaults to 'false'. @@ -205,11 +211,11 @@ SSL vhosts only respond to HTTPS queries. #####`default_ssl_cert` -The default SSL certification, which is automatically set based on your operating system (`/etc/pki/tls/certs/localhost.crt` for RedHat, `/etc/ssl/certs/ssl-cert-snakeoil.pem` for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL certification, which is automatically set based on your operating system (`/etc/pki/tls/certs/localhost.crt` for RedHat, `/etc/ssl/certs/ssl-cert-snakeoil.pem` for Debian, `/usr/local/etc/apache22/server.crt` for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_key` -The default SSL key, which is automatically set based on your operating system (`/etc/pki/tls/private/localhost.key` for RedHat, `/etc/ssl/private/ssl-cert-snakeoil.key` for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL key, which is automatically set based on your operating system (`/etc/pki/tls/private/localhost.key` for RedHat, `/etc/ssl/private/ssl-cert-snakeoil.key` for Debian, `/usr/local/etc/apache22/server.key` for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_chain` @@ -229,7 +235,7 @@ The default certificate revocation list to use, which is automatically set to 'u #####`service_name` -Name of apache service to run. Defaults to: `'httpd'` on RedHat and `'apache2'` on Debian. +Name of apache service to run. Defaults to: `'httpd'` on RedHat, `'apache2'` on Debian, and `'apache22'` on FreeBSD. #####`service_enable` @@ -251,6 +257,10 @@ Sets the server administrator. Defaults to 'root@localhost'. Sets the servername. Defaults to fqdn provided by facter. +#####`server_root` + +A value to be set as `ServerRoot` in main configuration file (`httpd.conf`). Defaults to `/etc/httpd` on RedHat, `/etc/apache2` on Debian and `/usr/local` on FreeBSD. + #####`sendfile` Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'. @@ -281,7 +291,7 @@ Changes the location of the configuration directory your Apache modules configur #####`mpm_module` -Configures which mpm module is loaded and configured for the httpd process by the `apache::mod::prefork`, `apache::mod::worker` and `apache::mod::itk` classes. Must be set to `false` to explicitly declare `apache::mod::worker`, `apache::mod::worker` or `apache::mod::itk` classes with parameters. Valid values are `worker`, `prefork`, `itk` (Debian), or the boolean `false`. Defaults to `prefork` on RedHat and `worker` on Debian. +Configures which mpm module is loaded and configured for the httpd process by the `apache::mod::event`, `apache::mod::itk`, `apache::mod::peruser`, `apache::mod::prefork` and `apache::mod::worker` classes. Must be set to `false` to explicitly declare `apache::mod::event`, `apache::mod::itk`, `apache::mod::peruser`, `apache::mod::prefork` or `apache::mod::worker` classes with parameters. All possible values are `event`, `itk`, `peruser`, `prefork`, `worker` (valid values depend on agent's OS), or the boolean `false`. Defaults to `prefork` on RedHat and FreeBSD and `worker` on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing `$mpm_module` one has to deinstall all packages that depend on currently installed `apache`. #####`conf_template` @@ -353,12 +363,17 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `cgid` * `dav` * `dav_fs` +* `dav_svn` * `deflate` +* `dev` * `dir`* * `disk_cache` -* `fcgid` +* `event` * `fastcgi` +* `fcgid` +* `headers` * `info` +* `itk` * `ldap` * `mime` * `mime_magic`* @@ -367,6 +382,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `nss`* * `passenger`* * `perl` +* `peruser` * `php` (requires [`mpm_module`](#mpm_module) set to `prefork`) * `prefork`* * `proxy`* @@ -375,11 +391,13 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `proxy_http` * `python` * `reqtimeout` +* `rewrite` * `setenvif` * `ssl`* (see [apache::mod::ssl](#class-apachemodssl) below) * `status` * `suphp` * `userdir`* +* `vhost_alias` * `worker`* * `wsgi` (see [apache::mod::wsgi](#class-apachemodwsgi) below) * `xsendfile` @@ -1228,6 +1246,8 @@ Installs Apache development libraries class { 'apache::dev': } ``` +On FreeBSD you're required to define `apache::package` or `apache` class before `apache::dev`. + ####Defined Type: `apache::listen` Controls which ports Apache binds to for listening based on the title: @@ -1285,7 +1305,7 @@ The Apache module relies heavily on templates to enable the `vhost` and `apache: ##Limitations -This has been tested on Ubuntu Precise, Debian Wheezy, and CentOS 5.8. +This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1. ##Development diff --git a/manifests/confd/no_accf.pp b/manifests/confd/no_accf.pp new file mode 100644 index 0000000000..5f86eab107 --- /dev/null +++ b/manifests/confd/no_accf.pp @@ -0,0 +1,10 @@ +class apache::confd::no_accf { + # Template uses no variables + file { 'no-accf.conf': + ensure => 'file', + path => "${apache::confd_dir}/no-accf.conf", + content => template('apache/confd/no-accf.conf.erb'), + require => Exec["mkdir ${apache::confd_dir}"], + before => File[$apache::confd_dir], + } +} diff --git a/manifests/default_confd_files.pp b/manifests/default_confd_files.pp new file mode 100644 index 0000000000..b45de86653 --- /dev/null +++ b/manifests/default_confd_files.pp @@ -0,0 +1,12 @@ +class apache::default_confd_files ( + $all = true, +) { + # The rest of the conf.d/* files only get loaded if we want them + if $all { + case $::osfamily { + 'freebsd': { + include apache::confd::no_accf + } + } + } +} diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 02d3bd156a..536cd7e334 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -6,7 +6,7 @@ # They are not configurable at this time, so we just include # them to make sure it works. case $::osfamily { - 'redhat': { + 'redhat', 'freebsd': { apache::mod { 'log_config': } } default: {} @@ -43,6 +43,40 @@ apache::mod { 'usertrack': } apache::mod { 'version': } } + 'freebsd': { + include apache::mod::cache + include apache::mod::disk_cache + include apache::mod::headers + include apache::mod::info + include apache::mod::mime_magic + include apache::mod::reqtimeout + include apache::mod::rewrite + include apache::mod::userdir + include apache::mod::vhost_alias + + apache::mod { 'actions': } + apache::mod { 'asis': } + apache::mod { 'auth_digest': } + apache::mod { 'authn_alias': } + apache::mod { 'authn_anon': } + apache::mod { 'authn_dbm': } + apache::mod { 'authn_default': } + apache::mod { 'authz_dbm': } + apache::mod { 'authz_owner': } + apache::mod { 'cern_meta': } + apache::mod { 'charset_lite': } + apache::mod { 'dumpio': } + apache::mod { 'expires': } + apache::mod { 'file_cache': } + apache::mod { 'filter':} + apache::mod { 'imagemap':} + apache::mod { 'include': } + apache::mod { 'logio': } + apache::mod { 'speling': } + apache::mod { 'unique_id': } + apache::mod { 'usertrack': } + apache::mod { 'version': } + } default: {} } case $apache::mpm_module { diff --git a/manifests/dev.pp b/manifests/dev.pp index ea86adae44..057475b159 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -1,4 +1,7 @@ class apache::dev { + if $::osfamily == 'FreeBSD' and !defined(Class['apache::package']) { + fail('apache::dev requires apache::package; please include apache or apache::package class first') + } include apache::params $packages = $apache::params::dev_packages package { $packages: diff --git a/manifests/init.pp b/manifests/init.pp index 484e927c35..57ea183841 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,6 +16,7 @@ $service_name = $apache::params::service_name, $default_mods = true, $default_vhost = true, + $default_confd_files = true, $default_ssl_vhost = false, $default_ssl_cert = $apache::params::default_ssl_cert, $default_ssl_key = $apache::params::default_ssl_key, @@ -54,18 +55,32 @@ $package_ensure = 'installed', ) inherits apache::params { - package { 'httpd': - ensure => $package_ensure, - name => $apache::params::apache_name, - notify => Class['Apache::Service'], - } - validate_bool($default_vhost) - validate_bool($default_ssl_vhost) + validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) + + $valid_mpms_re = $::osfamily ? { + 'FreeBSD' => '(event|itk|peruser|prefork|worker)', + default => '(itk|prefork|worker)' + } + if $mpm_module { - validate_re($mpm_module, '(prefork|worker|itk|event)') + validate_re($mpm_module, $valid_mpms_re) + } + + # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. + # NOTE: the same strategy may be introduced for other OSes. For this, you + # should delete the 'if' block below and modify all MPM modules' manifests + # such that they include apache::package class (currently event.pp, itk.pp, + # peruser.pp, prefork.pp, worker.pp). + if $::osfamily != 'FreeBSD' { + package { 'httpd': + ensure => $package_ensure, + name => $apache::params::apache_name, + notify => Class['Apache::Service'], + } + validate_bool($default_ssl_vhost) } validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) @@ -209,6 +224,14 @@ $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } + 'freebsd': { + $docroot = '/usr/local/www/apache22/data' + $pidfile = '/var/run/httpd.pid' + $error_log = 'httpd-error.log' + $error_documents_path = '/usr/local/www/apache22/error' + $scriptalias = '/usr/local/www/apache22/cgi-bin' + $access_log_file = 'httpd-access.log' + } default: { fail("Unsupported osfamily ${::osfamily}") } @@ -220,7 +243,6 @@ } # Template uses: - # - $httpd_dir # - $pidfile # - $user # - $group @@ -256,6 +278,9 @@ all => $default_mods, } } + class { 'apache::default_confd_files': + all => $default_confd_files + } if $mpm_module { class { "apache::mod::${mpm_module}": } } @@ -278,6 +303,10 @@ access_log_file => $access_log_file, priority => '15', } + $ssl_access_log_file = $::osfamily ? { + 'freebsd' => $access_log_file, + default => "ssl_${access_log_file}", + } apache::vhost { 'default-ssl': ensure => $default_ssl_vhost_ensure, port => 443, @@ -285,7 +314,7 @@ docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", + access_log_file => $ssl_access_log_file, priority => '15', } } diff --git a/manifests/mod.pp b/manifests/mod.pp index 7cb62e5977..f11efc53b8 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -47,11 +47,22 @@ $_package = $mod_package } if $_package and ! defined(Package[$_package]) { + # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters + # httpd.conf with 'LoadModule' directives; here, by proper resource + # ordering, we ensure that our version of httpd.conf is reverted after + # the module gets installed. + $package_before = $::osfamily ? { + 'freebsd' => [ + File["${mod_dir}/${mod}.load"], + File["${apache::params::conf_dir}/${apache::params::conf_file}"] + ], + default => File["${mod_dir}/${mod}.load"], + } # $_package may be an array package { $_package: ensure => $package_ensure, require => Package['httpd'], - before => File["${mod_dir}/${mod}.load"], + before => $package_before, } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 2af73725b0..2880697236 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,8 @@ class apache::mod::alias { $icons_path = $::osfamily ? { - 'debian' => '/usr/share/apache2/icons', - 'redhat' => '/var/www/icons', + 'debian' => '/usr/share/apache2/icons', + 'redhat' => '/var/www/icons', + 'freebsd' => '/usr/local/www/apache22/icons', } apache::mod { 'alias': } # Template uses $icons_path diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 1a0a082494..c932ae2bec 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -4,8 +4,9 @@ # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file $cgisock_path = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/cgisock', - default => undef, + 'debian' => '${APACHE_RUN_DIR}/cgisock', + 'freebsd' => 'cgisock', + default => undef, } apache::mod { 'cgid': } if $cgisock_path { diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index ab78408f70..53219be793 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -1,7 +1,8 @@ class apache::mod::dav_fs { $dav_lock = $::osfamily ? { - 'debian' => '${APACHE_LOCK_DIR}/DAVLock', - default => '/var/lib/dav/lockdb', + 'debian' => '${APACHE_LOCK_DIR}/DAVLock', + 'freebsd' => '/usr/local/var/DavLock', + default => '/var/lib/dav/lockdb', } Class['apache::mod::dav'] -> Class['apache::mod::dav_fs'] diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 76e0d885ea..4f34bd6954 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,4 +1,5 @@ class apache::mod::dav_svn { + Class['apache::mod::dav'] -> Class['apache::mod::dav_svn'] include apache::mod::dav apache::mod { 'dav_svn': } } diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index dd3e0f0938..d28196768f 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,9 +1,14 @@ class apache::mod::disk_cache { $cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_disk_cache', - 'redhat' => '/var/cache/mod_proxy', + 'debian' => '/var/cache/apache2/mod_disk_cache', + 'redhat' => '/var/cache/mod_proxy', + 'freebsd' => '/var/cache/mod_disk_cache', + } + if $::osfamily != 'FreeBSD' { + # FIXME: investigate why disk_cache was dependent on proxy + # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not + Class['apache::mod::proxy'] -> Class['apache::mod::disk_cache'] } - Class['apache::mod::proxy'] -> Class['apache::mod::disk_cache'] Class['apache::mod::cache'] -> Class['apache::mod::disk_cache'] apache::mod { 'disk_cache': } diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 8abbb1c18a..68ece8681a 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -52,6 +52,11 @@ ensure => present, } } + 'freebsd' : { + class { 'apache::package': + mpm_module => 'itk' + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 004f128fd7..d4aba84907 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -10,7 +10,13 @@ $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, ) { - apache::mod { 'passenger': } + if $::osfamily == 'FreeBSD' { + apache::mod { 'passenger': + lib_path => "${passenger_root}/buildout/apache2" + } + } else { + apache::mod { 'passenger': } + } # Template uses: # - $passenger_root # - $passenger_ruby diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 91f0f1c30b..ecbf809a20 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -62,6 +62,11 @@ ensure => present, } } + 'freebsd' : { + class { 'apache::package': + mpm_module => 'prefork' + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index ab2575731a..050b65d4fc 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -12,6 +12,9 @@ default => "/usr/lib/${::hardwaremodel}-linux-gnu/libxml2.so.2", } } + 'FreeBSD': { + apache::mod { 'xml2enc': } + } } # Template uses $icons_path file { 'proxy_html.conf': diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index ba183e1dd8..ea1e119750 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,12 +2,14 @@ $ssl_compression = false, ) { $session_cache = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', - 'redhat' => '/var/cache/mod_ssl/scache(512000)', + 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', + 'redhat' => '/var/cache/mod_ssl/scache(512000)', + 'freebsd' => '/var/run/ssl_scache(512000)', } $ssl_mutex = $::osfamily ? { - 'debian' => 'file:${APACHE_RUN_DIR}/ssl_mutex', - 'redhat' => 'default', + 'debian' => 'file:${APACHE_RUN_DIR}/ssl_mutex', + 'redhat' => 'default', + 'freebsd' => 'default', } apache::mod { 'ssl': } diff --git a/manifests/package.pp b/manifests/package.pp new file mode 100644 index 0000000000..31bd311982 --- /dev/null +++ b/manifests/package.pp @@ -0,0 +1,48 @@ +class apache::package ( + $ensure = 'present', + $mpm_module = $apache::params::mpm_module, +) { + case $::osfamily { + 'freebsd' : { + $all_mpms = [ + 'www/apache22', + 'www/apache22-worker-mpm', + 'www/apache22-event-mpm', + 'www/apache22-itk-mpm', + 'www/apache22-peruser-mpm', + ] + if $mpm_module { + $apache_package = $mpm_module ? { + 'prefork' => 'www/apache22', + default => "www/apache22-${mpm_module}-mpm" + } + } else { + $apache_package = 'www/apache22' + } + $other_mpms = delete($all_mpms, $apache_package) + # Configure ports to have apache module packages dependent on correct + # version of apache package (apache22, apache22-worker-mpm, ...) + file_line { 'APACHE_PORT in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "APACHE_PORT=${apache_package}", + match => "^\\s*#?\\s*APACHE_PORT\\s*=\\s*", + before => Package['httpd'], + } + # remove other packages + ensure_resource('package', $other_mpms, { + ensure => absent, + before => Package['httpd'], + require => File_line['APACHE_PORT in /etc/make.conf'], + }) + } + default: { + $apache_package = $apache::params::apache_name + } + } + package { 'httpd': + ensure => $ensure, + name => $apache_package, + notify => Class['Apache::Service'], + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 8a00856214..dc26d6d225 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -142,6 +142,61 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + } elsif $::osfamily == 'FreeBSD' { + $user = 'www' + $group = 'www' + $root_group = 'wheel' + $apache_name = 'apache22' + $service_name = 'apache22' + $httpd_dir = '/usr/local/etc/apache22' + $server_root = '/usr/local' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/Includes" + $mod_dir = "${httpd_dir}/Modules" + $mod_enable_dir = undef + $vhost_dir = "${httpd_dir}/Vhosts" + $vhost_enable_dir = undef + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache22' + $lib_path = '/usr/local/libexec/apache22' + $mpm_module = 'prefork' + $dev_packages = undef + $default_ssl_cert = '/usr/local/etc/apache22/server.crt' + $default_ssl_key = '/usr/local/etc/apache22/server.key' + $ssl_certs_dir = '/usr/local/etc/apache22' + $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' + $passenger_ruby = '/usr/bin/ruby' + $suphp_addhandler = 'php5-script' + $suphp_engine = 'off' + $suphp_configpath = undef + $mod_packages = { + # NOTE: I list here only modules that are not included in www/apache22 + # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config + # NOTE: 'php' needs to enable APACHE option in make config + # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config + # NOTE: not sure where the shibboleth should come from + # NOTE: don't know where the shibboleth module should come from + 'auth_kerb' => 'www/mod_auth_kerb2', + 'fcgid' => 'www/mod_fcgid', + 'passenger' => 'www/rubygem-passenger', + 'perl' => 'www/mod_perl2', + 'php5' => 'lang/php5', + 'proxy_html' => 'www/mod_proxy_html', + 'python' => 'www/mod_python3', + 'wsgi' => 'www/mod_wsgi', + 'dav_svn' => 'devel/subversion', + 'xsendfile' => 'www/mod_xsendfile', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $fastcgi_lib_path = undef # TODO: revisit + $mime_support_package = 'misc/mime-support' + $mime_types_config = '/usr/local/etc/mime.types' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp new file mode 100644 index 0000000000..260f1b5a3d --- /dev/null +++ b/manifests/peruser/multiplexer.pp @@ -0,0 +1,17 @@ +define apache::peruser::multiplexer ( + $user = $apache::user, + $group = $apache::group, + $file = undef, +) { + if ! $file { + $filename = "${name}.conf" + } else { + $filename = $file + } + file { "${apache::mod_dir}/peruser/multiplexers/${filename}": + ensure => file, + content => "Multiplexer ${user} ${group}\n", + require => File["${apache::mod_dir}/peruser/multiplexers"], + notify => Service['httpd'], + } +} diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp new file mode 100644 index 0000000000..c677cd6ca1 --- /dev/null +++ b/manifests/peruser/processor.pp @@ -0,0 +1,17 @@ +define apache::peruser::processor ( + $user, + $group, + $file = undef, +) { + if ! $file { + $filename = "${name}.conf" + } else { + $filename = $file + } + file { "${apache::mod_dir}/peruser/processors/${filename}": + ensure => file, + content => "Processor ${user} ${group}\n", + require => File["${apache::mod_dir}/peruser/processors"], + notify => Service['httpd'], + } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7f0d91c881..a7717f38f6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -211,7 +211,7 @@ } elsif $access_log_pipe { $access_log_destination = "\"${access_log_pipe}\"" } elsif $access_log_syslog { - $access_log_destination = "${access_log_syslog}" + $access_log_destination = $access_log_syslog } else { if $ssl { $access_log_destination = "${logroot}/${servername}_access_ssl.log" @@ -225,7 +225,7 @@ } elsif $error_log_pipe { $error_log_destination = "\"${error_log_pipe}\"" } elsif $error_log_syslog { - $error_log_destination = "${error_log_syslog}" + $error_log_destination = $error_log_syslog } else { if $ssl { $error_log_destination = "${logroot}/${servername}_error_ssl.log" @@ -449,4 +449,3 @@ } } } - diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 919b4ec0c5..a174c108d2 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -362,6 +362,78 @@ end end end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_class("apache::package").with({'ensure' => 'present'}) } + it { should contain_user("www") } + it { should contain_group("www") } + it { should contain_class("apache::service") } + it { should contain_file("/usr/local/etc/apache22/Vhosts").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { should contain_file("/usr/local/etc/apache22/Modules").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { should contain_concat("/usr/local/etc/apache22/ports.conf").with( + 'owner' => 'root', + 'group' => 'wheel', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) } + # Assert that load files are placed for these mods, but no conf file. + [ + 'auth_basic', + 'authn_file', + 'authz_default', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env' + ].each do |modname| + it { should contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'ensure' => 'file' + ) } + it { should_not contain_file("#{modname}.conf") } + end + + # Assert that both load files and conf files are placed for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + ].each do |modname| + it { should contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'ensure' => 'file' + ) } + it { should contain_file("#{modname}.conf").with( + 'path' => "/usr/local/etc/apache22/Modules/#{modname}.conf", + 'ensure' => 'file' + ) } + end + end context 'on all OSes' do let :facts do { diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 8bdf1200b8..3a094df480 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -23,4 +23,16 @@ it { should include_class("apache::params") } it { should contain_package("httpd-devel") } end + context "on a FreeBSD OS" do + let :pre_condition do + 'include apache::package' + end + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + } + end + it { should include_class("apache::params") } + end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index c4aa8a67f6..955be8da47 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -26,4 +26,16 @@ it { should contain_apache__mod("auth_kerb") } it { should contain_package("mod_auth_kerb") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod("auth_kerb") } + it { should contain_package("www/mod_auth_kerb2") } + end end diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 4d293b37d7..c0e25312ea 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -26,4 +26,16 @@ it { should contain_apache__mod('dav_svn') } it { should contain_package("mod_dav_svn") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('dav_svn') } + it { should contain_package("devel/subversion") } + end end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index 4d88768531..eee0bb1fa6 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -1,27 +1,23 @@ -describe 'apache::dev', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - } +require 'spec_helper' +describe 'apache::mod::dev', :type => :class do + [ + ['RedHat', '6'], + ['Debian', '6'], + ['FreeBSD', '9'], + ].each do |osfamily, operatingsystemrelease| + if osfamily == 'FreeBSD' + let :pre_condition do + 'include apache::package' + end end - it { should contain_package("libaprutil1-dev") } - it { should contain_package("libapr1-dev") } - it { should contain_package("apache2-prefork-dev") } - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - } + context "on a #{osfamily} OS" do + let :facts do + { + :osfamily => osfamily, + :operatingsystemrelease => operatingsystemrelease, + } + end + it { should include_class('apache::dev') } end - it { should contain_package("httpd-devel") } end end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index ec94b2899f..28aaf5c71a 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -58,4 +58,31 @@ it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end -end \ No newline at end of file + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + context "passing no parameters" do + it { should include_class("apache::params") } + it { should contain_apache__mod('dir') } + it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { should contain_file('dir.conf').with_content(/ index\.html /) } + it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { should contain_file('dir.conf').with_content(/ index\.cgi /) } + it { should contain_file('dir.conf').with_content(/ index\.pl /) } + it { should contain_file('dir.conf').with_content(/ index\.php /) } + it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { should contain_file('dir.conf').with_content(/ example\.txt /) } + it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end + end +end diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 75c0e70b4c..f695d1d526 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -2,5 +2,16 @@ let :pre_condition do 'class { "apache": mpm_module => false, }' end - # TBD + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('event') } + it { should contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index be444c8496..d356a839d5 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -26,4 +26,16 @@ it { should contain_apache__mod('fcgid') } it { should contain_package("mod_fcgid") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fcgid') } + it { should contain_package("www/mod_fcgid") } + end end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index a057bf1dd8..21d253e98a 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -56,6 +56,24 @@ def general_info_specs it { should contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } end + context "On a FreeBSD OS with default params" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_info_specs() + + it { should contain_file("info.conf").with({ + :ensure => 'file', + :path => '/usr/local/etc/apache22/Modules/info.conf', + } ) } + end + context "with $allow_from => ['10.10.10.10','11.11.11.11']" do let :facts do { diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 7a0f7615ca..b531e942d8 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -16,4 +16,16 @@ it { should contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } it { should contain_package("apache2-mpm-itk") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('itk') } + it { should contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 3995dc9ddc..1d148b60c9 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -97,4 +97,16 @@ it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr\/share\/rubygems\/gems\/passenger-3.0.17$/) } it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/usr\/bin\/ruby$/) } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('passenger') } + it { should contain_package("www/rubygem-passenger") } + end end diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 0f76abbd90..27690e2a0f 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -26,4 +26,16 @@ it { should contain_apache__mod('perl') } it { should contain_package("mod_perl") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('perl') } + it { should contain_package("www/mod_perl2") } + end end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index 370d0fd2ba..3d4a608461 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -2,5 +2,16 @@ let :pre_condition do 'class { "apache": mpm_module => false, }' end - # TBD + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('peruser') } + it { should contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 69617fb03c..31a85a7bfc 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -69,4 +69,31 @@ ) } end end + describe "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + context "with mpm_module => prefork" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + it { should include_class('apache::params') } + it { should contain_apache__mod('php5') } + it { should contain_package("lang/php5") } + it { should contain_file('php5.load') } + end + # FIXME: not sure about the following context + context 'with mpm_module => worker' do + let :pre_condition do + 'class { "apache": mpm_module => worker, }' + end + it 'should raise an error' do + expect { subject.should contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + end + end + end end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index fa34a20c84..7148f787a7 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -32,4 +32,16 @@ }) } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('prefork') } + it { should contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index c257fe7461..10547d8330 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -30,4 +30,16 @@ it { should contain_apache__mod('proxy_html') } it { should contain_package("mod_proxy_html") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('proxy_html') } + it { should contain_package("www/mod_proxy_html") } + end end diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 09e8cc2f94..b29e4b5f89 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -26,4 +26,16 @@ it { should contain_apache__mod("python") } it { should contain_package("mod_python") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod("python") } + it { should contain_package("www/mod_python3") } + end end diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f58dde265c..b4e9255f05 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -38,4 +38,16 @@ it { should contain_apache__mod('ssl') } it { should_not contain_package('libapache2-mod-ssl') } end + + context 'on a FreeBSD OS' do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class('apache::params') } + it { should contain_apache__mod('ssl') } + end end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 7d55432753..4c504c01fb 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -29,4 +29,16 @@ it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } it { should contain_file_line("/etc/sysconfig/httpd worker enable") } end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('worker') } + it { should contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 30ef523e41..9549b1df7b 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -39,4 +39,16 @@ it {should contain_file('wsgi.conf').with_content(/^ WSGIPythonHome \/path\/to\/virtenv$/)} end end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('wsgi') } + it { should contain_package("www/mod_wsgi") } + end end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 836ac27b79..accc549462 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -90,4 +90,20 @@ ) } end + + context "on a FreeBSD 5 OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should contain_service("httpd").with( + 'name' => 'apache22', + 'ensure' => 'running', + 'enable' => 'true' + ) + } + end end diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 77c8dfd918..0bb5bf6b75 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -76,4 +76,30 @@ end end end + + context "on a FreeBSD osfamily" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + + describe "for non-special modules" do + let :title do + 'spec_m' + end + it { should include_class("apache::params") } + it "should manage the module load file" do + should contain_file('spec_m.load').with({ + :path => '/usr/local/etc/apache22/Modules/spec_m.load', + :content => "LoadModule spec_m_module /usr/local/libexec/apache22/mod_spec_m.so\n", + :owner => 'root', + :group => 'wheel', + :mode => '0644', + } ) + end + end + end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 988b7f1f07..2e43a47540 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -49,6 +49,23 @@ :target => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } end + context "on FreeBSD systems" do + let :default_facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + let :params do default_params end + let :facts do default_facts end + it { should include_class("apache") } + it { should include_class("apache::params") } + it { should contain_file("25-rspec.example.com.conf").with( + :ensure => 'present', + :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' + ) } + end end describe 'os-independent items' do let :facts do diff --git a/spec/system/class_spec.rb b/spec/system/class_spec.rb index 441331658c..0e9afe543c 100644 --- a/spec/system/class_spec.rb +++ b/spec/system/class_spec.rb @@ -8,6 +8,9 @@ when 'Debian' package_name = 'apache2' service_name = 'apache2' + when 'FreeBSD' + package_name = 'apache22' + service_name = 'apache22' end context 'default parameters' do diff --git a/spec/system/default_mods_spec.rb b/spec/system/default_mods_spec.rb index 95e57e844a..9134fbb92f 100644 --- a/spec/system/default_mods_spec.rb +++ b/spec/system/default_mods_spec.rb @@ -5,6 +5,8 @@ servicename = 'httpd' when 'Debian' servicename = 'apache2' +when 'FreeBSD' + servicename = 'apache22' else raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" end diff --git a/spec/system/itk_spec.rb b/spec/system/itk_spec.rb index fdbabb9fe6..2d8765cf0a 100644 --- a/spec/system/itk_spec.rb +++ b/spec/system/itk_spec.rb @@ -3,6 +3,8 @@ case node.facts['osfamily'] when 'Debian' service_name = 'apache2' +when 'FreeBSD' + service_name = 'apache22' else # Not implemented yet service_name = :skip diff --git a/spec/system/mod_php_spec.rb b/spec/system/mod_php_spec.rb index 71a806b6b9..9fad7c1487 100644 --- a/spec/system/mod_php_spec.rb +++ b/spec/system/mod_php_spec.rb @@ -3,11 +3,14 @@ describe 'apache::mod::php class' do case node.facts['osfamily'] when 'Debian' - mod_dir = '/etc/apache2/mods-available' + mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' when 'RedHat' - mod_dir = '/etc/httpd/conf.d' + mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' end context "default php config" do diff --git a/spec/system/prefork_worker_spec.rb b/spec/system/prefork_worker_spec.rb index b455d748fa..033e716197 100644 --- a/spec/system/prefork_worker_spec.rb +++ b/spec/system/prefork_worker_spec.rb @@ -5,6 +5,8 @@ servicename = 'httpd' when 'Debian' servicename = 'apache2' +when 'FreeBSD' + servicename = 'apache22' else raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" end diff --git a/spec/system/vhost_spec.rb b/spec/system/vhost_spec.rb index 72427a0176..f5fdd2fe34 100644 --- a/spec/system/vhost_spec.rb +++ b/spec/system/vhost_spec.rb @@ -6,6 +6,10 @@ vhost_dir = '/etc/httpd/conf.d' package_name = 'httpd' service_name = 'httpd' + when 'FreeBSD' + vhost_dir = '/usr/local/etc/apache22/Vhosts' + package_name = 'apache22' + service_name = 'apache22' when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' package_name = 'apache2' diff --git a/templates/confd/no-accf.conf.erb b/templates/confd/no-accf.conf.erb new file mode 100644 index 0000000000..10e51644ce --- /dev/null +++ b/templates/confd/no-accf.conf.erb @@ -0,0 +1,4 @@ + + AcceptFilter http none + AcceptFilter https none + diff --git a/tests/mod_load_params.pp b/tests/mod_load_params.pp new file mode 100644 index 0000000000..0e84c5efbf --- /dev/null +++ b/tests/mod_load_params.pp @@ -0,0 +1,11 @@ +# Tests the path and identifier parameters for the apache::mod class + +# Base class for clarity: +class { 'apache': } + + +# Exaple parameter usage: +apache::mod { 'testmod': + path => '/usr/some/path/mod_testmod.so', + id => 'testmod_custom_name', +} From ba6b57b159a4cd6ecf9786fe45d2535f1ffb64cd Mon Sep 17 00:00:00 2001 From: Daniel Beckham Date: Tue, 12 Nov 2013 14:44:11 -0600 Subject: [PATCH 0045/2267] Revert unnecessary `$default_ssl_vhost` validation change. The `validate_bool()` call was moved in 112437730f70e18daf3aed9cedffd0c46348204d making it FreeBSD centric, but it should be validated outside of any other condition. --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 57ea183841..60a1406702 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -56,6 +56,7 @@ ) inherits apache::params { validate_bool($default_vhost) + validate_bool($default_ssl_vhost) validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) @@ -80,7 +81,6 @@ name => $apache::params::apache_name, notify => Class['Apache::Service'], } - validate_bool($default_ssl_vhost) } validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) From 7de115bf8be601b814b024e00cd3b47a46ea32d8 Mon Sep 17 00:00:00 2001 From: Daniel Beckham Date: Tue, 12 Nov 2013 14:57:25 -0600 Subject: [PATCH 0046/2267] Fix spec test for `default_ssl_vhost => true` The spec test for `default_ssl_vhost => true` was retesting the test for `default_vhost => true` instead. --- spec/classes/apache_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a174c108d2..690cdaab0a 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -458,7 +458,7 @@ :default_ssl_vhost => true } end - it { should contain_apache__vhost('default').with_ensure('present') } + it { should contain_apache__vhost('default-ssl').with_ensure('present') } end end end From ca4f49bf5325451a77e56c87f63374d134c3783e Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Wed, 13 Nov 2013 13:23:51 +1300 Subject: [PATCH 0047/2267] need to use the provider variable not the provider key value from the directory hash for matches --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index a17327332b..335808e581 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -17,7 +17,7 @@ <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> - <%- if directory['provider'] == 'directory' %> + <%- if provider == 'Directory' %> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> <%- elsif provider == 'Directory' -%> From b4f89da0a5ef62caf6c6d7f52fcad29659b64557 Mon Sep 17 00:00:00 2001 From: Al Newkirk Date: Wed, 13 Nov 2013 07:12:55 -0500 Subject: [PATCH 0048/2267] Add ability to include additional external configurations in vhost --- README.md | 6 ++++++ manifests/vhost.pp | 2 ++ spec/defines/vhost_spec.rb | 14 ++++++++++++++ templates/vhost.conf.erb | 5 +++++ tests/vhost.pp | 9 ++++++++- 5 files changed, 35 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 603120f986..0e2ed873c0 100644 --- a/README.md +++ b/README.md @@ -742,6 +742,12 @@ Filename used to communicate with the web server. Defaults to 'undef'. Directory to enable for FastCGI. Defaults to 'undef'. +#####`additional_includes` + +Specifies paths to additional static vhost-specific Apache configuration files. +This option is useful when you need to implement a unique and/or custom +configuration not supported by this module. + #####`ip` The IP address the vhost listens on. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index a7717f38f6..94a5ac5207 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -131,6 +131,7 @@ $fastcgi_server = undef, $fastcgi_socket = undef, $fastcgi_dir = undef, + $additional_includes = [], ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -365,6 +366,7 @@ # - $error_log_destination # - $fallbackresource # - $custom_fragment + # - $additional_includes # block fragment: # - $block # directories fragment: diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2e43a47540..fea2c19a5c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -348,6 +348,20 @@ ' Alias /css /opt/someapp/css' ], }, + { + :title => 'should accept multiple additional includes', + :attr => 'additional_includes', + :value => [ + '/tmp/proxy_group_a', + '/tmp/proxy_group_b', + '/tmp/proxy_group_c', + ], + :match => [ + ' Include /tmp/proxy_group_a', + ' Include /tmp/proxy_group_b', + ' Include /tmp/proxy_group_c' + ], + }, { :title => 'should accept a suPHP_Engine', :attr => 'suphp_engine', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index e20be411ce..d7b58a57a8 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -26,6 +26,11 @@ ## Directories, there should at least be a declaration for <%= @docroot %> <%= scope.function_template(['apache/vhost/_directories.erb']) -%> + ## Load additional static includes +<% Array(@additional_includes).each do |include| %> + Include <%= include %> +<% end %> + ## Logging <% if @error_log -%> ErrorLog <%= @error_log_destination %> diff --git a/tests/vhost.pp b/tests/vhost.pp index 173316e034..153a213dd2 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -168,12 +168,20 @@ docroot => '/var/www/eighteenth', setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'], } + apache::vhost { 'nineteenth.example.com': port => '80', docroot => '/var/www/nineteenth', setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1', } +# Vhost with additional include files +apache::vhost { 'twentyieth.example.com': + port => '80', + docroot => '/var/www/twelfth', + additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'], +} + # Vhost with alias for subdomain mapped to same named directory # http://example.com.loc => /var/www/example.com apache::vhost { 'subdomain.loc': @@ -199,4 +207,3 @@ ssl_honorcipherorder => 'On', add_listen => 'false', } - From 02283f62a3ef5175dea57e5f0b53b8effa2a656d Mon Sep 17 00:00:00 2001 From: "anyone.can.test" Date: Wed, 6 Nov 2013 10:41:20 +0900 Subject: [PATCH 0049/2267] Add directives: IndexOptions, IndexOrderDefault --- README.md | 21 +++++++++++++++++++++ manifests/vhost.pp | 2 ++ templates/vhost/_directories.erb | 6 ++++++ 3 files changed, 29 insertions(+) diff --git a/README.md b/README.md index 603120f986..e2593d0f8b 100644 --- a/README.md +++ b/README.md @@ -595,6 +595,27 @@ Lists the options for the given `` block } ``` +######`index_options` + +Styles the list + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }], + } +``` + +######`index_order_default` +Sets the order of the list + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ], + } +``` + ######`order` Sets the order of processing `Allow` and `Deny` statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). An example: diff --git a/manifests/vhost.pp b/manifests/vhost.pp index a7717f38f6..0b667a07cb 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -86,6 +86,8 @@ $servername = $name, $serveraliases = [], $options = ['Indexes','FollowSymLinks','MultiViews'], + $index_options = [], + $index_order_default = [], $override = ['None'], $directoryindex = '', $vhost_name = '*', diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 335808e581..989680c50a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -18,6 +18,12 @@ Options <%= Array(directory['options']).join(' ') %> <%- end -%> <%- if provider == 'Directory' %> + <%- if directory['index_options'] -%> + IndexOptions <%= Array(directory['index_options']).join(' ') %> + <%- end -%> + <%- if directory['index_order_default'] -%> + IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> + <%- end -%> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> <%- elsif provider == 'Directory' -%> From 8d966e86ec59bb0d64543f3163c1637f7abc7c23 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Thu, 14 Nov 2013 11:12:53 +1300 Subject: [PATCH 0050/2267] Update spec tests for index_options and index_order_default parameters --- spec/defines/vhost_spec.rb | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2e43a47540..6428fd4942 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -391,14 +391,16 @@ :title => 'should accept directory directives hash', :attr => 'directories', :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow' => 'from rspec.org', - 'allow_override' => 'Lol', - 'deny' => 'from google.com', - 'options' => '-MultiViews', - 'order' => 'deny,yned', - 'passenger_enabled' => 'onf', + 'path' => '/opt/app', + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'allow' => 'from rspec.org', + 'allow_override' => 'Lol', + 'deny' => 'from google.com', + 'options' => '-MultiViews', + 'order' => 'deny,yned', + 'passenger_enabled' => 'onf', + 'index_options' => 'Index', + 'index_order_default' => 'none', }, :match => [ ' ', @@ -409,6 +411,8 @@ ' Options -MultiViews', ' Order deny,yned', ' PassengerEnabled onf', + ' IndexOptions Index', + ' IndexOrderDefault none', ' ', ], }, @@ -417,13 +421,15 @@ :attr => 'directories', :value => [ { - 'path' => '/opt/app1', - 'allow' => 'from rspec.org', - 'allow_override' => ['AuthConfig','Indexes'], - 'deny' => 'from google.com', - 'options' => ['-MultiViews','+MultiViews'], - 'order' => ['deny','yned'], - 'passenger_enabled' => 'onf', + 'path' => '/opt/app1', + 'allow' => 'from rspec.org', + 'allow_override' => ['AuthConfig','Indexes'], + 'deny' => 'from google.com', + 'options' => ['-MultiViews','+MultiViews'], + 'order' => ['deny','yned'], + 'passenger_enabled' => 'onf', + 'index_options' => ['up','down'], + 'index_order_default' => ['left','right'], }, { 'path' => '/opt/app2', @@ -441,6 +447,8 @@ ' Options -MultiViews +MultiViews', ' Order deny,yned', ' PassengerEnabled onf', + ' IndexOptions up down', + ' IndexOrderDefault left right', ' ', ' ', ' AllowOverride None', From ddd13af9d713c4b701e217f1804841b4c0efa7fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 16:00:45 +0100 Subject: [PATCH 0051/2267] update contributing to reflect modules workflow CONTRIBUTING has been dropped in from puppetlabs/puppet, with good intention I assume, however it does in no way reflect how we work on modules. * change all references from Redmine to refer to GitHub * Fix CLA links * remove the entire section for committers, we assume they know what they are doing... Further, we remove all contractions. Why? Because it reads easier. Finally we will need a section on how to write tests (and run them locally) because I'm getting sick of repeating myself. --- CONTRIBUTING.md | 213 ++++++++++-------------------------------------- 1 file changed, 45 insertions(+), 168 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5f0dbf14a5..4a3c1f21be 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -17,9 +17,8 @@ Checklist (and a short version for the impatient) description (50 characters is the soft limit, excluding ticket number(s)), and should skip the full stop. - - Associated the Redmine ticket in the message. The first line - should include the ticket number in the form "(#XXXX) Rest of - message". + - Associate the issue in the message. The first line should include + the issue number in the form "(#XXXX) Rest of message". - The body should provide a meaningful commit message, which: @@ -32,15 +31,19 @@ Checklist (and a short version for the impatient) - Make sure that you have tests for the bug you are fixing, or feature you are adding. - - Make sure the test suite passes after your commit (rake spec unit). + - Make sure the test suites passe after your commit: + `rake spec unit spec:system` More information on [testing](#Writing Tests) below + + - When introducing a new feature, make sure it is properly + documented in the README.md * Submission: * Pre-requisites: - - Make sure you have a [Redmine account](http://projects.puppetlabs.com) + - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Sign the [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) + - Make sure you have a [GitHub account](https://github.com/join) - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. @@ -58,23 +61,6 @@ Checklist (and a short version for the impatient) The long version ================ - 0. Decide what to base your work on. - - In general, you should always base your work on the oldest - branch that your change is relevant to. - - - A bug fix should be based on the current stable series. If the - bug is not present in the current stable release, then base it on - `master`. - - - A new feature should be based on `master`. - - - Security fixes should be based on the current maintenance series - (that is, the previous stable series). If the security issue - was not present in the maintenance series, then it should be - based on the current stable series if it was introduced there, - or on `master` if it is not yet present in a stable release. - 1. Make separate commits for logically separate changes. Please break your commits down into logically consistent units @@ -84,15 +70,15 @@ The long version your diff is to read, the more likely someone will be happy to review it and get it into the code base. - If you're going to refactor a piece of code, please do so as a + If you are going to refactor a piece of code, please do so as a separate commit from your feature or bug fix changes. We also really appreciate changes that include tests to make - sure the bug isn't re-introduced, and that the feature isn't + sure the bug is not re-introduced, and that the feature is not accidentally broken. Describe the technical detail of the change(s). If your - description starts to get too long, that's a good sign that you + description starts to get too long, that is a good sign that you probably need to split up your commit into more finely grained pieces. @@ -113,139 +99,42 @@ The long version Before we can accept your changes, we do need a signed Puppet Labs Contributor License Agreement (CLA). - You can access the CLA via the - [Contributor License Agreement link](https://projects.puppetlabs.com/contributor_licenses/sign) - in the top menu bar of our Redmine instance. Once you've signed - the CLA, a badge will show up next to your name on the - [Puppet Project Overview Page](http://projects.puppetlabs.com/projects/modules?jump=welcome), - and your name will be listed under "Contributor License Signers" - section. + You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) If you have any questions about the CLA, please feel free to contact Puppet Labs via email at cla-submissions@puppetlabs.com. 3. Sending your patches - We accept multiple ways of submitting your changes for - inclusion. They are listed below in order of preference. - - Please keep in mind that any method that involves sending email - to the mailing list directly requires you to be subscribed to - the mailing list, and that your first post to the list will be - held in a moderation queue. - - * GitHub Pull Requests - - To submit your changes via a GitHub pull request, we _highly_ - recommend that you have them on a topic branch, instead of - directly on "master" or one of the release, or RC branches. - It makes things much easier to keep track of, especially if - you decide to work on another thing before your first change - is merged in. - - GitHub has some pretty good - [general documentation](http://help.github.com/) on using - their site. They also have documentation on - [creating pull requests](http://help.github.com/send-pull-requests/). - - In general, after pushing your topic branch up to your - repository on GitHub, you'll switch to the branch in the - GitHub UI and click "Pull Request" towards the top of the page - in order to open a pull request. - - You'll want to make sure that you have the appropriate - destination branch in the repository under the puppetlabs - organization. This should be the same branch that you based - your changes off of. + To submit your changes via a GitHub pull request, we _highly_ + recommend that you have them on a topic branch, instead of + directly on "master" or one of the release. + It makes things much easier to keep track of, especially if + you decide to work on another thing before your first change + is merged in. - * Other pull requests + GitHub has some pretty good + [general documentation](http://help.github.com/) on using + their site. They also have documentation on + [creating pull requests](http://help.github.com/send-pull-requests/). - If you already have a publicly accessible version of the - repository hosted elsewhere, and don't wish to or cannot use - GitHub, you can submit your change by requesting that we pull - the changes from your repository by sending an email to the - puppet-dev Google Groups mailing list. + In general, after pushing your topic branch up to your + repository on GitHub, you can switch to the branch in the + GitHub UI and click "Pull Request" towards the top of the page + in order to open a pull request. - `git-request-pull(1)` provides a handy way to generate the text - for the email requesting that we pull your changes (and does - some helpful sanity checks in the process). - * Mailing patches to the mailing list + 4. Update the related GitHub issue. - If neither of the previous methods works for you, then you can - also mail the patches inline to the puppet-dev Google Group - using either `rake mail_patches`, or by using - `git-format-patch(1)`, and `git-send-email(1)` directly. - - `rake mail_patches` handles setting the appropriate flags to - `git-format-patch(1)` and `git-send-email(1)` for you, but - doesn't allow adding any commentary between the '---', and the - diffstat in the resulting email. It also requires that you - have created your topic branch in the form - `//`. - - If you decide to use `git-format-patch(1)` and - `git-send-email(1)` directly, please be sure to use the - following flags for `git-format-patch(1)`: -C -M -s -n - --subject-prefix='PATCH/puppet' - - * Attaching patches to Redmine - - As a method of last resort you can also directly attach the - output of `git-format-patch(1)`, or `git-diff(1)` to a Redmine - ticket. - - If you are generating the diff outside of Git, please be sure - to generate a unified diff. - - 4. Update the related Redmine ticket. - - If there's a Redmine ticket associated with the change you + If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the - location of your branch, and change the status to "In Topic - Branch Pending Merge", along with any other commentary you may - wish to make. - -How to track the status of your change after it's been submitted -================================================================ - -Shortly after opening a pull request on GitHub, there should be an -automatic message sent to the puppet-dev Google Groups mailing list -notifying people of this. This notification is used to let the Puppet -development community know about your requested change to give them a -chance to review, test, and comment on the change(s). - -If you submitted your change via manually sending a pull request or -mailing the patches, then we keep track of these using -[patchwork](https://patchwork.puppetlabs.com). When code is merged -into the project it is automatically removed from patchwork, and the -Redmine ticket is manually updated with the commit SHA1. In addition, -the ticket status must be updated by the person who merges the topic -branch to a status of "Merged - Pending Release" - -We do our best to comment on or merge submitted changes within a week. -However, if there hasn't been any commentary on the pull request or -mailed patches, and it hasn't been merged in after a week, then feel -free to ask for an update by replying on the mailing list to the -automatic notification or mailed patches. It probably wasn't -intentional, and probably just slipped through the cracks. + location of your branch, along with any other commentary you + may wish to make. -Additional Resources -==================== +Writing Tests +============= -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) - -* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) - -* [Bug tracker (Redmine)](http://projects.puppetlabs.com/projects/modules) - -* [Patchwork](https://patchwork.puppetlabs.com) - -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - -* [General GitHub documentation](http://help.github.com/) - -* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) +# XXX The stuff we always say about how to get started with tests If you have commit access to the repository =========================================== @@ -260,33 +149,21 @@ Having someone other than the author of the topic branch recorded as performing the merge is the record that they performed the code review. - * Merging topic branches - When merging code from a topic branch into the integration branch - (Ex: master, 2.7.x, 1.6.x, etc.), there should always be a merge - commit. You can accomplish this by always providing the `--no-ff` - flag to `git merge`. +Additional Resources +==================== - git merge --no-ff --log ticket/1234-fix-something-broken +* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) - The reason for always forcing this merge commit is that it - provides a consistent way to look up what changes & commits were - in a topic branch, whether that topic branch had one, or 500 - commits. For example, if the merge commit had an abbreviated - SHA-1 of `coffeebad`, then you could use the following `git log` - invocation to show you which commits it brought in: +* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) - git log coffeebad^1..coffeebad^2 +* [Bug tracker (Redmine)](http://projects.puppetlabs.com/projects/modules) - The following would show you which changes were made on the topic - branch: +* [Patchwork](https://patchwork.puppetlabs.com) - git diff coffeebad^1...coffeebad^2 +* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) + +* [General GitHub documentation](http://help.github.com/) + +* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) - Because we _always_ merge the topic branch into the integration - branch the first parent (`^1`) of a merge commit will be the most - recent commit on the integration branch from just before we merged - in the topic, and the second parent (`^2`) will always be the most - recent commit that was made in the topic branch. This also serves - as the record of who performed the code review, as mentioned - above. From c11bc56d8bd47e49cb8c0dc02664f336598e904e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 17:15:05 +0100 Subject: [PATCH 0052/2267] Ignore vim swap files --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index e41102bd82..5f67118b2a 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ vendor spec/fixtures .rspec_system .bundle +.sw* From eb7600a07016ad7edb4da4b33663dafd25556e14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 21:06:06 +0100 Subject: [PATCH 0053/2267] *really* ignore vim swap files. --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5f67118b2a..e8f52b4451 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ vendor spec/fixtures .rspec_system .bundle -.sw* +.*sw* From c638b73485b42b3f1077acbe87cc5bb3bf7be406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 21:07:36 +0100 Subject: [PATCH 0054/2267] tiny style fixes to CONTRIBUTING * we have no release branches, remove reference * remove contractions --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4a3c1f21be..eba6267e20 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -108,7 +108,7 @@ The long version To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of - directly on "master" or one of the release. + directly on "master". It makes things much easier to keep track of, especially if you decide to work on another thing before your first change is merged in. @@ -139,10 +139,10 @@ Writing Tests If you have commit access to the repository =========================================== -Even if you have commit access to the repository, you'll still need to +Even if you have commit access to the repository, you will still need to go through the process above, and have someone else review and merge in your changes. The rule is that all changes must be reviewed by a -developer on the project (that didn't write the code) to ensure that +developer on the project (that did not write the code) to ensure that all changes go through a code review process. Having someone other than the author of the topic branch recorded as From 4ed69ce472f741edbd0af853b5cefa21efac4d7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 22:56:53 +0100 Subject: [PATCH 0055/2267] getting started for writing tests some prerequisites and lots of links on how to get started *testing* puppet modules. Still outstanding: how to start writing tests. --- CONTRIBUTING.md | 66 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index eba6267e20..ecf012ce90 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -32,7 +32,7 @@ Checklist (and a short version for the impatient) feature you are adding. - Make sure the test suites passe after your commit: - `rake spec unit spec:system` More information on [testing](#Writing Tests) below + `rake spec spec:system` More information on [testing](#Testing) below - When introducing a new feature, make sure it is properly documented in the README.md @@ -131,10 +131,70 @@ The long version location of your branch, along with any other commentary you may wish to make. +Testing +======= + +Getting Started +--------------- + +Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby +package manager such as [bundler](http://bundler.io/) what Ruby packages, +or Gems, are required to build, develop, and test this software. + +Please make sure you have [bundler installed](http://bundler.io/#getting-started) +on your system, then use it to install all dependencies needed for this project, +by running + +```shell +% bundle install +Fetching gem metadata from https://rubygems.org/........ +Fetching gem metadata from https://rubygems.org/.. +Using rake (10.1.0) +Using builder (3.2.2) +-- 8><-- many more --><8 -- +Using rspec-system-puppet (2.2.0) +Using serverspec (0.6.3) +Using rspec-system-serverspec (1.0.0) +Using bundler (1.3.5) +Your bundle is complete! +Use `bundle show [gemname]` to see where a bundled gem is installed. +``` + +NOTE some systems may require you to run this command with sudo. + +With all dependencies installed we can now run the tests: + +```shell +% rake spec +``` + +This will execute all the [rspec tests](http://rspec-puppet.com/) tests +under [spec/defines](./spec/defines), [spec/classes](./spec/classes), +and so on. rspec tests may have the same kind of dependencies as the +module they are testing. While the module defines in its [Modulefile](./Modulefile), +rspec tests define them in [.fixtures.yml](./fixtures.yml). + +Some puppet modules also come with [rspec-system](https://github.com/puppetlabs/rspec-system) +tests. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/)) with, controlling it with +[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test +scenarios. In order to run these, you will need both of those tools +installed on your system. + +You can run them by issuing the following command + +```shell +% rake spec:system +``` + +This will now download a pre-fabricated image configured in [.nodeset.yml](./.nodeset.yml), +install puppet, copy this module and install its dependencies per [spec/spec_helper_system.rb](./spec/spec_helper_system.rb) +and then run all the tests under [spec/system](./spec/system). + Writing Tests -============= +------------- -# XXX The stuff we always say about how to get started with tests +XXX getting started writing tests. If you have commit access to the repository =========================================== From 8c57377cd3c2610302166624f7c4c93227adbd3c Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Fri, 15 Nov 2013 06:16:50 +0100 Subject: [PATCH 0056/2267] Don't listen on port or set NameVirtualHost for non-existent vhost Apache should not listen on ports or define NameVirtualHost directives for which there is no virtual host defined. Discussed in isse #465. --- manifests/vhost.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 912903c4ce..4d33de9309 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -175,7 +175,7 @@ validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') } - if $ssl { + if $ssl and $ensure == 'present' { include apache::mod::ssl # Required for the AddType lines. include apache::mod::mime @@ -270,12 +270,12 @@ if $ip and defined(Apache::Listen[$port]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } - if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port { + if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port and $ensure == 'present' { apache::listen { $listen_addr_port: } } } if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' { apache::namevirtualhost { $nvh_addr_port: } } } From ea61f6ea3a326a476e2b919efbf7c173869c5528 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 14 Nov 2013 18:39:39 +0100 Subject: [PATCH 0057/2267] Add mod_rpaf support From apt-cache show libapache2-mod-rpaf: Rpaf is short for reverse proxy add forward. It changes the remote address of the client visible to other Apache modules when two conditions are satisfied. First condition is that the remote client is actually a proxy that is defined in httpd.conf. Secondly if there is an incoming X-Forwarded-For header and the proxy is in its list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure. --- README.md | 1 + manifests/mod/rpaf.pp | 20 +++++++++++++++++ manifests/params.pp | 7 +++--- spec/classes/mod/rpaf_spec.rb | 42 +++++++++++++++++++++++++++++++++++ templates/mod/rpaf.conf.erb | 15 +++++++++++++ 5 files changed, 82 insertions(+), 3 deletions(-) create mode 100644 manifests/mod/rpaf.pp create mode 100644 spec/classes/mod/rpaf_spec.rb create mode 100644 templates/mod/rpaf.conf.erb diff --git a/README.md b/README.md index 717a8553e8..2f991ddc28 100644 --- a/README.md +++ b/README.md @@ -392,6 +392,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `python` * `reqtimeout` * `rewrite` +* `rpaf`* * `setenvif` * `ssl`* (see [apache::mod::ssl](#class-apachemodssl) below) * `status`* diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp new file mode 100644 index 0000000000..94dc31ccac --- /dev/null +++ b/manifests/mod/rpaf.pp @@ -0,0 +1,20 @@ +class apache::mod::rpaf ( + $sethostname = true, + $proxy_ips = [ '127.0.0.1' ], + $header = 'X-Forwarded-For' +) { + apache::mod { 'rpaf': } + + # Template uses: + # - $sethostname + # - $proxy_ips + # - $header + file { 'rpaf.conf': + ensure => file, + path => "${apache::mod_dir}/rpaf.conf", + content => template('apache/mod/rpaf.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], + } +} diff --git a/manifests/params.pp b/manifests/params.pp index dc26d6d225..f968d3e5eb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -120,18 +120,19 @@ $mod_packages = { 'auth_kerb' => 'libapache2-mod-auth-kerb', 'authnz_ldap' => 'libapache2-mod-authz-ldap', + 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', + 'nss' => 'libapache2-mod-nss', 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', 'php5' => 'libapache2-mod-php5', 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', - 'wsgi' => 'libapache2-mod-wsgi', - 'dav_svn' => 'libapache2-svn', + 'rpaf' => 'libapache2-mod-rpaf', 'suphp' => 'libapache2-mod-suphp', + 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', - 'nss' => 'libapache2-mod-nss', } $mod_libs = { 'php5' => 'libphp5.so', diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb new file mode 100644 index 0000000000..57c8da36b8 --- /dev/null +++ b/spec/classes/mod/rpaf_spec.rb @@ -0,0 +1,42 @@ +describe 'apache::mod::rpaf', :type => :class do + let :pre_condition do + [ + 'include apache', + ] + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('rpaf') } + it { should contain_package("libapache2-mod-rpaf") } + it { should contain_file('rpaf.conf').with({ + 'path' => '/etc/apache2/mods-available/rpaf.conf', + }) } + it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + + describe "with sethostname => true" do + let :params do + { :sethostname => 'true' } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + end + describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do + let :params do + { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + end + describe "with header => X-Real-IP" do + let :params do + { :header => 'X-Real-IP' } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + end + end +end diff --git a/templates/mod/rpaf.conf.erb b/templates/mod/rpaf.conf.erb new file mode 100644 index 0000000000..56e2398b55 --- /dev/null +++ b/templates/mod/rpaf.conf.erb @@ -0,0 +1,15 @@ +# Enable reverse proxy add forward +RPAFenable On +# RPAFsethostname will, when enabled, take the incoming X-Host header and +# update the virtual host settings accordingly. This allows to have the same +# hostnames as in the "real" configuration for the forwarding proxy. +<% if @sethostname -%> +RPAFsethostname On +<% else -%> +RPAFsethostname Off +<% end -%> +# Which IPs are forwarding requests to us +RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %> +# Setting RPAFheader allows you to change the header name to parse from the +# default X-Forwarded-For to something of your choice. +RPAFheader <%= @header %> From b2846594cf0eaf8dc448272de526aa15553545d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Tomulik?= Date: Fri, 15 Nov 2013 23:06:07 +0100 Subject: [PATCH 0058/2267] added FreeBSD support to mod_rpaf --- manifests/.params.pp.swp | Bin 16384 -> 0 bytes manifests/params.pp | 1 + spec/classes/mod/rpaf_spec.rb | 35 ++++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) delete mode 100644 manifests/.params.pp.swp diff --git a/manifests/.params.pp.swp b/manifests/.params.pp.swp deleted file mode 100644 index 8dee9947fc03a0cda259981cd033541963871ecd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeHOU5F${9WUcY{5mfh{6HmEc1Pwe?#$fo<`NuS<7o^hoOs@Og5F0{GhH*&w>{l` zT{W|}x7h?Vf*?Ub@}dwliZ4Ehd64*^5rV!1KM?Uj5D~>Y1Tly{oCNguudeEz=^ke< zFQU*5zn!V7-~XfjRb5^6pWfcFPk!X1{Qma64A&iuJ@MB4Gyiz(o$MR0U@Xz`coGKN z)U@orE+a7TWJ4qT}mVK={$s|dnZjEDq5=vJLMNhRvBKjlQ8H*?wNJUhUim_@Z zNv^N{Qb(YUz)Ok1A-1`(evBkmSMKI_zUkac5w5v)1nLOX5vU_jN1%>C9f3Lmbp+}N z{GUfaC%3Uj(TCe?KL+;mWu?!T+wwj3b69G(#rmU;KplZP0(AuH2-Fd%BTz@6jzArO zIs$bB>Il>k_#cdb@ELn0{Q5o}`0@L{JOAG}%-ElRXMrC8-vJ&6E(3P~hk)nbz}T07 z2Z0w4G4@a3ufSh`-vhq`eh&N;_#W_a;BCOo*E9A9U=P>v(VC$H23| z*MZLhec&Q+6u2F@fn>^0fTw^*feXME@DAW65;4C7z72dH_%zS}UcmU!7(L?>GaOfA zI*OI{{2-+gU0Zymu{Y8>@u_ydqXI4QF2z&?c&Q?kD~w1Dyl&yih$^gXSquc#${7BP z%#5L`DI-(1)Q_WqafR&CRklQgwzENn+1`NN$UDPGyrE<|m8qA;v8FO9Y<8sXce3|I zHkyno3n?nmwU|cQg1+=3F_w-tuP7@O1X485AXmI$8c!0V!I+{t>&a}3GqJO?)AEHD zmNJ1GRyO;9jakY*m!S#bR47`_goTu{K4l+Uw&NuW zmP3YUo|D3Q%_A1{#lNz%vn2X7&t|_ zCR3SHlnQf3PNB+zF$#LUIFxz>BDtfAiky_}>QQXn$<^4(f|SNrcfFAwlS$Vxyp825 z9dX}%;T*F^OhRqg6qTZ-iScrsrvcl{+nQ9&I|VxpKTtZAp%hB;2kgLMQY11hI-mPP zmCj5v5elO=lqu=UDS2hi8({AH&ZgsKl?5leMGCiR{Ox^HSQHaIimrK~FE9t3CaSb` zxjL%zwrQ%*xK>nVJTrOmGTXKo%3=b$$=fiq%A7=)7Mh`*75;{?7rx!#Wsh^KWv?$&t!9^YvPsK!vK@4Es5*vV1?-ITNN`(PFUtZ+8ceYW zb;7tWLV66gL0zDL6q|mQ6&Q;%;{DVG$(K_spp^k@n&qv9RvB7D<7Dh%3gO*F8%p|s zp(K@qINi3axdqt~!OA3+W5sw>xTo3-t1}fT+#F`Bt0gBf#gkSt$25lV@ORJ9{f^<7 z)!075O;bsRye*b(tG%+VAR|kk+;kt!?G6rv#$_iagClNdyH|OJzed-%j}b|DeHFWj-wJWXnP{vE+mV3K^$E1Bani@ z5lB(t=&arWHl{~bJ``d(KX3O{-EQ`#Z}Vc8pNsHa(MFYDpxw{Bv-Ww?<&C}n)V9BJ z)EMV?&p(1_%QW{)LZ@PtdLm85?)hUEsW~rW(x@a1H1%My3v12u7djW(7n@{lm49Ls zD83VfA@50koFaW6k0YK%evJw#-x*1HZI`OEZQL4P-=O*{6A@_LzDb1> zW>D5R7R@&6Q^0sO7hJp$)>XF3&kF3$BtNI{xapdjGxEwLNTte3C;B>wBU@;}RmmIX z&cYupBds`m*Qm|Q@xYW%m>06C8c(VTO&WMbs|k!+J$CM6g>*{HJeXHt*3UQ@!xqQN zn2I#ObJ4E1g)UnBZRHYWXV0FhisG@iOw?)BBcVC=KGVRLK0kf(G>l`rLmQQ#H=*to z-q@a*?%4RucFn28$-1RU!|43~8Jve7!Wo&)|M%D&#q&7de-lu^N#M=E z-*L`=3g`nXz)hUxe*-)Xd;ti72Y`12f5X}Rhrr{&CEz{4i#WIc4EPFg8F(LXC-6s{ z+rJAu20Q}zz(c?XfWyEG@a^NO6*PdT&W;Z*r%%7>MnO!=an!G^JbD8gs%VWV8oL;KA-erki z=v$WMMRT?TUY_F3vVN2?!^WNp%Tl;51D3@tPY{#yxU7=Q>IVITXlr>U7Zzv9x02K? ziI^-}kp*ZWqY3Ol~(5 zsitw=1YVHBb;%hiiGxnR05D znkg-d)A#a}>@3lxVjc!JwvJX(vRnK-EixiWaZ(T0 zDJ$DtGwTkj@}gT2Y(CboD7S<4v68xlLp#XX;&+CO0PV%kXe2@&Q;5;v#|ZmZJdc&*+nbvyIpZaG1k{UV(Iw)<~>tdr9K diff --git a/manifests/params.pp b/manifests/params.pp index f968d3e5eb..29fb43e581 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -188,6 +188,7 @@ 'wsgi' => 'www/mod_wsgi', 'dav_svn' => 'devel/subversion', 'xsendfile' => 'www/mod_xsendfile', + 'rpaf' => 'www/mod_rpaf2' } $mod_libs = { 'php5' => 'libphp5.so', diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 57c8da36b8..4f08fd81e5 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -20,6 +20,41 @@ }) } it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + describe "with sethostname => true" do + let :params do + { :sethostname => 'true' } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + end + describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do + let :params do + { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + end + describe "with header => X-Real-IP" do + let :params do + { :header => 'X-Real-IP' } + end + it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + end + end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('rpaf') } + it { should contain_package("www/mod_rpaf2") } + it { should contain_file('rpaf.conf').with({ + 'path' => '/usr/local/etc/apache22/Modules/rpaf.conf', + }) } + it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + describe "with sethostname => true" do let :params do { :sethostname => 'true' } From 9ad3e70c06584b070c03e9e8d0e46a5e98752251 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Thu, 14 Nov 2013 11:57:50 +1300 Subject: [PATCH 0059/2267] Reworking broken match and notmatch code make all matches and notmatches arrays of regex and exact match strings ...because consistency and explicitness --- spec/defines/vhost_spec.rb | 293 ++++++++++++++++++------------------- 1 file changed, 145 insertions(+), 148 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8b2317d7f8..0257b2e0e8 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -83,55 +83,62 @@ it { should contain_apache__namevirtualhost("*:#{params[:port]}") } end + # All match and notmatch should be a list of regexs and exact match strings context ".conf content" do [ { :title => 'should contain docroot', :attr => 'docroot', :value => '/not/default', - :match => [' DocumentRoot /not/default',' '], + :match => [/^ DocumentRoot \/not\/default$/,/ /], }, { :title => 'should set a port', :attr => 'port', :value => '8080', - :match => '', + :match => [/^$/], }, { :title => 'should set an ip', :attr => 'ip', :value => '10.0.0.1', - :match => '', + :match => [/^$/], }, { :title => 'should set a serveradmin', :attr => 'serveradmin', :value => 'test@test.com', - :match => ' ServerAdmin test@test.com' + :match => [/^ ServerAdmin test@test.com$/], }, { :title => 'should enable ssl', :attr => 'ssl', :value => true, - :match => ' SSLEngine on', + :match => [/^ SSLEngine on$/], }, { :title => 'should set a servername', :attr => 'servername', :value => 'param.test', - :match => ' ServerName param.test', + :match => [/^ ServerName param.test$/], }, { :title => 'should accept server aliases', :attr => 'serveraliases', :value => ['one.com','two.com'], - :match => [' ServerAlias one.com',' ServerAlias two.com'], + :match => [ + /^ ServerAlias one\.com$/, + /^ ServerAlias two\.com$/ + ], }, { :title => 'should accept setenv', :attr => 'setenv', :value => ['TEST1 one','TEST2 two'], - :match => [' SetEnv TEST1 one',' SetEnv TEST2 two'], + :match => [ + /^ SetEnv TEST1 one$/, + /^ SetEnv TEST2 two$/ + ], }, { :title => 'should accept setenvif', @@ -146,13 +153,13 @@ :title => 'should accept options', :attr => 'options', :value => ['Fake','Options'], - :match => ' Options Fake Options', + :match => [/^ Options Fake Options$/], }, { :title => 'should accept overrides', :attr => 'override', :value => ['Fake', 'Override'], - :match => ' AllowOverride Fake Override', + :match => [/^ AllowOverride Fake Override$/], }, { :title => 'should accept logroot', @@ -164,62 +171,62 @@ :title => 'should accept pipe destination for access log', :attr => 'access_log_pipe', :value => '| /bin/fake/logging', - :match => /CustomLog "| \/bin\/fake\/logging" combined$/, + :match => [/CustomLog "| \/bin\/fake\/logging" combined$/], }, { :title => 'should accept pipe destination for error log', :attr => 'error_log_pipe', :value => '| /bin/fake/logging', - :match => /ErrorLog "| \/bin\/fake\/logging" combined$/, + :match => [/ErrorLog "| \/bin\/fake\/logging" combined$/], }, { :title => 'should accept syslog destination for access log', :attr => 'access_log_syslog', :value => 'syslog:local1', - :match => /CustomLog syslog:local1 combined$/, + :match => [/CustomLog syslog:local1 combined$/], }, { :title => 'should accept syslog destination for error log', :attr => 'error_log_syslog', :value => 'syslog', - :match => /ErrorLog syslog$/, + :match => [/ErrorLog syslog$/], }, { :title => 'should accept custom format for access logs', :attr => 'access_log_format', :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', - :match => /CustomLog \/var\/log\/.+_access\.log "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/, + :match => [/CustomLog \/var\/log\/.+_access\.log "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], }, { :title => 'should contain access logs', :attr => 'access_log', :value => true, - :match => /CustomLog \/var\/log\/.+_access\.log combined$/, + :match => [/CustomLog \/var\/log\/.+_access\.log combined$/], }, { :title => 'should not contain access logs', :attr => 'access_log', :value => false, - :notmatch => /CustomLog \/var\/log\/.+_access\.log combined$/, + :notmatch => [/CustomLog \/var\/log\/.+_access\.log combined$/], }, { :title => 'should contain error logs', :attr => 'error_log', :value => true, - :match => /ErrorLog.+$/, + :match => [/ErrorLog.+$/], }, { :title => 'should not contain error logs', :attr => 'error_log', :value => false, - :notmatch => /ErrorLog.+$/, + :notmatch => [/ErrorLog.+$/], }, { :title => 'should accept a scriptalias', :attr => 'scriptalias', :value => '/usr/scripts', :match => [ - ' ScriptAlias /cgi-bin/ "/usr/scripts/"', + /^ ScriptAlias \/cgi-bin\/ "\/usr\/scripts\/"$/, ' ', ], }, @@ -228,43 +235,43 @@ :attr => 'scriptaliases', :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ - ' ScriptAlias /blah/ "/usr/scripts/"', + /^ ScriptAlias \/blah\/ "\/usr\/scripts\/"$/, ' ', ], - :nomatch => /ScriptAlias \/cgi\-bin\// + :nomatch => [/ScriptAlias \/cgi\-bin\//], }, { :title => 'should accept multiple scriptaliases', :attr => 'scriptaliases', :value => [ { 'alias' => '/blah/', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts' } ], :match => [ - ' ScriptAlias /blah/ "/usr/scripts/"', - ' ScriptAlias /blah2/ "/usr/scripts/"', + /^ ScriptAlias \/blah\/ "\/usr\/scripts\/"$/, + /^ ScriptAlias \/blah2\/ "\/usr\/scripts\/"$/, ' ', ], - :nomatch => /ScriptAlias \/cgi\-bin\// + :nomatch => [/ScriptAlias \/cgi\-bin\//], }, { :title => 'should accept proxy destinations', :attr => 'proxy_dest', :value => 'http://fake.com', :match => [ - ' ProxyPass / http://fake.com/', - ' ', - ' ProxyPassReverse /', - ' ', + /^ ProxyPass \/ http:\/\/fake.com\/$/, + /^ $/, + /^ ProxyPassReverse \/$/, + /^ <\/Location>$/, ], - :notmatch => /ProxyPass .+!$/, + :notmatch => [/ProxyPass .+!$/], }, { :title => 'should accept proxy_pass hash', :attr => 'proxy_pass', :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, :match => [ - ' ProxyPass /path-a http://fake.com/a/', - ' ProxyPassReverse /path-a http://fake.com/a/', + /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, + /^ ProxyPassReverse \/path-a http:\/\/fake.com\/a\/$/, ], - :notmatch => /ProxyPass .+!$/, + :notmatch => [/ProxyPass .+!$/], }, { :title => 'should accept proxy_pass array of hash', @@ -274,65 +281,68 @@ { 'path' => '/path-b', 'url' => 'http://fake.com/b/' }, ], :match => [ - ' ProxyPass /path-a http://fake.com/a/', - ' ', - ' ProxyPassReverse /', - ' ', - ' ProxyPass /path-b http://fake.com/b/', - ' ', - ' ProxyPassReverse /', - ' ', + /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, + /^ $/, + /^ ProxyPassReverse \/$/, + /^ <\/Location>$/, + /^ ProxyPass \/path-b http:\/\/fake.com\/b\/$/, + /^ $/, + /^ ProxyPassReverse \/$/, + /^ <\/Location>$/, ], - :notmatch => /ProxyPass .+!$/, + :notmatch => [/ProxyPass .+!$/], }, { :title => 'should enable rack', :attr => 'rack_base_uris', :value => ['/rack1','/rack2'], - :match => [' RackBaseURI /rack1',' RackBaseURI /rack2'], + :match => [ + /^ RackBaseURI \/rack1$/, + /^ RackBaseURI \/rack2$/, + ], }, { :title => 'should accept request headers', :attr => 'request_headers', :value => ['append something', 'unset something_else'], :match => [ - ' RequestHeader append something', - ' RequestHeader unset something_else', + /^ RequestHeader append something$/, + /^ RequestHeader unset something_else$/, ], }, { :title => 'should accept rewrite rules', :attr => 'rewrite_rule', :value => 'not a real rule', - :match => ' RewriteRule not a real rule', + :match => [/^ RewriteRule not a real rule$/], }, { :title => 'should block scm', :attr => 'block', :value => 'scm', - :match => ' ', + :match => [' '], }, { :title => 'should accept a custom fragment', :attr => 'custom_fragment', :value => " Some custom fragment line\n That spans multiple lines", :match => [ - ' Some custom fragment line', - ' That spans multiple lines', - '', + /^ Some custom fragment line$/, + /^ That spans multiple lines$/, + /^<\/VirtualHost>$/, ], }, { :title => 'should accept an array of alias hashes', :attr => 'aliases', :value => [ { 'alias' => '/', 'path' => '/var/www'} ], - :match => ' Alias / /var/www', + :match => [/^ Alias \/ \/var\/www$/], }, { :title => 'should accept an alias hash', :attr => 'aliases', :value => { 'alias' => '/', 'path' => '/var/www'}, - :match => ' Alias / /var/www', + :match => [/^ Alias \/ \/var\/www$/], }, { :title => 'should accept multiple aliases', @@ -343,36 +353,22 @@ { 'alias' => '/css', 'path' => '/opt/someapp/css'}, ], :match => [ - ' Alias / /var/www', - ' Alias /cgi-bin /var/www/cgi-bin', - ' Alias /css /opt/someapp/css' - ], - }, - { - :title => 'should accept multiple additional includes', - :attr => 'additional_includes', - :value => [ - '/tmp/proxy_group_a', - '/tmp/proxy_group_b', - '/tmp/proxy_group_c', - ], - :match => [ - ' Include /tmp/proxy_group_a', - ' Include /tmp/proxy_group_b', - ' Include /tmp/proxy_group_c' + /^ Alias \/ \/var\/www$/, + /^ Alias \/cgi-bin \/var\/www\/cgi-bin$/, + /^ Alias \/css \/opt\/someapp\/css$/, ], }, { :title => 'should accept a suPHP_Engine', :attr => 'suphp_engine', :value => 'on', - :match => ' suPHP_Engine on', + :match => [/^ suPHP_Engine on$/], }, { :title => 'should accept a wsgi script alias', :attr => 'wsgi_script_aliases', :value => { '/' => '/var/www/myapp.wsgi'}, - :match => ' WSGIScriptAlias / /var/www/myapp.wsgi', + :match => [/^ WSGIScriptAlias \/ \/var\/www\/myapp.wsgi$/], }, { :title => 'should accept multiple wsgi aliases', @@ -383,9 +379,9 @@ '/' => '/usr/local/wsgi/scripts/myapp.wsgi', }, :match => [ - ' WSGIScriptAlias /wiki /usr/local/wsgi/scripts/mywiki.wsgi', - ' WSGIScriptAlias /blog /usr/local/wsgi/scripts/myblog.wsgi', - ' WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi' + /^ WSGIScriptAlias \/wiki \/usr\/local\/wsgi\/scripts\/mywiki.wsgi$/, + /^ WSGIScriptAlias \/blog \/usr\/local\/wsgi\/scripts\/myblog.wsgi$/, + /^ WSGIScriptAlias \/ \/usr\/local\/wsgi\/scripts\/myapp.wsgi$/, ], }, { @@ -394,40 +390,36 @@ :value => { 'path' => '/opt/app' }, :notmatch => ' ', :match => [ - ' ', - ' AllowOverride None', - ' Order allow,deny', - ' Allow from all', - ' ', + /^ $/, + /^ AllowOverride None$/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/Directory>$/, ], }, { :title => 'should accept directory directives hash', :attr => 'directories', :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow' => 'from rspec.org', - 'allow_override' => 'Lol', - 'deny' => 'from google.com', - 'options' => '-MultiViews', - 'order' => 'deny,yned', - 'passenger_enabled' => 'onf', - 'index_options' => 'Index', - 'index_order_default' => 'none', + 'path' => '/opt/app', + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'allow' => 'from rspec.org', + 'allow_override' => 'Lol', + 'deny' => 'from google.com', + 'options' => '-MultiViews', + 'order' => 'deny,yned', + 'passenger_enabled' => 'onf', }, :match => [ - ' ', - ' Header Set X-Robots-Tag "noindex, noarchive, nosnippet"', - ' Allow from rspec.org', - ' AllowOverride Lol', - ' Deny from google.com', - ' Options -MultiViews', - ' Order deny,yned', - ' PassengerEnabled onf', - ' IndexOptions Index', - ' IndexOrderDefault none', - ' ', + /^ $/, + /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, + /^ Allow from rspec.org$/, + /^ AllowOverride Lol$/, + /^ Deny from google.com$/, + /^ Options -MultiViews$/, + /^ Order deny,yned$/, + /^ PassengerEnabled onf$/, + /^ <\/Directory>$/, ], }, { @@ -435,15 +427,13 @@ :attr => 'directories', :value => [ { - 'path' => '/opt/app1', - 'allow' => 'from rspec.org', - 'allow_override' => ['AuthConfig','Indexes'], - 'deny' => 'from google.com', - 'options' => ['-MultiViews','+MultiViews'], - 'order' => ['deny','yned'], - 'passenger_enabled' => 'onf', - 'index_options' => ['up','down'], - 'index_order_default' => ['left','right'], + 'path' => '/opt/app1', + 'allow' => 'from rspec.org', + 'allow_override' => ['AuthConfig','Indexes'], + 'deny' => 'from google.com', + 'options' => ['-MultiViews','+MultiViews'], + 'order' => ['deny','yned'], + 'passenger_enabled' => 'onf', }, { 'path' => '/opt/app2', @@ -454,22 +444,20 @@ }, ], :match => [ - ' ', - ' Allow from rspec.org', - ' AllowOverride AuthConfig Indexes', - ' Deny from google.com', - ' Options -MultiViews +MultiViews', - ' Order deny,yned', - ' PassengerEnabled onf', - ' IndexOptions up down', - ' IndexOrderDefault left right', - ' ', - ' ', - ' AllowOverride None', - ' Order allow,deny', - ' Allow from all', - ' AddHandler cgi-script .cgi', - ' ', + /^ $/, + /^ Allow from rspec.org$/, + /^ AllowOverride AuthConfig Indexes$/, + /^ Deny from google.com$/, + /^ Options -MultiViews +MultiViews$/, + /^ Order deny,yned$/, + /^ PassengerEnabled onf$/, + /^ <\/Directory>$/, + /^ $/, + /^ AllowOverride None$/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ AddHandler cgi-script .cgi$/, + /^ <\/Directory>$/, ], }, { @@ -481,9 +469,9 @@ { 'path' => '/rspec/docroot'} ], :match => [ - ' ', - ' ', - ' ', + /^ $/, + /^ $/, + /^ $/, ], }, { @@ -495,10 +483,10 @@ }, :notmatch => ' AllowOverride None', :match => [ - ' ', - ' Order allow,deny', - ' Allow from all', - ' ', + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/Location>$/, ], }, { @@ -510,10 +498,10 @@ }, :notmatch => ' AllowOverride None', :match => [ - ' ', - ' Order allow,deny', - ' Allow from all', - ' ', + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/Files>$/, ], }, { @@ -521,50 +509,50 @@ :attr => 'virtual_docroot', :value => '/not/default', :match => [ - ' VirtualDocumentRoot /not/default', + /^ VirtualDocumentRoot \/not\/default$/, ], }, { :title => 'should accept setting SSLProtocol', :attr => 'ssl_protocol', :value => 'all -SSLv2', - :match => ' SSLProtocol all -SSLv2', + :match => [/^ SSLProtocol all -SSLv2$/], }, { :title => 'should accept setting SSLCipherSuite', :attr => 'ssl_cipher', :value => 'RC4-SHA:HIGH:!ADH:!SSLv2', - :match => ' SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2', + :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], }, { :title => 'should accept setting SSLHonorCipherOrder', :attr => 'ssl_honorcipherorder', :value => 'On', - :match => ' SSLHonorCipherOrder On' + :match => [/^ SSLHonorCipherOrder On$/], }, { :title => 'should accept setting SSLVerifyClient', :attr => 'ssl_verify_client', :value => 'optional', - :match => /SSLVerifyClient\w+optional/ + :match => [/SSLVerifyClient\w+optional/], }, { :title => 'should accept setting SSLVerifyDepth', :attr => 'ssl_verify_depth', :value => '1', - :match => /SSLVerifyDepth\w+1/ + :match => [/SSLVerifyDepth\w+1/], }, { :title => 'should accept setting SSLOptions with a string', :attr => 'ssl_options', :value => '+ExportCertData', - :match => /SSLOptions\w+\+ExportCertData/ + :match => [/SSLOptions\w+\+ExportCertData/], }, { :title => 'should accept setting SSLOptions with an array', :attr => 'ssl_options', :value => ['+StdEnvVars','+ExportCertData'], - :match => /SSLOptions\w+\+StdEnvVars\w+\+ExportCertData/ + :match => [/SSLOptions\w+\+StdEnvVars\w+\+ExportCertData/], }, ].each do |param| @@ -572,10 +560,19 @@ let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end it { should contain_file("25-#{title}.conf").with_mode('0644') } - it param[:title] do - lines = subject.resource('file', "25-#{title}.conf").send(:parameters)[:content].split("\n") - (Array(param[:match]).collect { |x| (lines.grep x).first }.length).should == Array(param[:match]).length - (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + if param[:match] + it "#{param[:title]}: matches" do + param[:match].each do |match| + should contain_file("25-#{title}.conf").with_content( match ) + end + end + end + if param[:notmatch] + it "#{param[:title]}: notmatches" do + param[:notmatch].each do |notmatch| + should_not contain_file("25-#{title}.conf").with_content( notmatch ) + end + end end end end From 8d8896c7c33c12ac43583742e13602b9c48409d9 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 15 Nov 2013 16:25:55 +1300 Subject: [PATCH 0060/2267] remove unecessary " from around paths in Directory and ScriptAlias declarations --- spec/defines/vhost_spec.rb | 12 ++++++------ templates/vhost/_scriptalias.erb | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 0257b2e0e8..47d9a8d7b2 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -227,7 +227,7 @@ :value => '/usr/scripts', :match => [ /^ ScriptAlias \/cgi-bin\/ "\/usr\/scripts\/"$/, - ' ', + ' ', ], }, { @@ -235,8 +235,8 @@ :attr => 'scriptaliases', :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ - /^ ScriptAlias \/blah\/ "\/usr\/scripts\/"$/, - ' ', + /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, + ' ', ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -245,9 +245,9 @@ :attr => 'scriptaliases', :value => [ { 'alias' => '/blah/', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts' } ], :match => [ - /^ ScriptAlias \/blah\/ "\/usr\/scripts\/"$/, - /^ ScriptAlias \/blah2\/ "\/usr\/scripts\/"$/, - ' ', + /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, + /^ ScriptAlias \/blah2\/ \/usr\/scripts\/$/, + ' ', ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index 098d495dd2..77756d7f2b 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -16,11 +16,11 @@ <% dirs = aliases.map { |h| h['path'] }.uniq.compact -%> <% aliases.each do |salias| -%> ## Script alias directives - ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>/" + ScriptAlias <%= salias['alias'] %> <%= salias['path'] %>/ <% end -%> <% dirs.sort.each do |dir| -%> - "> + > AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny From 816b6299ff24aab3c9341ac6d378099e71e32179 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 15 Nov 2013 16:34:08 +1300 Subject: [PATCH 0061/2267] Fixing incorrect match strings and regexes --- spec/defines/vhost_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 47d9a8d7b2..fd6cd8b519 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -269,7 +269,7 @@ :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, :match => [ /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, - /^ ProxyPassReverse \/path-a http:\/\/fake.com\/a\/$/, + /^ ProxyPassReverse \/$/, ], :notmatch => [/ProxyPass .+!$/], }, @@ -282,7 +282,7 @@ ], :match => [ /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, - /^ $/, + /^ $/, /^ ProxyPassReverse \/$/, /^ <\/Location>$/, /^ ProxyPass \/path-b http:\/\/fake.com\/b\/$/, @@ -320,7 +320,7 @@ :title => 'should block scm', :attr => 'block', :value => 'scm', - :match => [' '], + :match => [' '], }, { :title => 'should accept a custom fragment', From 4316ac0e5781a3948045f59f2d00d6edff5f9978 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Mon, 18 Nov 2013 11:07:42 +1300 Subject: [PATCH 0062/2267] the ssl parameter needs to be true to test the SSL parameters. --- spec/defines/vhost_spec.rb | 49 ++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index fd6cd8b519..3638afd48a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -512,17 +512,43 @@ /^ VirtualDocumentRoot \/not\/default$/, ], }, + + ].each do |param| + describe "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("25-#{title}.conf").with_mode('0644') } + if param[:match] + it "#{param[:title]}: matches" do + param[:match].each do |match| + should contain_file("25-#{title}.conf").with_content( match ) + end + end + end + if param[:notmatch] + it "#{param[:title]}: notmatches" do + param[:notmatch].each do |notmatch| + should_not contain_file("25-#{title}.conf").with_content( notmatch ) + end + end + end + end + end + end + + context ".conf content with SSL" do + [ { :title => 'should accept setting SSLProtocol', :attr => 'ssl_protocol', :value => 'all -SSLv2', - :match => [/^ SSLProtocol all -SSLv2$/], + :match => [/^ SSLProtocol all -SSLv2$/], }, { :title => 'should accept setting SSLCipherSuite', :attr => 'ssl_cipher', :value => 'RC4-SHA:HIGH:!ADH:!SSLv2', - :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], + :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], }, { :title => 'should accept setting SSLHonorCipherOrder', @@ -534,31 +560,34 @@ :title => 'should accept setting SSLVerifyClient', :attr => 'ssl_verify_client', :value => 'optional', - :match => [/SSLVerifyClient\w+optional/], + :match => [/^ SSLVerifyClient optional$/], }, { :title => 'should accept setting SSLVerifyDepth', :attr => 'ssl_verify_depth', :value => '1', - :match => [/SSLVerifyDepth\w+1/], + :match => [/^ SSLVerifyDepth 1$/], }, { :title => 'should accept setting SSLOptions with a string', :attr => 'ssl_options', :value => '+ExportCertData', - :match => [/SSLOptions\w+\+ExportCertData/], + :match => [/^ SSLOptions +ExportCertData$/], }, { :title => 'should accept setting SSLOptions with an array', :attr => 'ssl_options', :value => ['+StdEnvVars','+ExportCertData'], - :match => [/SSLOptions\w+\+StdEnvVars\w+\+ExportCertData/], + :match => [/^ SSLOptions +StdEnvVars +ExportCertData/], }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - + describe "when #{param[:attr]} is #{param[:value]} with SSL" do + let :params do + default_params.merge( { + param[:attr].to_sym => param[:value], + :ssl => true, + } ) + end it { should contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] it "#{param[:title]}: matches" do From b6ccfb701eced91cbf06a9bb32e3269c71a0c346 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Mon, 18 Nov 2013 15:14:37 +1300 Subject: [PATCH 0063/2267] Add missing SSL directive tests. Altered changed ssl_proxyengine to match form of other SSL parameters. Fixed unescaped + in regex --- README.md | 2 +- spec/defines/vhost_spec.rb | 52 ++++++++++++++++++++++++++++++++++++-- templates/vhost/_ssl.erb | 2 +- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2f991ddc28..276c67fb9c 100644 --- a/README.md +++ b/README.md @@ -1059,7 +1059,7 @@ An array of strings example: } ``` -#####`sslproxyengine` +#####`ssl_proxyengine` Specifies whether to use `SSLProxyEngine` or not. Defaults to `false`. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3638afd48a..6b1d75a5c5 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -538,6 +538,54 @@ context ".conf content with SSL" do [ + { + :title => 'should accept setting SSLCertificateFile', + :attr => 'ssl_cert', + :value => '/path/to/cert.pem', + :match => [/^ SSLCertificateFile \/path\/to\/cert\.pem$/], + }, + { + :title => 'should accept setting SSLCertificateKeyFile', + :attr => 'ssl_key', + :value => '/path/to/cert.pem', + :match => [/^ SSLCertificateKeyFile \/path\/to\/cert\.pem$/], + }, + { + :title => 'should accept setting SSLCertificateChainFile', + :attr => 'ssl_chain', + :value => '/path/to/cert.pem', + :match => [/^ SSLCertificateChainFile \/path\/to\/cert\.pem$/], + }, + { + :title => 'should accept setting SSLCertificatePath', + :attr => 'ssl_certs_dir', + :value => '/path/to/certs', + :match => [/^ SSLCACertificatePath \/path\/to\/certs$/], + }, + { + :title => 'should accept setting SSLCertificateFile', + :attr => 'ssl_ca', + :value => '/path/to/ca.pem', + :match => [/^ SSLCACertificateFile \/path\/to\/ca\.pem$/], + }, + { + :title => 'should accept setting SSLRevocationPath', + :attr => 'ssl_crl_path', + :value => '/path/to/crl', + :match => [/^ SSLCARevocationPath \/path\/to\/crl$/], + }, + { + :title => 'should accept setting SSLRevocationFile', + :attr => 'ssl_crl', + :value => '/path/to/crl.pem', + :match => [/^ SSLCARevocationFile \/path\/to\/crl\.pem$/], + }, + { + :title => 'should accept setting SSLProxyEngine', + :attr => 'ssl_proxyengine', + :value => true, + :match => [/^ SSLProxyEngine On$/], + }, { :title => 'should accept setting SSLProtocol', :attr => 'ssl_protocol', @@ -572,13 +620,13 @@ :title => 'should accept setting SSLOptions with a string', :attr => 'ssl_options', :value => '+ExportCertData', - :match => [/^ SSLOptions +ExportCertData$/], + :match => [/^ SSLOptions \+ExportCertData$/], }, { :title => 'should accept setting SSLOptions with an array', :attr => 'ssl_options', :value => ['+StdEnvVars','+ExportCertData'], - :match => [/^ SSLOptions +StdEnvVars +ExportCertData/], + :match => [/^ SSLOptions \+StdEnvVars \+ExportCertData/], }, ].each do |param| describe "when #{param[:attr]} is #{param[:value]} with SSL" do diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index c4c3b49cca..83c90b8a80 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -17,7 +17,7 @@ <% if @ssl_crl -%> SSLCARevocationFile <%= @ssl_crl %> <% end -%> -<% if @sslproxyengine -%> +<% if @ssl_proxyengine -%> SSLProxyEngine On <% end -%> <% if @ssl_protocol -%> From 823e952fcff01234f2709d7ab4325c674b7c3bf7 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Mon, 18 Nov 2013 16:15:35 +1300 Subject: [PATCH 0064/2267] Fixing broken test matches... --- manifests/vhost.pp | 4 ++-- spec/defines/vhost_spec.rb | 26 +++++++++++++------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4d33de9309..6593b2bb28 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -81,6 +81,7 @@ $ssl_verify_client = undef, $ssl_verify_depth = undef, $ssl_options = undef, + $ssl_proxyengine = false, $priority = undef, $default_vhost = false, $servername = $name, @@ -108,7 +109,6 @@ $scriptaliases = [], $proxy_dest = undef, $proxy_pass = undef, - $sslproxyengine = false, $suphp_addhandler = $apache::params::suphp_addhandler, $suphp_engine = $apache::params::suphp_engine, $suphp_configpath = $apache::params::suphp_configpath, @@ -152,7 +152,7 @@ validate_bool($error_log) validate_bool($ssl) validate_bool($default_vhost) - validate_bool($sslproxyengine) + validate_bool($ssl_proxyengine) if $wsgi_script_aliases { validate_hash($wsgi_script_aliases) } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6b1d75a5c5..322f9a007a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -147,7 +147,7 @@ #:value => ['Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], #:match => [' SetEnvIf Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], :value => ['Host "^test\.com$" VHOST_ACCESS=test'], - :match => [' SetEnvIf Host "^test\.com$" VHOST_ACCESS=test'], + :match => [/^ SetEnvIf Host "\^test\\.com\$" VHOST_ACCESS=test$/], }, { :title => 'should accept options', @@ -226,8 +226,8 @@ :attr => 'scriptalias', :value => '/usr/scripts', :match => [ - /^ ScriptAlias \/cgi-bin\/ "\/usr\/scripts\/"$/, - ' ', + /^ ScriptAlias \/cgi-bin\/ \/usr\/scripts\/$/, + /^ $/, ], }, { @@ -236,7 +236,7 @@ :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, - ' ', + /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -247,7 +247,7 @@ :match => [ /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, /^ ScriptAlias \/blah2\/ \/usr\/scripts\/$/, - ' ', + /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -269,7 +269,7 @@ :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, :match => [ /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, - /^ ProxyPassReverse \/$/, + / ProxyPassReverse \//, ], :notmatch => [/ProxyPass .+!$/], }, @@ -285,8 +285,8 @@ /^ $/, /^ ProxyPassReverse \/$/, /^ <\/Location>$/, - /^ ProxyPass \/path-b http:\/\/fake.com\/b\/$/, - /^ $/, + /^ ProxyPass \/path-b http:\/\/fake.com\/b\/$/, + /^ $/, /^ ProxyPassReverse \/$/, /^ <\/Location>$/, ], @@ -320,7 +320,7 @@ :title => 'should block scm', :attr => 'block', :value => 'scm', - :match => [' '], + :match => [/^ $/], }, { :title => 'should accept a custom fragment', @@ -388,7 +388,7 @@ :title => 'should accept a directory', :attr => 'directories', :value => { 'path' => '/opt/app' }, - :notmatch => ' ', + :notmatch => [' '], :match => [ /^ $/, /^ AllowOverride None$/, @@ -448,7 +448,7 @@ /^ Allow from rspec.org$/, /^ AllowOverride AuthConfig Indexes$/, /^ Deny from google.com$/, - /^ Options -MultiViews +MultiViews$/, + /^ Options -MultiViews \+MultiViews$/, /^ Order deny,yned$/, /^ PassengerEnabled onf$/, /^ <\/Directory>$/, @@ -481,7 +481,7 @@ 'path' => '/', 'provider' => 'location', }, - :notmatch => ' AllowOverride None', + :notmatch => [' AllowOverride None'], :match => [ /^ $/, /^ Order allow,deny$/, @@ -496,7 +496,7 @@ 'path' => 'index.html', 'provider' => 'files', }, - :notmatch => ' AllowOverride None', + :notmatch => [' AllowOverride None'], :match => [ /^ $/, /^ Order allow,deny$/, From a0d20008bcfe2d24f8be20f696211f03be7d74c1 Mon Sep 17 00:00:00 2001 From: Kyle Sexton Date: Wed, 13 Nov 2013 08:27:35 -0600 Subject: [PATCH 0065/2267] Add WSGIPythonPath as an optional parameter to mod_wsgi. This parameter is used to specify additional directories to search for Python modules as described here: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonPath --- README.md | 1 + manifests/mod/wsgi.pp | 2 ++ templates/mod/wsgi.conf.erb | 3 +++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 603120f986..1381e11d1b 100644 --- a/README.md +++ b/README.md @@ -422,6 +422,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par class { 'apache::mod::wsgi': wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", wsgi_python_home => '/path/to/virtenv', + wsgi_python_path => '/path/to/virtenv/site-packages', } ``` ####Defined Type: `apache::vhost` diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index ff12fbf24c..0d42714091 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -1,11 +1,13 @@ class apache::mod::wsgi ( $wsgi_socket_prefix = undef, + $wsgi_python_path = undef, $wsgi_python_home = undef, ){ apache::mod { 'wsgi': } # Template uses: # - $wsgi_socket_prefix + # - $wsgi_python_path # - $wsgi_python_home file {'wsgi.conf': ensure => file, diff --git a/templates/mod/wsgi.conf.erb b/templates/mod/wsgi.conf.erb index f0611fc656..ea2a49d1ae 100644 --- a/templates/mod/wsgi.conf.erb +++ b/templates/mod/wsgi.conf.erb @@ -7,4 +7,7 @@ <%- if @wsgi_python_home -%> WSGIPythonHome <%= @wsgi_python_home %> <%- end -%> + <%- if @wsgi_python_path -%> + WSGIPythonPath <%= @wsgi_python_path %> + <%- end -%> From 78e5aeb9f2e7c9827c8b1c5ab55d16aa95f0d6d1 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Tue, 19 Nov 2013 01:55:35 +0100 Subject: [PATCH 0066/2267] Remove extra empty lines in _directories template When managing directories (or locations, files) through the `directories` parameter the resulting vhost configuration file contains a few empty lines too many. This cleans up these unnecessary empty lines, leaving just one between Directory blocks. This is a purely cosmetic change. --- templates/vhost/_directories.erb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 989680c50a..2ff9cd414b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,7 +1,6 @@ <% if @_directories and ! @_directories.empty? -%> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and [ 'directory', 'location', 'files' ].include?(directory['provider']) -%> <%- provider = directory['provider'].capitalize -%> <%- else -%> @@ -17,7 +16,7 @@ <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> - <%- if provider == 'Directory' %> + <%- if provider == 'Directory' -%> <%- if directory['index_options'] -%> IndexOptions <%= Array(directory['index_options']).join(' ') %> <%- end -%> @@ -114,7 +113,6 @@ <%= directory['custom_fragment'] %> <%- end -%> > - <%- end -%> <%- end -%> <% end -%> From b4add2b8855d1ad4bd519534fc70c8d374572486 Mon Sep 17 00:00:00 2001 From: Rene Diepstraten Date: Thu, 24 Oct 2013 11:32:38 +0200 Subject: [PATCH 0067/2267] Disable default "allow from all" in vhost-directories --- templates/vhost/_directories.erb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 2ff9cd414b..f642d0ef8c 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -37,8 +37,11 @@ <%- if directory['deny'] and directory['deny'] != '' -%> Deny <%= directory['deny'] %> <%- end -%> - <%- if directory['allow'] and directory['allow'] != '' -%> + <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> Allow <%= directory['allow'] %> + <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> + <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> + Deny from all <%- else -%> Allow from all <%- end -%> From b5b75d666ae75f09673e87385785d4f85ecada09 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Wed, 20 Nov 2013 02:08:25 +0100 Subject: [PATCH 0068/2267] Add support for AliasMatch directives (#479) Extend the _aliases.erb template so that the list of hashes in `apache::vhost`'s `aliases` parameter can contain the usual `alias` hashes but also `aliasmatch` hashes, which get translated to `AliasMatch` directives. Includes basic spec tests and updated documentation in README.md. Note that these spec tests are currently only skeletons because rspec-puppet drops constructs like '$1'. See the entries marked XXX. --- README.md | 11 +++++++---- spec/defines/vhost_spec.rb | 26 ++++++++++++++++++++++++++ templates/vhost/_aliases.erb | 6 +++++- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 05d62f4dcd..cc941b83ae 100644 --- a/README.md +++ b/README.md @@ -472,13 +472,16 @@ Setting `add_listen` to 'false' stops the vhost from creating a listen statement #####`aliases` -Passes a list of hashes to the vhost to create `Alias` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: +Passes a list of hashes to the vhost to create `Alias` or `AliasMatch` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: -```puppet -aliases => [ { alias => '/alias', path => '/path/to/directory' } ], +``` +aliases => [ + { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg' } + { alias => '/image', path => '/ftp/pub/image' }, +], ``` -For `Alias` to work, each will need a corresponding `` or `` block. +For `Alias` and `AliasMatch` to work, each will need a corresponding `` or `` block. The `Alias` and `AliasMatch` directives are created in the order specified in the `aliases` paramter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html) more specific `Alias` or `AliasMatch` directives should come before the more general ones to avoid shadowing. **Note:** If `apache::mod::passenger` is loaded and `PassengerHighPerformance true` is set, then `Alias` may have issues honouring the `PassengerEnabled off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 322f9a007a..8504ceb122 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -358,6 +358,32 @@ /^ Alias \/css \/opt\/someapp\/css$/, ], }, + { + :title => 'should accept an aliasmatch hash', + :attr => 'aliases', + ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these + # tests don't work. + #:value => { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, + #:match => [/^ AliasMatch \^\/image\/$\.\*$\.gif \/files\/gifs\/\$1\.gif$/], + }, + { + :title => 'should accept a array of alias and aliasmatch hashes mixed', + :attr => 'aliases', + ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these + # tests don't work. + #:value => [ + # { 'alias' => '/css', 'path' => '/files/css' }, + # { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, + # { 'aliasmatch' => '^/image/(.*).jpg', 'path' => '/files/jpgs/$1.jpg' }, + # { 'alias' => '/image', 'path' => '/files/images' }, + #], + #:match => [ + # /^ Alias \/css \/files\/css$/, + # /^ AliasMatch \^\/image\/$.\*$\.gif \/files\/gifs\/\$1\.gif$/, + # /^ AliasMatch \^\/image\/$.\*$\.jpg \/files\/jpgs\/\$1\.jpg$/, + # /^ Alias \/image \/files\/images$/ + #], + }, { :title => 'should accept a suPHP_Engine', :attr => 'suphp_engine', diff --git a/templates/vhost/_aliases.erb b/templates/vhost/_aliases.erb index 90c7d168b3..484379bba3 100644 --- a/templates/vhost/_aliases.erb +++ b/templates/vhost/_aliases.erb @@ -1,8 +1,12 @@ <% if @aliases and ! @aliases.empty? -%> ## Alias declarations for resources outside the DocumentRoot <%- [@aliases].flatten.compact.each do |alias_statement| -%> - <%- if alias_statement["alias"] != '' and alias_statement["path"] != ''-%> + <%- if alias_statement["path"] != '' -%> + <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%> Alias <%= alias_statement["alias"] %> <%= alias_statement["path"] %> + <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> + AliasMatch <%= alias_statement["aliasmatch"] %> <%= alias_statement["path"] %> + <%- end -%> <%- end -%> <%- end -%> <% end -%> From d6b13fd5e653cf1da84dc3dc653d5e37208ae9c2 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 21 Nov 2013 19:12:37 +0100 Subject: [PATCH 0069/2267] No trailing slash for ScriptAlias path Don't implicitly add a trailing slash to the path components of ScriptAlias directives. Includes updated spec tests. Fixes issue #489. --- spec/defines/vhost_spec.rb | 21 ++++++++++++++++----- templates/vhost/_scriptalias.erb | 2 +- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8504ceb122..c0294d23fc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -226,7 +226,7 @@ :attr => 'scriptalias', :value => '/usr/scripts', :match => [ - /^ ScriptAlias \/cgi-bin\/ \/usr\/scripts\/$/, + /^ ScriptAlias \/cgi-bin\/ \/usr\/scripts$/, /^ $/, ], }, @@ -235,7 +235,7 @@ :attr => 'scriptaliases', :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ - /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, + /^ ScriptAlias \/blah\/ \/usr\/scripts$/, /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], @@ -243,10 +243,21 @@ { :title => 'should accept multiple scriptaliases', :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah/', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts' } ], + :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2', 'path' => '/usr/scripts' } ], :match => [ - /^ ScriptAlias \/blah\/ \/usr\/scripts\/$/, - /^ ScriptAlias \/blah2\/ \/usr\/scripts\/$/, + /^ ScriptAlias \/blah \/usr\/scripts$/, + /^ ScriptAlias \/blah2 \/usr\/scripts$/, + /^ $/, + ], + :nomatch => [/ScriptAlias \/cgi\-bin\//], + }, + { + :title => 'should accept multiple scriptaliases with and without trailing slashes', + :attr => 'scriptaliases', + :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts2/' } ], + :match => [ + /^ ScriptAlias \/blah \/usr\/scripts$/, + /^ ScriptAlias \/blah2\/ \/usr\/scripts2\/$/, /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index 77756d7f2b..bfae7fe2b0 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -16,7 +16,7 @@ <% dirs = aliases.map { |h| h['path'] }.uniq.compact -%> <% aliases.each do |salias| -%> ## Script alias directives - ScriptAlias <%= salias['alias'] %> <%= salias['path'] %>/ + ScriptAlias <%= salias['alias'] %> <%= salias['path'] %> <% end -%> <% dirs.sort.each do |dir| -%> From 48c84fb34c442306195d76e1510f5eac9b3f2731 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 22 Nov 2013 11:27:26 +1300 Subject: [PATCH 0070/2267] Restore test for multiple includes --- spec/defines/vhost_spec.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index c0294d23fc..a4e59a7825 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -395,6 +395,20 @@ # /^ Alias \/image \/files\/images$/ #], }, + { + :title => 'should accept multiple additional includes', + :attr => 'additional_includes', + :value => [ + '/tmp/proxy_group_a', + '/tmp/proxy_group_b', + '/tmp/proxy_group_c', + ], + :match => [ + /^ Include \/tmp\/proxy_group_a$/, + /^ Include \/tmp\/proxy_group_b$/, + /^ Include \/tmp\/proxy_group_c$/, + ], + }, { :title => 'should accept a suPHP_Engine', :attr => 'suphp_engine', From f11921423bd85e43598add6c065a804a6b5761f1 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Fri, 22 Nov 2013 04:33:20 +0100 Subject: [PATCH 0071/2267] Working mod_authnz_ldap support on Debian/Ubuntu Remove the `authnz_ldap` key from $mod_packages in `apache::params` so an installation of the non-existent package `libapache2-mod-authz-ldap` is not attempted. Properly manage the `authnz_ldap.conf` file template and set the `LDAPVerifyServerCert` directive according to $verifyServerCert in `apache::mod::authnz_ldap`. Also update spec tests accordingly. This fixes only the superficial problems in issue #494. Better support for mod_ldap and mod_authnz_ldap is required, as discussed there. --- manifests/mod/authnz_ldap.pp | 29 +++++++++++++--------------- manifests/params.pp | 1 - spec/classes/mod/authnz_ldap_spec.rb | 8 ++++---- templates/mod/authnz_ldap.conf.erb | 5 +++++ 4 files changed, 22 insertions(+), 21 deletions(-) create mode 100644 templates/mod/authnz_ldap.conf.erb diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 9533b45a0f..2ca2fc45fd 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,22 +1,19 @@ -class apache::mod::authnz_ldap( +class apache::mod::authnz_ldap ( $verifyServerCert = true, ) { - include apache::mod::ldap + include 'apache::mod::ldap' apache::mod { 'authnz_ldap': } - if $verifyServerCert == true { - file { 'authnz_ldap.conf': - ensure => absent, - path => "${apache::mod_dir}/authnz_ldap.conf", - notify => Service['httpd'], - } - } else { - file { 'authnz_ldap.conf': - ensure => file, - path => "${apache::mod_dir}/authnz_ldap.conf", - content => 'LDAPVerifyServerCert off', - before => File[$apache::mod_dir], - notify => Service['httpd'], - } + validate_bool($verifyServerCert) + + # Template uses: + # - $verifyServerCert + file { 'authnz_ldap.conf': + ensure => file, + path => "${apache::mod_dir}/authnz_ldap.conf", + content => template('apache/mod/authnz_ldap.conf.erb'), + require => Exec["mkdir ${apache::mod_dir}"], + before => File[$apache::mod_dir], + notify => Service['httpd'], } } diff --git a/manifests/params.pp b/manifests/params.pp index 29fb43e581..2c41006835 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -119,7 +119,6 @@ $suphp_configpath = '/etc/php5/apache2' $mod_packages = { 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'authnz_ldap' => 'libapache2-mod-authz-ldap', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index 9c52e28586..ac0373e866 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -16,12 +16,12 @@ it { should contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_ensure('absent') } + it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content('LDAPVerifyServerCert off') } + it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do @@ -45,12 +45,12 @@ it { should contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_ensure('absent') } + it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content('LDAPVerifyServerCert off') } + it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do diff --git a/templates/mod/authnz_ldap.conf.erb b/templates/mod/authnz_ldap.conf.erb new file mode 100644 index 0000000000..565fcf0df9 --- /dev/null +++ b/templates/mod/authnz_ldap.conf.erb @@ -0,0 +1,5 @@ +<% if @verifyServerCert == true -%> +LDAPVerifyServerCert On +<% else -%> +LDAPVerifyServerCert Off +<% end -%> From c42c41d7e0324a827fa317b9493ad09a8d7cd430 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 22 Nov 2013 16:44:16 +0100 Subject: [PATCH 0072/2267] Add support for overriding ErrorDocument add support for overriding ErrorDocument settings in both, vhost and directory context. With documentation and tests included this fixes #474 --- README.md | 26 ++++++++++++++++++++ manifests/vhost.pp | 2 ++ spec/defines/vhost_spec.rb | 37 +++++++++++++++++++++++++++++ templates/vhost.conf.erb | 1 + templates/vhost/_directories.erb | 8 +++++++ templates/vhost/_error_document.erb | 7 ++++++ 6 files changed, 81 insertions(+) create mode 100644 templates/vhost/_error_document.erb diff --git a/README.md b/README.md index cc941b83ae..bba31b74c3 100644 --- a/README.md +++ b/README.md @@ -574,6 +574,19 @@ Sets an `Deny` directive as per the [Apache Core documentation](http://httpd.apa directories => [ { path => '/path/to/directory', deny => 'from example.org' } ], } ``` +######`error_documents` + +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/2.2/mod/core.html#errordocument) settings for this directory. Example: + +```puppet + apache::vhost { 'sample.example.net': + directories => [ { path => '/srv/www' + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + ], + }] + } +``` ######`headers` @@ -752,6 +765,19 @@ Specifies a pipe to send error log messages to. Defaults to 'undef'. Sends all error log messages to syslog. Defaults to 'undef'. +#####`error_documents` + +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/2.2/mod/core.html#errordocument) settings for this vhost. Defaults to `[]`. Example: + +```puppet + apache::vhost { 'sample.example.net': + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, + ], + } +``` + #####`ensure` Specifies if the vhost file is present or absent. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 6593b2bb28..9c3d7375a2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -104,6 +104,7 @@ $error_log_file = undef, $error_log_pipe = undef, $error_log_syslog = undef, + $error_documents = [], $fallbackresource = undef, $scriptalias = undef, $scriptaliases = [], @@ -366,6 +367,7 @@ # - $_access_log_format # - $error_log # - $error_log_destination + # - $error_documents # - $fallbackresource # - $custom_fragment # - $additional_includes diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index a4e59a7825..90e30523b0 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -221,6 +221,43 @@ :value => false, :notmatch => [/ErrorLog.+$/], }, + { + :title => 'should set ErrorDocument 503', + :attr => 'error_documents', + :value => [ { 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}], + :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], + }, + { + :title => 'should set ErrorDocuments 503 407', + :attr => 'error_documents', + :value => [ + { 'error_code' => '503', 'document' => '/service-unavail'}, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, + ], + :match => [ + /^ ErrorDocument 503 \/service-unavail$/, + /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, + ], + }, + { + :title => 'should set ErrorDocument 503 in directory', + :attr => 'directories', + :value => { 'path' => '/srv/www', 'error_documents' => [{ 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}] }, + :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], + }, + { + :title => 'should set ErrorDocuments 503 407 in directory', + :attr => 'directories', + :value => { 'path' => '/srv/www', 'error_documents' => + [ + { 'error_code' => '503', 'document' => '/service-unavail'}, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, + ]}, + :match => [ + /^ ErrorDocument 503 \/service-unavail$/, + /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, + ], + }, { :title => 'should accept a scriptalias', :attr => 'scriptalias', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index d7b58a57a8..bb144ed35b 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -41,6 +41,7 @@ CustomLog <%= @access_log_destination %> <%= @_access_log_format %> <% end -%> <%= scope.function_template(['apache/vhost/_block.erb']) -%> +<%= scope.function_template(['apache/vhost/_error_document.erb']) -%> <%= scope.function_template(['apache/vhost/_proxy.erb']) -%> <%= scope.function_template(['apache/vhost/_rack.erb']) -%> <%= scope.function_template(['apache/vhost/_redirect.erb']) -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index f642d0ef8c..a07452efca 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -56,6 +56,11 @@ <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> DirectoryIndex <%= directory['directoryindex'] %> <%- end -%> + <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%> + <%- [directory['error_documents']].flatten.compact.each do |error_document| -%> + ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> + <%- end -%> + <%- end -%> <%- if directory['auth_type'] -%> AuthType <%= directory['auth_type'] %> <%- end -%> @@ -112,6 +117,9 @@ <%- if directory['force_type'] -%> ForceType <%= directory['force_type'] %> <%- end -%> + <%- if directory['error_documents'] -%> + ForceType <%= directory['force_type'] %> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> diff --git a/templates/vhost/_error_document.erb b/templates/vhost/_error_document.erb new file mode 100644 index 0000000000..654e72c676 --- /dev/null +++ b/templates/vhost/_error_document.erb @@ -0,0 +1,7 @@ +<% if @error_documents and ! @error_documents.empty? -%> + <%- [@error_documents].flatten.compact.each do |error_document| -%> + <%- if error_document["error_code"] != '' and error_document["document"] != '' -%> + ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %> + <%- end -%> + <%- end -%> +<% end -%> From 3e18ccaf0818938fe6747b8fefa61429c21fb476 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 22 Nov 2013 21:47:02 +0100 Subject: [PATCH 0073/2267] Remove eronous duplication of ForceType c42c41d introduced a sloppy copy/paste error in the _directories.erb template. This removes it, thus fixing #500 --- templates/vhost/_directories.erb | 3 --- 1 file changed, 3 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index a07452efca..c5bc99985e 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -117,9 +117,6 @@ <%- if directory['force_type'] -%> ForceType <%= directory['force_type'] %> <%- end -%> - <%- if directory['error_documents'] -%> - ForceType <%= directory['force_type'] %> - <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 609298d582add7496bf9e978e920eebf14cbb023 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 21 Nov 2013 17:29:29 +0100 Subject: [PATCH 0074/2267] No implicit entry for ScriptAlias path Support for ScriptAlias currently implicitly and automatically creates configuration directives for the path component in a given ScriptAlias directive. These are not useful or needed, according to the mod_alias documentation. Fixes issue #486. This change also indirectly relates to #487 because the implicitly created entry for each ScriptAlias path also had `SSLOptions +StdEnvVars` set for that directory. --- spec/defines/vhost_spec.rb | 4 ---- templates/vhost/_scriptalias.erb | 16 ---------------- 2 files changed, 20 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 90e30523b0..8974db2c25 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -264,7 +264,6 @@ :value => '/usr/scripts', :match => [ /^ ScriptAlias \/cgi-bin\/ \/usr\/scripts$/, - /^ $/, ], }, { @@ -273,7 +272,6 @@ :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ /^ ScriptAlias \/blah\/ \/usr\/scripts$/, - /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -284,7 +282,6 @@ :match => [ /^ ScriptAlias \/blah \/usr\/scripts$/, /^ ScriptAlias \/blah2 \/usr\/scripts$/, - /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -295,7 +292,6 @@ :match => [ /^ ScriptAlias \/blah \/usr\/scripts$/, /^ ScriptAlias \/blah2\/ \/usr\/scripts2\/$/, - /^ $/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index bfae7fe2b0..ad66422bcd 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -11,24 +11,8 @@ <%# for backward compatibility and ease of implementation -%> <% aliases << { 'alias' => '/cgi-bin/', 'path' => @scriptalias } if @scriptalias -%> <% aliases.flatten.compact! %> -<%# Multiple paths could be provided for the same directory, make sure we only -%> -<%# add a single entry per path -%> -<% dirs = aliases.map { |h| h['path'] }.uniq.compact -%> <% aliases.each do |salias| -%> ## Script alias directives ScriptAlias <%= salias['alias'] %> <%= salias['path'] %> <% end -%> - -<% dirs.sort.each do |dir| -%> - > - AllowOverride None - Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all -<% if @ssl -%> - SSLOptions +StdEnvVars -<% end -%> - -<% end -%> - <% end -%> From f749375184e0bb7bbc3f5a63a7e6b4d8183a1f50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 21 Nov 2013 19:11:17 +0100 Subject: [PATCH 0075/2267] Set SSLOptions StdEnvVars in server context We set `SSLOptions` now in server context and we set it to `StdEnvVars`. Thus, we no longer need the in server context to set it for php, CGI and SSI applications. We allow it to be overridden by the `apache::mod::ssl` class parameter `ssl_options`. Further, we allow it to be overridden in directory context. Documentation for all of these has been extended and tests have been adapted to make sense in this new context. This commit fixes #487 --- README.md | 27 ++++++++++++++++++++++----- manifests/mod/ssl.pp | 3 ++- spec/defines/vhost_spec.rb | 16 ++++++++++++++-- templates/mod/ssl.conf.erb | 3 +++ templates/vhost/_directories.erb | 3 +++ templates/vhost/_ssl.erb | 3 --- 6 files changed, 44 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index bba31b74c3..7e175f0709 100644 --- a/README.md +++ b/README.md @@ -409,10 +409,13 @@ The modules mentioned above, and other Apache modules that have templates, will ####Class: `apache::mod::ssl` -Installs Apache SSL capabilities and utilizes `ssl.conf.erb` template +Installs Apache SSL capabilities and utilizes `ssl.conf.erb` template. These are the defaults: ```puppet - class { 'apache::mod::ssl': } + class { 'apache::mod::ssl': + ssl_compression => false, + ssl_options => [ 'StdEnvVars' ], + } ``` To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. @@ -728,6 +731,20 @@ Sets the value for the `PassengerEnabled` directory to `on` or `off` as per the **Note:** Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the `PassengerEnabled` directive with the `PassengerHighPerformance` directive. +######`ssl_options` + +String or list of [`SSLOptions`](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions) for the given `` block. This overrides, or refines the [`SSLOptions`](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions) of the parent block (either vhost, or server). + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', ssl_options => '+ExportCertData' } + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] }, + ], + } +``` + ######`custom_fragment` Pass a string of custom configuration directives to be placed at the end of the @@ -1071,12 +1088,12 @@ An example: #####`ssl_options` -Sets `SSLVerifyOptions` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions). This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example: +Sets `SSLOptions` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions). This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example: ```puppet apache::vhost { 'sample.example.net': … - ssl_options => '+StdEnvVars', + ssl_options => '+ExportCertData', } ``` @@ -1085,7 +1102,7 @@ An array of strings example: ```puppet apache::vhost { 'sample.example.net': … - ssl_options => [ '+StdEnvVars', '+ExportCertData' ], + ssl_options => [ '+StrictRequire', '+ExportCertData' ], } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index ea1e119750..3002d14be0 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,5 +1,6 @@ class apache::mod::ssl ( $ssl_compression = false, + $ssl_options = [ 'StdEnvVars' ], ) { $session_cache = $::osfamily ? { 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', @@ -13,7 +14,7 @@ } apache::mod { 'ssl': } - # Template uses $ssl_compression, $session_cache, $ssl_mutex + # Template uses $ssl_compression, $ssl_options, $session_cache, $ssl_mutex file { 'ssl.conf': ensure => file, path => "${apache::mod_dir}/ssl.conf", diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8974db2c25..87475c7af4 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -709,8 +709,20 @@ { :title => 'should accept setting SSLOptions with an array', :attr => 'ssl_options', - :value => ['+StdEnvVars','+ExportCertData'], - :match => [/^ SSLOptions \+StdEnvVars \+ExportCertData/], + :value => ['+StrictRequire','+ExportCertData'], + :match => [/^ SSLOptions \+StrictRequire \+ExportCertData/], + }, + { + :title => 'should accept setting SSLOptions with a string in directories', + :attr => 'directories', + :value => { 'path' => '/srv/www', 'ssl_options' => '+ExportCertData'}, + :match => [/^ SSLOptions \+ExportCertData$/], + }, + { + :title => 'should accept setting SSLOptions with an array in directories', + :attr => 'directories', + :value => { 'path' => '/srv/www', 'ssl_options' => ['-StdEnvVars','+ExportCertData']}, + :match => [/^ SSLOptions -StdEnvVars \+ExportCertData/], }, ].each do |param| describe "when #{param[:attr]} is #{param[:value]} with SSL" do diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 854a0d0a64..d42b0ad61a 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -18,4 +18,7 @@ SSLHonorCipherOrder On SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLProtocol all -SSLv2 +<% if @ssl_options -%> + SSLOptions <%= @ssl_options.compact.join(' ') %> +<% end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index c5bc99985e..00cbf01e4b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -117,6 +117,9 @@ <%- if directory['force_type'] -%> ForceType <%= directory['force_type'] %> <%- end -%> + <%- if directory['ssl_options'] -%> + SSLOptions <%= Array(directory['ssl_options']).join(' ') %> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 83c90b8a80..96027dce78 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -38,7 +38,4 @@ <% if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> <% end -%> - - SSLOptions +StdEnvVars - <% end -%> From f5277d293f5d12acb75c3292da4be509144bf3be Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Mon, 25 Nov 2013 01:50:13 +0100 Subject: [PATCH 0076/2267] Add support for ScriptAliasMatch directives Much like in PR #483 extend the _scriptalias.rb template so that the `scriptalias` parameter in `apache::vhost` can contain `aliasmatch` hashes which get translated to `ScriptAliasMatch` directives. Fixes issue #480. Includes basic spec tests and updated documentation in README.md. Note again that puppet-rspec silently drops `$1` when specifying test values so we match `FOO` instead of `$1`. From a simple spec test perspective there shouldn't be a difference and this is better than having no tests at all. --- README.md | 41 +++++++++++++++-------------- spec/defines/vhost_spec.rb | 45 ++++++++++++++++++++++++++++++++ templates/vhost/_scriptalias.erb | 36 ++++++++++++++----------- 3 files changed, 87 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index bba31b74c3..068e3b8ca9 100644 --- a/README.md +++ b/README.md @@ -957,30 +957,31 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin' #####`scriptaliases` -Takes an array hashes with the keys containing the alias and path. For example: - -Usage will typically look like: +Passes a list of hashes to the vhost to create `ScriptAlias` or `ScriptAliasMatch` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: ```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - scriptaliases => [ - { - alias => '/myscript/', - path => '/usr/share/myscript', - }, - { - alias => '/oldscript/', - path => '/usr/share/myscript', - }, - { - alias => '/neatscript/', - path => '/usr/share/neatscript', - }, - ] - } + scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, + ] ``` +These directives are created in the order specified. As with `Alias` and `AliasMatch` directives the more specific aliases should come before the more general ones to avoid shadowing. + #####`serveradmin` Specifies the email address Apache will display when it renders one of its error pages. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8974db2c25..0d6108ec36 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -295,6 +295,51 @@ ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, + { + :title => 'should accept a ScriptAliasMatch directive', + :attr => 'scriptaliases', + ## XXX As mentioned above, rspec-puppet drops constructs like $1. + ## Thus, these tests don't work as they should. As a workaround we + ## use FOO instead of $1 here. + :value => [ { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' } ], + :match => [ + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/ + ], + }, + { + :title => 'should accept multiple ScriptAliasMatch directives', + :attr => 'scriptaliases', + ## XXX As mentioned above, rspec-puppet drops constructs like $1. + ## Thus, these tests don't work as they should. As a workaround we + ## use FOO instead of $1 here. + :value => [ + { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, + { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, + ], + :match => [ + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/, + /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" \/var\/www\/bin\/gitolite-suexec-wrapper\/FOO$/, + ], + }, + { + :title => 'should accept mixed ScriptAlias and ScriptAliasMatch directives', + :attr => 'scriptaliases', + ## XXX As mentioned above, rspec-puppet drops constructs like $1. + ## Thus, these tests don't work as they should. As a workaround we + ## use FOO instead of $1 here. + :value => [ + { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, + { 'alias' => '/git', 'path' => '/var/www/gitweb/index.cgi' }, + { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, + { 'alias' => '/trac', 'path' => '/etc/apache2/trac.fcgi' }, + ], + :match => [ + /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" \/var\/www\/bin\/gitolite-suexec-wrapper\/FOO$/, + /^ ScriptAlias \/git \/var\/www\/gitweb\/index\.cgi$/, + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/, + /^ ScriptAlias \/trac \/etc\/apache2\/trac.fcgi$/, + ], + }, { :title => 'should accept proxy destinations', :attr => 'proxy_dest', diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index ad66422bcd..cdf3b87e49 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -1,18 +1,24 @@ -<% if @scriptaliases.is_a?(Array) -%> -<% aliases = @scriptaliases -%> -<% elsif @scriptaliases.is_a?(Hash) -%> -<% aliases = [@scriptaliases] -%> -<% else -%> -<% # Nothing to do with any other data type -%> -<% aliases = [] -%> -<% end -%> -<% if @scriptalias or !aliases.empty? -%> +<%- if @scriptaliases.is_a?(Array) -%> +<%- aliases = @scriptaliases -%> +<%- elsif @scriptaliases.is_a?(Hash) -%> +<%- aliases = [@scriptaliases] -%> +<%- else -%> +<%- # Nothing to do with any other data type -%> +<%- aliases = [] -%> +<%- end -%> +<%- if @scriptalias or !aliases.empty? -%> + ## Script alias directives <%# Combine scriptalais and scriptaliases into a single data structure -%> <%# for backward compatibility and ease of implementation -%> -<% aliases << { 'alias' => '/cgi-bin/', 'path' => @scriptalias } if @scriptalias -%> -<% aliases.flatten.compact! %> -<% aliases.each do |salias| -%> - ## Script alias directives +<%- aliases << { 'alias' => '/cgi-bin/', 'path' => @scriptalias } if @scriptalias -%> +<%- aliases.flatten.compact! -%> +<%- aliases.each do |salias| -%> + <%- if salias["path"] != '' -%> + <%- if salias["alias"] and salias["alias"] != '' -%> ScriptAlias <%= salias['alias'] %> <%= salias['path'] %> -<% end -%> -<% end -%> + <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%> + ScriptAliasMatch <%= salias['aliasmatch'] %> <%= salias['path'] %> + <%- end -%> + <%- end -%> +<%- end -%> +<%- end -%> From 82f0581e9be82c535d8ab5811242abb485b4d91e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 22 Nov 2013 09:35:46 +0100 Subject: [PATCH 0077/2267] Add suPHP_UserGroup directive to directory context suPHP_UserGroup is only supported in per-direcctory context. We add this directive analogous to the per-vhost suphp_ directives, by making sure that suphp_engine is actually enabled. suphp => { 'user' => 'myappuser', 'group' => 'myappgroup' } With documentation and tests in place, this should fix #451 --- README.md | 17 +++++++++++++++++ spec/defines/vhost_spec.rb | 14 ++++++++++++++ templates/vhost/_directories.erb | 3 +++ 3 files changed, 34 insertions(+) diff --git a/README.md b/README.md index 6f1c095343..17d3bf5e85 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,9 @@ To set up a virtual host with suPHP suphp_addhandler => 'x-httpd-php', suphp_engine => 'on', suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } } ``` @@ -745,6 +748,20 @@ String or list of [`SSLOptions`](https://httpd.apache.org/docs/2.2/mod/mod_ssl.h } ``` +######`suphp` + +An array containing two values: User and group for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. +This directive must be used with `suphp_engine => on` in the vhost declaration. This directive only works in `` or ``. + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' } + ], + } +``` + ######`custom_fragment` Pass a string of custom configuration directives to be placed at the end of the diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f966994d67..e9ef147fe2 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -877,6 +877,20 @@ end end + describe 'when suphp_engine is on and suphp { user & group } is specified' do + let :params do default_params.merge({ + :suphp_engine => 'on', + :directories => { 'path' => '/srv/www', + 'suphp' => { 'user' => 'myappuser', 'group' => 'myappgroup' }, + } + }) end + it 'should set suphp_UserGroup' do + should contain_file("25-#{title}.conf").with_content( + /^ suPHP_UserGroup myappuser myappgroup/ + ) + end + end + describe 'priority/default settings' do describe 'when neither priority/default is specified' do let :params do default_params end diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 00cbf01e4b..023fa29c89 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -120,6 +120,9 @@ <%- if directory['ssl_options'] -%> SSLOptions <%= Array(directory['ssl_options']).join(' ') %> <%- end -%> + <%- if directory['suphp'] and @suphp_engine == 'on' -%> + suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 499d4ad0c647417a6b9600d58525389fa78b2a1f Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Thu, 28 Nov 2013 23:08:41 +0100 Subject: [PATCH 0078/2267] add parameter for TraceEnable --- README.md | 4 ++++ manifests/init.pp | 4 ++++ templates/httpd.conf.erb | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 17d3bf5e85..103e66133e 100644 --- a/README.md +++ b/README.md @@ -324,6 +324,10 @@ Controls how much information Apache sends to the browser about itself and the o Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'. +#####`trace_enable` + +Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'. + #####`manage_user` Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error. diff --git a/manifests/init.pp b/manifests/init.pp index 60a1406702..fecfcc19d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -52,6 +52,7 @@ $ports_file = $apache::params::ports_file, $server_tokens = 'OS', $server_signature = 'On', + $trace_enable = 'On', $package_ensure = 'installed', ) inherits apache::params { @@ -259,6 +260,9 @@ # - $keepalive # - $keepalive_timeout # - $server_root + # - $server_tokens + # - $server_signature + # - $trace_enable file { "${apache::params::conf_dir}/${apache::params::conf_file}": ensure => file, content => template($conf_template), diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 98c214b059..4ed753a8c3 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -1,7 +1,7 @@ # Security ServerTokens <%= @server_tokens %> ServerSignature <%= @server_signature %> -TraceEnable Off +TraceEnable <%= @trace_enable %> ServerName "<%= @servername %>" ServerRoot "<%= @server_root %>" From acd5a03765d008e7cf1697ce2c3d1866675c9f83 Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Fri, 29 Nov 2013 20:13:15 +0100 Subject: [PATCH 0079/2267] Add ability to pass ip (instead of wildcard) in default vhost files --- manifests/init.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index fecfcc19d8..cf4596bf6d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -24,6 +24,7 @@ $default_ssl_ca = undef, $default_ssl_crl_path = undef, $default_ssl_crl = undef, + $ip = undef, $service_enable = true, $service_ensure = 'running', $purge_configs = true, @@ -306,6 +307,7 @@ serveradmin => $serveradmin, access_log_file => $access_log_file, priority => '15', + ip => $ip, } $ssl_access_log_file = $::osfamily ? { 'freebsd' => $access_log_file, @@ -320,6 +322,7 @@ serveradmin => $serveradmin, access_log_file => $ssl_access_log_file, priority => '15', + ip => $ip, } } } From 8a9534b9be45d19283ea8f776795679e4df58dfa Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Sat, 30 Nov 2013 02:11:45 +0100 Subject: [PATCH 0080/2267] Add documentation about $ip --- README.md | 10 ++++++++++ manifests/vhost.pp | 1 + 2 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 103e66133e..81e3463117 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,16 @@ To set up a virtual host with SSL and specific SSL certificates } ``` +To set up a virtual host with IP address different than '*' + +```puppet + apache::vhost { 'subdomain.example.com': + ip => '127.0.0.1', + port => '80', + docrout => '/var/www/subdomain', + } +``` + To set up a virtual host with wildcard alias for subdomain mapped to same named directory `http://examle.com.loc => /var/www/example.com` diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9c3d7375a2..f110892ecf 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -12,6 +12,7 @@ # - The $priority of the site # - The $servername is the primary name of the virtual host # - The $serveraliases of the site +# - The $ip to configure the host on, defaulting to * # - The $options for the given vhost # - The $override for the given vhost (list of AllowOverride arguments) # - The $vhost_name for name based virtualhosting, defaulting to * From 8bdb0781c505afd85ba07198ef436d1789a9118a Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Tue, 3 Dec 2013 23:22:16 +0100 Subject: [PATCH 0081/2267] No trailing slash for ProxyPass/ProxyPassReverse Remove implicitly added slashes in ProxyPassReverse location paths. Trailing slashes should either be present on both path and url, or absent on both. Mixing one with the other is bad. Should fix issue #511. --- spec/defines/vhost_spec.rb | 19 +++++++++++-------- templates/vhost/_proxy.erb | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index e9ef147fe2..8405e51cdc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -355,10 +355,13 @@ { :title => 'should accept proxy_pass hash', :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, + :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a' }, :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, - / ProxyPassReverse \//, + /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, + /^ $/, + /^ ProxyPassReverse \/$/, + /^ <\/Location>$/, + ], :notmatch => [/ProxyPass .+!$/], }, @@ -366,16 +369,16 @@ :title => 'should accept proxy_pass array of hash', :attr => 'proxy_pass', :value => [ - { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, - { 'path' => '/path-b', 'url' => 'http://fake.com/b/' }, + { 'path' => '/path-a/', 'url' => 'http://fake.com/a/' }, + { 'path' => '/path-b', 'url' => 'http://fake.com/b' }, ], :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a\/$/, + /^ ProxyPass \/path-a\/ http:\/\/fake.com\/a\/$/, /^ $/, /^ ProxyPassReverse \/$/, /^ <\/Location>$/, - /^ ProxyPass \/path-b http:\/\/fake.com\/b\/$/, - /^ $/, + /^ ProxyPass \/path-b http:\/\/fake.com\/b$/, + /^ $/, /^ ProxyPassReverse \/$/, /^ <\/Location>$/, ], diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index aed8503a99..a126dbc970 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -5,7 +5,7 @@ <%- end -%> <% [@proxy_pass].flatten.compact.each do |proxy| %> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> - /> + > ProxyPassReverse / <% end %> From 3ea862d543b1c4795cf69d6cba7940847bfb6972 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Wed, 4 Dec 2013 00:01:34 +0100 Subject: [PATCH 0082/2267] Make LogLevel configurable for vhost Add a `log_level` parameter, which defaults to `undef`, in `apache::vhost` to allow overriding the global server configuration's log level (warn) on a per-vhost basis. Includes updated documentation and basic spec tests. Fixes issue #510. --- README.md | 4 ++++ manifests/vhost.pp | 10 ++++++++++ spec/defines/vhost_spec.rb | 6 ++++++ templates/vhost.conf.erb | 4 +++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 103e66133e..02d2783704 100644 --- a/README.md +++ b/README.md @@ -850,6 +850,10 @@ Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtual Specifies the location of the virtual host's logfiles. Defaults to `/var/log//`. +#####`log_level` + +Specifies the verbosity level of the error log. Defaults to `warn` for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for `log_level` is one of `emerg`, `alert`, `crit`, `error`, `warn`, `notice`, `info` or `debug`. + #####`no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with `proxy_dest`. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9c3d7375a2..77947b6319 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -17,6 +17,9 @@ # - The $vhost_name for name based virtualhosting, defaulting to * # - The $logroot specifies the location of the virtual hosts logfiles, default # to /var/log// +# - The $log_level specifies the verbosity of the error log for this vhost. Not +# set by default for the vhost, instead the global server configuration default +# of 'warn' is used. # - The $access_log specifies if *_access.log directives should be configured. # - The $ensure specifies if vhost file is present or absent. # - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader @@ -93,6 +96,7 @@ $directoryindex = '', $vhost_name = '*', $logroot = $apache::logroot, + $log_level = undef, $access_log = true, $access_log_file = undef, $access_log_pipe = undef, @@ -164,6 +168,11 @@ validate_hash($itk) } + if $log_level { + validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', + "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + } + if $access_log_file and $access_log_pipe { fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") } @@ -362,6 +371,7 @@ # - $name # - $aliases # - $_directories + # - $log_level # - $access_log # - $access_log_destination # - $_access_log_format diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8405e51cdc..3ce75c8d8d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -167,6 +167,12 @@ :value => '/fake/log', :match => [/CustomLog \/fake\/log\//,/ErrorLog \/fake\/log\//], }, + { + :title => 'should accept log_level', + :attr => 'log_level', + :value => 'info', + :match => [/LogLevel info/], + }, { :title => 'should accept pipe destination for access log', :attr => 'access_log_pipe', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index bb144ed35b..05f79d3051 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -35,7 +35,9 @@ <% if @error_log -%> ErrorLog <%= @error_log_destination %> <% end -%> - LogLevel warn +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%> ServerSignature Off <% if @access_log -%> CustomLog <%= @access_log_destination %> <%= @_access_log_format %> From 8f40d3c1aa07e411ca665c5b0fb9fe02e7d121df Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 3 Dec 2013 17:37:53 -0800 Subject: [PATCH 0083/2267] Test that proxy_pass works Given a `proxy_pass` statement for a vhost, it should be able to proxy requests to another destination. This requires the proxy_http mod. --- manifests/vhost.pp | 3 +++ spec/system/vhost_spec.rb | 41 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9c3d7375a2..d9be71f291 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -300,6 +300,9 @@ if ! defined(Class['apache::mod::proxy']) { include apache::mod::proxy } + if ! defined(Class['apache::mod::proxy_http']) { + include apache::mod::proxy_http + } } # Load mod_passenger if needed and not yet loaded diff --git a/spec/system/vhost_spec.rb b/spec/system/vhost_spec.rb index f5fdd2fe34..379600e887 100644 --- a/spec/system/vhost_spec.rb +++ b/spec/system/vhost_spec.rb @@ -245,4 +245,45 @@ class { 'apache': } end end end + + context 'proxy_pass for alternative vhost' do + it 'should configure a local vhost and a proxy vhost' do + puppet_apply(%{ + class { 'apache': default_vhost => false, } + apache::vhost { 'localhost': + docroot => '/var/www/local', + ip => '127.0.0.1', + port => '8888', + } + apache::listen { '*:80': } + apache::vhost { 'proxy.example.com': + docroot => '/var/www', + port => '80', + add_listen => false, + proxy_pass => { + 'path' => '/', + 'url' => 'http://localhost.localdomain:8888/subdir/', + }, + } + host { 'proxy.example.com': ip => '127.0.0.1', } + file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } + file { '/var/www/local/subdir/index.html': + ensure => file, + content => "Hello from localhost\\n", + } + }) { |r| [0,2].should include r.exit_code} + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + it 'should get a response from the back end' do + shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| + r.stdout.should == "Hello from localhost\n" + r.exit_code.should == 0 + end + end + end end From e910f44eb7cc2ac18c9e7255ec678facba905861 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 5 Dec 2013 12:29:08 +0100 Subject: [PATCH 0084/2267] localhost.localdomain is not known everwhere not all systems come with a .localdomain, just use localhost instead --- spec/system/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/system/vhost_spec.rb b/spec/system/vhost_spec.rb index 379600e887..3bab1cdbf2 100644 --- a/spec/system/vhost_spec.rb +++ b/spec/system/vhost_spec.rb @@ -262,7 +262,7 @@ class { 'apache': default_vhost => false, } add_listen => false, proxy_pass => { 'path' => '/', - 'url' => 'http://localhost.localdomain:8888/subdir/', + 'url' => 'http://localhost:8888/subdir/', }, } host { 'proxy.example.com': ip => '127.0.0.1', } From 857bc545b133445d7fa24700ed9df1cf6ce01999 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 5 Dec 2013 18:14:49 +0100 Subject: [PATCH 0085/2267] Make LogLevel configurable for server Add a class parameter `log_level` to `apache`, which defaults to `warn`. This sets `LogLevel warn` server-wide in httpd.conf, which can then be overridden on a per-vhost basis. Includes updated documentation. --- README.md | 4 ++++ manifests/init.pp | 6 ++++++ manifests/params.pp | 3 +++ templates/httpd.conf.erb | 2 +- 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 449b18627e..e08fe039d3 100644 --- a/README.md +++ b/README.md @@ -322,6 +322,10 @@ Amount of time the server will wait for subsequent requests on a persistent conn Changes the location of the directory Apache log files are placed in. Defaut is based on your OS. +#####`log_level` + +Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are `emerg`, `alert`, `crit`, `error`, `warn`, `notice`, `info` or `debug`. + #####`ports_file` Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`. diff --git a/manifests/init.pp b/manifests/init.pp index cf4596bf6d..cecb7c4502 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -50,6 +50,7 @@ $keepalive = $apache::params::keepalive, $keepalive_timeout = $apache::params::keepalive_timeout, $logroot = $apache::params::logroot, + $log_level = $apache::params::log_level, $ports_file = $apache::params::ports_file, $server_tokens = 'OS', $server_signature = 'On', @@ -104,6 +105,11 @@ } } + $valid_log_level_re = '(emerg|alert|crit|error|warn|notice|info|debug)' + + validate_re($log_level, $valid_log_level_re, + "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + class { 'apache::service': service_name => $service_name, service_enable => $service_enable, diff --git a/manifests/params.pp b/manifests/params.pp index 2c41006835..f846013c12 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,6 +32,9 @@ $servername = $::hostname } + # The default error log level + $log_level = 'warn' + if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 4ed753a8c3..469836ec34 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -29,7 +29,7 @@ AccessFileName .htaccess DefaultType none HostnameLookups Off ErrorLog <%= @logroot %>/<%= @error_log %> -LogLevel warn +LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> #Listen 80 From c02259fab454c9b497e872f7377cbcf87fe9f133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 14 Nov 2013 17:14:07 +0100 Subject: [PATCH 0086/2267] Support php_admin_(flag|value)s Add support for php_admin_flags and php_admin_values to both and directory context. Basic documentation & tests for both cases included. This Fixes #463 --- README.md | 4 ++++ manifests/vhost.pp | 4 ++++ spec/defines/vhost_spec.rb | 36 ++++++++++++++++++++++++++++++++ templates/vhost.conf.erb | 1 + templates/vhost/_directories.erb | 11 ++++++++++ templates/vhost/_php_admin.erb | 12 +++++++++++ 6 files changed, 68 insertions(+) create mode 100644 templates/vhost/_php_admin.erb diff --git a/README.md b/README.md index e08fe039d3..3998fc90e6 100644 --- a/README.md +++ b/README.md @@ -780,6 +780,10 @@ This directive must be used with `suphp_engine => on` in the vhost declaration. } ``` +######`php_admin_value` and `php_admin_flag` + +Allows per-vhost (and per-directory) setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user, or an application. + ######`custom_fragment` Pass a string of custom configuration directives to be placed at the end of the diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5934a1d9a3..b6c77dc564 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -118,6 +118,8 @@ $suphp_addhandler = $apache::params::suphp_addhandler, $suphp_engine = $apache::params::suphp_engine, $suphp_configpath = $apache::params::suphp_configpath, + $php_admin_flags = [], + $php_admin_values = [], $no_proxy_uris = [], $redirect_source = '/', $redirect_dest = undef, @@ -389,6 +391,8 @@ # - $block # directories fragment: # - $passenger_enabled + # - $php_admin_flags + # - $php_admin_values # - $directories (a list of key-value hashes is expected) # fastcgi fragment: # - $fastcgi_server diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3ce75c8d8d..370667dc81 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -502,6 +502,42 @@ :value => 'on', :match => [/^ suPHP_Engine on$/], }, + { + :title => 'should accept a php_admin_flags', + :attr => 'php_admin_flags', + :value => { 'php_engine' => 'on' }, + :match => [/^ php_admin_flag php_engine on$/], + }, + { + :title => 'should accept php_admin_values', + :attr => 'php_admin_values', + :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, + :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], + }, + { + :title => 'should accept php_admin_flags in directories', + :attr => 'directories', + :value => { + 'path' => '/srv/www', + 'php_admin_flags' => { 'php_engine' => 'on' } + }, + :match => [/^ php_admin_flag php_engine on$/], + }, + { + :title => 'should accept php_admin_values', + :attr => 'php_admin_values', + :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, + :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], + }, + { + :title => 'should accept php_admin_values in directories', + :attr => 'directories', + :value => { + 'path' => '/srv/www', + 'php_admin_values' => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' } + }, + :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], + }, { :title => 'should accept a wsgi script alias', :attr => 'wsgi_script_aliases', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 05f79d3051..e8876fc4db 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -53,6 +53,7 @@ <%= scope.function_template(['apache/vhost/_setenv.erb']) -%> <%= scope.function_template(['apache/vhost/_ssl.erb']) -%> <%= scope.function_template(['apache/vhost/_suphp.erb']) -%> +<%= scope.function_template(['apache/vhost/_php_admin.erb']) -%> <%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> <%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> <%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 023fa29c89..66a97dec83 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -53,6 +53,17 @@ <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> + <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> + <%- directory['php_admin_flags'].each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_admin_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> + <%- directory['php_admin_values'].each do |key,value| -%> + php_admin_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> DirectoryIndex <%= directory['directoryindex'] %> <%- end -%> diff --git a/templates/vhost/_php_admin.erb b/templates/vhost/_php_admin.erb new file mode 100644 index 0000000000..59536cbc99 --- /dev/null +++ b/templates/vhost/_php_admin.erb @@ -0,0 +1,12 @@ +<% if @php_admin_values and not @php_admin_values.empty? -%> +<% @php_admin_values.each do |key,value| -%> + php_admin_value <%= key %> <%= value %> +<% end -%> +<% end -%> +<% if @php_admin_flags and not @php_admin_flags.empty? -%> +<% @php_admin_flags.each do |key,flag| -%> +<%# normalize flag -%> +<% if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_admin_flag <%= key %> <%= flag %> +<% end -%> +<% end -%> From ee13d0edca80565c9c35622e693f4e735b66cdb9 Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Mon, 2 Dec 2013 09:23:22 -0800 Subject: [PATCH 0087/2267] Revert "FM-103: Add metadata.json to all modules." This reverts commit 9c5a684346c0a24a9485ae0ce1337705f3c7d1d1. This caused problems with the mcollective module release, reverting until this is proven to be a safe change. --- metadata.json | 34 ---------------------------------- 1 file changed, 34 deletions(-) delete mode 100644 metadata.json diff --git a/metadata.json b/metadata.json deleted file mode 100644 index f7572b081e..0000000000 --- a/metadata.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "puppetlabs/apache", - "version": "0.9.0", - "summary": "Manage apache and mods", - "source": "git@github.com/puppetlabs/puppetlabs-apache.git", - "project_page": "http://github.com/puppetlabs/puppetlabs-apache", - "author": "Puppet Labs", - "license": "Apache-2.0", - "operatingsystem_support": [ - "RedHat", - "OpenSUSE", - "SLES", - "SLED", - "Debian", - "Ubuntu" - ], - "puppet_version": [ - 2.7, - 3.0, - 3.1, - 3.2, - 3.3 - ], - "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.2.1" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.0.0" - } - ] -} From 79b8806a47a4a4177489ecc1bd4005f819c5ccdd Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Wed, 27 Nov 2013 18:23:56 -0800 Subject: [PATCH 0088/2267] Release 0.10.0 Summary: This release adds FreeBSD osfamily support and various other improvements to some mods. Features: - Add suPHP_UserGroup directive to directory context - Add support for ScriptAliasMatch directives - Set SSLOptions StdEnvVars in server context - No implicit entry for ScriptAlias path - Add support for overriding ErrorDocument - Add support for AliasMatch directives - Disable default "allow from all" in vhost-directories - Add WSGIPythonPath as an optional parameter to mod_wsgi. - Add mod_rpaf support - Add directives: IndexOptions, IndexOrderDefault - Add ability to include additional external configurations in vhost - need to use the provider variable not the provider key value from the directory hash for matches - Support for FreeBSD and few other features - Add new params to apache::mod::mime class - Allow apache::mod to specify module id and path - added $server_root parameter - Add Allow and ExtendedStatus support to mod_status - Expand vhost/_directories.pp directive support - Add initial support for nss module (no directives in vhost template yet) - added peruser and event mpms - added $service_name parameter - add parameter for TraceEnable - Make LogLevel configurable for server and vhost - Add documentation about $ip - Add ability to pass ip (instead of wildcard) in default vhost files Bugfixes: - Don't listen on port or set NameVirtualHost for non-existent vhost - only apply Directory defaults when provider is a directory - Working mod_authnz_ldap support on Debian/Ubuntu --- CHANGELOG.md | 39 +++++++++++++++++++++++++++++++++++++++ Modulefile | 2 +- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4686ab21e..9528972ecd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,42 @@ +## 2013-12-05 Release 0.10.0 +### Summary: + +This release adds FreeBSD osfamily support and various other improvements to some mods. + +### Features: + +- Add suPHP_UserGroup directive to directory context +- Add support for ScriptAliasMatch directives +- Set SSLOptions StdEnvVars in server context +- No implicit entry for ScriptAlias path +- Add support for overriding ErrorDocument +- Add support for AliasMatch directives +- Disable default "allow from all" in vhost-directories +- Add WSGIPythonPath as an optional parameter to mod_wsgi. +- Add mod_rpaf support +- Add directives: IndexOptions, IndexOrderDefault +- Add ability to include additional external configurations in vhost +- need to use the provider variable not the provider key value from the directory hash for matches +- Support for FreeBSD and few other features +- Add new params to apache::mod::mime class +- Allow apache::mod to specify module id and path +- added $server_root parameter +- Add Allow and ExtendedStatus support to mod_status +- Expand vhost/_directories.pp directive support +- Add initial support for nss module (no directives in vhost template yet) +- added peruser and event mpms +- added $service_name parameter +- add parameter for TraceEnable +- Make LogLevel configurable for server and vhost +- Add documentation about $ip +- Add ability to pass ip (instead of wildcard) in default vhost files + +### Bugfixes: + +- Don't listen on port or set NameVirtualHost for non-existent vhost +- only apply Directory defaults when provider is a directory +- Working mod_authnz_ldap support on Debian/Ubuntu + ## 2013-09-06 Release 0.9.0 ### Summary: This release adds more parameters to the base apache class and apache defined diff --git a/Modulefile b/Modulefile index 800ccf5504..71bb19263f 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '0.9.0' +version '0.10.0' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' From baf6327e74c81d7c4b6a92182ae0dbffd4f61215 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 21 Nov 2013 14:26:24 -0800 Subject: [PATCH 0089/2267] Convert spec tests to beaker. --- Gemfile | 5 +- Rakefile | 1 - spec/acceptance/basic_spec.rb | 16 +++++ spec/{system => acceptance}/class_spec.rb | 18 ++--- .../default_mods_spec.rb | 32 +++------ spec/{system => acceptance}/itk_spec.rb | 13 ++-- spec/{system => acceptance}/mod_php_spec.rb | 9 +-- spec/{system => acceptance}/mod_suphp_spec.rb | 9 +-- spec/acceptance/nodesets/centos-64-x64.yml | 8 +++ spec/acceptance/nodesets/default.yml | 1 + .../nodesets/ubuntu-server-12042-x64.yml | 8 +++ spec/acceptance/nodesets/vagrant.key | 27 ++++++++ .../prefork_worker_spec.rb | 29 +++----- spec/{system => acceptance}/service_spec.rb | 9 +-- spec/{system => acceptance}/vhost_spec.rb | 67 ++++++++++--------- spec/spec_helper_acceptance.rb | 27 ++++++++ spec/spec_helper_system.rb | 28 -------- spec/system/basic_spec.rb | 22 ------ 18 files changed, 167 insertions(+), 162 deletions(-) create mode 100644 spec/acceptance/basic_spec.rb rename spec/{system => acceptance}/class_spec.rb (78%) rename spec/{system => acceptance}/default_mods_spec.rb (70%) rename spec/{system => acceptance}/itk_spec.rb (70%) rename spec/{system => acceptance}/mod_php_spec.rb (89%) rename spec/{system => acceptance}/mod_suphp_spec.rb (87%) create mode 100644 spec/acceptance/nodesets/centos-64-x64.yml create mode 120000 spec/acceptance/nodesets/default.yml create mode 100644 spec/acceptance/nodesets/ubuntu-server-12042-x64.yml create mode 100644 spec/acceptance/nodesets/vagrant.key rename spec/{system => acceptance}/prefork_worker_spec.rb (72%) rename spec/{system => acceptance}/service_spec.rb (70%) rename spec/{system => acceptance}/vhost_spec.rb (85%) create mode 100644 spec/spec_helper_acceptance.rb delete mode 100644 spec/spec_helper_system.rb delete mode 100644 spec/system/basic_spec.rb diff --git a/Gemfile b/Gemfile index 7c8ea9e2ce..9dfc87712f 100644 --- a/Gemfile +++ b/Gemfile @@ -5,10 +5,9 @@ group :development, :test do gem 'rspec-puppet', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'serverspec', :require => false - gem 'rspec-system', :require => false - gem 'rspec-system-puppet', :require => false - gem 'rspec-system-serverspec', :require => false gem 'puppet-lint', :require => false + gem 'beaker', :require => false + gem 'beaker-rspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index bb60173e57..cd3d379958 100644 --- a/Rakefile +++ b/Rakefile @@ -1,2 +1 @@ require 'puppetlabs_spec_helper/rake_tasks' -require 'rspec-system/rake_task' diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb new file mode 100644 index 0000000000..29231771f8 --- /dev/null +++ b/spec/acceptance/basic_spec.rb @@ -0,0 +1,16 @@ +require 'spec_helper_acceptance' + +describe 'basic tests:' do + pp = 'notice("foo")' + it { expect(apply_manifest(pp).exit_code).to eq(0) } +end + +describe 'disable selinux:' do + pp = <<-EOS + exec { "setenforce 0": + path => "/bin:/sbin:/usr/bin:/usr/sbin", + onlyif => "which setenforce && getenforce | grep Enforcing", + } + EOS + it { expect(apply_manifest(pp).exit_code).to eq(0) } +end diff --git a/spec/system/class_spec.rb b/spec/acceptance/class_spec.rb similarity index 78% rename from spec/system/class_spec.rb rename to spec/acceptance/class_spec.rb index 0e9afe543c..c22a0f329e 100644 --- a/spec/system/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -1,7 +1,7 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' describe 'apache class' do - case node.facts['osfamily'] + case fact('osfamily') when 'RedHat' package_name = 'httpd' service_name = 'httpd' @@ -21,11 +21,8 @@ class { 'apache': } EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + expect(apply_manifest(pp).exit_code).to_not eq(1) + expect(apply_manifest(pp).exit_code).to eq(0) end describe package(package_name) do @@ -50,11 +47,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + expect(apply_manifest(pp).exit_code).to_not eq(1) + expect(apply_manifest(pp).exit_code).to eq(0) end describe service(service_name) do diff --git a/spec/system/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb similarity index 70% rename from spec/system/default_mods_spec.rb rename to spec/acceptance/default_mods_spec.rb index 9134fbb92f..8b88663b08 100644 --- a/spec/system/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -1,6 +1,6 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' -case node.facts['osfamily'] +case fact('osfamily') when 'RedHat' servicename = 'httpd' when 'Debian' @@ -8,7 +8,7 @@ when 'FreeBSD' servicename = 'apache22' else - raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" + raise "Unconfigured OS for apache service on #{fact('osfamily')}" end describe 'apache::default_mods class' do @@ -22,11 +22,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - [0,2].should include(r.exit_code) - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end describe service(servicename) do @@ -51,17 +48,12 @@ class { 'apache': } EOS - # Run it twice and test for idempotency - puppet_apply(pp) do |r| - [4,6].should include(r.exit_code) - end + apply_manifest(pp, { :acceptable_exit_codes => [4,6], :catch_failures => true }) end describe "service #{servicename}" do it 'should not be running' do - shell("pidof #{servicename}") do |r| - r.exit_code.should eq(1) - end + shell("pidof #{servicename}", {:acceptable_exit_codes => 1}) end end end @@ -89,13 +81,9 @@ class { 'apache': } EOS - # Run it twice and test for idempotency - puppet_apply(pp) do |r| - [0,2].should include(r.exit_code) - sleep 10 # avoid race condition on centos :( - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + shell('sleep 10') + expect(apply_manifest(pp).exit_code).to eq(0) end describe service(servicename) do diff --git a/spec/system/itk_spec.rb b/spec/acceptance/itk_spec.rb similarity index 70% rename from spec/system/itk_spec.rb rename to spec/acceptance/itk_spec.rb index 2d8765cf0a..dc77900846 100644 --- a/spec/system/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -1,6 +1,6 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' -case node.facts['osfamily'] +case fact('osfamily') when 'Debian' service_name = 'apache2' when 'FreeBSD' @@ -21,12 +21,9 @@ class { 'apache': } EOS - # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + # Run it twice and test for idempotency + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end end diff --git a/spec/system/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb similarity index 89% rename from spec/system/mod_php_spec.rb rename to spec/acceptance/mod_php_spec.rb index 9fad7c1487..d222269178 100644 --- a/spec/system/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,7 +1,7 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' describe 'apache::mod::php class' do - case node.facts['osfamily'] + case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' @@ -15,7 +15,7 @@ context "default php config" do it 'succeeds in puppeting php' do - puppet_apply(%{ + pp= <<-EOS class { 'apache': mpm_module => 'prefork', } @@ -29,7 +29,8 @@ class { 'apache::mod::php': } ensure => file, content => "\\n", } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service(service_name) do diff --git a/spec/system/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb similarity index 87% rename from spec/system/mod_suphp_spec.rb rename to spec/acceptance/mod_suphp_spec.rb index 297b2d54aa..40c8376c58 100644 --- a/spec/system/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -1,11 +1,11 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' describe 'apache::mod::suphp class' do - case node.facts['osfamily'] + case fact('osfamily') when 'Debian' context "default suphp config" do it 'succeeds in puppeting suphp' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': mpm_module => 'prefork', } @@ -22,7 +22,8 @@ class { 'apache::mod::suphp': } group => 'puppet', content => "\\n", } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service('apache2') do diff --git a/spec/acceptance/nodesets/centos-64-x64.yml b/spec/acceptance/nodesets/centos-64-x64.yml new file mode 100644 index 0000000000..8f57028b14 --- /dev/null +++ b/spec/acceptance/nodesets/centos-64-x64.yml @@ -0,0 +1,8 @@ +HOSTS: + centos-64-x64: + roles: + - master + platform: el-6-i386 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 120000 index 0000000000..2719644a6e --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1 @@ +centos-64-x64.yml \ No newline at end of file diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml new file mode 100644 index 0000000000..2b8fe4a121 --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml @@ -0,0 +1,8 @@ +HOSTS: + ubuntu-server-12042-x64: + roles: + - master + platform: ubuntu-server-12.04-amd64 + box : ubuntu-server-12042-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box + hypervisor : vagrant diff --git a/spec/acceptance/nodesets/vagrant.key b/spec/acceptance/nodesets/vagrant.key new file mode 100644 index 0000000000..7d6a083909 --- /dev/null +++ b/spec/acceptance/nodesets/vagrant.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI +w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP +kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 +hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO +Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW +yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd +ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 +Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf +TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK +iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A +sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf +4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP +cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk +EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN +CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX +3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG +YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj +3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ +dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz +6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC +P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF +llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ +kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH ++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ +NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= +-----END RSA PRIVATE KEY----- diff --git a/spec/system/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb similarity index 72% rename from spec/system/prefork_worker_spec.rb rename to spec/acceptance/prefork_worker_spec.rb index 033e716197..59de6330dc 100644 --- a/spec/system/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -1,6 +1,6 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' -case node.facts['osfamily'] +case fact('osfamily') when 'RedHat' servicename = 'httpd' when 'Debian' @@ -8,10 +8,10 @@ when 'FreeBSD' servicename = 'apache22' else - raise "Unconfigured OS for apache service on #{node.facts['osfamily']}" + raise "Unconfigured OS for apache service on #{fact('osfamily')}" end -case node.facts['osfamily'] +case fact('osfamily') when 'FreeBSD' describe 'apache::mod::event class' do describe 'running puppet code' do @@ -24,11 +24,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end end @@ -50,11 +47,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end end @@ -75,11 +69,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - r.exit_code.should_not == 1 - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end end diff --git a/spec/system/service_spec.rb b/spec/acceptance/service_spec.rb similarity index 70% rename from spec/system/service_spec.rb rename to spec/acceptance/service_spec.rb index 5f76600b35..e5e7c3bde7 100644 --- a/spec/system/service_spec.rb +++ b/spec/acceptance/service_spec.rb @@ -1,4 +1,4 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' describe 'apache::service class' do describe 'adding dependencies in between the base class and service class' do @@ -12,11 +12,8 @@ class { 'apache': } EOS # Run it twice and test for idempotency - puppet_apply(pp) do |r| - [0,2].should include(r.exit_code) - r.refresh - r.exit_code.should be_zero - end + expect([0,2]).to include (apply_manifest(pp).exit_code) + expect(apply_manifest(pp).exit_code).to eq(0) end end end diff --git a/spec/system/vhost_spec.rb b/spec/acceptance/vhost_spec.rb similarity index 85% rename from spec/system/vhost_spec.rb rename to spec/acceptance/vhost_spec.rb index 3bab1cdbf2..e03badcf7e 100644 --- a/spec/system/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1,7 +1,7 @@ -require 'spec_helper_system' +require 'spec_helper_acceptance' describe 'apache::vhost define' do - case node.facts['osfamily'] + case fact('osfamily') when 'RedHat' vhost_dir = '/etc/httpd/conf.d' package_name = 'httpd' @@ -18,9 +18,11 @@ context "default vhost without ssl" do it 'should create a default vhost config' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } - }) { |r| [0,2].should include r.exit_code} + EOS + + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe file("#{vhost_dir}/15-default.conf") do @@ -34,11 +36,12 @@ class { 'apache': } context 'default vhost with ssl' do it 'should create default vhost configs' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': default_ssl_vhost => true, } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe file("#{vhost_dir}/15-default.conf") do @@ -53,13 +56,14 @@ class { 'apache': context 'new vhost on port 80' do it 'should configure an apache vhost' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'first.example.com': port => '80', docroot => '/var/www/first', } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe file("#{vhost_dir}/25-first.example.com.conf") do @@ -70,7 +74,7 @@ class { 'apache': } context 'new proxy vhost on port 80' do it 'should configure an apache proxy vhost' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'proxy.example.com': port => '80', @@ -79,7 +83,8 @@ class { 'apache': } { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe file("#{vhost_dir}/25-proxy.example.com.conf") do @@ -92,7 +97,7 @@ class { 'apache': } context 'new vhost on port 80' do it 'should configure two apache vhosts' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'first.example.com': port => '80', @@ -112,7 +117,8 @@ class { 'apache': } ensure => file, content => "Hello from second\\n", } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service(service_name) do @@ -121,23 +127,21 @@ class { 'apache': } end it 'should answer to first.example.com' do - shell("/usr/bin/curl first.example.com:80") do |r| + shell("/usr/bin/curl first.example.com:80", {:acceptable_exit_codes => 0}) do |r| r.stdout.should == "Hello from first\n" - r.exit_code.should == 0 end end it 'should answer to second.example.com' do - shell("/usr/bin/curl second.example.com:80") do |r| + shell("/usr/bin/curl second.example.com:80", {:acceptable_exit_codes => 0}) do |r| r.stdout.should == "Hello from second\n" - r.exit_code.should == 0 end end end context 'apache_directories readme example, adapted' do it 'should configure a vhost with Files' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'files.example.net': docroot => '/var/www/files', @@ -150,7 +154,8 @@ class { 'apache': } content => "Hello World\\n", } host { 'files.example.net': ip => '127.0.0.1', } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service(service_name) do @@ -159,19 +164,16 @@ class { 'apache': } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak") do |r| - r.stderr.should =~ /curl: $22$ The requested URL returned error: 403/ - r.exit_code.should == 22 - end + shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr.should =~ /curl: $22$ The requested URL returned error: 403/ end end - case node.facts['lsbdistcodename'] + case fact('lsbdistcodename') when 'precise', 'wheezy' context 'vhost fallbackresouce example' do it 'should configure a vhost with Fallbackresource' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'fallback.example.net': docroot => '/var/www/fallback', @@ -182,7 +184,8 @@ class { 'apache': } content => "Hello World\\n", } host { 'fallback.example.net': ip => '127.0.0.1', } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service(service_name) do @@ -191,9 +194,8 @@ class { 'apache': } end it 'should answer to fallback.example.net' do - shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r| + shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist", {:acceptable_exit_codes => 0}) do |r| r.stdout.should == "Hello World\n" - r.exit_code.should == 0 end end @@ -208,7 +210,7 @@ class { 'apache': } context 'virtual_docroot hosting separate sites' do it 'should configure a vhost with VirtualDocumentRoot' do - puppet_apply(%{ + pp = <<-EOS class { 'apache': } apache::vhost { 'virt.example.com': vhost_name => '*', @@ -223,7 +225,8 @@ class { 'apache': } file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, } file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", } file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", } - }) { |r| [0,2].should include r.exit_code} + EOS + expect([0,2]).to include (apply_manifest(pp).exit_code) end describe service(service_name) do @@ -232,16 +235,14 @@ class { 'apache': } end it 'should answer to a.virt.example.com' do - shell("/usr/bin/curl a.virt.example.com:80") do |r| + shell("/usr/bin/curl a.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| r.stdout.should == "Hello from a.virt\n" - r.exit_code.should == 0 end end it 'should answer to b.virt.example.com' do - shell("/usr/bin/curl b.virt.example.com:80") do |r| + shell("/usr/bin/curl b.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| r.stdout.should == "Hello from b.virt\n" - r.exit_code.should == 0 end end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000000..5cac72c4fb --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,27 @@ +require 'beaker-rspec/spec_helper' +require 'beaker-rspec/helpers/serverspec' + +hosts.each do |host| + # Install Puppet + install_package host, 'rubygems' + on host, 'gem install puppet --no-ri --no-rdoc' + on host, "mkdir -p #{host['distmoduledir']}" +end + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + puppet_module_install(:source => proj_root, :module_name => 'apache') + hosts.each do |host| + on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } + end + end +end diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb deleted file mode 100644 index 55d51145a1..0000000000 --- a/spec/spec_helper_system.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'rspec-system/spec_helper' -require 'rspec-system-puppet/helpers' -require 'rspec-system-serverspec/helpers' -include Serverspec::Helper::RSpecSystem -include Serverspec::Helper::DetectOS -include RSpecSystemPuppet::Helpers - -RSpec.configure do |c| - # Project root - proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - - # Enable colour - c.tty = true - - c.include RSpecSystemPuppet::Helpers - - # This is where we 'setup' the nodes before running our tests - c.before :suite do - # Install puppet - puppet_install - - # Install modules and dependencies - puppet_module_install(:source => proj_root, :module_name => 'apache') - shell('puppet module install puppetlabs-concat --version 1.0.0') - shell('puppet module install puppetlabs-stdlib --version 2.4.0') - end -end - diff --git a/spec/system/basic_spec.rb b/spec/system/basic_spec.rb deleted file mode 100644 index a87f908411..0000000000 --- a/spec/system/basic_spec.rb +++ /dev/null @@ -1,22 +0,0 @@ -require 'spec_helper_system' - -describe 'basic tests:' do - # Using puppet_apply as a subject - context puppet_apply 'notice("foo")' do - its(:stdout) { should =~ /foo/ } - its(:stderr) { should be_empty } - its(:exit_code) { should be_zero } - end -end - -describe 'disable selinux:' do - context puppet_apply ' - exec { "setenforce 0": - path => "/bin:/sbin:/usr/bin:/usr/sbin", - onlyif => "which setenforce && getenforce | grep Enforcing", - } - ' do - its(:stderr) { should be_empty } - its(:exit_code) { should_not == 1 } - end -end From 78c9d7c51bff0558725e9ab015249974484c4932 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 6 Dec 2013 16:50:25 -0800 Subject: [PATCH 0090/2267] Update for the latest gems --- spec/acceptance/basic_spec.rb | 20 ++++++++------------ spec/acceptance/class_spec.rb | 9 ++++----- spec/acceptance/default_mods_spec.rb | 14 +++++++++----- spec/acceptance/itk_spec.rb | 4 ++-- spec/acceptance/mod_php_spec.rb | 2 +- spec/acceptance/mod_suphp_spec.rb | 2 +- spec/acceptance/prefork_worker_spec.rb | 12 ++++++------ spec/acceptance/service_spec.rb | 4 ++-- spec/acceptance/vhost_spec.rb | 22 +++++++++++----------- 9 files changed, 44 insertions(+), 45 deletions(-) diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb index 29231771f8..bc456e9ed1 100644 --- a/spec/acceptance/basic_spec.rb +++ b/spec/acceptance/basic_spec.rb @@ -1,16 +1,12 @@ require 'spec_helper_acceptance' -describe 'basic tests:' do - pp = 'notice("foo")' - it { expect(apply_manifest(pp).exit_code).to eq(0) } -end - describe 'disable selinux:' do - pp = <<-EOS - exec { "setenforce 0": - path => "/bin:/sbin:/usr/bin:/usr/sbin", - onlyif => "which setenforce && getenforce | grep Enforcing", - } - EOS - it { expect(apply_manifest(pp).exit_code).to eq(0) } + it "because otherwise apache won't work" do + apply_manifest(%{ + exec { "setenforce 0": + path => "/bin:/sbin:/usr/bin:/usr/sbin", + onlyif => "which setenforce && getenforce | grep Enforcing", + } + }, :catch_failures => true) + end end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index c22a0f329e..62107ed61b 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -14,15 +14,14 @@ end context 'default parameters' do - # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS class { 'apache': } EOS # Run it twice and test for idempotency - expect(apply_manifest(pp).exit_code).to_not eq(1) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end describe package(package_name) do @@ -47,8 +46,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect(apply_manifest(pp).exit_code).to_not eq(1) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end describe service(service_name) do diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 8b88663b08..df6463eca4 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -22,8 +22,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end describe service(servicename) do @@ -48,9 +48,13 @@ class { 'apache': } EOS - apply_manifest(pp, { :acceptable_exit_codes => [4,6], :catch_failures => true }) + apply_manifest(pp, { :expect_failures => true }) end + # Are these the same? + describe service(servicename) do + it { should_not be_running } + end describe "service #{servicename}" do it 'should not be running' do shell("pidof #{servicename}", {:acceptable_exit_codes => 1}) @@ -81,9 +85,9 @@ class { 'apache': } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) shell('sleep 10') - expect(apply_manifest(pp).exit_code).to eq(0) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end describe service(servicename) do diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index dc77900846..cabd71c5c6 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -22,8 +22,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end end diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index d222269178..f9c6f2c7f2 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -30,7 +30,7 @@ class { 'apache::mod::php': } content => "\\n", } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service(service_name) do diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 40c8376c58..84a641db59 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -23,7 +23,7 @@ class { 'apache::mod::suphp': } content => "\\n", } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service('apache2') do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 59de6330dc..8427fd045a 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -24,8 +24,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end end @@ -47,8 +47,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end end @@ -69,8 +69,8 @@ class { 'apache': EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end end diff --git a/spec/acceptance/service_spec.rb b/spec/acceptance/service_spec.rb index e5e7c3bde7..c3124c8461 100644 --- a/spec/acceptance/service_spec.rb +++ b/spec/acceptance/service_spec.rb @@ -12,8 +12,8 @@ class { 'apache': } EOS # Run it twice and test for idempotency - expect([0,2]).to include (apply_manifest(pp).exit_code) - expect(apply_manifest(pp).exit_code).to eq(0) + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e03badcf7e..42d98033a0 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -22,7 +22,7 @@ class { 'apache': } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe file("#{vhost_dir}/15-default.conf") do @@ -41,7 +41,7 @@ class { 'apache': default_ssl_vhost => true, } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe file("#{vhost_dir}/15-default.conf") do @@ -63,7 +63,7 @@ class { 'apache': } docroot => '/var/www/first', } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe file("#{vhost_dir}/25-first.example.com.conf") do @@ -84,7 +84,7 @@ class { 'apache': } ], } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe file("#{vhost_dir}/25-proxy.example.com.conf") do @@ -118,7 +118,7 @@ class { 'apache': } content => "Hello from second\\n", } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service(service_name) do @@ -155,7 +155,7 @@ class { 'apache': } } host { 'files.example.net': ip => '127.0.0.1', } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service(service_name) do @@ -185,7 +185,7 @@ class { 'apache': } } host { 'fallback.example.net': ip => '127.0.0.1', } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service(service_name) do @@ -194,7 +194,7 @@ class { 'apache': } end it 'should answer to fallback.example.net' do - shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist", {:acceptable_exit_codes => 0}) do |r| + shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r| r.stdout.should == "Hello World\n" end end @@ -226,7 +226,7 @@ class { 'apache': } file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", } file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", } EOS - expect([0,2]).to include (apply_manifest(pp).exit_code) + apply_manifest(pp, :catch_failures => true) end describe service(service_name) do @@ -249,7 +249,7 @@ class { 'apache': } context 'proxy_pass for alternative vhost' do it 'should configure a local vhost and a proxy vhost' do - puppet_apply(%{ + apply_manifest(%{ class { 'apache': default_vhost => false, } apache::vhost { 'localhost': docroot => '/var/www/local', @@ -272,7 +272,7 @@ class { 'apache': default_vhost => false, } ensure => file, content => "Hello from localhost\\n", } - }) { |r| [0,2].should include r.exit_code} + }, :catch_failures => true) end describe service(service_name) do From 7a4701d040ab28dde915192b49742ca789b11cd5 Mon Sep 17 00:00:00 2001 From: amvapor Date: Fri, 20 Sep 2013 10:27:35 -0400 Subject: [PATCH 0091/2267] Setting up the ability to do multiple rewrites and conditions. Depricating old rewrite_rule declaration in favour of a new rewrite declaration Adds ability to inject comments directly above rewrite directives Adds ability to define multiple rewrite rules Adds ability to define multiple rewrite conditions on a rule set --- README.md | 64 ++++++++++++++++++++++++++++++------ manifests/vhost.pp | 50 ++++++++++++++++++++++++---- spec/defines/vhost_spec.rb | 63 +++++++++++++++++++++++++++++++++++ templates/vhost/_rewrite.erb | 30 +++++++++++++++-- tests/vhost.pp | 22 ++++++++++++- 5 files changed, 209 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index e08fe039d3..b567ef0c9a 100644 --- a/README.md +++ b/README.md @@ -969,44 +969,88 @@ Specifies additional request headers. #####`rewrite_base` -Limits the `rewrite_rule` to the specified base URL. Defaults to 'undef'. +Limits the `rewrites` to the specified base URL. Defaults to 'undef'. ```puppet apache::vhost { 'site.name.fdqn': … - rewrite_rule => '^index\.html$ welcome.html', rewrite_base => '/blog/', + rewrites => [ + { rewrite_rule => ['^index\.html$ welcome.html'] } + ] } ``` The above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/. -#####`rewrite_cond` +#####`rewrites` -Rewrites a URL via `rewrite_rule` based on the truth of specified conditions. For example +Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html. ```puppet apache::vhost { 'site.name.fdqn': … - rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE', + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } ``` -will rewrite URLs only if the visitor is using IE. Defaults to 'undef'. +Allows rewrite conditions, that when true, will execute the associated rule. For example -*Note*: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple `rewrite_cond` and `rewrite_rules` per vhost, so that different conditions get different rewrites. +```puppet + apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + } + ] + } +``` -#####`rewrite_rule` +will rewrite URLs only if the visitor is using IE. -Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html. +Multiple conditions can be applied, the following will rewrite index.html to welcome.html only when the browser is lynx or mozilla version 1 or 2 ```puppet apache::vhost { 'site.name.fdqn': … - rewrite_rule => '^index\.html$ welcome.html', + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + } + ] } ``` +Multiple rewrites and conditions are also possible + +```puppet + apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + } + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + } + ] + } +``` + +refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions + #####`scriptalias` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin' diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5934a1d9a3..cac014d4e3 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -44,6 +44,24 @@ # docroot => '/path/to/docroot', # } # +# # Multiple Mod Rewrites: +# apache::vhost { 'site.name.fqdn': +# port => '80', +# docroot => '/path/to/docroot', +# rewrites => [ +# { +# comment => 'force www domain', +# rewrite_cond => ['%{HTTP_HOST} ^([a-z.]+)?example.com$ [NC]', '%{HTTP_HOST} !^www. [NC]'], +# rewrite_rule => ['.? http://www.%1example.com%{REQUEST_URI} [R=301,L]'] +# }, +# { +# comment => 'prevent image hotlinking', +# rewrite_cond => ['%{HTTP_REFERER} !^$', '%{HTTP_REFERER} !^http://(www.)?example.com/ [NC]'], +# rewrite_rule => ['.(gif|jpg|png)$ - [F]'] +# }, +# ] +# } +# # # SSL vhost with non-SSL rewrite: # apache::vhost { 'site.name.fqdn': # port => '443', @@ -52,8 +70,13 @@ # } # apache::vhost { 'site.name.fqdn': # port => '80', -# rewrite_cond => '%{HTTPS} off', -# rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', +# rewrites => [ +# { +# comment => "redirect non-SSL traffic to SSL site", +# rewrite_cond => ['%{HTTPS} off'], +# rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'] +# } +# ] # } # apache::vhost { 'site.name.fqdn': # port => '80', @@ -124,6 +147,7 @@ $redirect_status = undef, $rack_base_uris = undef, $request_headers = undef, + $rewrites = undef, $rewrite_rule = undef, $rewrite_cond = undef, $setenv = [], @@ -159,6 +183,19 @@ validate_bool($ssl) validate_bool($default_vhost) validate_bool($ssl_proxyengine) + if $rewrites { + validate_array($rewrites) + validate_hash($rewrites[0]) + } + + # Deprecated backwards-compatibility + if $rewrite_rule { + warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') + } + if $rewrite_cond { + warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') + } + if $wsgi_script_aliases { validate_hash($wsgi_script_aliases) } @@ -292,9 +329,9 @@ } # Load mod_rewrite if needed and not yet loaded - if $rewrite_rule { - if ! defined(Class['apache::mod::rewrite']) { - include apache::mod::rewrite + if $rewrites or $rewrite_cond { + if ! defined(Apache::Mod['rewrite']) { + apache::mod { 'rewrite': } } } @@ -406,8 +443,7 @@ # requestheader fragment: # - $request_headers # rewrite fragment: - # - $rewrite_rule - # - $rewrite_cond + # - $rewrites # scriptalias fragment: # - $scriptalias # - $scriptaliases diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3ce75c8d8d..0fc921f14c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -414,6 +414,40 @@ :value => 'not a real rule', :match => [/^ RewriteRule not a real rule$/], }, + { + :title => 'should accept rewrite rules', + :attr => 'rewrites', + :value => [{'rewrite_rule' => ['not a real rule']}], + :match => [/^ RewriteRule not a real rule$/], + }, + { + :title => 'should accept rewrite comment', + :attr => 'rewrites', + :value => [{'comment' => 'rewrite comment', 'rewrite_rule' => ['not a real rule']}], + :match => [/^ #rewrite comment/], + }, + { + :title => 'should accept rewrite conditions', + :attr => 'rewrites', + :value => [{'comment' => 'redirect IE', 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^MSIE'], 'rewrite_rule' => ['^index\.html$ welcome.html'],}], + :match => [ + /^ #redirect IE$/, + /^ RewriteCond %{HTTP_USER_AGENT} \^MSIE$/, + /^ RewriteRule \^index\\\.html\$ welcome.html$/, + ], + }, + { + :title => 'should accept multiple rewrites', + :attr => 'rewrites', + :value => [ + {'rewrite_rule' => ['not a real rule']}, + {'rewrite_rule' => ['not a real rule two']}, + ], + :match => [ + /^ RewriteRule not a real rule$/, + /^ RewriteRule not a real rule two$/, + ], + }, { :title => 'should block scm', :attr => 'block', @@ -850,6 +884,35 @@ end end + describe 'when rewrites are specified' do + let :params do default_params.merge({ + :rewrites => [ + { + 'comment' => 'test rewrites', + 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + 'rewrite_rule' => ['^index\.html$ welcome.html', '^index\.cgi$ index.php'], + } + ] + }) end + it 'should set RewriteConds and RewriteRules' do + should contain_file("25-#{title}.conf").with_content( + /^ #test rewrites$/ + ) + should contain_file("25-#{title}.conf").with_content( + /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ + ) + should contain_file("25-#{title}.conf").with_content( + /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ + ) + should contain_file("25-#{title}.conf").with_content( + /^ RewriteRule \^index\\.html\$ welcome.html$/ + ) + should contain_file("25-#{title}.conf").with_content( + /^ RewriteRule \^index\\.cgi\$ index.php$/ + ) + end + end + describe 'when rewrite_rule and rewrite_cond are specified' do let :params do default_params.merge({ :rewrite_cond => '%{HTTPS} off', diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index a39db1c96e..dbb437c1d6 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -1,5 +1,31 @@ -<% if @rewrite_rule -%> +<% if @rewrites -%> + ## Rewrite rules + RewriteEngine On +<% if @rewrite_base -%> + RewriteBase <%= @rewrite_base %> +<% end -%> + +<% [@rewrites].flatten.compact.each do |rewrite_details| -%> +<% if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> +<% end -%> +<% if rewrite_details['rewrite_cond'] -%> +<%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> +<%- Array(commands).each do |command| -%> + RewriteCond <%= command %> +<%- end -%> +<% end -%> +<% end -%> +<%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> +<%- Array(commands).each do |command| -%> + RewriteRule <%= command %> +<%- end -%> +<% end -%> +<% end -%> +<%- end -%> +<%# reverse compatibility %> +<% if @rewrite_rule and !@rewrites -%> ## Rewrite rules RewriteEngine On <% if @rewrite_base -%> @@ -11,4 +37,4 @@ <% end -%> <% end -%> RewriteRule <%= @rewrite_rule %> -<% end -%> +<%- end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index 153a213dd2..0c801b4f0a 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -142,13 +142,33 @@ # Vhost to redirect non-ssl to ssl apache::vhost { 'sixteenth.example.com non-ssl': + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrites => [ + { + comment => "redirect non-SSL traffic to SSL site", + rewrite_cond => ['%{HTTPS} off'], + rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + } + ] +} +apache::vhost { 'sixteenth.example.com ssl': + servername => 'sixteenth.example.com', + port => '443', + docroot => '/var/www/sixteenth', + ssl => true, +} + +# Vhost to redirect non-ssl to ssl using old rewrite method +apache::vhost { 'sixteenth.example.com non-ssl old rewrite': servername => 'sixteenth.example.com', port => '80', docroot => '/var/www/sixteenth', rewrite_cond => '%{HTTPS} off', rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', } -apache::vhost { 'sixteenth.example.com ssl': +apache::vhost { 'sixteenth.example.com ssl old rewrite': servername => 'sixteenth.example.com', port => '443', docroot => '/var/www/sixteenth', From db4e9eed87837c162eda86e3e3d0628c6b2c49bb Mon Sep 17 00:00:00 2001 From: Pablo Fredrikson Date: Tue, 10 Dec 2013 11:40:41 -0300 Subject: [PATCH 0092/2267] added redirectmatch support --- manifests/vhost.pp | 2 ++ spec/defines/vhost_spec.rb | 14 ++++++++++++++ templates/vhost/_redirect.erb | 12 ++++++++++++ 3 files changed, 28 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cac014d4e3..c5908ea975 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -145,6 +145,8 @@ $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, $rack_base_uris = undef, $request_headers = undef, $rewrites = undef, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 0fc921f14c..463800c8b0 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1063,6 +1063,20 @@ it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } end + describe 'redirect match rules' do + let :params do + default_params.merge({ + :redirectmatch_status => [ + '404', + ], + :redirectmatch_regexp => [ + '/\.git(/.*|$)', + ], + }) + end + + it { should contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } + end describe 'without a status' do let :params do default_params.merge({ diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb index 66eee5e6d8..e865bd9afa 100644 --- a/templates/vhost/_redirect.erb +++ b/templates/vhost/_redirect.erb @@ -10,3 +10,15 @@ Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> <% end -%> <% end -%> + +<%- if @redirectmatch_status and @redirectmatch_regexp -%> +<% @redirectmatch_status_a = Array(@redirectmatch_status) -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> + + ## RedirectMatch rules +<% @redirectmatch_status_a.each_with_index do |status, i| -%> +<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> + RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> +<% end -%> +<% end -%> From ee65f518a321d01cdaee1a6654ac052e81c5fd14 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 12 Dec 2013 19:40:40 -0500 Subject: [PATCH 0093/2267] Fix $ports_file reference in Namevirtualhost. This define was pointing at the params::ports_file version of the variable, rather than the one defined in the main class, making it impossible to correctly override. --- manifests/namevirtualhost.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index edbbfe4cf2..f5f0dad538 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -1,10 +1,9 @@ define apache::namevirtualhost { $addr_port = $name - include apache::params # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": - target => $apache::params::ports_file, + target => $apache::ports_file, content => template('apache/namevirtualhost.erb'), } } From f2f22a28afe298c837829cb3731c72eba9919265 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 12 Dec 2013 19:49:45 -0500 Subject: [PATCH 0094/2267] Fix $ports_file reference in apache::listen. This was pointing at ::params::ports_file instead of the main class, causing relocation of the ports file to fail. --- manifests/listen.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/listen.pp b/manifests/listen.pp index 57982ba269..3189fa8f77 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -1,10 +1,9 @@ define apache::listen { $listen_addr_port = $name - include apache::params # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": - target => $apache::params::ports_file, + target => $apache::ports_file, content => template('apache/listen.erb'), } } From fc760acb9af5a616523bdda2926bcbc7a0e76a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 13 Dec 2013 18:28:38 +0100 Subject: [PATCH 0095/2267] update CONTRIBUTING with information about beaker beaker has replaced our rspec-system tests. These new tests are run differently. Before messing with our Rakefile, a good start is to just document it. --- CONTRIBUTING.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ecf012ce90..be61e30aeb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -162,7 +162,13 @@ Use `bundle show [gemname]` to see where a bundled gem is installed. NOTE some systems may require you to run this command with sudo. -With all dependencies installed we can now run the tests: +If you already have those gems installed, make sure they are up-to-date: + +```shell +% bundle update +``` + +With all dependencies in place and up-to-date we can now run the tests: ```shell % rake spec @@ -174,7 +180,7 @@ and so on. rspec tests may have the same kind of dependencies as the module they are testing. While the module defines in its [Modulefile](./Modulefile), rspec tests define them in [.fixtures.yml](./fixtures.yml). -Some puppet modules also come with [rspec-system](https://github.com/puppetlabs/rspec-system) +Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) tests. These tests spin up a virtual machine under [VirtualBox](https://www.virtualbox.org/)) with, controlling it with [Vagrant](http://www.vagrantup.com/) to actually simulate scripted test @@ -184,12 +190,13 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec:system +% rake spec_clean +% rspec spec/acceptance ``` This will now download a pre-fabricated image configured in [.nodeset.yml](./.nodeset.yml), -install puppet, copy this module and install its dependencies per [spec/spec_helper_system.rb](./spec/spec_helper_system.rb) -and then run all the tests under [spec/system](./spec/system). +install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +and then run all the tests under [spec/acceptance](./spec/acceptance). Writing Tests ------------- @@ -217,8 +224,6 @@ Additional Resources * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) -* [Bug tracker (Redmine)](http://projects.puppetlabs.com/projects/modules) - * [Patchwork](https://patchwork.puppetlabs.com) * [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) From a70e4be7f9480e7ea474fc55d258b527188046bf Mon Sep 17 00:00:00 2001 From: chieping Date: Fri, 6 Dec 2013 19:05:41 +0900 Subject: [PATCH 0096/2267] Support environment variable control for CustomLog --- README.md | 4 ++++ manifests/vhost.pp | 5 +++++ spec/defines/vhost_spec.rb | 6 ++++++ templates/vhost.conf.erb | 4 +++- tests/vhost.pp | 8 ++++++++ 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8fae13e49d..7b04660a98 100644 --- a/README.md +++ b/README.md @@ -488,6 +488,10 @@ Sends all access log messages to syslog. Defaults to 'undef'. Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'. +#####`access_log_env_var` + +Adds writing control of access log via environment variable of the access. Defaults to 'undef'. + #####`add_listen` Determines whether the vhost creates a listen statement. The default value is 'true'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index dfc511f6bd..641962d582 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -126,6 +126,7 @@ $access_log_pipe = undef, $access_log_syslog = undef, $access_log_format = undef, + $access_log_env_var = undef, $aliases = undef, $directories = undef, $error_log = true, @@ -294,6 +295,9 @@ $_access_log_format = 'combined' } + if $access_log_env_var { + $_access_log_env_var = "env=${access_log_env_var}" + } if $ip { if $port { @@ -418,6 +422,7 @@ # - $access_log # - $access_log_destination # - $_access_log_format + # - $_access_log_env_var # - $error_log # - $error_log_destination # - $error_documents diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 7f4889fa50..55f5546b54 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -720,6 +720,12 @@ /^ VirtualDocumentRoot \/not\/default$/, ], }, + { + :title => 'should contain environment variables', + :attr => 'access_log_env_var', + :value => 'admin', + :match => [/CustomLog \/var\/log\/.+_access\.log combined env=admin$/] + }, ].each do |param| describe "when #{param[:attr]} is #{param[:value]}" do diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index e8876fc4db..ea10143f7d 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -39,7 +39,9 @@ LogLevel <%= @log_level %> <% end -%> ServerSignature Off -<% if @access_log -%> +<% if @access_log and @_access_log_env_var -%> + CustomLog <%= @access_log_destination %> <%= @_access_log_format %> <%= @_access_log_env_var %> +<% elsif @access_log -%> CustomLog <%= @access_log_destination %> <%= @_access_log_format %> <% end -%> <%= scope.function_template(['apache/vhost/_block.erb']) -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index 0c801b4f0a..77c592f6f1 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -227,3 +227,11 @@ ssl_honorcipherorder => 'On', add_listen => 'false', } + +# Vhost with access log environment variables writing control +apache::vhost { 'twentyfirst.example.com': + port => '80', + docroot => '/var/www/twentyfirst', + access_log_env_var => 'admin', +} + From 13120bfe5bbc8083e7aafe1767f9658000c053a8 Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Sat, 14 Dec 2013 12:53:04 -0800 Subject: [PATCH 0097/2267] Fix rspec-puppet deprecation warnings This commit changes all the spec tests to use contain_class instead of include_class which is deprecated. --- spec/classes/apache_spec.rb | 6 +++--- spec/classes/dev_spec.rb | 6 +++--- spec/classes/mod/auth_kerb_spec.rb | 6 +++--- spec/classes/mod/authnz_ldap_spec.rb | 8 ++++---- spec/classes/mod/dav_svn_spec.rb | 6 +++--- spec/classes/mod/dev_spec.rb | 2 +- spec/classes/mod/dir_spec.rb | 6 +++--- spec/classes/mod/event_spec.rb | 2 +- spec/classes/mod/fastcgi_spec.rb | 4 ++-- spec/classes/mod/fcgid_spec.rb | 6 +++--- spec/classes/mod/itk_spec.rb | 4 ++-- spec/classes/mod/passenger_spec.rb | 6 +++--- spec/classes/mod/perl_spec.rb | 6 +++--- spec/classes/mod/peruser_spec.rb | 2 +- spec/classes/mod/php_spec.rb | 8 ++++---- spec/classes/mod/prefork_spec.rb | 6 +++--- spec/classes/mod/proxy_html_spec.rb | 6 +++--- spec/classes/mod/python_spec.rb | 6 +++--- spec/classes/mod/rpaf_spec.rb | 4 ++-- spec/classes/mod/ssl_spec.rb | 6 +++--- spec/classes/mod/suphp_spec.rb | 4 ++-- spec/classes/mod/worker_spec.rb | 6 +++--- spec/classes/mod/wsgi_spec.rb | 6 +++--- spec/defines/mod_spec.rb | 8 ++++---- spec/defines/vhost_spec.rb | 16 ++++++++-------- 25 files changed, 73 insertions(+), 73 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 690cdaab0a..58d23d1d3b 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -9,7 +9,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' @@ -132,7 +132,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' @@ -370,7 +370,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_class("apache::package").with({'ensure' => 'present'}) } it { should contain_user("www") } it { should contain_group("www") } diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 3a094df480..e3d7dee399 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -8,7 +8,7 @@ :operatingsystemrelease => '6', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("libaprutil1-dev") } it { should contain_package("libapr1-dev") } it { should contain_package("apache2-prefork-dev") } @@ -20,7 +20,7 @@ :operatingsystemrelease => '6', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("httpd-devel") } end context "on a FreeBSD OS" do @@ -33,6 +33,6 @@ :operatingsystemrelease => '9', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 955be8da47..71c2349c39 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("auth_kerb") } it { should contain_package("libapache2-mod-auth-kerb") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("auth_kerb") } it { should contain_package("mod_auth_kerb") } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("auth_kerb") } it { should contain_package("www/mod_auth_kerb2") } end diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index ac0373e866..c8e832d950 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -11,8 +11,8 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } - it { should include_class("apache::mod::ldap") } + it { should contain_class("apache::params") } + it { should contain_class("apache::mod::ldap") } it { should contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do @@ -40,8 +40,8 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } - it { should include_class("apache::mod::ldap") } + it { should contain_class("apache::params") } + it { should contain_class("apache::mod::ldap") } it { should contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index c0e25312ea..fe11bb8cb5 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dav_svn') } it { should contain_package("libapache2-svn") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dav_svn') } it { should contain_package("mod_dav_svn") } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dav_svn') } it { should contain_package("devel/subversion") } end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index eee0bb1fa6..b72217aadd 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -17,7 +17,7 @@ :operatingsystemrelease => operatingsystemrelease, } end - it { should include_class('apache::dev') } + it { should contain_class('apache::dev') } end end end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 28aaf5c71a..b195eda0f7 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -13,7 +13,7 @@ } end context "passing no parameters" do - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dir') } it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } it { should contain_file('dir.conf').with_content(/ index\.html /) } @@ -40,7 +40,7 @@ } end context "passing no parameters" do - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dir') } it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } it { should contain_file('dir.conf').with_content(/ index\.html /) } @@ -67,7 +67,7 @@ } end context "passing no parameters" do - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('dir') } it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } it { should contain_file('dir.conf').with_content(/ index\.html /) } diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index f695d1d526..7363e2fc92 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('event') } it { should contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } end diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 43544d2b6d..8138bbab70 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('fastcgi') } it { should contain_package("libapache2-mod-fastcgi") } it { should contain_file('fastcgi.conf') } @@ -24,7 +24,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('fastcgi') } it { should contain_package("mod_fastcgi") } it { should_not contain_file('fastcgi.conf') } diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index d356a839d5..5cc337291a 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('fcgid') } it { should contain_package("libapache2-mod-fcgid") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('fcgid') } it { should contain_package("mod_fcgid") } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('fcgid') } it { should contain_package("www/mod_fcgid") } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index b531e942d8..443ace0cce 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('itk') } it { should contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } @@ -24,7 +24,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('itk') } it { should contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 1d148b60c9..d186503e51 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("libapache2-mod-passenger") } it { should contain_file('passenger.conf').with({ @@ -88,7 +88,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("mod_passenger") } it { should contain_file('passenger.conf').with({ @@ -105,7 +105,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("www/rubygem-passenger") } end diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 27690e2a0f..3cb7a3e67a 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('perl') } it { should contain_package("libapache2-mod-perl2") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('perl') } it { should contain_package("mod_perl") } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('perl') } it { should contain_package("www/mod_perl2") } end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index 3d4a608461..062905ccc9 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('peruser') } it { should contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 31a85a7bfc..57708a398c 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -11,7 +11,7 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('php5') } it { should contain_package("libapache2-mod-php5") } it { should contain_file("php5.load").with( @@ -39,7 +39,7 @@ let :pre_condition do 'class { "apache": }' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('php5') } it { should contain_package("php") } it { should contain_file("php5.load").with( @@ -61,7 +61,7 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('php5') } it { should contain_package("php") } it { should contain_file("php5.load").with( @@ -81,7 +81,7 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should include_class('apache::params') } + it { should contain_class('apache::params') } it { should contain_apache__mod('php5') } it { should contain_package("lang/php5") } it { should contain_file('php5.load') } diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 7148f787a7..5436894227 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('prefork') } it { should contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } @@ -24,7 +24,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('prefork') } it { should contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ @@ -40,7 +40,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('prefork') } it { should contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 10547d8330..90be60b0fe 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -14,7 +14,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('proxy_html') } it { should contain_package("libapache2-mod-proxy-html") } end @@ -26,7 +26,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('proxy_html') } it { should contain_package("mod_proxy_html") } end @@ -38,7 +38,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('proxy_html') } it { should contain_package("www/mod_proxy_html") } end diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index b29e4b5f89..9042d0f1bf 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("python") } it { should contain_package("libapache2-mod-python") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("python") } it { should contain_package("mod_python") } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod("python") } it { should contain_package("www/mod_python3") } end diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 4f08fd81e5..d9c9015abf 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -12,7 +12,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('rpaf') } it { should contain_package("libapache2-mod-rpaf") } it { should contain_file('rpaf.conf').with({ @@ -47,7 +47,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('rpaf') } it { should contain_package("www/mod_rpaf2") } it { should contain_file('rpaf.conf').with({ diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index b4e9255f05..45005a1913 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -21,7 +21,7 @@ :concat_basedir => '/dne', } end - it { should include_class('apache::params') } + it { should contain_class('apache::params') } it { should contain_apache__mod('ssl') } it { should contain_package('mod_ssl') } end @@ -34,7 +34,7 @@ :concat_basedir => '/dne', } end - it { should include_class('apache::params') } + it { should contain_class('apache::params') } it { should contain_apache__mod('ssl') } it { should_not contain_package('libapache2-mod-ssl') } end @@ -47,7 +47,7 @@ :concat_basedir => '/dne', } end - it { should include_class('apache::params') } + it { should contain_class('apache::params') } it { should contain_apache__mod('ssl') } end end diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index 2d6517c330..382314d9a9 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("libapache2-mod-suphp") } end context "on a RedHat OS" do @@ -21,7 +21,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package("mod_suphp") } end end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 4c504c01fb..1af8ff8c68 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('worker') } it { should contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } @@ -24,7 +24,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('worker') } it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } it { should contain_file_line("/etc/sysconfig/httpd worker enable") } @@ -37,7 +37,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should_not contain_apache__mod('worker') } it { should contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 9549b1df7b..8d26526cb2 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -10,7 +10,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('wsgi') } it { should contain_package("libapache2-mod-wsgi") } end @@ -22,7 +22,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('wsgi') } it { should contain_package("mod_wsgi") } @@ -47,7 +47,7 @@ :concat_basedir => '/dne', } end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_apache__mod('wsgi') } it { should contain_package("www/mod_wsgi") } end diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 0bb5bf6b75..bbc5f0bdce 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -17,7 +17,7 @@ let :title do 'spec_m' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it "should manage the module load file" do should contain_file('spec_m.load').with({ :path => '/etc/httpd/conf.d/spec_m.load', @@ -37,7 +37,7 @@ # parameters let(:params) { {:package => 'mod_xsendfile'} } - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it { should contain_package('mod_xsendfile') } end end @@ -55,7 +55,7 @@ let :title do 'spec_m' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it "should manage the module load file" do should contain_file('spec_m.load').with({ :path => '/etc/apache2/mods-available/spec_m.load', @@ -90,7 +90,7 @@ let :title do 'spec_m' end - it { should include_class("apache::params") } + it { should contain_class("apache::params") } it "should manage the module load file" do should contain_file('spec_m.load').with({ :path => '/usr/local/etc/apache22/Modules/spec_m.load', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 7f4889fa50..0923e44866 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -24,8 +24,8 @@ end let :params do default_params end let :facts do default_facts end - it { should include_class("apache") } - it { should include_class("apache::params") } + it { should contain_class("apache") } + it { should contain_class("apache::params") } end context "on Debian based systems" do let :default_facts do @@ -37,8 +37,8 @@ end let :params do default_params end let :facts do default_facts end - it { should include_class("apache") } - it { should include_class("apache::params") } + it { should contain_class("apache") } + it { should contain_class("apache::params") } it { should contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' @@ -59,8 +59,8 @@ end let :params do default_params end let :facts do default_facts end - it { should include_class("apache") } - it { should include_class("apache::params") } + it { should contain_class("apache") } + it { should contain_class("apache::params") } it { should contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' @@ -77,8 +77,8 @@ end describe 'basic assumptions' do let :params do default_params end - it { should include_class("apache") } - it { should include_class("apache::params") } + it { should contain_class("apache") } + it { should contain_class("apache::params") } it { should contain_apache__listen(params[:port]) } it { should contain_apache__namevirtualhost("*:#{params[:port]}") } end From 32b324baae70aaf071b3d4c4c7af397da07714be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 17 Dec 2013 06:49:00 +0100 Subject: [PATCH 0098/2267] rspec-puppet's .nodeset.yml is now deprecated --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index be61e30aeb..4a4ec6f656 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -194,7 +194,7 @@ You can run them by issuing the following command % rspec spec/acceptance ``` -This will now download a pre-fabricated image configured in [.nodeset.yml](./.nodeset.yml), +This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). From 6db93dac50bb27e6b899041e1bbb8518bd693c6e Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Tue, 17 Dec 2013 12:18:45 -0500 Subject: [PATCH 0099/2267] Remove index parameters. The current code allows you to set index_options but then ignores it. Based on the git log for the commit that added this option it was intended to be passed into directories. The test that caught this will be merged into spec/acceptance/vhost_spec.rb in a seperate PR. You can reproduce the original failure with: class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', index_options => ['Charset=UTF-8'], } We're just going to remove them because they can be passed directly into directory instead of indirectly. --- manifests/vhost.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 641962d582..0cdec4871a 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -114,8 +114,6 @@ $servername = $name, $serveraliases = [], $options = ['Indexes','FollowSymLinks','MultiViews'], - $index_options = [], - $index_order_default = [], $override = ['None'], $directoryindex = '', $vhost_name = '*', From 76c19e18ddfcb2406c50967263b9095d3d6533fe Mon Sep 17 00:00:00 2001 From: Jean-Denis Gebhardt Date: Thu, 19 Dec 2013 13:50:44 +0100 Subject: [PATCH 0100/2267] Added support for mod_include --- README.md | 1 + manifests/mod/include.pp | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 manifests/mod/include.pp diff --git a/README.md b/README.md index 7b04660a98..028b459c34 100644 --- a/README.md +++ b/README.md @@ -393,6 +393,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `fastcgi` * `fcgid` * `headers` +* `include` * `info` * `itk` * `ldap` diff --git a/manifests/mod/include.pp b/manifests/mod/include.pp new file mode 100644 index 0000000000..9f2592f093 --- /dev/null +++ b/manifests/mod/include.pp @@ -0,0 +1,3 @@ +class apache::mod::include { + apache::mod { 'include': } +} From 61be25eae90d7fa6d09d3d6ed50b30bfda9e344c Mon Sep 17 00:00:00 2001 From: Matt Shields Date: Thu, 19 Dec 2013 10:53:22 -0500 Subject: [PATCH 0101/2267] Update init.pp Fixed to all module to be used with Amazon Linux (fork of RHEL/CentOS) facter osfamily operatingsystem operatingsystem => Amazon osfamily => Linux --- manifests/init.pp | 53 +++++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 29 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index cecb7c4502..5147ebc3c7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -215,35 +215,30 @@ } if $apache::params::conf_dir and $apache::params::conf_file { - case $::osfamily { - 'debian': { - $docroot = '/var/www' - $pidfile = '${APACHE_PID_FILE}' - $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - } - 'redhat': { - $docroot = '/var/www/html' - $pidfile = 'run/httpd.pid' - $error_log = 'error_log' - $error_documents_path = '/var/www/error' - $scriptalias = '/var/www/cgi-bin' - $access_log_file = 'access_log' - } - 'freebsd': { - $docroot = '/usr/local/www/apache22/data' - $pidfile = '/var/run/httpd.pid' - $error_log = 'httpd-error.log' - $error_documents_path = '/usr/local/www/apache22/error' - $scriptalias = '/usr/local/www/apache22/cgi-bin' - $access_log_file = 'httpd-access.log' - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } + if $::osfamily == 'redhat' or $::operatingsystem == 'amazon' { + $docroot = '/var/www/html' + $pidfile = 'run/httpd.pid' + $error_log = 'error_log' + $error_documents_path = '/var/www/error' + $scriptalias = '/var/www/cgi-bin' + $access_log_file = 'access_log' + } elsif $::osfamily == 'debian' { + $docroot = '/var/www' + $pidfile = '${APACHE_PID_FILE}' + $error_log = 'error.log' + $error_documents_path = '/usr/share/apache2/error' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } elsif $::osfamily == 'freebsd' { + $docroot = '/usr/local/www/apache22/data' + $pidfile = '/var/run/httpd.pid' + $error_log = 'httpd-error.log' + $error_documents_path = '/usr/local/www/apache22/error' + $scriptalias = '/usr/local/www/apache22/cgi-bin' + $access_log_file = 'httpd-access.log' + } else { + fail("Unsupported osfamily ${::osfamily}") + } $apxs_workaround = $::osfamily ? { 'freebsd' => true, From 8b16a339b7caec483a3fd4699e42d8f93e429e19 Mon Sep 17 00:00:00 2001 From: Matt Shields Date: Thu, 19 Dec 2013 10:56:28 -0500 Subject: [PATCH 0102/2267] Update alias.pp Fixed to all module to be used with Amazon Linux (fork of RHEL/CentOS) facter osfamily operatingsystem operatingsystem => Amazon osfamily => Linux --- manifests/mod/alias.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 2880697236..aab196eaf2 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,8 @@ class apache::mod::alias { - $icons_path = $::osfamily ? { + $icons_path = $::osfamily or $::operatingsystem ? { 'debian' => '/usr/share/apache2/icons', 'redhat' => '/var/www/icons', + 'amazon' => '/var/www/icons', 'freebsd' => '/usr/local/www/apache22/icons', } apache::mod { 'alias': } From dcb1fc66ce32384469a9688f08a1b2fba69581b0 Mon Sep 17 00:00:00 2001 From: Pan Date: Sat, 21 Dec 2013 23:15:32 -0800 Subject: [PATCH 0103/2267] Fix the servername used in log file name The servername can be [schema://]hostname.domain[:port]. In the case of servername including schema and port, it is not appropriate to use as log file name. It will generate something like this: "ErrorLog /var/log/httpd/https://domain_error.log", which cause httpd failed to refresh/start. --- manifests/vhost.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 641962d582..97f1d09d02 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -268,9 +268,9 @@ $access_log_destination = $access_log_syslog } else { if $ssl { - $access_log_destination = "${logroot}/${servername}_access_ssl.log" + $access_log_destination = "${logroot}/${name}_access_ssl.log" } else { - $access_log_destination = "${logroot}/${servername}_access.log" + $access_log_destination = "${logroot}/${name}_access.log" } } @@ -282,9 +282,9 @@ $error_log_destination = $error_log_syslog } else { if $ssl { - $error_log_destination = "${logroot}/${servername}_error_ssl.log" + $error_log_destination = "${logroot}/${name}_error_ssl.log" } else { - $error_log_destination = "${logroot}/${servername}_error.log" + $error_log_destination = "${logroot}/${name}_error.log" } } From e786bfcdd0fb6fdc344e01976fa667a4187cdf41 Mon Sep 17 00:00:00 2001 From: Randy Stauner Date: Tue, 7 Jan 2014 18:50:27 -0700 Subject: [PATCH 0104/2267] (docs) Fix apache::namevirtualhost example call style The docs describe it as a defined type but the example shows it as a class. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 028b459c34..8230c2b242 100644 --- a/README.md +++ b/README.md @@ -1434,7 +1434,7 @@ Apache httpd requires that `Listen` directives must be added for every port. The Enables named-based hosting of a virtual host ```puppet - class { 'apache::namevirtualhost`: } + apache::namevirtualhost { '*:80': } ``` Declaring this defined type will add all `NameVirtualHost` directives to the `ports.conf` file in the Apache https configuration directory. `apache::namevirtualhost` titles should always take the form of: `*`, `*:`, `_default_:`, ``, or `:`. From c96032c1494bd2e790f6d4cd54c1a0f2da7f9446 Mon Sep 17 00:00:00 2001 From: Randy Stauner Date: Tue, 7 Jan 2014 19:02:07 -0700 Subject: [PATCH 0105/2267] (docs) Update list of `apache::mod::[name]` classes --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8230c2b242..a4f9e50862 100644 --- a/README.md +++ b/README.md @@ -378,6 +378,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `alias` * `auth_basic` * `auth_kerb` +* `authnz_ldap`* * `autoindex` * `cache` * `cgi` @@ -390,6 +391,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `dir`* * `disk_cache` * `event` +* `expires` * `fastcgi` * `fcgid` * `headers` @@ -399,7 +401,6 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `ldap` * `mime` * `mime_magic`* -* `mpm_event` * `negotiation` * `nss`* * `passenger`* @@ -409,6 +410,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `prefork`* * `proxy`* * `proxy_ajp` +* `proxy_balancer` * `proxy_html` * `proxy_http` * `python` From 880095637504a246c41d654e8c2752ae96b77e45 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Wed, 8 Jan 2014 21:15:40 +0000 Subject: [PATCH 0106/2267] Don't purge mods-available dir when separate enable dir is used --- manifests/init.pp | 4 +++- spec/classes/apache_spec.rb | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5147ebc3c7..e7d6ce9827 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -145,10 +145,12 @@ creates => $mod_dir, require => Package['httpd'], } + # Don't purge available modules if an enable dir is used + $purge_mod_dir = $purge_configs and !$mod_enable_dir file { $mod_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_mod_dir, notify => Class['Apache::Service'], require => Package['httpd'], } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 58d23d1d3b..7dd82d351c 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -37,7 +37,7 @@ it { should contain_file("/etc/apache2/mods-available").with( 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', + 'purge' => 'false', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) From 4defeb2b827bf54c78527b76a066808792e5bfbe Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 12 Dec 2013 14:40:44 -0500 Subject: [PATCH 0107/2267] Add additional beaker acceptance tests. This extends the tests to cover all current parameters (minus two vhost ones that are shortly to be removed). Most of these tests are the naive happy path, but even that has discovered some legitimate issues along the way. --- spec/acceptance/apache_parameters_spec.rb | 408 ++++++++++++++ spec/acceptance/apache_ssl_spec.rb | 89 +++ spec/acceptance/nodesets/centos-59-x64.yml | 8 + spec/acceptance/vhost_spec.rb | 599 +++++++++++++++++++++ spec/spec_helper_acceptance.rb | 4 + 5 files changed, 1108 insertions(+) create mode 100644 spec/acceptance/apache_parameters_spec.rb create mode 100644 spec/acceptance/apache_ssl_spec.rb create mode 100644 spec/acceptance/nodesets/centos-59-x64.yml diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb new file mode 100644 index 0000000000..77971d7f99 --- /dev/null +++ b/spec/acceptance/apache_parameters_spec.rb @@ -0,0 +1,408 @@ +require 'spec_helper_acceptance' + +case fact('osfamily') +when 'RedHat' + conf_dir = '/etc/httpd/conf' + confd_dir = '/etc/httpd/conf.d' + conf_file = '/etc/httpd/conf/httpd.conf' + ports_file = '/etc/httpd/conf/ports.conf' + vhost = '/etc/httpd/conf.d/15-default.conf' + service_name = 'httpd' + package_name = 'httpd' +when 'Debian' + conf_dir = '/etc/apache2/conf.d' + confd_dir = '/etc/apache2/conf.d' + conf_file = '/etc/apache2/conf/apache2.conf' + ports_file = '/etc/httpd/conf/ports.conf' + vhost = '/etc/httpd/conf.d/15-default.conf' + service_name = 'apache2' + package_name = 'apache2' +end + +describe 'apache parameters' do + + # Currently this test only does something on FreeBSD. + describe 'default_confd_files => false' do + it 'doesnt do anything' do + pp = "class { 'apache': default_confd_files => false }" + apply_manifest(pp, :catch_failures => true) + end + + if fact('osfamily') == 'FreeBSD' + describe file("#{confd_dir}/no-accf.conf.erb") do + it { should_not be_file } + end + end + end + describe 'default_confd_files => true' do + it 'copies conf.d files' do + pp = "class { 'apache': default_confd_files => true }" + apply_manifest(pp, :catch_failures => true) + end + + if fact('osfamily') == 'FreeBSD' + describe file("#{confd_dir}/no-accf.conf.erb") do + it { should be_file } + end + end + end + + describe 'when set adds a listen statement' do + it 'applys cleanly' do + pp = "class { 'apache': ip => '10.1.1.1', service_ensure => stopped }" + apply_manifest(pp, :catch_failures => true) + end + + describe file(ports_file) do + it { should be_file } + it { should contain 'Listen 10.1.1.1' } + end + end + + describe 'service tests => true' do + it 'starts the service' do + pp = <<-EOS + class { 'apache': + service_enable => true, + service_ensure => running, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_running } + it { should be_enabled } + end + end + + describe 'service tests => false' do + it 'stops the service' do + pp = <<-EOS + class { 'apache': + service_enable => false, + service_ensure => stopped, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should_not be_running } + it { should_not be_enabled } + end + end + + describe 'purge parameters => false' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': + purge_configs => false, + purge_vdir => false, + } + EOS + shell("touch #{confd_dir}/test.conf") + apply_manifest(pp, :catch_failures => true) + end + + # Ensure the file didn't disappear. + describe file("#{confd_dir}/test.conf") do + it { should be_file } + end + end + + describe 'purge parameters => true' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': + purge_configs => true, + purge_vdir => true, + } + EOS + shell("touch #{confd_dir}/test.conf") + apply_manifest(pp, :catch_failures => true) + end + + # File should be gone + describe file("#{confd_dir}/test.conf") do + it { should_not be_file } + end + end + + describe 'serveradmin' do + it 'applies cleanly' do + pp = "class { 'apache': serveradmin => 'test@example.com' }" + apply_manifest(pp, :catch_failures => true) + end + + describe file(vhost) do + it { should be_file } + it { should contain 'ServerAdmin test@example.com' } + end + end + + describe 'sendfile' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': sendfile => 'On' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'EnableSendfile On' } + end + + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': sendfile => 'Off' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'Sendfile Off' } + end + end + + describe 'error_documents' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': error_documents => true }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'Alias /error/' } + end + end + + describe 'timeout' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': timeout => '1234' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'Timeout 1234' } + end + end + + describe 'httpd_dir' do + describe 'setup' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } + include 'apache::mod::nss' + EOS + apply_manifest(pp, :catch_failures => true) + end + end + + describe file("#{confd_dir}/nss.conf") do + it { should be_file } + it { should contain 'NSSCertificateDatabase /tmp/alias' } + end + end + + describe 'server_root' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': server_root => '/tmp/root', service_ensure => stopped }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'ServerRoot "/tmp/root"' } + end + end + + describe 'confd_dir' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'Include /tmp/root/*.conf' } + end + end + + describe 'conf_template' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': conf_template => 'another/test.conf.erb', service_ensure => stopped }" + shell('mkdir -p /etc/puppet/modules/another/templates') + shell('echo "testcontent" >> /etc/puppet/modules/another/templates/test.conf.erb') + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'testcontent' } + end + end + + describe 'servername' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': servername => 'test.server', service_ensure => stopped }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'ServerName "test.server"' } + end + end + + describe 'user' do + describe 'setup' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': + manage_user => true, + manage_group => true, + user => 'testweb', + group => 'testweb', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + end + + describe user('testweb') do + it { should exist } + it { should belong_to_group 'testweb' } + end + + describe group('testweb') do + it { should exist } + end + end + + describe 'keepalive' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'KeepAlive On' } + it { should contain 'KeepAliveTimeout 30' } + end + end + + describe 'logging' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': logroot => '/tmp' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file('/tmp/error_log') do + it { should be_file } + end + end + + describe 'ports_file' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + ports_file => '/tmp/ports_file', + ip => '10.1.1.1', + service_ensure => stopped + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file('/tmp/ports_file') do + it { should be_file } + it { should contain 'Listen 10.1.1.1' } + end + end + + describe 'server_tokens' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + server_tokens => 'testtokens', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'ServerTokens testtokens' } + end + end + + describe 'server_signature' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + server_signature => 'testsig', + service_ensure => stopped, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'ServerSignature testsig' } + end + end + + describe 'trace_enable' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + trace_enable => 'Off', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(conf_file) do + it { should be_file } + it { should contain 'TraceEnable Off' } + end + end + + describe 'package_ensure' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + package_ensure => present, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe package(package_name) do + it { should be_installed } + end + end + +end diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb new file mode 100644 index 0000000000..62bf4c1bab --- /dev/null +++ b/spec/acceptance/apache_ssl_spec.rb @@ -0,0 +1,89 @@ +require 'spec_helper_acceptance' + +case fact('osfamily') +when 'RedHat' + vhost = '/etc/httpd/conf.d/15-default-ssl.conf' + vhostd = '/etc/httpd/conf.d' +when 'Debian' + vhost = '/etc/apache2/conf/15-default-ssl.conf' + vhostd = '/etc/apache2/conf' +end + +describe 'apache ssl' do + + describe 'ssl parameters' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + default_ssl_vhost => true, + default_ssl_cert => '/tmp/ssl_cert', + default_ssl_key => '/tmp/ssl_key', + default_ssl_chain => '/tmp/ssl_chain', + default_ssl_ca => '/tmp/ssl_ca', + default_ssl_crl_path => '/tmp/ssl_crl_path', + default_ssl_crl => '/tmp/ssl_crl', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(vhost) do + it { should be_file } + it { should contain 'SSLCertificateFile /tmp/ssl_cert' } + it { should contain 'SSLCertificateKeyFile /tmp/ssl_key' } + it { should contain 'SSLCertificateChainFile /tmp/ssl_chain' } + it { should contain 'SSLCACertificateFile /tmp/ssl_ca' } + it { should contain 'SSLCARevocationPath /tmp/ssl_crl_path' } + it { should contain 'SSLCARevocationFile /tmp/ssl_crl' } + end + end + + describe 'vhost ssl parameters' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + } + + apache::vhost { 'test_ssl': + docroot => '/tmp/test', + ssl => true, + ssl_cert => '/tmp/ssl_cert', + ssl_key => '/tmp/ssl_key', + ssl_chain => '/tmp/ssl_chain', + ssl_ca => '/tmp/ssl_ca', + ssl_crl_path => '/tmp/ssl_crl_path', + ssl_crl => '/tmp/ssl_crl', + ssl_certs_dir => '/tmp', + ssl_protocol => 'test', + ssl_cipher => 'test', + ssl_honorcipherorder => 'test', + ssl_verify_client => 'test', + ssl_verify_depth => 'test', + ssl_options => ['test', 'test1'], + ssl_proxyengine => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhostd}/25-test_ssl.conf") do + it { should be_file } + it { should contain 'SSLCertificateFile /tmp/ssl_cert' } + it { should contain 'SSLCertificateKeyFile /tmp/ssl_key' } + it { should contain 'SSLCertificateChainFile /tmp/ssl_chain' } + it { should contain 'SSLCACertificateFile /tmp/ssl_ca' } + it { should contain 'SSLCARevocationPath /tmp/ssl_crl_path' } + it { should contain 'SSLCARevocationFile /tmp/ssl_crl' } + it { should contain 'SSLProxyEngine On' } + it { should contain 'SSLProtocol test' } + it { should contain 'SSLCipherSuite test' } + it { should contain 'SSLHonorCipherOrder test' } + it { should contain 'SSLVerifyClient test' } + it { should contain 'SSLVerifyDepth test' } + it { should contain 'SSLOptions test test1' } + end + end + +end diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 0000000000..b0a4ba845e --- /dev/null +++ b/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,8 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: centos-59-x64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 42d98033a0..37ca201bb0 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -6,14 +6,43 @@ vhost_dir = '/etc/httpd/conf.d' package_name = 'httpd' service_name = 'httpd' + ports_file = '/etc/httpd/conf/ports.conf' + suphp_handler = 'php5-script' + suphp_configpath = 'undef' when 'FreeBSD' vhost_dir = '/usr/local/etc/apache22/Vhosts' package_name = 'apache22' service_name = 'apache22' + ports_file = '/usr/local/etc/apache22/ports.conf' when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' package_name = 'apache2' service_name = 'apache2' + ports_file = '/etc/apache2/conf/ports.conf' + suphp_handler = 'x-httpd-php' + suphp_configpath = '/etc/php5/apache2' + end + + context 'no default vhosts' do + it 'should create no default vhosts' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + default_ssl_vhost => false, + service_ensure => stopped + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/15-default.conf") do + it { should_not be_file } + end + + describe file("#{vhost_dir}/15-default-ssl.conf") do + it { should_not be_file } + end end context "default vhost without ssl" do @@ -287,4 +316,574 @@ class { 'apache': default_vhost => false, } end end end + + describe 'ip_based' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + ip_based => true, + servername => 'test.server', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(ports_file) do + it { should be_file } + it { should_not contain 'NameVirtualHost test.server' } + end + end + + describe 'add_listen' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': default_vhost => false } + host { 'testlisten.server': ip => '127.0.0.1' } + apache::listen { '81': } + apache::vhost { 'testlisten.server': + docroot => '/tmp', + port => '80', + add_listen => false, + servername => 'testlisten.server', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file(ports_file) do + it { should be_file } + it { should_not contain 'Listen 80' } + it { should contain 'Listen 81' } + end + end + + describe 'docroot' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp/test', + docroot_owner => 'vagrant', + docroot_group => 'vagrant', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file('/tmp/test') do + it { should be_directory } + it { should be_owned_by 'vagrant' } + it { should be_grouped_into 'vagrant' } + end + end + + describe 'default_vhost' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + default_vhost => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/10-test.server.conf") do + it { should be_file } + end + end + + describe 'options' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + options => ['Indexes','FollowSymLinks', 'ExecCGI'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'Options Indexes FollowSymLinks ExecCGI' } + end + end + + describe 'override' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + override => ['All'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'AllowOverride All' } + end + end + + describe 'logroot' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'CustomLog /tmp' } + end + end + + ['access', 'error'].each do |logtype| + case logtype + when 'access' + logname = 'CustomLog' + when 'error' + logname = 'ErrorLog' + end + + describe "#{logtype}_log" do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + #{logtype}_log => false, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should_not contain "#{logname} /tmp" } + end + end + + describe "#{logtype}_log_pipe" do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + #{logtype}_log_pipe => '|test', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain "#{logname} \"|test\"" } + end + end + + describe "#{logtype}_log_syslog" do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + #{logtype}_log_syslog => 'syslog', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain "#{logname} syslog" } + end + end + end + + describe 'access_log_format' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + access_log_syslog => 'syslog', + access_log_format => '%h %l', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'CustomLog syslog "%h %l"' } + end + end + + describe 'aliases' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + aliases => [{ alias => '/image', path => '/ftp/pub/image' }], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'Alias /image /ftp/pub/image' } + end + end + + describe 'scriptaliases' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + scriptaliases => [{ alias => '/myscript', path => '/usr/share/myscript', }], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'ScriptAlias /myscript /usr/share/myscript' } + end + end + + describe 'proxy' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': service_ensure => stopped, } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + proxy_dest => 'test2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'ProxyPass / test2/' } + end + end + + describe 'suphp' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': service_ensure => stopped, } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + suphp_addhandler => '#{suphp_handler}', + suphp_engine => 'on', + suphp_configpath => '#{suphp_configpath}', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain "suPHP_AddHandler #{suphp_handler}" } + it { should contain 'suPHP_Engine on' } + it { should contain "suPHP_ConfigPath #{suphp_configpath}" } + end + end + + describe 'no_proxy_uris' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': service_ensure => stopped, } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + proxy_dest => 'http://test2', + no_proxy_uris => [ 'http://test2/test' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'ProxyPass / http://test2/' } + it { should contain 'ProxyPass http://test2/test !' } + end + end + + describe 'redirect' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + redirect_source => ['/images'], + redirect_dest => ['http://test.server/'], + redirect_status => ['permanent'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'Redirect permanent /images http://test.server/' } + end + end + + describe 'rack_base_uris' do + if fact('osfamily') == 'RedHat' + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'RackBaseURI /test' } + end + end + + + describe 'request_headers' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + request_headers => ['append MirrorID "mirror 12"'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'append MirrorID "mirror 12"' } + end + end + + describe 'rewrite rules' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rewrites => [ + { comment => 'test', + rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]', + rewrite_rule => ['^index\.html$ welcome.html'], + } + ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain '#test' } + it { should contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } + it { should contain 'RewriteRule ^index.html$ welcome.html' } + end + end + + describe 'setenv/setenvif' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + setenv => ['TEST /test'], + setenvif => ['Request_URI "\.gif$" object_is_image=gif'] + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'SetEnv TEST /test' } + it { should contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } + end + end + + describe 'block' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + block => 'scm', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain '' } + end + end + + describe 'wsgi' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::wsgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => {processes => '2'}, + wsgi_process_group => 'vagrant', + wsgi_script_aliases => { '/test' => '/test1' }, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'WSGIDaemonProcess wsgi processes=2' } + it { should contain 'WSGIProcessGroup vagrant' } + it { should contain 'WSGIScriptAlias /test /test1' } + end + end + + describe 'custom_fragment' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + custom_fragment => inline_template('#weird test string'), + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain '#weird test string' } + end + end + + describe 'itk' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + itk => { user => 'vagrant', group => 'vagrant' } + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'AssignUserId vagrant vagrant' } + end + end + + describe 'fastcgi' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::fastcgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + fastcgi_server => 'localhost', + fastcgi_socket => '/tmp/fast/1234', + fastcgi_dir => '/tmp/fast', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } + it { should contain '' } + end + end + + describe 'additional_includes' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + file { '/tmp/include': ensure => present, content => '#additional_includes' } + apache::vhost { 'test.server': + docroot => '/tmp', + additional_includes => '/tmp/include', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'Include /tmp/include' } + end + end + end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 5cac72c4fb..ef42b0a696 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -20,6 +20,10 @@ # Install module and dependencies puppet_module_install(:source => proj_root, :module_name => 'apache') hosts.each do |host| + # Required for mod_passenger tests. + if fact('osfamily') == 'RedHat' + on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } + end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } end From bd51b7646ff5a328a0ef06e21801137aba675f48 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Mon, 13 Jan 2014 14:45:54 -0800 Subject: [PATCH 0108/2267] Updating specs and nodesets for more supported OSs and missing bits. --- spec/acceptance/apache_parameters_spec.rb | 24 +- spec/acceptance/apache_ssl_spec.rb | 6 +- spec/acceptance/mod_php_spec.rb | 43 ++++ spec/acceptance/mod_suphp_spec.rb | 6 +- spec/acceptance/nodesets/centos-59-x64.yml | 5 +- spec/acceptance/nodesets/centos-64-x64-pe.yml | 13 ++ spec/acceptance/nodesets/centos-64-x64.yml | 5 +- spec/acceptance/nodesets/debian-607-x64.yml | 11 + spec/acceptance/nodesets/debian-70rc1-x64.yml | 11 + spec/acceptance/nodesets/fedora-18-x64.yml | 11 + spec/acceptance/nodesets/sles-11sp1-x64.yml | 11 + .../nodesets/ubuntu-server-10044-x64.yml | 11 + .../nodesets/ubuntu-server-12042-x64.yml | 5 +- spec/acceptance/vhost_spec.rb | 213 ++++++++++++------ spec/defines/vhost_spec.rb | 4 +- spec/spec_helper_acceptance.rb | 15 +- 16 files changed, 302 insertions(+), 92 deletions(-) create mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml create mode 100644 spec/acceptance/nodesets/debian-607-x64.yml create mode 100644 spec/acceptance/nodesets/debian-70rc1-x64.yml create mode 100644 spec/acceptance/nodesets/fedora-18-x64.yml create mode 100644 spec/acceptance/nodesets/sles-11sp1-x64.yml create mode 100644 spec/acceptance/nodesets/ubuntu-server-10044-x64.yml diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 77971d7f99..be398f0167 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -2,21 +2,21 @@ case fact('osfamily') when 'RedHat' - conf_dir = '/etc/httpd/conf' confd_dir = '/etc/httpd/conf.d' conf_file = '/etc/httpd/conf/httpd.conf' ports_file = '/etc/httpd/conf/ports.conf' vhost = '/etc/httpd/conf.d/15-default.conf' service_name = 'httpd' package_name = 'httpd' + error_log = 'error_log' when 'Debian' - conf_dir = '/etc/apache2/conf.d' - confd_dir = '/etc/apache2/conf.d' - conf_file = '/etc/apache2/conf/apache2.conf' - ports_file = '/etc/httpd/conf/ports.conf' - vhost = '/etc/httpd/conf.d/15-default.conf' + confd_dir = '/etc/apache2/mods-available' + conf_file = '/etc/apache2/apache2.conf' + ports_file = '/etc/apache2/ports.conf' + vhost = '/etc/apache2/sites-available/15-default.conf' service_name = 'apache2' package_name = 'apache2' + error_log = 'error.log' end describe 'apache parameters' do @@ -200,15 +200,15 @@ class { 'apache': it 'applies cleanly' do pp = <<-EOS class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } - include 'apache::mod::nss' + include 'apache::mod::mime' EOS apply_manifest(pp, :catch_failures => true) end end - describe file("#{confd_dir}/nss.conf") do + describe file("#{confd_dir}/mime.conf") do it { should be_file } - it { should contain 'NSSCertificateDatabase /tmp/alias' } + it { should contain 'AddLanguage eo .eo' } end end @@ -244,8 +244,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } describe 'setup' do it 'applies cleanly' do pp = "class { 'apache': conf_template => 'another/test.conf.erb', service_ensure => stopped }" - shell('mkdir -p /etc/puppet/modules/another/templates') - shell('echo "testcontent" >> /etc/puppet/modules/another/templates/test.conf.erb') + shell("mkdir -p #{default['distmoduledir']}/another/templates") + shell("echo 'testcontent' >> #{default['distmoduledir']}/another/templates/test.conf.erb") apply_manifest(pp, :catch_failures => true) end end @@ -318,7 +318,7 @@ class { 'apache': end end - describe file('/tmp/error_log') do + describe file("/tmp/#{error_log}") do it { should be_file } end end diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 62bf4c1bab..f577e5e934 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -2,11 +2,9 @@ case fact('osfamily') when 'RedHat' - vhost = '/etc/httpd/conf.d/15-default-ssl.conf' vhostd = '/etc/httpd/conf.d' when 'Debian' - vhost = '/etc/apache2/conf/15-default-ssl.conf' - vhostd = '/etc/apache2/conf' + vhostd = '/etc/apache2/sites-available' end describe 'apache ssl' do @@ -28,7 +26,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file(vhost) do + describe file("#{vhostd}/15-default-ssl.conf") do it { should be_file } it { should contain 'SSLCertificateFile /tmp/ssl_cert' } it { should contain 'SSLCertificateKeyFile /tmp/ssl_key' } diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index f9c6f2c7f2..3f3faaf9fe 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -3,12 +3,15 @@ describe 'apache::mod::php class' do case fact('osfamily') when 'Debian' + vhost_dir = '/etc/apache2/sites-enabled' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' when 'RedHat' + vhost_dir = '/etc/httpd/conf.d' mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' + vhost_dir = '/usr/local/etc/apache22/Vhosts' mod_dir = '/usr/local/etc/apache22/Modules' service_name = 'apache22' end @@ -49,4 +52,44 @@ class { 'apache::mod::php': } end end end + + context "custom php admin_flag and php_admin_value" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::php': } + apache::vhost { 'php.example.com': + port => '80', + docroot => '/var/www/php', + php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, + php_admin_flags => { 'engine' => 'on', }, + } + host { 'php.example.com': ip => '127.0.0.1', } + file { '/var/www/php/index.php': + ensure => file, + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{vhost_dir}/25-php.example.com.conf") do + it { should contain " php_admin_flag engine on" } + it { should contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } + end + + it 'should answer to php.example.com' do + shell("/usr/bin/curl php.example.com:80") do |r| + r.stdout.should =~ /\/usr\/share\/pear\// + r.exit_code.should == 0 + end + end + end end diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 84a641db59..725ec2adb8 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -18,8 +18,8 @@ class { 'apache::mod::suphp': } host { 'suphp.example.com': ip => '127.0.0.1', } file { '/var/www/suphp/index.php': ensure => file, - owner => 'puppet', - group => 'puppet', + owner => 'daemon', + group => 'daemon', content => "\\n", } EOS @@ -33,7 +33,7 @@ class { 'apache::mod::suphp': } it 'should answer to suphp.example.com' do shell("/usr/bin/curl suphp.example.com:80") do |r| - r.stdout.should =~ /^puppet$/ + r.stdout.should =~ /^daemon$/ r.exit_code.should == 0 end end diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml index b0a4ba845e..cde1fe5a85 100644 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ b/spec/acceptance/nodesets/centos-59-x64.yml @@ -2,7 +2,10 @@ HOSTS: centos-59-x64: roles: - master - platform: centos-59-x64 + platform: el-5-x86_64 box : centos-59-x64-vbox4210-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml new file mode 100644 index 0000000000..e408d1be77 --- /dev/null +++ b/spec/acceptance/nodesets/centos-64-x64-pe.yml @@ -0,0 +1,13 @@ +HOSTS: + centos-64-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: pe diff --git a/spec/acceptance/nodesets/centos-64-x64.yml b/spec/acceptance/nodesets/centos-64-x64.yml index 8f57028b14..ce47212a8c 100644 --- a/spec/acceptance/nodesets/centos-64-x64.yml +++ b/spec/acceptance/nodesets/centos-64-x64.yml @@ -2,7 +2,10 @@ HOSTS: centos-64-x64: roles: - master - platform: el-6-i386 + platform: el-6-x86_64 box : centos-64-x64-vbox4210-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/debian-607-x64.yml b/spec/acceptance/nodesets/debian-607-x64.yml new file mode 100644 index 0000000000..e642e09925 --- /dev/null +++ b/spec/acceptance/nodesets/debian-607-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-607-x64: + roles: + - master + platform: debian-6-amd64 + box : debian-607-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/debian-70rc1-x64.yml b/spec/acceptance/nodesets/debian-70rc1-x64.yml new file mode 100644 index 0000000000..cbbbfb2cc6 --- /dev/null +++ b/spec/acceptance/nodesets/debian-70rc1-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-70rc1-x64: + roles: + - master + platform: debian-7-amd64 + box : debian-70rc1-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/fedora-18-x64.yml b/spec/acceptance/nodesets/fedora-18-x64.yml new file mode 100644 index 0000000000..086cae995c --- /dev/null +++ b/spec/acceptance/nodesets/fedora-18-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + fedora-18-x64: + roles: + - master + platform: fedora-18-x86_64 + box : fedora-18-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/sles-11sp1-x64.yml b/spec/acceptance/nodesets/sles-11sp1-x64.yml new file mode 100644 index 0000000000..a9f01d5f42 --- /dev/null +++ b/spec/acceptance/nodesets/sles-11sp1-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + sles-11sp1-x64: + roles: + - master + platform: sles-11-x86_64 + box : sles-11sp1-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml new file mode 100644 index 0000000000..c1b8bdf8fa --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-10044-x64: + roles: + - master + platform: ubuntu-10.04-amd64 + box : ubuntu-server-10044-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml index 2b8fe4a121..f7df2ccce1 100644 --- a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +++ b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml @@ -2,7 +2,10 @@ HOSTS: ubuntu-server-12042-x64: roles: - master - platform: ubuntu-server-12.04-amd64 + platform: ubuntu-12.04-amd64 box : ubuntu-server-12042-x64-vbox4210-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 37ca201bb0..9fc24ff170 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -18,7 +18,7 @@ vhost_dir = '/etc/apache2/sites-enabled' package_name = 'apache2' service_name = 'apache2' - ports_file = '/etc/apache2/conf/ports.conf' + ports_file = '/etc/apache2/ports.conf' suphp_handler = 'x-httpd-php' suphp_configpath = '/etc/php5/apache2' end @@ -65,6 +65,9 @@ class { 'apache': } context 'default vhost with ssl' do it 'should create default vhost configs' do + # Doesn't work on Ubuntu 10.04 because ssl.conf should contain + # 'file:/var/run/apache2/ssl_mutex' but contains + # 'file:${APACHE_RUN_DIR}/ssl_mutex' pp = <<-EOS class { 'apache': default_ssl_vhost => true, @@ -168,34 +171,89 @@ class { 'apache': } end end - context 'apache_directories readme example, adapted' do - it 'should configure a vhost with Files' do - pp = <<-EOS - class { 'apache': } - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { path => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, - ], - } - file { '/var/www/files/index.html.bak': - ensure => file, - content => "Hello World\\n", - } - host { 'files.example.net': ip => '127.0.0.1', } - EOS - apply_manifest(pp, :catch_failures => true) - end + context 'apache_directories' do + describe 'readme example, adapted' do + it 'should configure a vhost with Files' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', }, + { 'path' => '~ "(\.swp|\.bak|~)$"', 'provider' => 'files', 'deny' => 'from all' }, + ], + } + file { '/var/www/files/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/index.html.bak': + ensure => file, + content => "Hello World\\n", + } + host { 'files.example.net': ip => '127.0.0.1', } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service(service_name) do - it { should be_enabled } - it { should be_running } - end + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end - it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr.should =~ /curl: $22$ The requested URL returned error: 403/ + it 'should answer to files.example.net' do + shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) + end end + describe 'other Directory options' do + it 'should configure a vhost with multiple Directory sections' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', }, + { + 'provider' => 'location', + 'path' => '/foo/', + 'directoryindex' => 'notindex.html', + }, + { + 'provider' => 'files', + 'path' => '~ "private.html$"', + 'deny' => 'from all', + }, + ], + } + file { '/var/www/files/foo': + ensure => directory, + } + file { '/var/www/files/foo/notindex.html': + ensure => file, + content => "Hello Foo\\n", + } + file { '/var/www/files/private.html': + ensure => file, + content => "Hello World\\n", + } + host { 'files.example.net': ip => '127.0.0.1', } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + it 'should answer to files.example.net' do + shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n") + shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) + end + end end case fact('lsbdistcodename') @@ -546,6 +604,27 @@ class { 'apache': } end end + describe 'access_log_env_var' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + access_log_syslog => 'syslog', + access_log_env_var => 'admin', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'CustomLog syslog combined env=admin' } + end + end + describe 'aliases' do it 'applies cleanly' do pp = <<-EOS @@ -668,29 +747,32 @@ class { 'apache': } end end - describe 'rack_base_uris' do - if fact('osfamily') == 'RedHat' - it 'adds epel' do - pp = "class { 'epel': }" - apply_manifest(pp, :catch_failures => true) + # Passenger isn't even in EPEL on el-5 + if default['platform'] !~ /^el-5/ + describe 'rack_base_uris' do + if fact('osfamily') == 'RedHat' + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end end - end - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe file("#{vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'RackBaseURI /test' } + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'RackBaseURI /test' } + end end end @@ -843,26 +925,29 @@ class { 'apache': } end end - describe 'fastcgi' do - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': } - class { 'apache::mod::fastcgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - fastcgi_server => 'localhost', - fastcgi_socket => '/tmp/fast/1234', - fastcgi_dir => '/tmp/fast', - } - EOS - apply_manifest(pp, :catch_failures => true) - end + # So what does this work on? + if default['platform'] !~ /^(debian-(6|7)|el-(5|6))/ + describe 'fastcgi' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::fastcgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + fastcgi_server => 'localhost', + fastcgi_socket => '/tmp/fast/1234', + fastcgi_dir => '/tmp/fast', + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe file("#{vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } - it { should contain '' } + describe file("#{vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } + it { should contain '' } + end end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 34b6ae9515..31233d6338 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -539,8 +539,8 @@ { :title => 'should accept a php_admin_flags', :attr => 'php_admin_flags', - :value => { 'php_engine' => 'on' }, - :match => [/^ php_admin_flag php_engine on$/], + :value => { 'engine' => 'on' }, + :match => [/^ php_admin_flag engine on$/], }, { :title => 'should accept php_admin_values', diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index ef42b0a696..176529fdb7 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -2,10 +2,17 @@ require 'beaker-rspec/helpers/serverspec' hosts.each do |host| - # Install Puppet - install_package host, 'rubygems' - on host, 'gem install puppet --no-ri --no-rdoc' - on host, "mkdir -p #{host['distmoduledir']}" + if host['platform'] =~ /debian/ + on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' + end + if host.is_pe? + install_pe + else + # Install Puppet + install_package host, 'rubygems' + on host, 'gem install puppet --no-ri --no-rdoc' + on host, "mkdir -p #{host['distmoduledir']}" + end end RSpec.configure do |c| From b8cb7dd7bd745de740d6181282739e86a8caf2a1 Mon Sep 17 00:00:00 2001 From: Rob Terhaar Date: Wed, 15 Jan 2014 12:59:07 -0500 Subject: [PATCH 0109/2267] fix puppet-lint errors --- manifests/mod/proxy_balancer.pp | 4 ++-- tests/vhost.pp | 6 +++--- tests/vhost_directories.pp | 22 ++++++++++++++++++---- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp index 2d5a450bf0..f31e5eaffc 100644 --- a/manifests/mod/proxy_balancer.pp +++ b/manifests/mod/proxy_balancer.pp @@ -1,8 +1,8 @@ class apache::mod::proxy_balancer { - + include apache::mod::proxy include apache::mod::proxy_http - + Class['apache::mod::proxy'] -> Class['apache::mod::proxy_balancer'] Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_balancer'] apache::mod { 'proxy_balancer': } diff --git a/tests/vhost.pp b/tests/vhost.pp index 77c592f6f1..7adc1213ed 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -147,9 +147,9 @@ docroot => '/var/www/sixteenth', rewrites => [ { - comment => "redirect non-SSL traffic to SSL site", - rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + comment => 'redirect non-SSL traffic to SSL site', + rewrite_cond => ['%{HTTPS} off'], + rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], } ] } diff --git a/tests/vhost_directories.pp b/tests/vhost_directories.pp index d8fcc0f8f8..945a660f4c 100644 --- a/tests/vhost_directories.pp +++ b/tests/vhost_directories.pp @@ -7,8 +7,14 @@ apache::vhost { 'readme.example.net': docroot => '/var/www/readme', directories => [ - { path => '/var/www/readme', 'ServerTokens' => 'prod' }, - { path => '/usr/share/empty', 'allow' => 'from all' }, + { + 'path' => '/var/www/readme', + 'ServerTokens' => 'prod' , + }, + { + 'path' => '/usr/share/empty', + 'allow' => 'from all', + }, ], } @@ -16,7 +22,11 @@ apache::vhost { 'location.example.net': docroot => '/var/www/location', directories => [ - { path => '/location', 'provider' => 'location', 'ServerTokens' => 'prod' }, + { + 'path' => '/location', + 'provider' => 'location', + 'ServerTokens' => 'prod' + }, ], } @@ -24,7 +34,11 @@ apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { path => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, + { + 'path' => '~ (\.swp|\.bak|~)$', + 'provider' => 'files', + 'deny' => 'from all' + }, ], } From 0ffea7becfb16dc4d89bd6dab64863d1c19891eb Mon Sep 17 00:00:00 2001 From: Rob Terhaar Date: Thu, 16 Jan 2014 12:22:44 -0500 Subject: [PATCH 0110/2267] clean more whitespace --- manifests/mod/nss.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index d96c11e9bd..a9a50a1068 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -4,11 +4,11 @@ $passwd_file = undef ) { include apache::mod::mime - + apache::mod { 'nss': } $httpd_dir = $apache::httpd_dir - + # Template uses: # $transfer_log # $error_log From a44bfb833a541659826247a01616668da86ba42a Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Sat, 18 Jan 2014 20:27:00 +0100 Subject: [PATCH 0111/2267] Support Header directives in vhost context This is implemented quite similar to RequestHeader directives support. Includes updated documentation and a simple spec test. Fixes issue #573. --- README.md | 14 ++++++++++++++ manifests/vhost.pp | 8 ++++++-- spec/defines/vhost_spec.rb | 9 +++++++++ templates/vhost.conf.erb | 1 + templates/vhost/_header.erb | 10 ++++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 templates/vhost/_header.erb diff --git a/README.md b/README.md index a4f9e50862..cb3ca5a6aa 100644 --- a/README.md +++ b/README.md @@ -863,6 +863,20 @@ Specifies paths to additional static vhost-specific Apache configuration files. This option is useful when you need to implement a unique and/or custom configuration not supported by this module. +#####`headers` + +Specifies additional response headers as per [the `mod_headers` documentation](http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header). + +```puppet + apache::vhost { 'site.name.fdqn': + … + headers => [ + 'add Strict-Transport-Security "max-age=15768000"', + 'merge Cache-Control no-cache env=CGI', + ], + } +``` + #####`ip` The IP address the vhost listens on. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 641962d582..7d7046d26f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -23,6 +23,7 @@ # of 'warn' is used. # - The $access_log specifies if *_access.log directives should be configured. # - The $ensure specifies if vhost file is present or absent. +# - The $headers is a list of Header statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header # - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader # - $aliases is a list of Alias hashes for mod_alias as per http://httpd.apache.org/docs/current/mod/mod_alias.html # each statement is a hash in the form of { alias => '/alias', path => '/real/path/to/directory' } @@ -149,6 +150,7 @@ $redirect_dest = undef, $redirect_status = undef, $rack_base_uris = undef, + $headers = undef, $request_headers = undef, $rewrites = undef, $rewrite_rule = undef, @@ -381,8 +383,8 @@ $priority_real = '25' } - # Check if mod_headers is required to process $request_headers - if $request_headers { + # Check if mod_headers is required to process $headers/$request_headers + if $headers or $request_headers { if ! defined(Class['apache::mod::headers']) { include apache::mod::headers } @@ -449,6 +451,8 @@ # - $redirect_source # - $redirect_dest # - $redirect_status + # header fragment + # - $headers # requestheader fragment: # - $request_headers # rewrite fragment: diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 31233d6338..7c96d936be 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -399,6 +399,15 @@ /^ RackBaseURI \/rack2$/, ], }, + { + :title => 'should accept headers', + :attr => 'headers', + :value => ['add something', 'merge something_else'], + :match => [ + /^ Header add something$/, + /^ Header merge something_else$/, + ], + }, { :title => 'should accept request headers', :attr => 'request_headers', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index ea10143f7d..6245f63fe1 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -56,6 +56,7 @@ <%= scope.function_template(['apache/vhost/_ssl.erb']) -%> <%= scope.function_template(['apache/vhost/_suphp.erb']) -%> <%= scope.function_template(['apache/vhost/_php_admin.erb']) -%> +<%= scope.function_template(['apache/vhost/_header.erb']) -%> <%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> <%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> <%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> diff --git a/templates/vhost/_header.erb b/templates/vhost/_header.erb new file mode 100644 index 0000000000..c0f68c8257 --- /dev/null +++ b/templates/vhost/_header.erb @@ -0,0 +1,10 @@ +<% if @headers and ! @headers.empty? -%> + + ## Header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header + <%- Array(@headers).each do |header_statement| -%> + <%- if header_statement != '' -%> + Header <%= header_statement %> + <%- end -%> + <%- end -%> +<% end -%> From 0c1731c44df5964be5da46e65cd977b3c181ef72 Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Mon, 20 Jan 2014 15:11:09 -0800 Subject: [PATCH 0112/2267] Remove spec:system references and remove tabs from docs --- CONTRIBUTING.md | 12 ++++++------ README.md | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4a4ec6f656..e1288478a2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,7 +18,7 @@ Checklist (and a short version for the impatient) number(s)), and should skip the full stop. - Associate the issue in the message. The first line should include - the issue number in the form "(#XXXX) Rest of message". + the issue number in the form "(#XXXX) Rest of message". - The body should provide a meaningful commit message, which: @@ -31,8 +31,8 @@ Checklist (and a short version for the impatient) - Make sure that you have tests for the bug you are fixing, or feature you are adding. - - Make sure the test suites passe after your commit: - `rake spec spec:system` More information on [testing](#Testing) below + - Make sure the test suites passes after your commit: + `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below - When introducing a new feature, make sure it is properly documented in the README.md @@ -64,7 +64,7 @@ The long version 1. Make separate commits for logically separate changes. Please break your commits down into logically consistent units - which include new or changed tests relevent to the rest of the + which include new or changed tests relevant to the rest of the change. The goal of doing this is to make the diff easier to read for whoever is reviewing your code. In general, the easier your diff is to read, the more likely someone will be happy to @@ -91,7 +91,7 @@ The long version includes them. Please also check that you are not introducing any trailing - whitespaces or other "whitespace errors". You can do this by + whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. 2. Sign the Contributor License Agreement @@ -129,7 +129,7 @@ The long version If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you - may wish to make. + may wish to make. Testing ======= diff --git a/README.md b/README.md index a4f9e50862..70f2dbc654 100644 --- a/README.md +++ b/README.md @@ -1496,7 +1496,7 @@ Quickstart: gem install bundler bundle install bundle exec rake spec - bundle exec rake spec:system + bundle exec rspec spec/acceptance ##Copyright and License From ebbda9a6322d3f61ace6dc4c9affec8fa3e8f8e5 Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Mon, 20 Jan 2014 15:05:24 -0800 Subject: [PATCH 0113/2267] Add puppet-lint options to Rakefile --- Rakefile | 8 ++++++++ manifests/default_confd_files.pp | 3 +++ manifests/default_mods.pp | 3 +++ manifests/mod.pp | 4 ++-- tests/vhost.pp | 2 +- 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Rakefile b/Rakefile index cd3d379958..9020623179 100644 --- a/Rakefile +++ b/Rakefile @@ -1 +1,9 @@ require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' + +PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/manifests/default_confd_files.pp b/manifests/default_confd_files.pp index b45de86653..e40840e335 100644 --- a/manifests/default_confd_files.pp +++ b/manifests/default_confd_files.pp @@ -7,6 +7,9 @@ 'freebsd': { include apache::confd::no_accf } + default: { + # do nothing + } } } } diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 536cd7e334..f1f271eae3 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -86,6 +86,9 @@ 'worker': { include apache::mod::cgid } + default: { + # do nothing + } } include apache::mod::alias include apache::mod::autoindex diff --git a/manifests/mod.pp b/manifests/mod.pp index f11efc53b8..e8ce8a9ab5 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -19,7 +19,7 @@ $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif "${mod_lib}" { + } elsif $mod_lib { $_lib = $mod_lib } else { $_lib = "mod_${mod}.so" @@ -43,7 +43,7 @@ $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif "${mod_package}" { + } elsif $mod_package { $_package = $mod_package } if $_package and ! defined(Package[$_package]) { diff --git a/tests/vhost.pp b/tests/vhost.pp index 7adc1213ed..f0d3f58e47 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -225,7 +225,7 @@ ssl_protocol => '-ALL +SSLv3 +TLSv1', ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', ssl_honorcipherorder => 'On', - add_listen => 'false', + add_listen => false, } # Vhost with access log environment variables writing control From 005bf615c96254f74cb2fd53207922ee50abcb2a Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Thu, 9 Jan 2014 10:45:17 +0000 Subject: [PATCH 0114/2267] Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost The mod_passenger RPM supplies /etc/httpd/conf.d/passenger.conf with the correct PassengerRoot for the version of the package installed. The most reliable way to keep the PassengerRoot accurate is to leave this file in place and then to install a second file (passenger_extra.conf) for other Passenger customisations. Hardcoding the PassengerRoot in the module means it gets out of step with package repositories (3.0.21 is in EPEL6 at the time of writing, while the module assumes .17). Passenger 4.x refuses to start if the PassengerRoot is incorrect. The user of apache::mod::passenger is also able to override this value, but they shouldn't be forced to, just to get a functioning install. Fixes #560 --- manifests/mod/passenger.pp | 12 +++++++++++- manifests/params.pp | 10 ++++++++-- spec/classes/mod/passenger_spec.rb | 23 ++++++++++++++++++++--- templates/mod/passenger.conf.erb | 4 ++++ 4 files changed, 43 insertions(+), 6 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index d4aba84907..e7561651d6 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,4 +1,6 @@ class apache::mod::passenger ( + $passenger_conf_file = $apache::params::passenger_conf_file, + $passenger_conf_package_file = $apache::params::passenger_conf_package_file, $passenger_high_performance = undef, $passenger_pool_idle_time = undef, $passenger_max_requests = undef, @@ -17,6 +19,14 @@ } else { apache::mod { 'passenger': } } + + # Managed by the package, but declare it to avoid purging + if $passenger_conf_package_file { + file { 'passenger_package.conf': + path => "${apache::mod_dir}/${passenger_conf_package_file}", + } + } + # Template uses: # - $passenger_root # - $passenger_ruby @@ -29,7 +39,7 @@ # - $rails_autodetect file { 'passenger.conf': ensure => file, - path => "${apache::mod_dir}/passenger.conf", + path => "${apache::mod_dir}/${passenger_conf_file}", content => template('apache/mod/passenger.conf.erb'), require => Exec["mkdir ${apache::mod_dir}"], before => File[$apache::mod_dir], diff --git a/manifests/params.pp b/manifests/params.pp index f846013c12..2a0554db12 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -56,8 +56,10 @@ $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' $default_ssl_key = '/etc/pki/tls/private/localhost.key' $ssl_certs_dir = '/etc/pki/tls/certs' - $passenger_root = '/usr/share/rubygems/gems/passenger-3.0.17' - $passenger_ruby = '/usr/bin/ruby' + $passenger_conf_file = 'passenger_extra.conf' + $passenger_conf_package_file = 'passenger.conf' + $passenger_root = undef + $passenger_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef @@ -115,6 +117,8 @@ $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_certs_dir = '/etc/ssl/certs' + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef $passenger_root = '/usr' $passenger_ruby = '/usr/bin/ruby' $suphp_addhandler = 'x-httpd-php' @@ -168,6 +172,8 @@ $default_ssl_cert = '/usr/local/etc/apache22/server.crt' $default_ssl_key = '/usr/local/etc/apache22/server.key' $ssl_certs_dir = '/usr/local/etc/apache22' + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' $passenger_ruby = '/usr/bin/ruby' $suphp_addhandler = 'php5-script' diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index d186503e51..ace307b231 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -91,11 +91,28 @@ it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("mod_passenger") } - it { should contain_file('passenger.conf').with({ + it { should contain_file('passenger_package.conf').with({ 'path' => '/etc/httpd/conf.d/passenger.conf', }) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr\/share\/rubygems\/gems\/passenger-3.0.17$/) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/usr\/bin\/ruby$/) } + it { should contain_file('passenger_package.conf').without_content } + it { should contain_file('passenger_package.conf').without_source } + it { should contain_file('passenger.conf').with({ + 'path' => '/etc/httpd/conf.d/passenger_extra.conf', + }) } + it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + describe "with passenger_root => '/usr/lib/example'" do + let :params do + { :passenger_root => '/usr/lib/example' } + end + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr\/lib\/example$/) } + end + describe "with passenger_ruby => /user/lib/example/ruby" do + let :params do + { :passenger_ruby => '/user/lib/example/ruby' } + end + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/user\/lib\/example\/ruby$/) } + end end context "on a FreeBSD OS" do let :facts do diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index a2014cebb8..9395e2e39b 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -1,8 +1,12 @@ # The Passanger Apache module configuration file is being # managed by Puppet and changes will be overwritten. + <%- if @passenger_root -%> PassengerRoot <%= @passenger_root %> + <%- end -%> + <%- if @passenger_ruby -%> PassengerRuby <%= @passenger_ruby %> + <%- end -%> <%- if @passenger_high_performance -%> PassengerHighPerformance <%= @passenger_high_performance %> <%- end -%> From b8535962331908ff57c6afbb2b97f3d29be3e2b6 Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Thu, 23 Jan 2014 12:41:33 -0500 Subject: [PATCH 0115/2267] Enable fast finish in Travis http://blog.travis-ci.com/2013-11-27-fast-finishing-builds/ --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index b885627bfb..5efc64fa76 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,7 @@ env: n2CiR7V9V0mNR7/ymzDMF9yVBcgqyXMsp/C6u992Dd0U63ZwFpbRWkxuAeEY ioupWBkiczjVEo+sxn+gVOnx28pcH/X8kDWbr6wFOMIjO03K66Y= matrix: + fast_finish: true exclude: - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" From f6eab06383783db2b801d71b116e39278328b913 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Thu, 23 Jan 2014 13:33:31 -0500 Subject: [PATCH 0116/2267] Delete this key, mistakenly added. --- spec/acceptance/nodesets/vagrant.key | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 spec/acceptance/nodesets/vagrant.key diff --git a/spec/acceptance/nodesets/vagrant.key b/spec/acceptance/nodesets/vagrant.key deleted file mode 100644 index 7d6a083909..0000000000 --- a/spec/acceptance/nodesets/vagrant.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI -w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP -kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 -hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO -Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW -yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd -ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 -Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf -TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK -iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A -sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf -4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP -cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk -EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN -CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX -3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG -YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj -3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ -dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz -6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC -P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF -llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ -kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH -+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ -NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= ------END RSA PRIVATE KEY----- From 9cb01950d925c66277f328bec59243081da79764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Sun, 15 Dec 2013 21:46:37 +0100 Subject: [PATCH 0117/2267] directories are either a Hash or an Array of Hashes this should fix #535 n.b.: older versions of puppet do not support unless btw: When you switch from unless to if, you must also switch from 'foo or bar' to '!foo and !bar', because, logic. --- manifests/vhost.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f740c5e361..b339134cae 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -395,6 +395,9 @@ ## Create a default directory list if none defined if $directories { + if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { + fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") + } $_directories = $directories } else { $_directories = [ { From 5f43d825ec30239e315e1378f9a982dd123fc026 Mon Sep 17 00:00:00 2001 From: Guillaume Virlet Date: Sun, 26 Jan 2014 11:41:59 +0100 Subject: [PATCH 0118/2267] allow AuthGroupFile directive for vhosts --- templates/vhost/_directories.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 66a97dec83..0d74c450a0 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -108,6 +108,9 @@ <%- if directory['auth_user_file'] -%> AuthUserFile <%= directory['auth_user_file'] %> <%- end -%> + <%- if directory['auth_group_file'] -%> + AuthGroupFile <%= directory['auth_group_file'] %> + <%- end -%> <%- if directory['auth_require'] -%> Require <%= directory['auth_require'] %> <%- end -%> From 4f1f6cbc810d9eacf5dcb7005f40551bd1eed419 Mon Sep 17 00:00:00 2001 From: Guillaume Virlet Date: Sun, 26 Jan 2014 15:53:45 +0100 Subject: [PATCH 0119/2267] add auth_group_file option to README.md [ci skip] --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 407188946b..97fb7b963c 100644 --- a/README.md +++ b/README.md @@ -738,6 +738,11 @@ documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbas Sets the value for `AuthUserFile` as per the [Apache AuthUserFile documentation](https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile). +######`auth_group_file` + +Sets the value for `AuthGroupFile` as per the [Apache AuthGroupFile +documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html#authgroupfile). + ######`auth_require` Sets the value for `AuthName` as per the [Apache Require From 0b3c069b060ddb6b3a0922efda3b8d1417d38914 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Sat, 11 Jan 2014 12:05:47 -0700 Subject: [PATCH 0120/2267] quote paths for windows compatability --- spec/classes/apache_spec.rb | 8 +-- spec/classes/mod/mime_magic_spec.rb | 8 +-- spec/classes/mod/passenger_spec.rb | 12 ++-- spec/classes/mod/wsgi_spec.rb | 2 +- spec/defines/vhost_spec.rb | 96 ++++++++++++++--------------- templates/httpd.conf.erb | 12 ++-- templates/mod/cgid.conf.erb | 2 +- templates/mod/dav_fs.conf.erb | 2 +- templates/mod/fastcgi.conf.erb | 2 +- templates/mod/mime_magic.conf.erb | 2 +- templates/mod/nss.conf.erb | 20 +++--- templates/mod/passenger.conf.erb | 6 +- templates/mod/peruser.conf.erb | 4 +- templates/mod/ssl.conf.erb | 2 +- templates/mod/userdir.conf.erb | 2 +- templates/mod/wsgi.conf.erb | 6 +- templates/vhost.conf.erb | 10 +-- templates/vhost/_aliases.erb | 4 +- templates/vhost/_directories.erb | 2 +- templates/vhost/_fastcgi.erb | 2 +- templates/vhost/_scriptalias.erb | 4 +- templates/vhost/_ssl.erb | 14 ++--- templates/vhost/_suphp.erb | 2 +- templates/vhost/_wsgi.erb | 2 +- 24 files changed, 113 insertions(+), 113 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 7dd82d351c..655a0cf30a 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -213,10 +213,10 @@ ) } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/conf\.d/\*\.conf$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/site\.d/\*\.conf$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/mod\.d/\*\.conf$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/mod\.d/\*\.load$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*\.conf"$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } end describe "Alternate conf.d directory" do diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index 30e91ef097..d10d8345b8 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -21,7 +21,7 @@ def general_mime_magic_specs it do should contain_file("mime_magic.conf").with_content( - "MIMEMagicFile /etc/apache2/magic\n" + "MIMEMagicFile \"/etc/apache2/magic\"\n" ) end @@ -41,7 +41,7 @@ def general_mime_magic_specs it do should contain_file("mime_magic.conf").with_content( - "MIMEMagicFile /tmp/Debian_magic\n" + "MIMEMagicFile \"/tmp/Debian_magic\"\n" ) end end @@ -61,7 +61,7 @@ def general_mime_magic_specs it do should contain_file("mime_magic.conf").with_content( - "MIMEMagicFile /etc/httpd/conf/magic\n" + "MIMEMagicFile \"/etc/httpd/conf/magic\"\n" ) end @@ -84,7 +84,7 @@ def general_mime_magic_specs it do should contain_file("mime_magic.conf").with_content( - "MIMEMagicFile /tmp/magic\n" + "MIMEMagicFile \"/tmp/magic\"\n" ) end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index ace307b231..37177f477f 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -16,8 +16,8 @@ it { should contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr$/) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/usr\/bin\/ruby$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr"$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/bin\/ruby"$/) } describe "with passenger_high_performance => true" do let :params do { :passenger_high_performance => 'true' } @@ -64,13 +64,13 @@ let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr\/lib\/example$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end describe "with passenger_ruby => /user/lib/example/ruby" do let :params do { :passenger_ruby => '/user/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/user\/lib\/example\/ruby$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/user\/lib\/example\/ruby"$/) } end describe "with passenger_use_global_queue => true" do let :params do @@ -105,13 +105,13 @@ let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot \/usr\/lib\/example$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end describe "with passenger_ruby => /user/lib/example/ruby" do let :params do { :passenger_ruby => '/user/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby \/user\/lib\/example\/ruby$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/user\/lib\/example\/ruby"$/) } end end context "on a FreeBSD OS" do diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 8d26526cb2..44917cb88f 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -36,7 +36,7 @@ let :params do { :wsgi_python_home => '/path/to/virtenv' } end - it {should contain_file('wsgi.conf').with_content(/^ WSGIPythonHome \/path\/to\/virtenv$/)} + it {should contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} end end context "on a FreeBSD OS" do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b1ab27503b..847768fffe 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -90,7 +90,7 @@ :title => 'should contain docroot', :attr => 'docroot', :value => '/not/default', - :match => [/^ DocumentRoot \/not\/default$/,/ /], + :match => [/^ DocumentRoot "\/not\/default"$/,/ /], }, { :title => 'should set a port', @@ -165,7 +165,7 @@ :title => 'should accept logroot', :attr => 'logroot', :value => '/fake/log', - :match => [/CustomLog \/fake\/log\//,/ErrorLog \/fake\/log\//], + :match => [/CustomLog "\/fake\/log\//,/ErrorLog "\/fake\/log\//], }, { :title => 'should accept log_level', @@ -189,31 +189,31 @@ :title => 'should accept syslog destination for access log', :attr => 'access_log_syslog', :value => 'syslog:local1', - :match => [/CustomLog syslog:local1 combined$/], + :match => [/CustomLog "syslog:local1" combined$/], }, { :title => 'should accept syslog destination for error log', :attr => 'error_log_syslog', :value => 'syslog', - :match => [/ErrorLog syslog$/], + :match => [/ErrorLog "syslog"$/], }, { :title => 'should accept custom format for access logs', :attr => 'access_log_format', :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', - :match => [/CustomLog \/var\/log\/.+_access\.log "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], + :match => [/CustomLog "\/var\/log\/.+_access\.log" "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], }, { :title => 'should contain access logs', :attr => 'access_log', :value => true, - :match => [/CustomLog \/var\/log\/.+_access\.log combined$/], + :match => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], }, { :title => 'should not contain access logs', :attr => 'access_log', :value => false, - :notmatch => [/CustomLog \/var\/log\/.+_access\.log combined$/], + :notmatch => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], }, { :title => 'should contain error logs', @@ -269,7 +269,7 @@ :attr => 'scriptalias', :value => '/usr/scripts', :match => [ - /^ ScriptAlias \/cgi-bin\/ \/usr\/scripts$/, + /^ ScriptAlias \/cgi-bin\/ "\/usr\/scripts"$/, ], }, { @@ -277,7 +277,7 @@ :attr => 'scriptaliases', :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, :match => [ - /^ ScriptAlias \/blah\/ \/usr\/scripts$/, + /^ ScriptAlias \/blah\/ "\/usr\/scripts"$/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -286,8 +286,8 @@ :attr => 'scriptaliases', :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2', 'path' => '/usr/scripts' } ], :match => [ - /^ ScriptAlias \/blah \/usr\/scripts$/, - /^ ScriptAlias \/blah2 \/usr\/scripts$/, + /^ ScriptAlias \/blah "\/usr\/scripts"$/, + /^ ScriptAlias \/blah2 "\/usr\/scripts"$/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -296,8 +296,8 @@ :attr => 'scriptaliases', :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts2/' } ], :match => [ - /^ ScriptAlias \/blah \/usr\/scripts$/, - /^ ScriptAlias \/blah2\/ \/usr\/scripts2\/$/, + /^ ScriptAlias \/blah "\/usr\/scripts"$/, + /^ ScriptAlias \/blah2\/ "\/usr\/scripts2\/"$/, ], :nomatch => [/ScriptAlias \/cgi\-bin\//], }, @@ -309,7 +309,7 @@ ## use FOO instead of $1 here. :value => [ { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' } ], :match => [ - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/ + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/ ], }, { @@ -323,8 +323,8 @@ { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, ], :match => [ - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/, - /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" \/var\/www\/bin\/gitolite-suexec-wrapper\/FOO$/, + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/, + /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, ], }, { @@ -340,10 +340,10 @@ { 'alias' => '/trac', 'path' => '/etc/apache2/trac.fcgi' }, ], :match => [ - /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" \/var\/www\/bin\/gitolite-suexec-wrapper\/FOO$/, - /^ ScriptAlias \/git \/var\/www\/gitweb\/index\.cgi$/, - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ \/usr\/local\/apache\/cgi-binFOO$/, - /^ ScriptAlias \/trac \/etc\/apache2\/trac.fcgi$/, + /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, + /^ ScriptAlias \/git "\/var\/www\/gitweb\/index\.cgi"$/, + /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/, + /^ ScriptAlias \/trac "\/etc\/apache2\/trac.fcgi"$/, ], }, { @@ -477,13 +477,13 @@ :title => 'should accept an array of alias hashes', :attr => 'aliases', :value => [ { 'alias' => '/', 'path' => '/var/www'} ], - :match => [/^ Alias \/ \/var\/www$/], + :match => [/^ Alias \/ "\/var\/www"$/], }, { :title => 'should accept an alias hash', :attr => 'aliases', :value => { 'alias' => '/', 'path' => '/var/www'}, - :match => [/^ Alias \/ \/var\/www$/], + :match => [/^ Alias \/ "\/var\/www"$/], }, { :title => 'should accept multiple aliases', @@ -494,9 +494,9 @@ { 'alias' => '/css', 'path' => '/opt/someapp/css'}, ], :match => [ - /^ Alias \/ \/var\/www$/, - /^ Alias \/cgi-bin \/var\/www\/cgi-bin$/, - /^ Alias \/css \/opt\/someapp\/css$/, + /^ Alias \/ "\/var\/www"$/, + /^ Alias \/cgi-bin "\/var\/www\/cgi-bin"$/, + /^ Alias \/css "\/opt\/someapp\/css"$/, ], }, { @@ -585,7 +585,7 @@ :title => 'should accept a wsgi script alias', :attr => 'wsgi_script_aliases', :value => { '/' => '/var/www/myapp.wsgi'}, - :match => [/^ WSGIScriptAlias \/ \/var\/www\/myapp.wsgi$/], + :match => [/^ WSGIScriptAlias \/ "\/var\/www\/myapp.wsgi"$/], }, { :title => 'should accept multiple wsgi aliases', @@ -596,9 +596,9 @@ '/' => '/usr/local/wsgi/scripts/myapp.wsgi', }, :match => [ - /^ WSGIScriptAlias \/wiki \/usr\/local\/wsgi\/scripts\/mywiki.wsgi$/, - /^ WSGIScriptAlias \/blog \/usr\/local\/wsgi\/scripts\/myblog.wsgi$/, - /^ WSGIScriptAlias \/ \/usr\/local\/wsgi\/scripts\/myapp.wsgi$/, + /^ WSGIScriptAlias \/wiki "\/usr\/local\/wsgi\/scripts\/mywiki.wsgi"$/, + /^ WSGIScriptAlias \/blog "\/usr\/local\/wsgi\/scripts\/myblog.wsgi"$/, + /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, ], }, { @@ -607,7 +607,7 @@ :value => { 'path' => '/opt/app' }, :notmatch => [' '], :match => [ - /^ $/, + /^ $/, /^ AllowOverride None$/, /^ Order allow,deny$/, /^ Allow from all$/, @@ -628,7 +628,7 @@ 'passenger_enabled' => 'onf', }, :match => [ - /^ $/, + /^ $/, /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, /^ Allow from rspec.org$/, /^ AllowOverride Lol$/, @@ -661,7 +661,7 @@ }, ], :match => [ - /^ $/, + /^ $/, /^ Allow from rspec.org$/, /^ AllowOverride AuthConfig Indexes$/, /^ Deny from google.com$/, @@ -669,7 +669,7 @@ /^ Order deny,yned$/, /^ PassengerEnabled onf$/, /^ <\/Directory>$/, - /^ $/, + /^ $/, /^ AllowOverride None$/, /^ Order allow,deny$/, /^ Allow from all$/, @@ -686,9 +686,9 @@ { 'path' => '/rspec/docroot'} ], :match => [ - /^ $/, - /^ $/, - /^ $/, + /^ $/, + /^ $/, + /^ $/, ], }, { @@ -700,7 +700,7 @@ }, :notmatch => [' AllowOverride None'], :match => [ - /^ $/, + /^ $/, /^ Order allow,deny$/, /^ Allow from all$/, /^ <\/Location>$/, @@ -715,7 +715,7 @@ }, :notmatch => [' AllowOverride None'], :match => [ - /^ $/, + /^ $/, /^ Order allow,deny$/, /^ Allow from all$/, /^ <\/Files>$/, @@ -726,14 +726,14 @@ :attr => 'virtual_docroot', :value => '/not/default', :match => [ - /^ VirtualDocumentRoot \/not\/default$/, + /^ VirtualDocumentRoot "\/not\/default"$/, ], }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', :value => 'admin', - :match => [/CustomLog \/var\/log\/.+_access\.log combined env=admin$/] + :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] }, ].each do |param| @@ -765,43 +765,43 @@ :title => 'should accept setting SSLCertificateFile', :attr => 'ssl_cert', :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateFile \/path\/to\/cert\.pem$/], + :match => [/^ SSLCertificateFile "\/path\/to\/cert\.pem"$/], }, { :title => 'should accept setting SSLCertificateKeyFile', :attr => 'ssl_key', :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateKeyFile \/path\/to\/cert\.pem$/], + :match => [/^ SSLCertificateKeyFile "\/path\/to\/cert\.pem"$/], }, { :title => 'should accept setting SSLCertificateChainFile', :attr => 'ssl_chain', :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateChainFile \/path\/to\/cert\.pem$/], + :match => [/^ SSLCertificateChainFile "\/path\/to\/cert\.pem"$/], }, { :title => 'should accept setting SSLCertificatePath', :attr => 'ssl_certs_dir', :value => '/path/to/certs', - :match => [/^ SSLCACertificatePath \/path\/to\/certs$/], + :match => [/^ SSLCACertificatePath "\/path\/to\/certs"$/], }, { :title => 'should accept setting SSLCertificateFile', :attr => 'ssl_ca', :value => '/path/to/ca.pem', - :match => [/^ SSLCACertificateFile \/path\/to\/ca\.pem$/], + :match => [/^ SSLCACertificateFile "\/path\/to\/ca\.pem"$/], }, { :title => 'should accept setting SSLRevocationPath', :attr => 'ssl_crl_path', :value => '/path/to/crl', - :match => [/^ SSLCARevocationPath \/path\/to\/crl$/], + :match => [/^ SSLCARevocationPath "\/path\/to\/crl"$/], }, { :title => 'should accept setting SSLRevocationFile', :attr => 'ssl_crl', :value => '/path/to/crl.pem', - :match => [/^ SSLCARevocationFile \/path\/to\/crl\.pem$/], + :match => [/^ SSLCARevocationFile "\/path\/to\/crl\.pem"$/], }, { :title => 'should accept setting SSLProxyEngine', @@ -983,7 +983,7 @@ }) end it 'should set suphp_configpath' do should contain_file("25-#{title}.conf").with_content( - /^ suPHP_ConfigPath \/etc\/php5\/apache2$/ + /^ suPHP_ConfigPath "\/etc\/php5\/apache2"$/ ) end end diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 469836ec34..50a4db41b8 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -28,7 +28,7 @@ AccessFileName .htaccess DefaultType none HostnameLookups Off -ErrorLog <%= @logroot %>/<%= @error_log %> +ErrorLog "<%= @logroot %>/<%= @error_log %>" LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> @@ -41,20 +41,20 @@ EnableSendfile <%= @sendfile %> #LoadModule fake_module libexec/apache22/mod_fake.so <% end -%> -Include <%= @mod_load_dir %>/*.load +Include "<%= @mod_load_dir %>/*.load" <% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> -Include <%= @mod_load_dir %>/*.conf +Include "<%= @mod_load_dir %>/*.conf" <% end -%> -Include <%= @ports_file %> +Include "<%= @ports_file %>" LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent -Include <%= @confd_dir %>/*.conf +Include "<%= @confd_dir %>/*.conf" <% if @vhost_load_dir != @confd_dir -%> -Include <%= @vhost_load_dir %>/*.conf +Include "<%= @vhost_load_dir %>/*.conf" <% end -%> <% if @error_documents -%> diff --git a/templates/mod/cgid.conf.erb b/templates/mod/cgid.conf.erb index d771012de9..5f82d7424c 100644 --- a/templates/mod/cgid.conf.erb +++ b/templates/mod/cgid.conf.erb @@ -1 +1 @@ -ScriptSock <%= @cgisock_path %> +ScriptSock "<%= @cgisock_path %>" diff --git a/templates/mod/dav_fs.conf.erb b/templates/mod/dav_fs.conf.erb index 50edf004e9..3c53e9e14b 100644 --- a/templates/mod/dav_fs.conf.erb +++ b/templates/mod/dav_fs.conf.erb @@ -1 +1 @@ -DAVLockDB <%= @dav_lock %> +DAVLockDB "<%= @dav_lock %>" diff --git a/templates/mod/fastcgi.conf.erb b/templates/mod/fastcgi.conf.erb index d02b12f77f..8d94a23614 100644 --- a/templates/mod/fastcgi.conf.erb +++ b/templates/mod/fastcgi.conf.erb @@ -2,5 +2,5 @@ # managed by Puppet and changes will be overwritten. AddHandler fastcgi-script .fcgi - FastCgiIpcDir <%= @fastcgi_lib_path %> + FastCgiIpcDir "<%= @fastcgi_lib_path %>" diff --git a/templates/mod/mime_magic.conf.erb b/templates/mod/mime_magic.conf.erb index 4826a765c9..1ce1bc3c16 100644 --- a/templates/mod/mime_magic.conf.erb +++ b/templates/mod/mime_magic.conf.erb @@ -1 +1 @@ -MIMEMagicFile <%= @magic_file %> +MIMEMagicFile "<%= @magic_file %>" diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb index 8fd538b761..a29101bb30 100644 --- a/templates/mod/nss.conf.erb +++ b/templates/mod/nss.conf.erb @@ -2,16 +2,16 @@ # This is the Apache server configuration file providing SSL support using. # the mod_nss plugin. It contains the configuration directives to instruct # the server how to serve pages over an https connection. -# +# # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. +# consult the online docs. You have been warned. # #LoadModule nss_module modules/libmodnss.so # -# When we also provide SSL we have to listen to the +# When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two @@ -37,7 +37,7 @@ AddType application/x-pkcs7-crl .crl # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. <% if @passwd_file -%> -NSSPassPhraseDialog file:<%= @passwd_file %> +NSSPassPhraseDialog "file:<%= @passwd_file %>" <% else -%> NSSPassPhraseDialog builtin <% end -%> @@ -47,7 +47,7 @@ NSSPassPhraseDialog builtin # restarts of Apache. NSSPassPhraseHelper /usr/sbin/nss_pcache -# Configure the SSL Session Cache. +# Configure the SSL Session Cache. # NSSSessionCacheSize is the number of entries in the cache. # NSSSessionCacheTimeout is the SSL2 session timeout (in seconds). # NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds). @@ -93,8 +93,8 @@ NSSRequireSafeNegotiation off # mod_nss can log to separate log files, you can choose to do that if you'd like # LogLevel is not inherited from httpd.conf. -ErrorLog <%= @error_log %> -TransferLog <%= @transfer_log %> +ErrorLog "<%= @error_log %>" +TransferLog "<%= @transfer_log %>" LogLevel warn # SSL Engine Switch: @@ -138,7 +138,7 @@ NSSNickname Server-Cert # The NSS security database directory that holds the certificates and # keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. # Provide the directory that these files exist. -NSSCertificateDatabase <%= @httpd_dir -%>/alias +NSSCertificateDatabase "<%= @httpd_dir -%>/alias" # Database Prefix: # In order to be able to store multiple NSS databases in one directory @@ -209,7 +209,7 @@ NSSCertificateDatabase <%= @httpd_dir -%>/alias # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. +# directives are used in per-directory context. #NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire NSSOptions +StdEnvVars @@ -224,5 +224,5 @@ NSSCertificateDatabase <%= @httpd_dir -%>/alias #CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \ # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - + diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 9395e2e39b..63c3f9e61b 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -2,10 +2,10 @@ # managed by Puppet and changes will be overwritten. <%- if @passenger_root -%> - PassengerRoot <%= @passenger_root %> + PassengerRoot "<%= @passenger_root %>" <%- end -%> <%- if @passenger_ruby -%> - PassengerRuby <%= @passenger_ruby %> + PassengerRuby "<%= @passenger_ruby %>" <%- end -%> <%- if @passenger_high_performance -%> PassengerHighPerformance <%= @passenger_high_performance %> @@ -30,5 +30,5 @@ <%- end -%> <%- if @passenger_use_global_queue -%> PassengerUseGlobalQueue <%= @passenger_use_global_queue %> - <%- end -%> + <%- end -%> diff --git a/templates/mod/peruser.conf.erb b/templates/mod/peruser.conf.erb index 8f44c72b0b..13c8d708db 100644 --- a/templates/mod/peruser.conf.erb +++ b/templates/mod/peruser.conf.erb @@ -7,6 +7,6 @@ IdleTimeout <%= @idletimeout %> ExpireTimeout <%= @expiretimeout %> KeepAlive <%= @keepalive %> - Include <%= @mod_dir %>/peruser/multiplexers/*.conf - Include <%= @mod_dir %>/peruser/processors/*.conf + Include "<%= @mod_dir %>/peruser/multiplexers/*.conf" + Include "<%= @mod_dir %>/peruser/processors/*.conf" diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index d42b0ad61a..f66b1c958c 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -8,7 +8,7 @@ AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin - SSLSessionCache shmcb:<%= @session_cache %> + SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout 300 <% if @ssl_compression -%> SSLCompression Off diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index cfe2e3879c..e4c6ba55dd 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -4,7 +4,7 @@ <% end -%> UserDir <%= @dir %> - /*/<%= @dir %>> + /*/<%= @dir %>"> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec diff --git a/templates/mod/wsgi.conf.erb b/templates/mod/wsgi.conf.erb index ea2a49d1ae..18752d2c4a 100644 --- a/templates/mod/wsgi.conf.erb +++ b/templates/mod/wsgi.conf.erb @@ -5,9 +5,9 @@ WSGISocketPrefix <%= @wsgi_socket_prefix %> <%- end -%> <%- if @wsgi_python_home -%> - WSGIPythonHome <%= @wsgi_python_home %> + WSGIPythonHome "<%= @wsgi_python_home %>" <%- end -%> <%- if @wsgi_python_path -%> - WSGIPythonPath <%= @wsgi_python_path %> - <%- end -%> + WSGIPythonPath "<%= @wsgi_python_path %>" + <%- end -%> diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 6245f63fe1..9d52ba7c0f 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -11,9 +11,9 @@ ## Vhost docroot <% if @virtual_docroot -%> - VirtualDocumentRoot <%= @virtual_docroot %> + VirtualDocumentRoot "<%= @virtual_docroot %>" <% else -%> - DocumentRoot <%= @docroot %> + DocumentRoot "<%= @docroot %>" <% end -%> <%= scope.function_template(['apache/vhost/_aliases.erb']) -%> @@ -33,16 +33,16 @@ ## Logging <% if @error_log -%> - ErrorLog <%= @error_log_destination %> + ErrorLog "<%= @error_log_destination %>" <% end -%> <% if @log_level -%> LogLevel <%= @log_level %> <% end -%> ServerSignature Off <% if @access_log and @_access_log_env_var -%> - CustomLog <%= @access_log_destination %> <%= @_access_log_format %> <%= @_access_log_env_var %> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> <% elsif @access_log -%> - CustomLog <%= @access_log_destination %> <%= @_access_log_format %> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <% end -%> <%= scope.function_template(['apache/vhost/_block.erb']) -%> <%= scope.function_template(['apache/vhost/_error_document.erb']) -%> diff --git a/templates/vhost/_aliases.erb b/templates/vhost/_aliases.erb index 484379bba3..5fdd76ba24 100644 --- a/templates/vhost/_aliases.erb +++ b/templates/vhost/_aliases.erb @@ -3,9 +3,9 @@ <%- [@aliases].flatten.compact.each do |alias_statement| -%> <%- if alias_statement["path"] != '' -%> <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%> - Alias <%= alias_statement["alias"] %> <%= alias_statement["path"] %> + Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> - AliasMatch <%= alias_statement["aliasmatch"] %> <%= alias_statement["path"] %> + AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" <%- end -%> <%- end -%> <%- end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 0d74c450a0..9fdbf5ede7 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -7,7 +7,7 @@ <%- provider = 'Directory' -%> <%- end -%> - <<%= provider + ' ' + directory['path'] %>> + <<%= provider %> "<%= directory['path'] %>"> <%- if directory['headers'] -%> <%- Array(directory['headers']).each do |header| -%> Header <%= header %> diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index f0ff72c6b2..86ecf92184 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -4,7 +4,7 @@ <% end -%> <% if @fastcgi_dir -%> - > + "> Options +ExecCGI AllowOverride All SetHandler fastcgi-script diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index cdf3b87e49..5a757f6170 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -15,9 +15,9 @@ <%- aliases.each do |salias| -%> <%- if salias["path"] != '' -%> <%- if salias["alias"] and salias["alias"] != '' -%> - ScriptAlias <%= salias['alias'] %> <%= salias['path'] %> + ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>" <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%> - ScriptAliasMatch <%= salias['aliasmatch'] %> <%= salias['path'] %> + ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>" <%- end -%> <%- end -%> <%- end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 96027dce78..03c78ef427 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -2,20 +2,20 @@ ## SSL directives SSLEngine on - SSLCertificateFile <%= @ssl_cert %> - SSLCertificateKeyFile <%= @ssl_key %> + SSLCertificateFile "<%= @ssl_cert %>" + SSLCertificateKeyFile "<%= @ssl_key %>" <% if @ssl_chain -%> - SSLCertificateChainFile <%= @ssl_chain %> + SSLCertificateChainFile "<%= @ssl_chain %>" <% end -%> - SSLCACertificatePath <%= @ssl_certs_dir %> + SSLCACertificatePath "<%= @ssl_certs_dir %>" <% if @ssl_ca -%> - SSLCACertificateFile <%= @ssl_ca %> + SSLCACertificateFile "<%= @ssl_ca %>" <% end -%> <% if @ssl_crl_path -%> - SSLCARevocationPath <%= @ssl_crl_path %> + SSLCARevocationPath "<%= @ssl_crl_path %>" <% end -%> <% if @ssl_crl -%> - SSLCARevocationFile <%= @ssl_crl %> + SSLCARevocationFile "<%= @ssl_crl %>" <% end -%> <% if @ssl_proxyengine -%> SSLProxyEngine On diff --git a/templates/vhost/_suphp.erb b/templates/vhost/_suphp.erb index 37aa299aa9..9389581805 100644 --- a/templates/vhost/_suphp.erb +++ b/templates/vhost/_suphp.erb @@ -6,6 +6,6 @@ suPHP_Engine <%= @suphp_engine %> <% end -%> <% if @suphp_configpath -%> - suPHP_ConfigPath <%= @suphp_configpath %> + suPHP_ConfigPath "<%= @suphp_configpath %>" <% end -%> <% end -%> diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index d9970bddce..4a68eed8d6 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -9,7 +9,7 @@ <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> <%- @wsgi_script_aliases.each do |a, p| -%> <%- if a != '' and p != ''-%> - WSGIScriptAlias <%= a %> <%= p %> + WSGIScriptAlias <%= a %> "<%= p %>" <%- end -%> <%- end -%> <% end -%> From b47c68ddd1d9a033bdf4dd5d82b4950fcc8d3bbd Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Tue, 14 Jan 2014 11:59:41 -0700 Subject: [PATCH 0121/2267] add Match directive --- templates/vhost/_directories.erb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 9fdbf5ede7..1310bad3c7 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -6,8 +6,15 @@ <%- else -%> <%- provider = 'Directory' -%> <%- end -%> + <%- if /^~(.*)/ =~ directory['path'] -%> + <%-# if /^~.*/.match(directory['path']) -%> + <%- path = $1.strip -%> + <%- provider += 'Match' -%> + <%- else -%> + <%- path = directory['path'] %> + <%- end -%> - <<%= provider %> "<%= directory['path'] %>"> + <<%= provider %> "<%= path %>"> <%- if directory['headers'] -%> <%- Array(directory['headers']).each do |header| -%> Header <%= header %> From f4562009f21c6d37561655bc4daf9a51b37e9b67 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 29 Jan 2014 13:41:33 -0800 Subject: [PATCH 0122/2267] Revert "Update init.pp" This reverts commit 61be25eae90d7fa6d09d3d6ed50b30bfda9e344c. --- manifests/init.pp | 53 ++++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e7d6ce9827..71a7e75569 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -217,30 +217,35 @@ } if $apache::params::conf_dir and $apache::params::conf_file { - if $::osfamily == 'redhat' or $::operatingsystem == 'amazon' { - $docroot = '/var/www/html' - $pidfile = 'run/httpd.pid' - $error_log = 'error_log' - $error_documents_path = '/var/www/error' - $scriptalias = '/var/www/cgi-bin' - $access_log_file = 'access_log' - } elsif $::osfamily == 'debian' { - $docroot = '/var/www' - $pidfile = '${APACHE_PID_FILE}' - $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - } elsif $::osfamily == 'freebsd' { - $docroot = '/usr/local/www/apache22/data' - $pidfile = '/var/run/httpd.pid' - $error_log = 'httpd-error.log' - $error_documents_path = '/usr/local/www/apache22/error' - $scriptalias = '/usr/local/www/apache22/cgi-bin' - $access_log_file = 'httpd-access.log' - } else { - fail("Unsupported osfamily ${::osfamily}") - } + case $::osfamily { + 'debian': { + $docroot = '/var/www' + $pidfile = '${APACHE_PID_FILE}' + $error_log = 'error.log' + $error_documents_path = '/usr/share/apache2/error' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } + 'redhat': { + $docroot = '/var/www/html' + $pidfile = 'run/httpd.pid' + $error_log = 'error_log' + $error_documents_path = '/var/www/error' + $scriptalias = '/var/www/cgi-bin' + $access_log_file = 'access_log' + } + 'freebsd': { + $docroot = '/usr/local/www/apache22/data' + $pidfile = '/var/run/httpd.pid' + $error_log = 'httpd-error.log' + $error_documents_path = '/usr/local/www/apache22/error' + $scriptalias = '/usr/local/www/apache22/cgi-bin' + $access_log_file = 'httpd-access.log' + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } $apxs_workaround = $::osfamily ? { 'freebsd' => true, From 5501994147f55ff97326ad1bda193ccf4e038afe Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 29 Jan 2014 13:41:42 -0800 Subject: [PATCH 0123/2267] Revert "Update alias.pp" This reverts commit 8b16a339b7caec483a3fd4699e42d8f93e429e19. --- manifests/mod/alias.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index aab196eaf2..2880697236 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,8 +1,7 @@ class apache::mod::alias { - $icons_path = $::osfamily or $::operatingsystem ? { + $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', 'redhat' => '/var/www/icons', - 'amazon' => '/var/www/icons', 'freebsd' => '/usr/local/www/apache22/icons', } apache::mod { 'alias': } From 016fbcaaf7e1c4c3bd9e1bde7982680d7a51cf0b Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Wed, 29 Jan 2014 23:52:32 +0000 Subject: [PATCH 0124/2267] Template file and spec test quote fix Added quotes to Include in vhost.conf.erb Added quotes to the expected results in the spec ruby fies --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/apache_ssl_spec.rb | 24 +++++++++---------- spec/acceptance/vhost_spec.rb | 28 +++++++++++------------ templates/vhost.conf.erb | 2 +- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index be398f0167..b2083f34fb 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -236,7 +236,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } describe file(conf_file) do it { should be_file } - it { should contain 'Include /tmp/root/*.conf' } + it { should contain 'Include "/tmp/root/*.conf"' } end end diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index f577e5e934..2d45e40498 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -28,12 +28,12 @@ class { 'apache': describe file("#{vhostd}/15-default-ssl.conf") do it { should be_file } - it { should contain 'SSLCertificateFile /tmp/ssl_cert' } - it { should contain 'SSLCertificateKeyFile /tmp/ssl_key' } - it { should contain 'SSLCertificateChainFile /tmp/ssl_chain' } - it { should contain 'SSLCACertificateFile /tmp/ssl_ca' } - it { should contain 'SSLCARevocationPath /tmp/ssl_crl_path' } - it { should contain 'SSLCARevocationFile /tmp/ssl_crl' } + it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } end end @@ -68,12 +68,12 @@ class { 'apache': describe file("#{vhostd}/25-test_ssl.conf") do it { should be_file } - it { should contain 'SSLCertificateFile /tmp/ssl_cert' } - it { should contain 'SSLCertificateKeyFile /tmp/ssl_key' } - it { should contain 'SSLCertificateChainFile /tmp/ssl_chain' } - it { should contain 'SSLCACertificateFile /tmp/ssl_ca' } - it { should contain 'SSLCARevocationPath /tmp/ssl_crl_path' } - it { should contain 'SSLCARevocationFile /tmp/ssl_crl' } + it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } it { should contain 'SSLProxyEngine On' } it { should contain 'SSLProtocol test' } it { should contain 'SSLCipherSuite test' } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9fc24ff170..8ffff37550 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -180,7 +180,7 @@ class { 'apache': } docroot => '/var/www/files', directories => [ { 'path' => '/var/www/files', }, - { 'path' => '~ "(\.swp|\.bak|~)$"', 'provider' => 'files', 'deny' => 'from all' }, + { 'path' => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, ], } file { '/var/www/files/index.html': @@ -222,7 +222,7 @@ class { 'apache': } }, { 'provider' => 'files', - 'path' => '~ "private.html$"', + 'path' => '~ private.html$', 'deny' => 'from all', }, ], @@ -510,7 +510,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'CustomLog /tmp' } + it { should contain ' CustomLog "/tmp"' } end end @@ -538,7 +538,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should_not contain "#{logname} /tmp" } + it { should_not contain " #{logname} \"/tmp\"" } end end @@ -558,7 +558,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain "#{logname} \"|test\"" } + it { should contain " #{logname} \"|test\"" } end end @@ -578,7 +578,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain "#{logname} syslog" } + it { should contain " #{logname} \"syslog\"" } end end end @@ -600,7 +600,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'CustomLog syslog "%h %l"' } + it { should contain 'CustomLog "syslog" "%h %l"' } end end @@ -621,7 +621,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'CustomLog syslog combined env=admin' } + it { should contain 'CustomLog "syslog" combined env=admin' } end end @@ -640,7 +640,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'Alias /image /ftp/pub/image' } + it { should contain 'Alias /image "/ftp/pub/image"' } end end @@ -659,7 +659,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'ScriptAlias /myscript /usr/share/myscript' } + it { should contain 'ScriptAlias /myscript "/usr/share/myscript"' } end end @@ -701,7 +701,7 @@ class { 'apache': service_ensure => stopped, } it { should be_file } it { should contain "suPHP_AddHandler #{suphp_handler}" } it { should contain 'suPHP_Engine on' } - it { should contain "suPHP_ConfigPath #{suphp_configpath}" } + it { should contain "suPHP_ConfigPath \"#{suphp_configpath}\"" } end end @@ -883,7 +883,7 @@ class { 'apache::mod::wsgi': } it { should be_file } it { should contain 'WSGIDaemonProcess wsgi processes=2' } it { should contain 'WSGIProcessGroup vagrant' } - it { should contain 'WSGIScriptAlias /test /test1' } + it { should contain 'WSGIScriptAlias /test "/test1"' } end end @@ -946,7 +946,7 @@ class { 'apache::mod::fastcgi': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } - it { should contain '' } + it { should contain '' } end end end @@ -967,7 +967,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'Include /tmp/include' } + it { should contain 'Include "/tmp/include"' } end end diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 9d52ba7c0f..0eb69b0096 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -28,7 +28,7 @@ ## Load additional static includes <% Array(@additional_includes).each do |include| %> - Include <%= include %> + Include "<%= include %>" <% end %> ## Logging From 4ef8dfe69296cbc2e0e0267574c7adfeb6900d63 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 00:15:08 +0000 Subject: [PATCH 0125/2267] Look for match at end of provider Check for the match string at the end of the provider instead of looking for tilde --- templates/vhost/_directories.erb | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 1310bad3c7..25fba8312d 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -2,17 +2,12 @@ <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> <%- if directory['provider'] and [ 'directory', 'location', 'files' ].include?(directory['provider']) -%> - <%- provider = directory['provider'].capitalize -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = directory['provider'].capitalize + 'Match' -%> + <%- end -%> <%- else -%> <%- provider = 'Directory' -%> <%- end -%> - <%- if /^~(.*)/ =~ directory['path'] -%> - <%-# if /^~.*/.match(directory['path']) -%> - <%- path = $1.strip -%> - <%- provider += 'Match' -%> - <%- else -%> - <%- path = directory['path'] %> - <%- end -%> <<%= provider %> "<%= path %>"> <%- if directory['headers'] -%> From 0bb57ae43b5d96f9ee4db65f22e0c0efc4e95d32 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 00:21:03 +0000 Subject: [PATCH 0126/2267] Fixed some template and specs for FilesMatch --- spec/acceptance/vhost_spec.rb | 6 +++--- templates/httpd.conf.erb | 10 +++++----- templates/mod/nss.conf.erb | 4 ++-- tests/vhost_directories.pp | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 8ffff37550..e8630d6918 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -180,7 +180,7 @@ class { 'apache': } docroot => '/var/www/files', directories => [ { 'path' => '/var/www/files', }, - { 'path' => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, + { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all' }, ], } file { '/var/www/files/index.html': @@ -221,8 +221,8 @@ class { 'apache': } 'directoryindex' => 'notindex.html', }, { - 'provider' => 'files', - 'path' => '~ private.html$', + 'provider' => 'filesmatch', + 'path' => 'private.html$', 'deny' => 'from all', }, ], diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 50a4db41b8..0a03995b86 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -15,11 +15,11 @@ User <%= @user %> Group <%= @group %> AccessFileName .htaccess - - Order allow,deny - Deny from all - Satisfy all - + + Order allow,deny + Deny from all + Satisfy all + Options FollowSymLinks diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb index a29101bb30..a5c81752f3 100644 --- a/templates/mod/nss.conf.erb +++ b/templates/mod/nss.conf.erb @@ -211,9 +211,9 @@ NSSCertificateDatabase "<%= @httpd_dir -%>/alias" # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - + NSSOptions +StdEnvVars - + NSSOptions +StdEnvVars diff --git a/tests/vhost_directories.pp b/tests/vhost_directories.pp index 945a660f4c..b8953ee321 100644 --- a/tests/vhost_directories.pp +++ b/tests/vhost_directories.pp @@ -35,8 +35,8 @@ docroot => '/var/www/files', directories => [ { - 'path' => '~ (\.swp|\.bak|~)$', - 'provider' => 'files', + 'path' => '(\.swp|\.bak|~)$', + 'provider' => 'filesmatch', 'deny' => 'from all' }, ], From 332f6877958fc48f67d7cb2a8453203981eb546e Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 09:04:16 +0000 Subject: [PATCH 0127/2267] Addd else to match check --- templates/vhost/_directories.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 25fba8312d..436dcfda6f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -4,6 +4,8 @@ <%- if directory['provider'] and [ 'directory', 'location', 'files' ].include?(directory['provider']) -%> <%- if /^(.*)match$/ =~ directory['provider'] -%> <%- provider = directory['provider'].capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> <%- end -%> <%- else -%> <%- provider = 'Directory' -%> From 2497a577402a96cb6ee21e4516dff57fa97115bc Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 13:38:05 +0000 Subject: [PATCH 0128/2267] Added the path back in --- templates/vhost/_directories.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 436dcfda6f..d0d1515d2b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -10,6 +10,7 @@ <%- else -%> <%- provider = 'Directory' -%> <%- end -%> + <%- path = directory['path'] %> <<%= provider %> "<%= path %>"> <%- if directory['headers'] -%> From 66abac3da36a3697e0167f87f22cfb7267d6970f Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 15:11:51 +0000 Subject: [PATCH 0129/2267] Fixed Include spec test --- spec/defines/vhost_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 847768fffe..57ee3a7714 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -534,9 +534,9 @@ '/tmp/proxy_group_c', ], :match => [ - /^ Include \/tmp\/proxy_group_a$/, - /^ Include \/tmp\/proxy_group_b$/, - /^ Include \/tmp\/proxy_group_c$/, + /^ Include "\/tmp\/proxy_group_a"$/, + /^ Include "\/tmp\/proxy_group_b"$/, + /^ Include "\/tmp\/proxy_group_c"$/, ], }, { From 0b8a23f45fe4538e4b35ee051ef05dada7853c3e Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 30 Jan 2014 11:22:28 -0800 Subject: [PATCH 0130/2267] Change serveradmin default to undef `serveradmin` is expecting a string, but defaults to `false`. It should be `undef` to match all the other string parameter defaults. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b339134cae..e67bc7b598 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -94,7 +94,7 @@ $add_listen = true, $docroot_owner = 'root', $docroot_group = $apache::params::root_group, - $serveradmin = false, + $serveradmin = undef, $ssl = false, $ssl_cert = $apache::default_ssl_cert, $ssl_key = $apache::default_ssl_key, From 531a6f13a13572a3ba1673e2fc7bdd2d860194e0 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 19:43:14 +0000 Subject: [PATCH 0131/2267] Added FilesMatch spec test and fixed template --- spec/defines/vhost_spec.rb | 15 +++++++++++++++ templates/vhost/_directories.erb | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 57ee3a7714..4fcb23dd47 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -721,6 +721,21 @@ /^ <\/Files>$/, ], }, + { + :title => 'should accept files match for provider', + :attr => 'directories', + :value => { + 'path' => 'index.html', + 'provider' => 'filesmatch', + }, + :notmatch => [' AllowOverride None'], + :match => [ + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/FilesMatch>$/, + ], + }, { :title => 'should contain virtual_docroot', :attr => 'virtual_docroot', diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index d0d1515d2b..986216a2cb 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,9 +1,9 @@ <% if @_directories and ! @_directories.empty? -%> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and [ 'directory', 'location', 'files' ].include?(directory['provider']) -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> <%- if /^(.*)match$/ =~ directory['provider'] -%> - <%- provider = directory['provider'].capitalize + 'Match' -%> + <%- provider = $1.capitalize + 'Match' -%> <%- else -%> <%- provider = directory['provider'].capitalize -%> <%- end -%> From 3f18eb4c4fe9d217625fca3a8c73bd069687f489 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Thu, 30 Jan 2014 23:17:12 +0000 Subject: [PATCH 0132/2267] Fixed the log pipe and more acceptance specs --- manifests/vhost.pp | 4 ++-- spec/acceptance/vhost_spec.rb | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b339134cae..789726be49 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -265,7 +265,7 @@ if $access_log_file { $access_log_destination = "${logroot}/${access_log_file}" } elsif $access_log_pipe { - $access_log_destination = "\"${access_log_pipe}\"" + $access_log_destination = "${access_log_pipe}" } elsif $access_log_syslog { $access_log_destination = $access_log_syslog } else { @@ -279,7 +279,7 @@ if $error_log_file { $error_log_destination = "${logroot}/${error_log_file}" } elsif $error_log_pipe { - $error_log_destination = "\"${error_log_pipe}\"" + $error_log_destination = "${error_log_pipe}" } elsif $error_log_syslog { $error_log_destination = $error_log_syslog } else { diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e8630d6918..e6b8f1b928 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -510,7 +510,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain ' CustomLog "/tmp"' } + it { should contain ' CustomLog "/tmp' } end end @@ -538,7 +538,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should_not contain " #{logname} \"/tmp\"" } + it { should_not contain " #{logname} \"/tmp" } end end @@ -558,7 +558,7 @@ class { 'apache': } describe file("#{vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain " #{logname} \"|test\"" } + it { should contain " #{logname} \"|test" } end end From 9af1217b522941219bd679b4c24e5a86f6b163ae Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Fri, 31 Jan 2014 00:14:46 +0000 Subject: [PATCH 0133/2267] Debian mods-available no longer gets purged --- spec/acceptance/apache_parameters_spec.rb | 30 ++++++++++++----------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index b2083f34fb..bcaa21f955 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -111,21 +111,23 @@ class { 'apache': end end - describe 'purge parameters => true' do - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': - purge_configs => true, - purge_vdir => true, - } - EOS - shell("touch #{confd_dir}/test.conf") - apply_manifest(pp, :catch_failures => true) - end + if fact('osfamily') != 'Debian' + describe 'purge parameters => true' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': + purge_configs => true, + purge_vdir => true, + } + EOS + shell("touch #{confd_dir}/test.conf") + apply_manifest(pp, :catch_failures => true) + end - # File should be gone - describe file("#{confd_dir}/test.conf") do - it { should_not be_file } + # File should be gone + describe file("#{confd_dir}/test.conf") do + it { should_not be_file } + end end end From 510ecc6126fd76e1492adc1f45fea708ca9d08ec Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Thu, 30 Jan 2014 22:46:01 -0800 Subject: [PATCH 0134/2267] Release 0.11.0 Summary: This release adds preliminary support for Windows compatibility and multiple rewrite support. Backwards-incompatible Changes: - The rewrite_rule parameter is deprecated in favor of the new rewrite parameter and will be removed in a future release. Features: - add Match directive - quote paths for windows compatibility - add auth_group_file option to README.md - allow AuthGroupFile directive for vhosts - Support Header directives in vhost context - Don't purge mods-available dir when separate enable dir is used - Fix the servername used in log file name - Added support for mod_include - Remove index parameters. - Support environment variable control for CustomLog - added redirectmatch support - Setting up the ability to do multiple rewrites and conditions. - Convert spec tests to beaker. - Support php_admin_(flag|value)s Bugfixes: - directories are either a Hash or an Array of Hashes - Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost - (docs) Update list of `apache::mod::[name]` classes - (docs) Fix apache::namevirtualhost example call style - Fix $ports_file reference in apache::listen. - Fix $ports_file reference in Namevirtualhost. --- CHANGELOG.md | 37 +++++++++++++++++++++++++++++++++++++ Modulefile | 2 +- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9528972ecd..57d62e4c19 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,40 @@ +## 2014-01-31 Release 0.11.0 +### Summary: + +This release adds preliminary support for Windows compatibility and multiple rewrite support. + +### Backwards-incompatible Changes: + +- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter + and will be removed in a future release. + +### Features: + +- add Match directive +- quote paths for windows compatibility +- add auth_group_file option to README.md +- allow AuthGroupFile directive for vhosts +- Support Header directives in vhost context +- Don't purge mods-available dir when separate enable dir is used +- Fix the servername used in log file name +- Added support for mod_include +- Remove index parameters. +- Support environment variable control for CustomLog +- added redirectmatch support +- Setting up the ability to do multiple rewrites and conditions. +- Convert spec tests to beaker. +- Support php_admin_(flag|value)s + +### Bugfixes: + +- directories are either a Hash or an Array of Hashes +- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost +- (docs) Update list of `apache::mod::[name]` classes +- (docs) Fix apache::namevirtualhost example call style +- Fix $ports_file reference in apache::listen. +- Fix $ports_file reference in Namevirtualhost. + + ## 2013-12-05 Release 0.10.0 ### Summary: diff --git a/Modulefile b/Modulefile index 71bb19263f..1a1db1427f 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '0.10.0' +version '0.11.0' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' From 7a3b476de0d4da0004df7abe6b977c1988916e19 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 31 Jan 2014 10:02:02 -0800 Subject: [PATCH 0135/2267] Fix typos in templates/vhost/_itk.erb Basically, this wouldn't have worked because of mass typos. FTFY --- templates/vhost/_itk.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/vhost/_itk.erb b/templates/vhost/_itk.erb index 7d3bb51662..2971c7a7d0 100644 --- a/templates/vhost/_itk.erb +++ b/templates/vhost/_itk.erb @@ -4,11 +4,11 @@ <%- if @itk["user"] and @itk["group"] -%> AssignUserId <%= @itk["user"] %> <%= @itk["group"] %> <%- end -%> - <%- if @itk["assignuieridexpr"] -%> - AssignUserIdExpr <%= @itk["assignuieridexpr"] %> + <%- if @itk["assignuseridexpr"] -%> + AssignUserIdExpr <%= @itk["assignuseridexpr"] %> <%- end -%> - <%- if @itk["assignuiergroupexpr"] -%> - AssignGroupIdExpr <%= @itk["assignuiergroupexpr"] %> + <%- if @itk["assigngroupidexpr"] -%> + AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %> <%- end -%> <%- if @itk["maxclientvhost"] -%> MaxClientsVHost <%= @itk["maxclientvhost"] %> From 9b77ec98b15fcc89596b74a72b4b7a9d5aebf874 Mon Sep 17 00:00:00 2001 From: jwilkins Date: Sat, 1 Feb 2014 16:23:44 -0500 Subject: [PATCH 0136/2267] templates/vhost/_proxy.erb misconfigures ProxyPassReverse See here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreverse When enclosing ProxyPassReverse in a directive, you drop the *first* argument, as it will be taken from the enclosing Location. The second argument is the URL to which we are attempting to proxy. Very simple change. Tested in my environment, works. --- templates/vhost/_proxy.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index a126dbc970..7e0221f957 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -6,7 +6,7 @@ <% [@proxy_pass].flatten.compact.each do |proxy| %> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > - ProxyPassReverse / + ProxyPassReverse <%= proxy['url'] %> <% end %> <% if @proxy_dest -%> @@ -15,6 +15,6 @@ <% end %> ProxyPass / <%= @proxy_dest %>/ - ProxyPassReverse / + ProxyPassReverse <%= @proxy_dest %>/ <% end -%> From 4f8f1640a7922b997ad6be788248fdf1ad58a2af Mon Sep 17 00:00:00 2001 From: Keith Johnson Date: Thu, 6 Feb 2014 11:21:31 -0500 Subject: [PATCH 0137/2267] Fix typo in mod passenger documentation The rails_auto_detect and rack_auto_detect should not have an underscore between auto and detect. --- README.passenger.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.passenger.md b/README.passenger.md index 4b36149dc2..cecacccc4f 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -49,13 +49,13 @@ Sets how often Passenger performs file system checks, at most once every _x_ sec http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt -## rack_auto_detect +## rack_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rack application. The default is `on` http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt -## rails_auto_detect +## rails_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rails application. The default is on. From 37fced34ef82dc48d7488763f02694cf019e0f2c Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Sat, 28 Dec 2013 10:03:49 +0000 Subject: [PATCH 0138/2267] Added apache24 support --- manifests/default_mods.pp | 33 ++++- manifests/init.pp | 8 +- manifests/mod/alias.pp | 4 +- manifests/mod/event.pp | 14 ++- manifests/mod/itk.pp | 19 +-- manifests/mod/prefork.pp | 38 +++--- manifests/mod/ssl.pp | 10 +- manifests/mod/worker.pp | 37 +++--- manifests/mpm.pp | 68 ++++++++++ manifests/params.pp | 2 +- manifests/version.pp | 28 +++++ manifests/vhost.pp | 17 ++- spec/classes/apache_spec.rb | 34 ++++- spec/classes/mod/event_spec.rb | 71 +++++++++++ spec/classes/mod/itk_spec.rb | 29 ++++- spec/classes/mod/prefork_spec.rb | 62 +++++++++- spec/classes/mod/worker_spec.rb | 59 ++++++++- spec/classes/params_spec.rb | 4 +- spec/defines/vhost_spec.rb | 206 +++++++++++++++++++++++++++---- templates/httpd.conf.erb | 12 ++ templates/mod/alias.conf.erb | 8 +- templates/mod/ssl.conf.erb | 4 + templates/vhost/_directories.erb | 26 ++-- 23 files changed, 669 insertions(+), 124 deletions(-) create mode 100644 manifests/mpm.pp create mode 100644 manifests/version.pp diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index f1f271eae3..c8523fced1 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -1,6 +1,7 @@ class apache::default_mods ( - $all = true, - $mods = undef, + $all = true, + $mods = undef, + $apache_version = $apache::apache_version ) { # These are modules required to run the default configuration. # They are not configurable at this time, so we just include @@ -27,10 +28,8 @@ include apache::mod::rewrite apache::mod { 'actions': } apache::mod { 'auth_digest': } - apache::mod { 'authn_alias': } apache::mod { 'authn_anon': } apache::mod { 'authn_dbm': } - apache::mod { 'authn_default': } apache::mod { 'authz_dbm': } apache::mod { 'authz_owner': } apache::mod { 'expires': } @@ -42,6 +41,18 @@ apache::mod { 'suexec': } apache::mod { 'usertrack': } apache::mod { 'version': } + + if $apache_version >= 2.4 { + # Lets fork it + apache::mod { 'systemd': } + + apache::mod { 'unixd': } + apache::mod { 'authn_core': } + } + else { + apache::mod { 'authn_alias': } + apache::mod { 'authn_default': } + } } 'freebsd': { include apache::mod::cache @@ -101,7 +112,19 @@ include apache::mod::setenvif apache::mod { 'auth_basic': } apache::mod { 'authn_file': } - apache::mod { 'authz_default': } + + if $apache_version >= 2.4 { + # authz_core is needed for 'Require' directive + apache::mod { 'authz_core': + id => 'authz_core_module', + } + + # filter is needed by mod_deflate + apache::mod { 'filter': } + } else { + apache::mod { 'authz_default': } + } + apache::mod { 'authz_groupfile': } apache::mod { 'authz_user': } apache::mod { 'env': } diff --git a/manifests/init.pp b/manifests/init.pp index 71a7e75569..94900ea5c1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -52,21 +52,21 @@ $logroot = $apache::params::logroot, $log_level = $apache::params::log_level, $ports_file = $apache::params::ports_file, + $apache_version = $apache::version::default, $server_tokens = 'OS', $server_signature = 'On', $trace_enable = 'On', $package_ensure = 'installed', ) inherits apache::params { - validate_bool($default_vhost) validate_bool($default_ssl_vhost) validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) - $valid_mpms_re = $::osfamily ? { - 'FreeBSD' => '(event|itk|peruser|prefork|worker)', - default => '(itk|prefork|worker)' + $valid_mpms_re = $apache_version ? { + 2.4 => '(event|itk|peruser|prefork|worker)', + default => '(event|itk|prefork|worker)' } if $mpm_module { diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 2880697236..29ec831559 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,4 +1,6 @@ -class apache::mod::alias { +class apache::mod::alias( + $apache_version = $apache::apache_version +) { $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', 'redhat' => '/var/www/icons', diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 473f7c24cd..172113a287 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -6,6 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', + $apache_version = $apache::apache_version, ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') @@ -42,9 +43,16 @@ } case $::osfamily { - 'freebsd' : { - class { 'apache::package': - mpm_module => 'event' + 'redhat': { + if $apache_version >= 2.4 { + apache::mpm{ 'event': + apache_version => $apache_version, + } + } + } + 'debian','freebsd' : { + apache::mpm{ 'event': + apache_version => $apache_version, } } default: { diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 68ece8681a..cc582ac942 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -5,6 +5,7 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', + $apache_version = $apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::itk and apache::mod::event on the same node') @@ -40,21 +41,9 @@ } case $::osfamily { - 'debian' : { - file { "${apache::mod_enable_dir}/itk.conf": - ensure => link, - target => "${apache::mod_dir}/itk.conf", - require => Exec["mkdir ${apache::mod_enable_dir}"], - before => File[$apache::mod_enable_dir], - notify => Service['httpd'], - } - package { 'apache2-mpm-itk': - ensure => present, - } - } - 'freebsd' : { - class { 'apache::package': - mpm_module => 'itk' + 'debian', 'freebsd': { + apache::mpm{ 'itk': + apache_version => $apache_version, } } default: { diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index ecbf809a20..e5810829e4 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -5,6 +5,7 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', + $apache_version = $apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') @@ -41,30 +42,25 @@ case $::osfamily { 'redhat': { - file_line { '/etc/sysconfig/httpd prefork enable': - ensure => present, - path => '/etc/sysconfig/httpd', - line => '#HTTPD=/usr/sbin/httpd.worker', - match => '#?HTTPD=/usr/sbin/httpd.worker', - require => Package['httpd'], - notify => Service['httpd'], + if $apache_version >= 2.4 { + apache::mpm{ 'prefork': + apache_version => $apache_version, + } } - } - 'debian': { - file { "${apache::mod_enable_dir}/prefork.conf": - ensure => link, - target => "${apache::mod_dir}/prefork.conf", - require => Exec["mkdir ${apache::mod_enable_dir}"], - before => File[$apache::mod_enable_dir], - notify => Service['httpd'], - } - package { 'apache2-mpm-prefork': - ensure => present, + else { + file_line { '/etc/sysconfig/httpd prefork enable': + ensure => present, + path => '/etc/sysconfig/httpd', + line => '#HTTPD=/usr/sbin/httpd.worker', + match => '#?HTTPD=/usr/sbin/httpd.worker', + require => Package['httpd'], + notify => Service['httpd'], + } } } - 'freebsd' : { - class { 'apache::package': - mpm_module => 'prefork' + 'debian', 'freebsd' : { + apache::mpm{ 'prefork': + apache_version => $apache_version, } } default: { diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 3002d14be0..5756d89e7d 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,6 +1,7 @@ class apache::mod::ssl ( $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], + $apache_version = $apache::apache_version, ) { $session_cache = $::osfamily ? { 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', @@ -14,7 +15,14 @@ } apache::mod { 'ssl': } - # Template uses $ssl_compression, $ssl_options, $session_cache, $ssl_mutex + # Template uses + # + # $ssl_compression + # $ssl_options + # $session_cache, + # $ssl_mutex + # $apache_version + # file { 'ssl.conf': ensure => file, path => "${apache::mod_dir}/ssl.conf", diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 272891176c..ae259fa0ed 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -6,6 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', + $apache_version = $apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::worker and apache::mod::event on the same node') @@ -43,29 +44,25 @@ case $::osfamily { 'redhat': { - file_line { '/etc/sysconfig/httpd worker enable': - ensure => present, - path => '/etc/sysconfig/httpd', - line => 'HTTPD=/usr/sbin/httpd.worker', - match => '#?HTTPD=/usr/sbin/httpd.worker', - notify => Service['httpd'], + if $apache_version >= 2.4 { + apache::mpm{ 'worker': + apache_version => $apache_version, + } } - } - 'debian': { - file { "${apache::mod_enable_dir}/worker.conf": - ensure => link, - target => "${apache::mod_dir}/worker.conf", - require => Exec["mkdir ${apache::mod_enable_dir}"], - before => File[$apache::mod_enable_dir], - notify => Service['httpd'], - } - package { 'apache2-mpm-worker': - ensure => present, + else { + file_line { '/etc/sysconfig/httpd worker enable': + ensure => present, + path => '/etc/sysconfig/httpd', + line => 'HTTPD=/usr/sbin/httpd.worker', + match => '#?HTTPD=/usr/sbin/httpd.worker', + require => Package['httpd'], + notify => Service['httpd'], + } } } - 'freebsd' : { - class { 'apache::package': - mpm_module => 'worker' + 'debian', 'freebsd': { + apache::mpm{ 'worker': + apache_version => $apache_version, } } default: { diff --git a/manifests/mpm.pp b/manifests/mpm.pp new file mode 100644 index 0000000000..fd6f764183 --- /dev/null +++ b/manifests/mpm.pp @@ -0,0 +1,68 @@ +define apache::mpm ( + $lib_path = $apache::params::lib_path, + $apache_version = $apache::apache_version, +) { + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + + $mpm = $name + $mod_dir = $apache::mod_dir + + $_lib = "mod_mpm_${mpm}.so" + $_path = "${lib_path}/${_lib}" + $_id = "mpm_${mpm}_module" + + if $apache_version >= 2.4 { + file { "${mod_dir}/${mpm}.load": + ensure => file, + path => "${mod_dir}/${mpm}.load", + content => "LoadModule ${_id} ${_path}\n", + require => [ + Package['httpd'], + Exec["mkdir ${mod_dir}"], + ], + before => File[$mod_dir], + notify => Service['httpd'], + } + } + + case $::osfamily { + 'debian': { + file { "${apache::mod_enable_dir}/${mpm}.conf": + ensure => link, + target => "${apache::mod_dir}/${mpm}.conf", + require => Exec["mkdir ${apache::mod_enable_dir}"], + before => File[$apache::mod_enable_dir], + notify => Service['httpd'], + } + + if $apache_version >= 2.4 { + file { "${apache::mod_enable_dir}/${mpm}.load": + ensure => link, + target => "${apache::mod_dir}/${mpm}.load", + require => Exec["mkdir ${apache::mod_enable_dir}"], + before => File[$apache::mod_enable_dir], + notify => Service['httpd'], + } + } + + if $apache_version < 2.4 { + package { "apache2-mpm-${mpm}": + ensure => present, + } + } + } + 'freebsd': { + class { 'apache::package': + mpm_module => $mpm + } + } + 'redhat': { + # so we don't fail + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 2a0554db12..1f5f45b413 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -18,7 +18,7 @@ # # Sample Usage: # -class apache::params { +class apache::params inherits apache::version { # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, 3 on Amazon, etc. $osr_array = split($::operatingsystemrelease,'[\/\.]') $distrelease = $osr_array[0] diff --git a/manifests/version.pp b/manifests/version.pp new file mode 100644 index 0000000000..4ed960df18 --- /dev/null +++ b/manifests/version.pp @@ -0,0 +1,28 @@ +# Class: apache::version +# +# Try to automatically detect the version by OS +# +class apache::version { + case $::osfamily { + 'RedHat': { + if ($::operatingsystem == 'Fedora' and $::operatingsystemrelease >= 18) or ($::operatingsystem != 'Fedora' and $::operatingsystemrelease >= 7) { + $default = 2.4 + } else { + $default = 2.2 + } + } + 'Debian': { + if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { + $default = 2.4 + } else { + $default = 2.2 + } + } + 'FreeBSD': { + $default = 2.2 + } + default: { + fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") + } + } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 2f24314ff5..cac091dee9 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -169,11 +169,13 @@ $fastcgi_socket = undef, $fastcgi_dir = undef, $additional_includes = [], + $apache_version = $apache::apache_version ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') } + $apache_name = $apache::params::apache_name validate_re($ensure, '^(present|absent)$', @@ -400,15 +402,22 @@ } $_directories = $directories } else { - $_directories = [ { + $_directory = { provider => 'directory', path => $docroot, options => $options, allow_override => $override, directoryindex => $directoryindex, - order => 'allow,deny', - allow => 'from all', - } ] + } + + if $apache_version == 2.4 { + $_directory[require] = 'all granted' + } else { + $_directory[order] = 'allow,deny' + $_directory[allow] = 'from all' + } + + $_directories = [ $_directory ] } # Template uses: diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 655a0cf30a..1a9a58d1b8 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -73,6 +73,22 @@ it { should_not contain_file("#{modname}.conf symlink") } end + context "with Apache version < 2.4" do + let :params do + { :apache_version => 2.2 } + end + + it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } + end + + context "with Apache version >= 2.4" do + let :params do + { :apache_version => 2.4 } + end + + it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } + end + # Assert that both load files and conf files are placed and symlinked for these mods [ 'alias', @@ -103,6 +119,7 @@ 'target' => "/etc/apache2/mods-available/#{modname}.conf" ) } end + describe "Don't create user resource" do context "when parameter manage_user is false" do let :params do @@ -213,7 +230,22 @@ ) } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + context "with Apache version < 2.4" do + let :params do + { :apache_version => 2.2 } + end + + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + end + + context "with Apache version >= 2.4" do + let :params do + { :apache_version => 2.4 } + end + + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } + end + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*\.conf"$} } it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 7363e2fc92..320374a00d 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -14,4 +14,75 @@ it { should_not contain_apache__mod('event') } it { should contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + it { should contain_class("apache::params") } + it { should_not contain_apache__mod('event') } + it { should contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } + it { should contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should_not contain_file("/etc/apache2/mods-available/event.load") } + it { should_not contain_file("/etc/apache2/mods-enabled/event.load") } + + it { should contain_package("apache2-mpm-event") } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should contain_file("/etc/apache2/mods-available/event.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n" + }) + } + it { should contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should contain_class("apache::params") } + it { should_not contain_apache__mod('worker') } + it { should_not contain_apache__mod('prefork') } + + it { should contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') } + + it { should contain_file("/etc/httpd/conf.d/event.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n", + }) + } + end + end end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 443ace0cce..032e122d48 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -14,7 +14,34 @@ it { should_not contain_apache__mod('itk') } it { should contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } - it { should contain_package("apache2-mpm-itk") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should_not contain_file("/etc/apache2/mods-available/itk.load") } + it { should_not contain_file("/etc/apache2/mods-enabled/itk.load") } + + it { should contain_package("apache2-mpm-itk") } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should contain_file("/etc/apache2/mods-available/itk.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n" + }) + } + it { should contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } + end end context "on a FreeBSD OS" do let :facts do diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 5436894227..8eff78e4ab 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -14,7 +14,34 @@ it { should_not contain_apache__mod('prefork') } it { should contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } - it { should contain_package("apache2-mpm-prefork") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should_not contain_file("/etc/apache2/mods-available/prefork.load") } + it { should_not contain_file("/etc/apache2/mods-enabled/prefork.load") } + + it { should contain_package("apache2-mpm-prefork") } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should contain_file("/etc/apache2/mods-available/prefork.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n" + }) + } + it { should contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') } + end end context "on a RedHat OS" do let :facts do @@ -27,10 +54,35 @@ it { should contain_class("apache::params") } it { should_not contain_apache__mod('prefork') } it { should contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } - it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ - 'require' => 'Package[httpd]', - }) - } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ + 'require' => 'Package[httpd]', + }) + } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should_not contain_apache__mod('event') } + + it { should contain_file("/etc/httpd/conf.d/prefork.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n", + }) + } + end end context "on a FreeBSD OS" do let :facts do diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 1af8ff8c68..504018e689 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -14,7 +14,34 @@ it { should_not contain_apache__mod('worker') } it { should contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } it { should contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } - it { should contain_package("apache2-mpm-worker") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should_not contain_file("/etc/apache2/mods-available/worker.load") } + it { should_not contain_file("/etc/apache2/mods-enabled/worker.load") } + + it { should contain_package("apache2-mpm-worker") } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should contain_file("/etc/apache2/mods-available/worker.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n" + }) + } + it { should contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') } + end end context "on a RedHat OS" do let :facts do @@ -27,7 +54,35 @@ it { should contain_class("apache::params") } it { should_not contain_apache__mod('worker') } it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } - it { should contain_file_line("/etc/sysconfig/httpd worker enable") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => 2.2, + } + end + + it { should contain_file_line("/etc/sysconfig/httpd worker enable").with({ + 'require' => 'Package[httpd]', + }) + } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => 2.4, + } + end + + it { should_not contain_apache__mod('event') } + + it { should contain_file("/etc/httpd/conf.d/worker.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n", + }) + } + end end context "on a FreeBSD OS" do let :facts do diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index 39e16b6f31..de1108af08 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -13,9 +13,9 @@ # There are 4 resources in this class currently # there should not be any more resources because it is a params class - # The resources are class[apache::params], class[main], class[settings], stage[main] + # The resources are class[apache::version], class[apache::params], class[main], class[settings], stage[main] it "Should not contain any resources" do - subject.resources.size.should == 4 + subject.resources.size.should == 5 end end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4fcb23dd47..3b39c26e0c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -601,6 +601,60 @@ /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, ], }, + { + :title => 'should contain environment variables', + :attr => 'access_log_env_var', + :value => 'admin', + :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] + }, + { + :title => 'should contain virtual_docroot', + :attr => 'virtual_docroot', + :value => '/not/default', + :match => [ + /^ VirtualDocumentRoot "\/not\/default"$/, + ], + }, + { + :title => 'should accept multiple directories', + :attr => 'directories', + :value => [ + { 'path' => '/opt/app' }, + { 'path' => '/var/www' }, + { 'path' => '/rspec/docroot'} + ], + :match => [ + /^ $/, + /^ $/, + /^ $/, + ], + }, + ].each do |param| + describe "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + + it { should contain_file("25-#{title}.conf").with_mode('0644') } + if param[:match] + it "#{param[:title]}: matches" do + param[:match].each do |match| + should contain_file("25-#{title}.conf").with_content( match ) + end + end + end + if param[:notmatch] + it "#{param[:title]}: notmatches" do + param[:notmatch].each do |notmatch| + should_not contain_file("25-#{title}.conf").with_content( notmatch ) + end + end + end + end + end + end + + # Apache below 2.4 (Default Version). All match and notmatch should be a list of regexs and exact match strings + context ".conf content with $apache_version < 2.4" do + [ { :title => 'should accept a directory', :attr => 'directories', @@ -678,17 +732,128 @@ ], }, { - :title => 'should accept multiple directories', + :title => 'should accept location for provider', + :attr => 'directories', + :value => { + 'path' => '/', + 'provider' => 'location', + }, + :notmatch => [' AllowOverride None'], + :match => [ + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/Location>$/, + ], + }, + { + :title => 'should accept files for provider', + :attr => 'directories', + :value => { + 'path' => 'index.html', + 'provider' => 'files', + }, + :notmatch => [' AllowOverride None'], + :match => [ + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/Files>$/, + ], + }, + ].each do |param| + describe "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ + param[:attr].to_sym => param[:value], + :apache_version => 2.2, + }) end + + it { should contain_file("25-#{title}.conf").with_mode('0644') } + if param[:match] + it "#{param[:title]}: matches" do + param[:match].each do |match| + should contain_file("25-#{title}.conf").with_content( match ) + end + end + end + if param[:notmatch] + it "#{param[:title]}: notmatches" do + param[:notmatch].each do |notmatch| + should_not contain_file("25-#{title}.conf").with_content( notmatch ) + end + end + end + end + end + end + + # Apache equals or above 2.4. All match and notmatch should be a list of regexs and exact match strings + context ".conf content with $apache_version >= 2.4" do + [ + { + :title => 'should accept a directory', :attr => 'directories', - :value => [ - { 'path' => '/opt/app' }, - { 'path' => '/var/www' }, - { 'path' => '/rspec/docroot'} + :value => { 'path' => '/opt/app' }, + :notmatch => [' '], + :match => [ + /^ $/, + /^ AllowOverride None$/, + /^ Require all granted$/, + /^ <\/Directory>$/, ], + }, + { + :title => 'should accept directory directives hash', + :attr => 'directories', + :value => { + 'path' => '/opt/app', + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'allow_override' => 'Lol', + 'options' => '-MultiViews', + 'require' => 'something denied', + 'passenger_enabled' => 'onf', + }, :match => [ /^ $/, - /^ $/, - /^ $/, + /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, + /^ AllowOverride Lol$/, + /^ Options -MultiViews$/, + /^ Require something denied$/, + /^ PassengerEnabled onf$/, + /^ <\/Directory>$/, + ], + }, + { + :title => 'should accept directory directives with arrays and hashes', + :attr => 'directories', + :value => [ + { + 'path' => '/opt/app1', + 'allow_override' => ['AuthConfig','Indexes'], + 'options' => ['-MultiViews','+MultiViews'], + 'require' => ['host','example.org'], + 'passenger_enabled' => 'onf', + }, + { + 'path' => '/opt/app2', + 'addhandlers' => { + 'handler' => 'cgi-script', + 'extensions' => '.cgi', + }, + }, + ], + :match => [ + /^ $/, + /^ AllowOverride AuthConfig Indexes$/, + /^ Options -MultiViews \+MultiViews$/, + /^ Require host example.org$/, + /^ PassengerEnabled onf$/, + /^ <\/Directory>$/, + /^ $/, + /^ AllowOverride None$/, + /^ Require all granted$/, + /^ AddHandler cgi-script .cgi$/, + /^ <\/Directory>$/, ], }, { @@ -701,8 +866,7 @@ :notmatch => [' AllowOverride None'], :match => [ /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, + /^ Require all granted$/, /^ <\/Location>$/, ], }, @@ -716,8 +880,7 @@ :notmatch => [' AllowOverride None'], :match => [ /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, + /^ Require all granted$/, /^ <\/Files>$/, ], }, @@ -736,24 +899,12 @@ /^ <\/FilesMatch>$/, ], }, - { - :title => 'should contain virtual_docroot', - :attr => 'virtual_docroot', - :value => '/not/default', - :match => [ - /^ VirtualDocumentRoot "\/not\/default"$/, - ], - }, - { - :title => 'should contain environment variables', - :attr => 'access_log_env_var', - :value => 'admin', - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] - }, - ].each do |param| describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end + let :params do default_params.merge({ + param[:attr].to_sym => param[:value], + :apache_version => 2.4, + }) end it { should contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] @@ -774,6 +925,7 @@ end end + # All match and notmatch should be a list of regexs and exact match strings context ".conf content with SSL" do [ { diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 0a03995b86..66b70836bb 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -16,9 +16,13 @@ Group <%= @group %> AccessFileName .htaccess +<%- if @apache_version >= '2.4' -%> + Require all denied +<%- else -%> Order allow,deny Deny from all Satisfy all +<%- end -%> @@ -52,7 +56,11 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent +<%- if @apache_version >= '2.4' -%> +IncludeOptional "<%= @confd_dir %>/*.conf" +<%- else -%> Include "<%= @confd_dir %>/*.conf" +<%- end -%> <% if @vhost_load_dir != @confd_dir -%> Include "<%= @vhost_load_dir %>/*.conf" <% end -%> @@ -66,8 +74,12 @@ Alias /error/ "<%= @error_documents_path %>/" Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var +<%- if @apache_version == '2.4' -%> + Require all granted +<%- else -%> Order allow,deny Allow from all +<%- end -%> LanguagePriority en cs de es fr it nl sv pt-br ro ForceLanguagePriority Prefer Fallback diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb index 52f16c1719..0a0c81593d 100644 --- a/templates/mod/alias.conf.erb +++ b/templates/mod/alias.conf.erb @@ -3,7 +3,11 @@ Alias /icons/ "<%= @icons_path %>/" "> Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all +<%- if @apache_version == '2.4' -%> + Require all granted +<%- else -%> + Order allow,deny + Allow from all +<%- end -%> diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index f66b1c958c..763e13a9cf 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -13,7 +13,11 @@ <% if @ssl_compression -%> SSLCompression Off <% end -%> + <% if @apache_version >= '2.4' -%> + SSLMutex sysvsem <%= @ssl_mutex %> + <% else -%> SSLMutex <%= @ssl_mutex %> + <% end -%> SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 986216a2cb..516d0798da 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -34,21 +34,29 @@ AllowOverride None <%- end -%> <%- end -%> - <%- if directory['order'] and directory['order'] != '' -%> - Order <%= Array(directory['order']).join(',') %> + <%- if @apache_version == '2.4' -%> + <%- if directory['require'] and directory['require'] != '' -%> + Require <%= Array(directory['require']).join(' ') %> + <%- else -%> + Require all granted + <%- end -%> <%- else -%> + <%- if directory['order'] and directory['order'] != '' -%> + Order <%= Array(directory['order']).join(',') %> + <%- else -%> Order allow,deny - <%- end -%> - <%- if directory['deny'] and directory['deny'] != '' -%> + <%- end -%> + <%- if directory['deny'] and directory['deny'] != '' -%> Deny <%= directory['deny'] %> - <%- end -%> - <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- end -%> + <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> Allow <%= directory['allow'] %> - <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> - <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> + <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> + <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> Deny from all - <%- else -%> + <%- else -%> Allow from all + <%- end -%> <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> From 1ab4bef3e19e9aac38335c4e10092e11dbf24d03 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Wed, 5 Feb 2014 21:16:43 +0000 Subject: [PATCH 0139/2267] Fix to lots of tests to work with apache24 --- manifests/default_mods.pp | 20 ++ manifests/mod/info.pp | 5 +- manifests/mod/ssl.pp | 28 ++- spec/acceptance/apache_parameters_spec.rb | 83 ++++----- .../nodesets/ubuntu-server-1310-x64.yml | 11 ++ spec/acceptance/version.rb | 57 ++++++ spec/acceptance/vhost_spec.rb | 173 +++++++++--------- spec/defines/vhost_spec.rb | 18 +- templates/mod/info.conf.erb | 4 + templates/mod/ssl.conf.erb | 2 +- templates/vhost/_block.erb | 4 + templates/vhost/_fastcgi.erb | 6 +- 12 files changed, 269 insertions(+), 142 deletions(-) create mode 100644 spec/acceptance/nodesets/ubuntu-server-1310-x64.yml create mode 100644 spec/acceptance/version.rb diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index c8523fced1..09cc3be1eb 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -130,5 +130,25 @@ apache::mod { 'env': } } elsif $mods { apache::default_mods::load { $mods: } + + if $apache_version >= 2.4 { + # authz_core is needed for 'Require' directive + apache::mod { 'authz_core': + id => 'authz_core_module', + } + + # filter is needed by mod_deflate + apache::mod { 'filter': } + } + } else { + if $apache_version >= 2.4 { + # authz_core is needed for 'Require' directive + apache::mod { 'authz_core': + id => 'authz_core_module', + } + + # filter is needed by mod_deflate + apache::mod { 'filter': } + } } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index b76e1efb2a..627bf85ddf 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -1,8 +1,11 @@ class apache::mod::info ( $allow_from = ['127.0.0.1','::1'], + $apache_version = $apache::apache_version, ){ apache::mod { 'info': } - # Template uses $allow_from + # Template uses + # $allow_from + # $apache_version file { 'info.conf': ensure => file, path => "${apache::mod_dir}/info.conf", diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 5756d89e7d..f8e6c248c2 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -8,13 +8,33 @@ 'redhat' => '/var/cache/mod_ssl/scache(512000)', 'freebsd' => '/var/run/ssl_scache(512000)', } - $ssl_mutex = $::osfamily ? { - 'debian' => 'file:${APACHE_RUN_DIR}/ssl_mutex', - 'redhat' => 'default', - 'freebsd' => 'default', + + case $::osfamily { + 'debian': { + if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { + file { "${APACHE_RUN_DIR}/ssl_mutex": + ensure => directory + } + + $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex default' + } else { + $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex' + } + } + 'redhat': { + $ssl_mutex = 'default' + } + 'freebsd': { + $ssl_mutex = 'default' + } } + apache::mod { 'ssl': } + if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { + apache::mod { 'socache_shmcb': } + } + # Template uses # # $ssl_compression diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index bcaa21f955..597739f5c2 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -1,23 +1,5 @@ require 'spec_helper_acceptance' - -case fact('osfamily') -when 'RedHat' - confd_dir = '/etc/httpd/conf.d' - conf_file = '/etc/httpd/conf/httpd.conf' - ports_file = '/etc/httpd/conf/ports.conf' - vhost = '/etc/httpd/conf.d/15-default.conf' - service_name = 'httpd' - package_name = 'httpd' - error_log = 'error_log' -when 'Debian' - confd_dir = '/etc/apache2/mods-available' - conf_file = '/etc/apache2/apache2.conf' - ports_file = '/etc/apache2/ports.conf' - vhost = '/etc/apache2/sites-available/15-default.conf' - service_name = 'apache2' - package_name = 'apache2' - error_log = 'error.log' -end +require_relative './version.rb' describe 'apache parameters' do @@ -41,7 +23,7 @@ end if fact('osfamily') == 'FreeBSD' - describe file("#{confd_dir}/no-accf.conf.erb") do + describe file("#{$confd_dir}/no-accf.conf.erb") do it { should be_file } end end @@ -53,7 +35,7 @@ apply_manifest(pp, :catch_failures => true) end - describe file(ports_file) do + describe file($ports_file) do it { should be_file } it { should contain 'Listen 10.1.1.1' } end @@ -70,7 +52,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_running } it { should be_enabled } end @@ -87,7 +69,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should_not be_running } it { should_not be_enabled } end @@ -101,12 +83,12 @@ class { 'apache': purge_vdir => false, } EOS - shell("touch #{confd_dir}/test.conf") + shell("touch #{$confd_dir}/test.conf") apply_manifest(pp, :catch_failures => true) end # Ensure the file didn't disappear. - describe file("#{confd_dir}/test.conf") do + describe file("#{$confd_dir}/test.conf") do it { should be_file } end end @@ -120,12 +102,12 @@ class { 'apache': purge_vdir => true, } EOS - shell("touch #{confd_dir}/test.conf") + shell("touch #{$confd_dir}/test.conf") apply_manifest(pp, :catch_failures => true) end # File should be gone - describe file("#{confd_dir}/test.conf") do + describe file("#{$confd_dir}/test.conf") do it { should_not be_file } end end @@ -137,7 +119,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file(vhost) do + describe file($vhost) do it { should be_file } it { should contain 'ServerAdmin test@example.com' } end @@ -151,7 +133,7 @@ class { 'apache': end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'EnableSendfile On' } end @@ -163,7 +145,7 @@ class { 'apache': end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'Sendfile Off' } end @@ -177,7 +159,7 @@ class { 'apache': end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'Alias /error/' } end @@ -191,7 +173,7 @@ class { 'apache': end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'Timeout 1234' } end @@ -208,7 +190,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file("#{confd_dir}/mime.conf") do + describe file("#{$confd_dir}/mime.conf") do it { should be_file } it { should contain 'AddLanguage eo .eo' } end @@ -222,7 +204,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'ServerRoot "/tmp/root"' } end @@ -236,9 +218,16 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file(conf_file) do - it { should be_file } - it { should contain 'Include "/tmp/root/*.conf"' } + if $apache_version >= 2.4 + describe file($conf_file) do + it { should be_file } + it { should contain 'IncludeOptional "/tmp/root/*.conf"' } + end + else + describe file($conf_file) do + it { should be_file } + it { should contain 'Include "/tmp/root/*.conf"' } + end end end @@ -252,7 +241,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'testcontent' } end @@ -266,7 +255,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'ServerName "test.server"' } end @@ -305,7 +294,7 @@ class { 'apache': end end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'KeepAlive On' } it { should contain 'KeepAliveTimeout 30' } @@ -320,7 +309,7 @@ class { 'apache': end end - describe file("/tmp/#{error_log}") do + describe file("/tmp/#{$error_log}") do it { should be_file } end end @@ -347,15 +336,15 @@ class { 'apache': it 'applys cleanly' do pp = <<-EOS class { 'apache': - server_tokens => 'testtokens', + server_tokens => 'Minor', } EOS apply_manifest(pp, :catch_failures => true) end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } - it { should contain 'ServerTokens testtokens' } + it { should contain 'ServerTokens Minor' } end end @@ -370,7 +359,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'ServerSignature testsig' } end @@ -386,7 +375,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file(conf_file) do + describe file($conf_file) do it { should be_file } it { should contain 'TraceEnable Off' } end @@ -402,7 +391,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe package(package_name) do + describe package($package_name) do it { should be_installed } end end diff --git a/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml new file mode 100644 index 0000000000..f4b2366f3b --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-1310-x64: + roles: + - master + platform: ubuntu-13.10-amd64 + box : ubuntu-server-1310-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-1310-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + log_level : debug + type: git diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb new file mode 100644 index 0000000000..62c5f3c397 --- /dev/null +++ b/spec/acceptance/version.rb @@ -0,0 +1,57 @@ +_osfamily = fact('osfamily') +_operatingsystem = fact('operatingsystem') +_operatingsystemrelease = fact('operatingsystemrelease').to_f + +case _osfamily +when 'RedHat' + $confd_dir = '/etc/httpd/conf.d' + $conf_file = '/etc/httpd/conf/httpd.conf' + $ports_file = '/etc/httpd/conf/ports.conf' + $vhost_dir = '/etc/httpd/conf.d' + $vhost = '/etc/httpd/conf.d/15-default.conf' + $run_dir = '/var/run/httpd' + $service_name = 'httpd' + $package_name = 'httpd' + $error_log = 'error_log' + $suphp_handler = 'php5-script' + $suphp_configpath = 'undef' + + if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7) + $apache_version = 2.4 + else + $apache_version = 2.2 + end +when 'Debian' + $confd_dir = '/etc/apache2/mods-available' + $conf_file = '/etc/apache2/apache2.conf' + $ports_file = '/etc/apache2/ports.conf' + $vhost = '/etc/apache2/sites-available/15-default.conf' + $vhost_dir = '/etc/apache2/sites-enabled' + $run_dir = '/var/run/apache2' + $service_name = 'apache2' + $package_name = 'apache2' + $error_log = 'error.log' + $suphp_handler = 'x-httpd-php' + $suphp_configpath = '/etc/php5/apache2' + + if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10 + $apache_version = 2.4 + else + $apache_version = 2.2 + end +when 'FreeBSD' + $confd_dir = '/usr/local/etc/apache22/Includes' + $conf_file = '/usr/local/etc/apache22/httpd.conf' + $ports_file = '/usr/local/etc/apache22/Includes/ports.conf' + $vhost = '/usr/local/etc/apache22/Vhosts/15-default.conf' + $vhost_dir = '/usr/local/etc/apache22/Vhosts' + $run_dir = '/var/run/apache22' + $service_name = 'apache22' + $package_name = 'apache22' + $error_log = 'http-error.log' + + $apache_version = 2.2 +else + fail RuntimeError, "Unsupported osfamily: #{_osfamily}" +end + diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e6b8f1b928..7d066241f7 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1,28 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::vhost define' do - case fact('osfamily') - when 'RedHat' - vhost_dir = '/etc/httpd/conf.d' - package_name = 'httpd' - service_name = 'httpd' - ports_file = '/etc/httpd/conf/ports.conf' - suphp_handler = 'php5-script' - suphp_configpath = 'undef' - when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - package_name = 'apache22' - service_name = 'apache22' - ports_file = '/usr/local/etc/apache22/ports.conf' - when 'Debian' - vhost_dir = '/etc/apache2/sites-enabled' - package_name = 'apache2' - service_name = 'apache2' - ports_file = '/etc/apache2/ports.conf' - suphp_handler = 'x-httpd-php' - suphp_configpath = '/etc/php5/apache2' - end - context 'no default vhosts' do it 'should create no default vhosts' do pp = <<-EOS @@ -36,11 +15,11 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/15-default.conf") do + describe file("#{$vhost_dir}/15-default.conf") do it { should_not be_file } end - describe file("#{vhost_dir}/15-default-ssl.conf") do + describe file("#{$vhost_dir}/15-default-ssl.conf") do it { should_not be_file } end end @@ -54,11 +33,11 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/15-default.conf") do + describe file("#{$vhost_dir}/15-default.conf") do it { should contain '' } end - describe file("#{vhost_dir}/15-default-ssl.conf") do + describe file("#{$vhost_dir}/15-default-ssl.conf") do it { should_not be_file } end end @@ -69,18 +48,24 @@ class { 'apache': } # 'file:/var/run/apache2/ssl_mutex' but contains # 'file:${APACHE_RUN_DIR}/ssl_mutex' pp = <<-EOS + file { '#{$run_dir}': + ensure => 'directory', + recurse => true, + } + class { 'apache': default_ssl_vhost => true, + require => File['#{$run_dir}'], } EOS apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/15-default.conf") do + describe file("#{$vhost_dir}/15-default.conf") do it { should contain '' } end - describe file("#{vhost_dir}/15-default-ssl.conf") do + describe file("#{$vhost_dir}/15-default-ssl.conf") do it { should contain '' } it { should contain "SSLEngine on" } end @@ -90,15 +75,21 @@ class { 'apache': it 'should configure an apache vhost' do pp = <<-EOS class { 'apache': } + file { '#{$run_dir}': + ensure => 'directory', + recurse => true, + } + apache::vhost { 'first.example.com': port => '80', docroot => '/var/www/first', + require => File['#{$run_dir}'], } EOS apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-first.example.com.conf") do + describe file("#{$vhost_dir}/25-first.example.com.conf") do it { should contain '' } it { should contain "ServerName first.example.com" } end @@ -119,7 +110,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-proxy.example.com.conf") do + describe file("#{$vhost_dir}/25-proxy.example.com.conf") do it { should contain '' } it { should contain "ServerName proxy.example.com" } it { should contain "ProxyPass" } @@ -153,7 +144,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -176,12 +167,21 @@ class { 'apache': } it 'should configure a vhost with Files' do pp = <<-EOS class { 'apache': } + + if $apache::apache_version >= 2.4 { + $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } + } else { + $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } + } + + $_directories = [ + { 'path' => '/var/www/files', }, + $_files_match_directory, + ] + apache::vhost { 'files.example.net': docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', }, - { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all' }, - ], + directories => $_directories, } file { '/var/www/files/index.html': ensure => file, @@ -196,7 +196,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -211,21 +211,22 @@ class { 'apache': } it 'should configure a vhost with multiple Directory sections' do pp = <<-EOS class { 'apache': } + + if $apache::apache_version >= 2.4 { + $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } + } else { + $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' } + } + + $_directories = [ + { 'path' => '/var/www/files', }, + { 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', }, + $_files_match_directory, + ] + apache::vhost { 'files.example.net': docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', }, - { - 'provider' => 'location', - 'path' => '/foo/', - 'directoryindex' => 'notindex.html', - }, - { - 'provider' => 'filesmatch', - 'path' => 'private.html$', - 'deny' => 'from all', - }, - ], + directories => $_directories, } file { '/var/www/files/foo': ensure => directory, @@ -243,7 +244,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -275,7 +276,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -316,7 +317,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -362,7 +363,7 @@ class { 'apache': default_vhost => false, } }, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -389,7 +390,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file(ports_file) do + describe file($ports_file) do it { should be_file } it { should_not contain 'NameVirtualHost test.server' } end @@ -411,7 +412,7 @@ class { 'apache': default_vhost => false } apply_manifest(pp, :catch_failures => true) end - describe file(ports_file) do + describe file($ports_file) do it { should be_file } it { should_not contain 'Listen 80' } it { should contain 'Listen 81' } @@ -452,7 +453,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/10-test.server.conf") do + describe file("#{$vhost_dir}/10-test.server.conf") do it { should be_file } end end @@ -470,7 +471,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'Options Indexes FollowSymLinks ExecCGI' } end @@ -489,7 +490,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'AllowOverride All' } end @@ -508,7 +509,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain ' CustomLog "/tmp' } end @@ -536,7 +537,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should_not contain " #{logname} \"/tmp" } end @@ -550,15 +551,15 @@ class { 'apache': } apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', - #{logtype}_log_pipe => '|test', + #{logtype}_log_pipe => '|/bin/sh', } EOS apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain " #{logname} \"|test" } + it { should contain " #{logname} \"|/bin/sh" } end end @@ -576,7 +577,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain " #{logname} \"syslog\"" } end @@ -598,7 +599,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'CustomLog "syslog" "%h %l"' } end @@ -619,7 +620,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'CustomLog "syslog" combined env=admin' } end @@ -638,7 +639,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'Alias /image "/ftp/pub/image"' } end @@ -657,7 +658,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'ScriptAlias /myscript "/usr/share/myscript"' } end @@ -676,7 +677,7 @@ class { 'apache': service_ensure => stopped, } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'ProxyPass / test2/' } end @@ -689,19 +690,19 @@ class { 'apache': service_ensure => stopped, } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', - suphp_addhandler => '#{suphp_handler}', + suphp_addhandler => '#{$suphp_handler}', suphp_engine => 'on', - suphp_configpath => '#{suphp_configpath}', + suphp_configpath => '#{$suphp_configpath}', } EOS apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain "suPHP_AddHandler #{suphp_handler}" } + it { should contain "suPHP_AddHandler #{$suphp_handler}" } it { should contain 'suPHP_Engine on' } - it { should contain "suPHP_ConfigPath \"#{suphp_configpath}\"" } + it { should contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } end end @@ -719,7 +720,7 @@ class { 'apache': service_ensure => stopped, } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'ProxyPass / http://test2/' } it { should contain 'ProxyPass http://test2/test !' } @@ -741,7 +742,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'Redirect permanent /images http://test.server/' } end @@ -769,7 +770,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'RackBaseURI /test' } end @@ -790,7 +791,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'append MirrorID "mirror 12"' } end @@ -814,7 +815,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain '#test' } it { should contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } @@ -836,7 +837,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'SetEnv TEST /test' } it { should contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } @@ -856,7 +857,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain '' } end @@ -879,7 +880,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'WSGIDaemonProcess wsgi processes=2' } it { should contain 'WSGIProcessGroup vagrant' } @@ -900,7 +901,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain '#weird test string' } end @@ -919,7 +920,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'AssignUserId vagrant vagrant' } end @@ -943,7 +944,7 @@ class { 'apache::mod::fastcgi': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } it { should contain '' } @@ -965,7 +966,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } it { should contain 'Include "/tmp/include"' } end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3b39c26e0c..150e20833f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -761,6 +761,21 @@ /^ <\/Files>$/, ], }, + { + :title => 'should accept files match for provider', + :attr => 'directories', + :value => { + 'path' => 'index.html', + 'provider' => 'filesmatch', + }, + :notmatch => [' AllowOverride None'], + :match => [ + /^ $/, + /^ Order allow,deny$/, + /^ Allow from all$/, + /^ <\/FilesMatch>$/, + ], + }, ].each do |param| describe "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ @@ -894,8 +909,7 @@ :notmatch => [' AllowOverride None'], :match => [ /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, + /^ Require all granted$/, /^ <\/FilesMatch>$/, ], }, diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb index 01ffe95a91..0747da4307 100644 --- a/templates/mod/info.conf.erb +++ b/templates/mod/info.conf.erb @@ -1,6 +1,10 @@ SetHandler server-info + <%- if @apache_version >= '2.4' -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> Order deny,allow Deny from all Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 763e13a9cf..e1597f2f8b 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -14,7 +14,7 @@ SSLCompression Off <% end -%> <% if @apache_version >= '2.4' -%> - SSLMutex sysvsem <%= @ssl_mutex %> + Mutex <%= @ssl_mutex %> <% else -%> SSLMutex <%= @ssl_mutex %> <% end -%> diff --git a/templates/vhost/_block.erb b/templates/vhost/_block.erb index f235f89d28..f3c835d2cb 100644 --- a/templates/vhost/_block.erb +++ b/templates/vhost/_block.erb @@ -4,7 +4,11 @@ <% if @block.include? 'scm' -%> # Block access to SCM directories. + <%- if @apache_version >= '2.4' -%> + Require all denied + <%- else -%> Deny From All + <%- end -%> <% end -%> <% end -%> diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index 86ecf92184..07129bc197 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -8,8 +8,12 @@ Options +ExecCGI AllowOverride All SetHandler fastcgi-script + <%- if @apache_version >= '2.4' -%> + Require all granted + <%- else -%> Order allow,deny - Allow from all + Allow From All + <%- end -%> AuthBasicAuthoritative Off From c416bf40de261b80a93d39fd92a04fdcf07710c8 Mon Sep 17 00:00:00 2001 From: Scott Smith Date: Wed, 5 Feb 2014 23:12:58 +0000 Subject: [PATCH 0140/2267] Apache24 on Ubuntu SSL to use default mutex Changed the ssl module to use default for the new Mutex with Apache 2.4 on Ubuntu --- manifests/mod/ssl.pp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index f8e6c248c2..55bcbc7d5f 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -12,11 +12,7 @@ case $::osfamily { 'debian': { if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { - file { "${APACHE_RUN_DIR}/ssl_mutex": - ensure => directory - } - - $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex default' + $ssl_mutex = 'default' } else { $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex' } From 04ddeaad56a3a54e183ac2f2026aadc67b3e55d1 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Fri, 7 Feb 2014 12:07:05 +0000 Subject: [PATCH 0141/2267] Ensure socache_shmcb is enabled on all Apache 2.4 OSes The SSLSessionCache option is specified as socache_shmcb, so the module must be enabled. --- manifests/mod/ssl.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 55bcbc7d5f..fe171842d2 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -27,7 +27,7 @@ apache::mod { 'ssl': } - if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { + if $apache_version >= 2.4 { apache::mod { 'socache_shmcb': } } From a5dda0158fc18265e84796a9f41a5d6d7b1f1b1c Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Sat, 8 Feb 2014 21:53:19 -0800 Subject: [PATCH 0142/2267] fix simple linting errors --- manifests/mod/ssl.pp | 3 +++ manifests/package.pp | 2 +- manifests/vhost.pp | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index fe171842d2..323d092b28 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -23,6 +23,9 @@ 'freebsd': { $ssl_mutex = 'default' } + default: { + fail("Unsupported osfamily ${::osfamily}") + } } apache::mod { 'ssl': } diff --git a/manifests/package.pp b/manifests/package.pp index 31bd311982..b91e25f6b1 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -26,7 +26,7 @@ ensure => $ensure, path => '/etc/make.conf', line => "APACHE_PORT=${apache_package}", - match => "^\\s*#?\\s*APACHE_PORT\\s*=\\s*", + match => '^\\s*#?\\s*APACHE_PORT\\s*=\\s*', before => Package['httpd'], } # remove other packages diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cac091dee9..b019b74e8e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -267,7 +267,7 @@ if $access_log_file { $access_log_destination = "${logroot}/${access_log_file}" } elsif $access_log_pipe { - $access_log_destination = "${access_log_pipe}" + $access_log_destination = $access_log_pipe } elsif $access_log_syslog { $access_log_destination = $access_log_syslog } else { @@ -281,7 +281,7 @@ if $error_log_file { $error_log_destination = "${logroot}/${error_log_file}" } elsif $error_log_pipe { - $error_log_destination = "${error_log_pipe}" + $error_log_destination = $error_log_pipe } elsif $error_log_syslog { $error_log_destination = $error_log_syslog } else { From c9be62255bedfb128ea057e98e98f84daa8e9a86 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Sat, 8 Feb 2014 21:53:47 -0800 Subject: [PATCH 0143/2267] disable lint check for "single quoted variables" Previously we were checking (and failing every linting run) because the values for Debian configurations uses a syntax that looks like Puppet variables. This is regrettable since it's a valuable check but the fix will probably require changing how the conf variables are handled which is out of the scope of this PR. --- Rakefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Rakefile b/Rakefile index 9020623179..5868545f20 100644 --- a/Rakefile +++ b/Rakefile @@ -6,4 +6,5 @@ PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] From 69139c7d3b5cbfee5a6615effa1c42126fb30886 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Sat, 8 Feb 2014 21:58:02 -0800 Subject: [PATCH 0144/2267] use a .puppet-lint.rc for usage outside of rake tasks --- .puppet-lint.rc | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .puppet-lint.rc diff --git a/.puppet-lint.rc b/.puppet-lint.rc new file mode 100644 index 0000000000..df733ca811 --- /dev/null +++ b/.puppet-lint.rc @@ -0,0 +1,5 @@ +--no-single_quote_string_with_variables-check +--no-80chars-check +--no-class_inherits_from_params_class-check +--no-class_parameter_defaults-check +--no-documentation-check From 245224efc5671d7d774e349e9d84b1f8a55f7386 Mon Sep 17 00:00:00 2001 From: David Teirney Date: Sun, 9 Feb 2014 21:18:59 +1300 Subject: [PATCH 0145/2267] Update rspec definitions for the ProxyPassReverse location fix. --- spec/defines/vhost_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 150e20833f..76c908c80a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -353,7 +353,7 @@ :match => [ /^ ProxyPass \/ http:\/\/fake.com\/$/, /^ $/, - /^ ProxyPassReverse \/$/, + /^ ProxyPassReverse http:\/\/fake.com\/$/, /^ <\/Location>$/, ], :notmatch => [/ProxyPass .+!$/], @@ -365,7 +365,7 @@ :match => [ /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, /^ $/, - /^ ProxyPassReverse \/$/, + /^ ProxyPassReverse http:\/\/fake.com\/a$/, /^ <\/Location>$/, ], @@ -381,11 +381,11 @@ :match => [ /^ ProxyPass \/path-a\/ http:\/\/fake.com\/a\/$/, /^ $/, - /^ ProxyPassReverse \/$/, + /^ ProxyPassReverse http:\/\/fake.com\/a\/$/, /^ <\/Location>$/, /^ ProxyPass \/path-b http:\/\/fake.com\/b$/, /^ $/, - /^ ProxyPassReverse \/$/, + /^ ProxyPassReverse http:\/\/fake.com\/b$/, /^ <\/Location>$/, ], :notmatch => [/ProxyPass .+!$/], From 99d66352ad7bd5e92a3a3f7a59051ecd680d88fe Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Mon, 3 Feb 2014 16:40:13 +0000 Subject: [PATCH 0146/2267] Add WSGIApplicationGroup and WSGIImportScript directives --- README.md | 4 ++++ manifests/vhost.pp | 8 ++++++++ templates/vhost/_wsgi.erb | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 97fb7b963c..b36d7d2224 100644 --- a/README.md +++ b/README.md @@ -155,9 +155,13 @@ To set up a virtual host with WSGI apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', + wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => { processes => '2', threads => '15', display-name => '%{GROUP}' }, + wsgi_import_script => '/var/www/demo.wsgi', + wsgi_import_script_options => + { process-group => 'wsgi', application-group => '%{GLOBAL}' }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cac091dee9..0742c80b41 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -159,8 +159,11 @@ $setenvif = [], $block = [], $ensure = 'present', + $wsgi_application_group = undef, $wsgi_daemon_process = undef, $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, $wsgi_process_group = undef, $wsgi_script_aliases = undef, $custom_fragment = undef, @@ -209,6 +212,9 @@ if $wsgi_daemon_process_options { validate_hash($wsgi_daemon_process_options) } + if $wsgi_import_script_options { + validate_hash($wsgi_import_script_options) + } if $itk { validate_hash($itk) } @@ -495,7 +501,9 @@ # - $suphp_engine # - $suphp_configpath # wsgi fragment: + # - $wsgi_application_group # - $wsgi_daemon_process + # - $wsgi_import_script # - $wsgi_process_group # - $wsgi_script_aliases file { "${priority_real}-${filename}.conf": diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 4a68eed8d6..474c30ff19 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -1,8 +1,14 @@ +<% if @wsgi_application_group -%> + WSGIApplicationGroup <%= @wsgi_application_group %> +<% end -%> <% if @wsgi_daemon_process and @wsgi_daemon_process_options -%> WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> <% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%> WSGIDaemonProcess <%= @wsgi_daemon_process %> <% end -%> +<% if @wsgi_import_script and @wsgi_import_script_options -%> + WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> +<% end -%> <% if @wsgi_process_group -%> WSGIProcessGroup <%= @wsgi_process_group %> <% end -%> From 32791446c7264a1a5187dddfa18a546c47854907 Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Wed, 5 Feb 2014 14:15:17 +0000 Subject: [PATCH 0147/2267] Add WSGIApplicationGroup & WSGIImportScript tests. --- spec/acceptance/vhost_spec.rb | 5 +++++ spec/defines/vhost_spec.rb | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7d066241f7..205496a944 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -871,8 +871,11 @@ class { 'apache::mod::wsgi': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', + wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => {processes => '2'}, + wsgi_import_script => '/test1', + wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'vagrant', wsgi_script_aliases => { '/test' => '/test1' }, } @@ -882,7 +885,9 @@ class { 'apache::mod::wsgi': } describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } + it { should contain 'WSGIApplicationGroup %{GLOBAL}' } it { should contain 'WSGIDaemonProcess wsgi processes=2' } + it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } it { should contain 'WSGIProcessGroup vagrant' } it { should contain 'WSGIScriptAlias /test "/test1"' } end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 150e20833f..2cd2bb29d7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -601,6 +601,12 @@ /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, ], }, + { + :title => 'should accept a wsgi application group', + :attr => 'wsgi_application_group', + :value => '%{GLOBAL}', + :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', @@ -1116,6 +1122,18 @@ end end + describe 'when wsgi_import_script and wsgi_import_script_options are specified' do + let :params do default_params.merge({ + :wsgi_import_script => '/var/www/demo.wsgi', + :wsgi_import_script_options => { 'application-group' => '%{GLOBAL}', 'process-group' => 'wsgi' }, + }) end + it 'should set wsgi_import_script_options' do + should contain_file("25-#{title}.conf").with_content( + /^ WSGIImportScript \/var\/www\/demo.wsgi application-group=%{GLOBAL} process-group=wsgi$/ + ) + end + end + describe 'when rewrites are specified' do let :params do default_params.merge({ :rewrites => [ From 709e2e16cbb1c21821673aa038b91a77da55be6d Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 11 Feb 2014 14:53:12 -0800 Subject: [PATCH 0148/2267] The vagrant user doesn't exist on non-vagrant machines --- spec/acceptance/vhost_spec.rb | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 205496a944..1ac3d8d570 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -426,8 +426,8 @@ class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp/test', - docroot_owner => 'vagrant', - docroot_group => 'vagrant', + docroot_owner => 'nobody', + docroot_group => 'nobody', } EOS apply_manifest(pp, :catch_failures => true) @@ -435,8 +435,8 @@ class { 'apache': } describe file('/tmp/test') do it { should be_directory } - it { should be_owned_by 'vagrant' } - it { should be_grouped_into 'vagrant' } + it { should be_owned_by 'nobody' } + it { should be_grouped_into 'nobody' } end end @@ -876,7 +876,7 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_import_script => '/test1', wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, - wsgi_process_group => 'vagrant', + wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, } EOS @@ -888,7 +888,7 @@ class { 'apache::mod::wsgi': } it { should contain 'WSGIApplicationGroup %{GLOBAL}' } it { should contain 'WSGIDaemonProcess wsgi processes=2' } it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } - it { should contain 'WSGIProcessGroup vagrant' } + it { should contain 'WSGIProcessGroup nobody' } it { should contain 'WSGIScriptAlias /test "/test1"' } end end @@ -919,7 +919,7 @@ class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', - itk => { user => 'vagrant', group => 'vagrant' } + itk => { user => 'nobody', group => 'nobody' } } EOS apply_manifest(pp, :catch_failures => true) @@ -927,7 +927,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'AssignUserId vagrant vagrant' } + it { should contain 'AssignUserId nobody nobody' } end end From b6c6c00efffb0c194197c053815aa6c510d56b99 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 11 Feb 2014 16:32:50 -0800 Subject: [PATCH 0149/2267] Allow custom gemsource --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 9dfc87712f..dd87fe8cff 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do gem 'rake', :require => false From f1069cd34a7c3c615dc89754aaa3430e0de711b4 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 12 Feb 2014 17:54:35 -0800 Subject: [PATCH 0150/2267] Create user/group instead of using existing ones The group `nobody` doesn't exist on debian so this fixes that failure. --- spec/acceptance/vhost_spec.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 1ac3d8d570..a45db82b01 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -422,12 +422,14 @@ class { 'apache': default_vhost => false } describe 'docroot' do it 'applies cleanly' do pp = <<-EOS + user { 'test_owner': ensure => present, } + group { 'test_group': ensure => present, } class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp/test', - docroot_owner => 'nobody', - docroot_group => 'nobody', + docroot_owner => 'test_owner', + docroot_group => 'test_group', } EOS apply_manifest(pp, :catch_failures => true) @@ -435,8 +437,8 @@ class { 'apache': } describe file('/tmp/test') do it { should be_directory } - it { should be_owned_by 'nobody' } - it { should be_grouped_into 'nobody' } + it { should be_owned_by 'test_owner' } + it { should be_grouped_into 'test_group' } end end From 1ee31e340b10419dd0b274e8d3cb91941e4df4e0 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Tue, 18 Feb 2014 08:41:11 +0000 Subject: [PATCH 0151/2267] Replace mutating hashes with merge() for Puppet 3.5 --- manifests/vhost.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 2b129311a3..22beec2e82 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -417,13 +417,17 @@ } if $apache_version == 2.4 { - $_directory[require] = 'all granted' + $_directory_version = { + require => 'all granted', + } } else { - $_directory[order] = 'allow,deny' - $_directory[allow] = 'from all' + $_directory_version = { + order => 'allow,deny', + allow => 'from all', + } } - $_directories = [ $_directory ] + $_directories = [ merge($_directory, $_directory_version) ] } # Template uses: From 8f248f72478a4c9b09a9d2b8695cf2969f4e0123 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Wed, 15 Jan 2014 16:41:14 -0800 Subject: [PATCH 0152/2267] Updates README Adds sections for new parameters, classes, and defined types not previously documented. Updates sections for parameters, classes, defined types, testing, and examples to reflect ongoing changes to the module. Edits for punctuation, spelling, grammar, clarity, consistency, formatting, and code correctness. Updates links to external documentation to point to the most recent and most pertinent docs. --- README.md | 1384 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 807 insertions(+), 577 deletions(-) diff --git a/README.md b/README.md index b36d7d2224..c960814f5c 100644 --- a/README.md +++ b/README.md @@ -4,27 +4,43 @@ ####Table of Contents -1. [Overview - What is the Apache module?](#overview) +1. [Overview - What is the apache module?](#overview) 2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with Apache](#setup) - * [Beginning with Apache - Installation](#beginning-with-apache) - * [Configure a Virtual Host - Basic options for getting started](#configure-a-virtual-host) -4. [Usage - The classes, defined types, and their parameters available for configuration](#usage) +3. [Setup - The basics of getting started with apache](#setup) + * [Beginning with apache - Installation](#beginning-with-apache) + * [Configure a virtual host - Basic options for getting started](#configure-a-virtual-host) +4. [Usage - The classes and defined types available for configuration](#usage) * [Classes and Defined Types](#classes-and-defined-types) * [Class: apache](#class-apache) + * [Class: apache::default_mods](#class-apachedefault_mods) + * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::ssl](#class-apachemodssl) + * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Defined Type: apache::vhost](#defined-type-apachevhost) + * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) + * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) -5. [Implementation - An under-the-hood peek at what the module is doing](#implementation) - * [Classes and Defined Types](#classes-and-defined-types) + * [Load Balancing](#load-balancing) + * [Defined Type: apache::balancer](#defined-type-apachebalancer) + * [Defined Type: apache::balancermember](#defined-type-apachebalancermember) + * [Examples - Load balancing with exported and non-exported resources](#examples) +5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) + * [Classes](#classes) + * [Public Classes](#public-classes) + * [Private Classes](#private-classes) + * [Defined Types](#defined-types) + * [Public Defined Types](#public-defined-types) + * [Private Defined Types](#private-defined-types) * [Templates](#templates) 6. [Limitations - OS compatibility, etc.](#limitations) 7. [Development - Guide for contributing to the module](#development) -8. [Release Notes - Notes on the most recent updates to the module](#release-notes) + * [Contributing to the apache module](#contributing) + * [Running tests - A quick guide](#running-tests) ##Overview -The Apache module allows you to set up virtual hosts and manage web services with minimal effort. +The apache module allows you to set up virtual hosts and manage web services with minimal effort. ##Module Description @@ -32,15 +48,15 @@ Apache is a widely-used web server, and this module provides a simplified way of ##Setup -**What Apache affects:** +**What apache affects:** * configuration files and directories (created and written to) - * **NOTE**: Configurations that are *not* managed by Puppet will be purged. + * **WARNING**: Configurations that are *not* managed by Puppet will be purged. * package/service/configuration files for Apache * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -50,7 +66,7 @@ To install Apache with the default parameters class { 'apache': } ``` -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters +The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters ```puppet class { 'apache': @@ -78,7 +94,7 @@ To configure a very basic, name-based virtual host *Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else. -A slightly more complicated example, which moves the docroot owner/group +A slightly more complicated example, changes the docroot owner/group from the default 'root' ```puppet apache::vhost { 'second.example.com': @@ -111,23 +127,22 @@ To set up a virtual host with SSL and specific SSL certificates } ``` -To set up a virtual host with IP address different than '*' +Virtual hosts listen on '*' by default. To listen on a specific IP address ```puppet apache::vhost { 'subdomain.example.com': ip => '127.0.0.1', port => '80', - docrout => '/var/www/subdomain', + docroot => '/var/www/subdomain', } ``` -To set up a virtual host with wildcard alias for subdomain mapped to same named directory -`http://examle.com.loc => /var/www/example.com` +To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, for example: `http://example.com.loc` to `/var/www/example.com` ```puppet apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', + vhost_name => '*', + port => '80', virtual_docroot' => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], @@ -157,8 +172,11 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => - { processes => '2', threads => '15', display-name => '%{GROUP}' }, + wsgi_daemon_process_options => { + processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, wsgi_import_script => '/var/www/demo.wsgi', wsgi_import_script_options => { process-group => 'wsgi', application-group => '%{GLOBAL}' }, @@ -167,7 +185,7 @@ To set up a virtual host with WSGI } ``` -Starting 2.2.16, httpd supports [FallbackResource](https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource) which is a simple replace for common RewriteRules: +Starting in Apache 2.2.16, httpd supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replace for common RewriteRules. ```puppet apache::vhost { 'wordpress.example.com': @@ -177,190 +195,202 @@ Starting 2.2.16, httpd supports [FallbackResource](https://httpd.apache.org/docs } ``` -Please note that the `disabled` argument to FallbackResource is only supported since 2.2.24. +Please note that the 'disabled' argument to FallbackResource is only supported since Apache 2.2.24. -To see a list of all virtual host parameters, [please go here](#defined-type-apachevhost). To see an extensive list of virtual host examples [please look here](#virtual-host-examples). +See a list of all [virtual host parameters](#defined-type-apachevhost). See an extensive list of [virtual host examples](#virtual-host-examples). ##Usage ###Classes and Defined Types -This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures. +This module modifies Apache configuration files and directories, and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. -It is possible to temporarily disable full Puppet management by setting the `purge_configs` parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. +It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information. ####Class: `apache` -The Apache module's primary class, `apache`, guides the basic setup of Apache on your system. +The apache module's primary class, `apache`, guides the basic setup of Apache on your system. You may establish a default vhost in this class, the `vhost` class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. **Parameters within `apache`:** -#####`default_mods` +#####`confd_dir` -Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration. +Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. -#####`default_vhost` +#####`conf_template` -Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +Overrides the template used for the main apache configuration file. Defaults to 'apache/httpd.conf.erb'. + +*Note:* Using this parameter is potentially risky, as the module has been built for a minimal configuration file with the configuration primarily coming from conf.d/ entries. #####`default_confd_files` -Generates default set of include-able apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with apache package on given platform. +Generates default set of include-able Apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with the Apache package on a given platform. -#####`default_ssl_vhost` +#####`default_mods` -Sets up a default SSL virtual host. Defaults to 'false'. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. -```puppet - apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - } -``` +Defaults to 'true', which will include the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). -SSL vhosts only respond to HTTPS queries. +If false, it will only include the mods required to make HTTPD work, and any other mods can be declared on their own. -#####`default_ssl_cert` +If an array, the apache module will include the array of mods listed. + +#####`default_ssl_ca` -The default SSL certification, which is automatically set based on your operating system (`/etc/pki/tls/certs/localhost.crt` for RedHat, `/etc/ssl/certs/ssl-cert-snakeoil.pem` for Debian, `/usr/local/etc/apache22/server.crt` for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. -#####`default_ssl_key` +#####`default_ssl_cert` -The default SSL key, which is automatically set based on your operating system (`/etc/pki/tls/private/localhost.key` for RedHat, `/etc/ssl/private/ssl-cert-snakeoil.key` for Debian, `/usr/local/etc/apache22/server.key` for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_chain` The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. -#####`default_ssl_ca` +#####`default_ssl_crl` -The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl_path` The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. -#####`default_ssl_crl` +#####`default_ssl_key` -The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. -#####`service_name` +#####`default_ssl_vhost` -Name of apache service to run. Defaults to: `'httpd'` on RedHat, `'apache2'` on Debian, and `'apache22'` on FreeBSD. +Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', will set up the following vhost: -#####`service_enable` +```puppet + apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } +``` -Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'. +SSL vhosts only respond to HTTPS queries. -#####`service_ensure` +#####`default_vhost` -Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'. +Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). -#####`purge_configs` +#####`error_documents` -Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module. +Enables custom error documents. Defaults to 'false'. -#####`serveradmin` +#####`httpd_dir` -Sets the server administrator. Defaults to 'root@localhost'. +Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but may have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. -#####`servername` +#####`keepalive` -Sets the servername. Defaults to fqdn provided by facter. +Enables persistent connections. -#####`server_root` +#####`keepalive_timeout` -A value to be set as `ServerRoot` in main configuration file (`httpd.conf`). Defaults to `/etc/httpd` on RedHat, `/etc/apache2` on Debian and `/usr/local` on FreeBSD. +Sets the amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. -#####`sendfile` +#####`log_level` -Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'. +Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. -#####`server_root` +#####`logroot` -A value to be set as `ServerRoot` in main configuration file (`httpd.conf`). Defaults to `/etc/httpd` on RedHat and `/etc/apache2` on Debian. +Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD. -#####`error_documents` +#####`manage_group` -Enables custom error documents. Defaults to 'false'. +Setting this to 'false' will stop the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. -#####`httpd_dir` +#####`manage_user` -Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS. +Setting this to 'false' will stop the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. -#####`confd_dir` +#####`mod_dir` -Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS. +Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, and '/usr/local/etc/apache22/Modules' for FreeBSD. -#####`vhost_dir` +#####`mpm_module` -Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS. +Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat and FreeBSD, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters: -#####`mod_dir` +* `apache::mod::event` +* `apache::mod::itk` +* `apache::mod::peruser` +* `apache::mod::prefork` +* `apache::mod::worker` -Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. -#####`mpm_module` +#####`package_ensure` -Configures which mpm module is loaded and configured for the httpd process by the `apache::mod::event`, `apache::mod::itk`, `apache::mod::peruser`, `apache::mod::prefork` and `apache::mod::worker` classes. Must be set to `false` to explicitly declare `apache::mod::event`, `apache::mod::itk`, `apache::mod::peruser`, `apache::mod::prefork` or `apache::mod::worker` classes with parameters. All possible values are `event`, `itk`, `peruser`, `prefork`, `worker` (valid values depend on agent's OS), or the boolean `false`. Defaults to `prefork` on RedHat and FreeBSD and `worker` on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing `$mpm_module` one has to deinstall all packages that depend on currently installed `apache`. +Allows control over the package ensure attribute. Can be 'present','absent', or a version string. -#####`conf_template` +#####`ports_file` -Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'. +Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`. -#####`keepalive` +#####`purge_configs` -Setting this allows you to enable persistent connections. +Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module. -#####`keepalive_timeout` +#####`sendfile` -Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. +Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'. -#####`logroot` +#####`serveradmin` + +Sets the server administrator. Defaults to 'root@localhost'. + +#####`servername` -Changes the location of the directory Apache log files are placed in. Defaut is based on your OS. +Sets the server name. Defaults to `fqdn` provided by Facter. -#####`log_level` +#####`server_root` -Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are `emerg`, `alert`, `crit`, `error`, `warn`, `notice`, `info` or `debug`. +Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local' on FreeBSD. -#####`ports_file` +#####`server_signature` -Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`. +Configures a trailing footer line under server-generated documents. More information about [ServerSignature](http://httpd.apache.org/docs/current/mod/core.html#serversignature). Defaults to 'On'. #####`server_tokens` -Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'. +Controls how much information Apache sends to the browser about itself and the operating system. More information about [ServerTokens](http://httpd.apache.org/docs/current/mod/core.html#servertokens). Defaults to 'OS'. -#####`server_signature` +#####`service_enable` -Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'. +Determines whether the HTTPD service is enabled when the machine is booted. Defaults to 'true'. -#####`trace_enable` +#####`service_ensure` -Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'. +Determines whether the service should be running. Can be set to 'undef', which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. -#####`manage_user` +#####`service_name` -Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error. +Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian, and 'apache22' on FreeBSD. -#####`manage_group` +#####`trace_enable` -Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error. +Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. -#####`package_ensure` +#####`vhost_dir` -Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed. +Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, and '/usr/local/etc/apache22/Vhosts' on FreeBSD. ####Class: `apache::default_mods` -Installs default Apache modules based on what OS you are running +Installs default Apache modules based on what OS you are running. ```puppet class { 'apache::default_mods': } @@ -368,7 +398,7 @@ Installs default Apache modules based on what OS you are running ####Defined Type: `apache::mod` -Used to enable arbitrary Apache httpd modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type will also install the required packages to enable the module, if any. +Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type will also install the required packages to enable the module, if any. ```puppet apache::mod { 'rewrite': } @@ -422,22 +452,22 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rewrite` * `rpaf`* * `setenvif` -* `ssl`* (see [apache::mod::ssl](#class-apachemodssl) below) +* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) * `status`* * `suphp` * `userdir`* * `vhost_alias` * `worker`* -* `wsgi` (see [apache::mod::wsgi](#class-apachemodwsgi) below) +* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below) * `xsendfile` Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention. -The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files. +The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install and the module will not work without the template. Any module without a template will install the package but drop no files. ####Class: `apache::mod::ssl` -Installs Apache SSL capabilities and utilizes `ssl.conf.erb` template. These are the defaults: +Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: ```puppet class { 'apache::mod::ssl': @@ -446,24 +476,31 @@ Installs Apache SSL capabilities and utilizes `ssl.conf.erb` template. These are } ``` -To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. ####Class: `apache::mod::wsgi` +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. + +For customized parameters, which tell Apache how Python is currently configured on the operating system, + ```puppet class { 'apache::mod::wsgi': wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", - wsgi_python_home => '/path/to/virtenv', - wsgi_python_path => '/path/to/virtenv/site-packages', + wsgi_python_home => '/path/to/venv', + wsgi_python_path => '/path/to/venv/site-packages', } ``` + +More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). + ####Defined Type: `apache::vhost` -The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters. +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. -The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base `apache` class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). -If you have a series of specific configurations and do not want a base `apache` class default vhost, make sure to set the base class default host to 'false'. +If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. ```puppet class { 'apache': @@ -473,15 +510,13 @@ If you have a series of specific configurations and do not want a base `apache` **Parameters within `apache::vhost`:** -The default values for each parameter will vary based on operating system and type of virtual host. - #####`access_log` -Specifies whether `*_access.log` directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'. +Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' will choose none. Defaults to 'true'. #####`access_log_file` -Points to the `*_access.log` file. Defaults to 'undef'. +Sets the `*_access.log` filename that is placed in `$logroot`. Given a vhost, example.com, it defaults to 'example.com_ssl.log' for SSL vhosts and 'example.com_access.log' for non-SSL vhosts. #####`access_log_pipe` @@ -493,40 +528,48 @@ Sends all access log messages to syslog. Defaults to 'undef'. #####`access_log_format` -Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'. +Specifies the use of either a LogFormat nickname or a custom format string for the access log. Defaults to 'combined'. See [these examples](http://httpd.apache.org/docs/current/mod/mod_log_config.html). #####`access_log_env_var` -Adds writing control of access log via environment variable of the access. Defaults to 'undef'. +Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. #####`add_listen` -Determines whether the vhost creates a listen statement. The default value is 'true'. +Determines whether the vhost creates a Listen statement. The default value is 'true'. + +Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. -Setting `add_listen` to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +#####`additional_includes` + +Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. #####`aliases` -Passes a list of hashes to the vhost to create `Alias` or `AliasMatch` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: +Passes a list of hashes to the vhost to create Alias or AliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: -``` +```puppet aliases => [ - { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg' } - { alias => '/image', path => '/ftp/pub/image' }, + { aliasmatch => '^/image/(.*)\.jpg$', + path => '/files/jpg.images/$1.jpg', + } + { alias => '/image', + path => '/ftp/pub/image', + }, ], ``` -For `Alias` and `AliasMatch` to work, each will need a corresponding `` or `` block. The `Alias` and `AliasMatch` directives are created in the order specified in the `aliases` paramter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html) more specific `Alias` or `AliasMatch` directives should come before the more general ones to avoid shadowing. +For `alias` and `aliasmatch` to work, each will need a corresponding context, such as '< Directory /path/to/directory>' or ''. The Alias and AliasMatch directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias` or `aliasmatch` parameters should come before the more general ones to avoid shadowing. -**Note:** If `apache::mod::passenger` is loaded and `PassengerHighPerformance true` is set, then `Alias` may have issues honouring the `PassengerEnabled off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias may have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. #####`block` -Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the [Development](#development) section. +Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. #####`custom_fragment` -Pass a string of custom configuration directives to be placed at the end of the vhost configuration. +Passes a string of custom configuration directives to be placed at the end of the vhost configuration. Defaults to 'undef'. #####`default_vhost` @@ -534,656 +577,797 @@ Sets a given `apache::vhost` as the default to serve requests that do not match #####`directories` -Passes a list of hashes to the vhost to create `...` directive blocks as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#directory). The `path` key is required in these hashes. An optional `provider` defaults to `directory`. Usage will typically look like: +See the [`directories` section](#parameter-directories-for-apachevhost). -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', => }, - { path => '/path/to/another/directory', => }, - ], - } -``` +#####`directoryindex` -*Note:* At least one directory should match `docroot` parameter, once you start declaring directories `apache::vhost` assumes that all required `` blocks will be declared. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. [DirectoryIndex](http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex) has more information. Defaults to 'undef'. -*Note:* If not defined a single default `` block will be created that matches the `docroot` parameter. +#####`docroot` -`provider` can be set to any of `directory`, `files`, or `location`. If the [pathspec starts with a `~`](https://httpd.apache.org/docs/2.2/mod/core.html#files), httpd will interpret this as the equivalent of `DirectoryMatch`, `FilesMatch`, or `LocationMatch`, respectively. +Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. -```puppet - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { path => '~ (\.swp|\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' }, - ], - } -``` +#####`docroot_group` -The directives will be embedded within the `Directory` (`Files`, or `Location`) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives: +Sets group access to the docroot directory. Defaults to 'root'. -######`addhandlers` +#####`docroot_owner` -Sets `AddHandler` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler). Accepts a list of hashes of the form `{ handler => 'handler-name', extensions => ['extension']}`. Note that `extensions` is a list of extenstions being handled by the handler. -An example: +Sets individual user access to the docroot directory. Defaults to 'root'. -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', - addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ], - } ], - } -``` +#####`error_log` -######`allow` +Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. -Sets an `Allow` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow). An example: +#####`error_log_file` -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', allow => 'from example.org' } ], - } -``` +Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. -######`allow_override` +#####`error_log_pipe` -Sets the usage of `.htaccess` files as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride). Should accept in the form of a list or a string. An example: +Specifies a pipe to send error log messages to. Defaults to 'undef'. -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ], - } -``` +#####`error_log_syslog` -######`deny` +Sends all error log messages to syslog. Defaults to 'undef'. + +#####`error_documents` -Sets an `Deny` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny). An example: +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: ```puppet apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', deny => 'from example.org' } ], + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, + ], } ``` -######`error_documents` -A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/2.2/mod/core.html#errordocument) settings for this directory. Example: +#####`ensure` -```puppet - apache::vhost { 'sample.example.net': - directories => [ { path => '/srv/www' - error_documents => [ - { 'error_code' => '503', 'document' => '/service-unavail' }, - ], - }] - } -``` +Specifies if the vhost file is present or absent. Defaults to 'present'. -######`headers` +#####`fallbackresource` -Adds lines for `Header` directives as per the [Apache Header documentation](http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header). An example: +Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'. -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => { - path => '/path/to/directory', - headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - }, - } -``` +#####`headers` -######`options` +Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. -Lists the options for the given `` block +#####`ip` -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }], - } -``` +Sets the IP address the vhost listens on. Defaults to listen on all IPs. -######`index_options` +#####`ip_based` -Styles the list +Enables an [IP-based](httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }], - } -``` +#####`itk` -######`index_order_default` -Sets the order of the list +Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys may be: -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ], - } -``` +* user + group +* `assignuseridexpr` +* `assigngroupidexpr` +* `maxclientvhost` +* `nice` +* `limituidrange` (Linux 3.5.0 or newer) +* `limitgidrange` (Linux 3.5.0 or newer) -######`order` -Sets the order of processing `Allow` and `Deny` statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). An example: +Usage will typically look like: ```puppet apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ], + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, } ``` -######`auth_type` +#####`logroot` -Sets the value for `AuthType` as per the [Apache AuthType -documentation](https://httpd.apache.org/docs/2.2/mod/core.html#authtype). +Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. -######`auth_name` +#####`log_level` -Sets the value for `AuthName` as per the [Apache AuthName -documentation](https://httpd.apache.org/docs/2.2/mod/core.html#authname). +Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. -######`auth_digest_algorithm` +#####`no_proxy_uris` -Sets the value for `AuthDigestAlgorithm` as per the [Apache -AuthDigestAlgorithm -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm) +Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). -######`auth_digest_domain` +#####`options` -Sets the value for `AuthDigestDomain` as per the [Apache AuthDigestDomain -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain). +Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: -######`auth_digest_nonce_lifetime` +```puppet + apache::vhost { 'site.name.fdqn': + … + options => ['Indexes','FollowSymLinks','MultiViews'], + } +``` -Sets the value for `AuthDigestNonceLifetime` as per the [Apache -AuthDigestNonceLifetime -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime) +*Note:* If you use [`directories`](#parameter-directories-for-apachevhost), 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. -######`auth_digest_provider` +#####`override` -Sets the value for `AuthDigestProvider` as per the [Apache AuthDigestProvider -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider). +Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. -######`auth_digest_qop` +#####`php_admin_flags & values` -Sets the value for `AuthDigestQop` as per the [Apache AuthDigestQop -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop). +Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. -######`auth_digest_shmem_size` +#####`port` -Sets the value for `AuthAuthDigestShmemSize` as per the [Apache AuthDigestShmemSize -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize). +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host will only listen on the port set in this parameter. -######`auth_basic_authoritative` +#####`priority` -Sets the value for `AuthBasicAuthoritative` as per the [Apache -AuthBasicAuthoritative -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative). +Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. -######`auth_basic_fake` +If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match. -Sets the value for `AuthBasicFake` as per the [Apache AuthBasicFake -documentation](https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake). +*Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. -######`auth_basic_provider` +#####`proxy_dest` -Sets the value for `AuthBasicProvider` as per the [Apache AuthBasicProvider -documentation](https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider). +Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. -######`auth_user_file` +#####`proxy_pass` -Sets the value for `AuthUserFile` as per the [Apache AuthUserFile -documentation](https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile). +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. -######`auth_group_file` +```puppet +apache::vhost { 'site.name.fdqn': + … + proxy_pass => [ + { 'path' => '/a', 'url' => 'http://backend-a/' }, + { 'path' => '/b', 'url' => 'http://backend-b/' }, + { 'path' => '/c', 'url' => 'http://backend-a/c' }, + ], +} +``` -Sets the value for `AuthGroupFile` as per the [Apache AuthGroupFile -documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html#authgroupfile). +#####`rack_base_uris` -######`auth_require` +Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. -Sets the value for `AuthName` as per the [Apache Require -documentation](https://httpd.apache.org/docs/2.2/mod/core.html#require) +#####`redirect_dest` +Specifies the address to redirect to. Defaults to 'undef'. -######`passenger_enabled` +#####`redirect_source` -Sets the value for the `PassengerEnabled` directory to `on` or `off` as per the [Passenger documentation](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled). +Specifies the source URIs that will redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length and the items will be order-dependent. ```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ], + apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } ``` -**Note:** This directive requires `apache::mod::passenger` to be active, Apache may not start with an unrecognised directive without it. +#####`redirect_status` -**Note:** Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the `PassengerEnabled` directive with the `PassengerHighPerformance` directive. +Specifies the status to append to the redirect. Defaults to 'undef'. -######`ssl_options` +```puppet + apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], + } +``` -String or list of [`SSLOptions`](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions) for the given `` block. This overrides, or refines the [`SSLOptions`](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions) of the parent block (either vhost, or server). +#####`redirectmatch_regexp` & `redirectmatch_status` + +Determines which server status should be raised for a given regular expression. Entered as an array. Defaults to 'undef'. ```puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', ssl_options => '+ExportCertData' } - { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] }, + apache::vhost { 'site.name.fdqn': + … + redirectmatch_status => ['404','404'], + redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + } +``` + +#####`request_headers` + +Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. + +```puppet + apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', ], } ``` -######`suphp` +#####`rewrites` + +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. -An array containing two values: User and group for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. -This directive must be used with `suphp_engine => on` in the vhost declaration. This directive only works in `` or ``. +For example, you can specify that anyone trying to access index.html will be served welcome.html ```puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' } + apache::vhost { 'site.name.fdqn': + … + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] + } +``` + +The parameter allows rewrite conditions that, when true, will execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE + +```puppet + apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, ], } ``` -######`php_admin_value` and `php_admin_flag` +You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -Allows per-vhost (and per-directory) setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user, or an application. +```puppet + apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], + } +``` -######`custom_fragment` +Multiple rewrites and conditions are also possible -Pass a string of custom configuration directives to be placed at the end of the -directory configuration. +```puppet + apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + } + rewrite_base => /apps/, + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + }, + ], + } +``` -#####`directoryindex` +Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. -Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name.. +#####`scriptalias` -#####`docroot` +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for example: '/usr/scripts'. Defaults to 'undef'. -Provides the DocumentRoot directive, identifying the directory Apache serves files from. +#####`scriptaliases` -#####`docroot_group` +Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: -Sets group access to the docroot directory. Defaults to 'root'. +```puppet + scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, + ] +``` -#####`docroot_owner` +The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing. -Sets individual user access to the docroot directory. Defaults to 'root'. +#####`serveradmin` -#####`error_log` +Specifies the email address Apache will display when it renders one of its error pages. Defaults to 'undef'. -Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. +#####`serveraliases` -#####`error_log_file` +Sets the [ServerAliases](http://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Defaults to '[]'. -Points to the `*_error.log` file. Defaults to 'undef'. +#####`servername` -#####`error_log_pipe` +Sets the servername corresponding to the hostname you connect to the virtual host at. Defaults to the title of the resource. -Specifies a pipe to send error log messages to. Defaults to 'undef'. +#####`setenv` -#####`error_log_syslog` +Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. -Sends all error log messages to syslog. Defaults to 'undef'. +#####`setenvif` -#####`error_documents` +Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. + +#####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` + +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). + +`suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. -A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/2.2/mod/core.html#errordocument) settings for this vhost. Defaults to `[]`. Example: +`suphp_configpath` defaults to 'undef' on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian. + +`suphp_engine` allows values 'on' or 'off'. Defaults to 'off' + +To set up a virtual host with suPHP ```puppet - apache::vhost { 'sample.example.net': - error_documents => [ - { 'error_code' => '503', 'document' => '/service-unavail' }, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, - ], + apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } } ``` -#####`ensure` +#####`vhost_name` -Specifies if the vhost file is present or absent. +Enables name-based virtual hosting. If no IP is passed to the virtual host but the vhost is assigned a port, then the vhost name will be 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name will be set to the title of the resource. Defaults to '*'. -#####`fastcgi_server` +#####`virtual_docroot` -Specifies the filename as an external FastCGI application. Defaults to 'undef'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. -#####`fastcgi_socket` +```puppet + apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot' => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], + } +``` -Filename used to communicate with the web server. Defaults to 'undef'. +#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, & `wsgi_script_aliases` -#####`fastcgi_dir` +Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). -Directory to enable for FastCGI. Defaults to 'undef'. +`wsgi_daemon_process` sets the name of the WSGI daemon. It is a hash, accepting [these keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html), and it defaults to 'undef'. -#####`additional_includes` +`wsgi_daemon_process_options` is optional and defaults to 'undef'. -Specifies paths to additional static vhost-specific Apache configuration files. -This option is useful when you need to implement a unique and/or custom -configuration not supported by this module. +`wsgi_process_group` sets the group ID the virtual host will run under. Defaults to 'undef'. -#####`headers` +`wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. -Specifies additional response headers as per [the `mod_headers` documentation](http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header). +To set up a virtual host with WSGI ```puppet - apache::vhost { 'site.name.fdqn': - … - headers => [ - 'add Strict-Transport-Security "max-age=15768000"', - 'merge Cache-Control no-cache env=CGI', + apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => + { processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + } +``` + +####Parameter `directories` for `apache::vhost` + +The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. + +Each hash passed to `directories` must contain `path` as one of the keys. You may also pass in `provider` which, if missing, defaults to 'directory'. (A full list of acceptable keys is below.) General usage will look something like + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', => }, + { path => '/path/to/another/directory', => }, ], } ``` -#####`ip` +*Note:* At least one directory should match the `docroot` parameter. Once you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block will be created that matches the `docroot` parameter. -The IP address the vhost listens on. Defaults to 'undef'. +The `provider` key can be set to 'directory', 'files', or 'location'. If the path starts with a [~](https://httpd.apache.org/docs/current/mod/core.html#files), HTTPD will interpret this as the equivalent of DirectoryMatch, FilesMatch, or LocationMatch. -#####`ip_based` +```puppet + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' + }, + ], + } +``` -Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. +Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like -#####`logroot` +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', handler => value } ], +} +``` -Specifies the location of the virtual host's logfiles. Defaults to `/var/log//`. +Any handlers you do not set in these hashes will be considered 'undefined' within Puppet and will not be added to the virtual host, resulting in the module using their default values. Currently this is the list of supported handlers: -#####`log_level` +######`addhandlers` -Specifies the verbosity level of the error log. Defaults to `warn` for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for `log_level` is one of `emerg`, `alert`, `crit`, `error`, `warn`, `notice`, `info` or `debug`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. -#####`no_proxy_uris` +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], + }, + ], + } +``` + +######`allow` -Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with `proxy_dest`. +Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. -#####`options` +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, + ], + } +``` -Lists the options for the given virtual host +######`allow_override` + +Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. ```puppet - apache::vhost { 'site.name.fdqn': - … - options => ['Indexes','FollowSymLinks','MultiViews'], + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, + ], } ``` -#####`override` +######`auth_basic_authoritative` -Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments. +Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. -#####`port` +######`auth_basic_fake` -Sets the port the host is configured on. +Sets the value for [AuthBasicFake](httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. -#####`priority` +######`auth_basic_provider` -Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'. +Sets the value for [AuthBasicProvider] (httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. -If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match. +######`auth_digest_algorithm` -*Note*: You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. +Sets the value for [AuthDigestAlgorithm](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. -#####`proxy_dest` +######`auth_digest_domain` -Specifies the destination address of a proxypass configuration. Defaults to 'undef'. +Sets the value for [AuthDigestDomain](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. -#####`proxy_pass` +######`auth_digest_nonce_lifetime` -Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'. +Sets the value for [AuthDigestNonceLifetime](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. -Example: +######`auth_digest_provider` -```puppet -$proxy_pass = [ - { 'path' => '/a', 'url' => 'http://backend-a/' }, - { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' } -] +Sets the value for [AuthDigestProvider](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. -apache::vhost { 'site.name.fdqn': - … - proxy_pass => $proxy_pass, -} -``` +######`auth_digest_qop` -#####`rack_base_uris` +Sets the value for [AuthDigestQop](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. -Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the `_rack.erb` template. Defaults to 'undef'. +######`auth_digest_shmem_size` -#####`redirect_dest` +Sets the value for [AuthAuthDigestShmemSize](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. -Specifies the address to redirect to. Defaults to 'undef'. +######`auth_group_file` -#####`redirect_source` +Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. -Specifies the source items? that will redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. +######`auth_name` -```puppet - apache::vhost { 'site.name.fdqn': - … - redirect_source => ['/images','/downloads'], - redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], - } -``` +Sets the value for [AuthName](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. -#####`redirect_status` +######`auth_require` -Specifies the status to append to the redirect. Defaults to 'undef'. +Sets the entity name you're requiring to allow access. Read more about [Require](http://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). -```puppet - apache::vhost { 'site.name.fdqn': - … - redirect_status => ['temp','permanent'], - } +######`auth_type` + +Sets the value for [AuthType](httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. + +######`auth_user_file` + +Sets the value for [AuthUserFile](httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. + +######`custom_fragment` + +Pass a string of custom configuration directives to be placed at the end of the directory configuration. + +```puppet + apache::vhost { 'monitor': + … + custom_fragment => ' + + SetHandler balancer-manager + Order allow,deny + Allow from all + + + SetHandler server-status + Order allow,deny + Allow from all + + ProxyStatus On', +} ``` -#####`request_headers` +######`deny` -Specifies additional request headers. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. ```puppet - apache::vhost { 'site.name.fdqn': - … - request_headers => [ - 'append MirrorID "mirror 12"', - 'unset MirrorID', + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` -#####`rewrite_base` +######`error_documents` -Limits the `rewrites` to the specified base URL. Defaults to 'undef'. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet - apache::vhost { 'site.name.fdqn': - … - rewrite_base => '/blog/', - rewrites => [ - { rewrite_rule => ['^index\.html$ welcome.html'] } - ] + apache::vhost { 'sample.example.net': + directories => [ + { path => '/srv/www', + error_documents => [ + { 'error_code' => '503', + 'document' => '/service-unavail', + }, + ], + }, + ], } ``` -The above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/. - -#####`rewrites` +######`headers` -Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html. +Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. ```puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => { + path => '/path/to/directory', + headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + }, } ``` -Allows rewrite conditions, that when true, will execute the associated rule. For example +######`index_options` + +Allows configuration settings for [directory indexing](httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). ```puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'redirect IE', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ welcome.html'], - } - ] + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + }, + ], } ``` -will rewrite URLs only if the visitor is using IE. +######`index_order_default` -Multiple conditions can be applied, the following will rewrite index.html to welcome.html only when the browser is lynx or mozilla version 1 or 2 +Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. ```puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - } - ] + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + index_order_default => ['Descending', 'Date'], + }, + ], } ``` -Multiple rewrites and conditions are also possible +######`options` + +Lists the [Options](httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ```puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - { - comment => 'Internet Explorer', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, - } - rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], - } - ] + ], } ``` -refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions +######`order` -#####`scriptalias` +Sets the order of processing Allow and Deny statements as per [Apache core documentation](httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. -Defines a directory of CGI scripts to be aliased to the path '/cgi-bin' +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + }, + ], + } +``` -#####`scriptaliases` +######`passenger_enabled` -Passes a list of hashes to the vhost to create `ScriptAlias` or `ScriptAliasMatch` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: +Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. ```puppet - scriptaliases => [ - { - alias => '/myscript', - path => '/usr/share/myscript', - }, - { - aliasmatch => '^/foo(.*)', - path => '/usr/share/fooscripts$1', - }, - { - aliasmatch => '^/bar/(.*)', - path => '/usr/share/bar/wrapper.sh/$1', - }, - { - alias => '/neatscript', - path => '/usr/share/neatscript', - }, - ] + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, + ], + } ``` -These directives are created in the order specified. As with `Alias` and `AliasMatch` directives the more specific aliases should come before the more general ones to avoid shadowing. +*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. -#####`serveradmin` +######`php_admin_value` and `php_admin_flag` -Specifies the email address Apache will display when it renders one of its error pages. +`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -#####`serveraliases` +######`ssl_options` -Sets the server aliases of the site. +String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. -#####`servername` +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + ssl_options => '+ExportCertData', + }, + { path => '/path/to/different/dir', + ssl_options => [ '-StdEnvVars', '+ExportCertData'], + }, + ], + } +``` -Sets the primary name of the virtual host. +######`suphp` -#####`setenv` +A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and may only be passed within `directories`. -Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', + }, + }, + ], + } +``` -#####`setenvif` +####SSL parameters for `apache::vhost` -Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. +All of the SSL parameters for `::vhost` will default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` -Specifies the certificate authority. +Specifies the SSL certificate authority. Defaults to 'undef'. #####`ssl_cert` -Specifies the SSL certification. +Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD. #####`ssl_protocol` -Specifies the SSL Protocol (SSLProtocol). +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. + +If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'all -SSLv2'. #####`ssl_cipher` -Specifies the SSLCipherSuite. +Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'undef'. + +If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. #####`ssl_honorcipherorder` -Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order +Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Defaults to 'On' in the base `apache` config. #####`ssl_certs_dir` -Specifies the location of the SSL certification directory. Defaults to `/etc/ssl/certs` on Debian and `/etc/pki/tls/certs` on RedHat. +Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, and '/usr/local/etc/apache22' on FreeBSD. #####`ssl_chain` -Specifies the SSL chain. +Specifies the SSL chain. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl` -Specifies the certificate revocation list to use. +Specifies the certificate revocation list to use. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl_path` -Specifies the location of the certificate revocation list. +Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_key` -Specifies the SSL key. +Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_verify_client` -Sets `SSLVerifyClient` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient). Defaults to undef. -An example: +Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. ```puppet apache::vhost { 'sample.example.net': @@ -1194,8 +1378,7 @@ An example: #####`ssl_verify_depth` -Sets `SSLVerifyDepth` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth). Defaults to undef. -An example: +Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. ```puppet apache::vhost { 'sample.example.net': @@ -1206,7 +1389,9 @@ An example: #####`ssl_options` -Sets `SSLOptions` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions). This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example: +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. + +A string: ```puppet apache::vhost { 'sample.example.net': @@ -1215,7 +1400,7 @@ Sets `SSLOptions` directives as per the [Apache Core documentation](http://httpd } ``` -An array of strings example: +An array: ```puppet apache::vhost { 'sample.example.net': @@ -1226,40 +1411,12 @@ An array of strings example: #####`ssl_proxyengine` -Specifies whether to use `SSLProxyEngine` or not. Defaults to `false`. - -#####`vhost_name` - -This parameter is for use with name-based virtual hosting. Defaults to '*'. - -#####`itk` - -Hash containing infos to configure itk as per the [ITK documentation](http://mpm-itk.sesse.net/). +Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. -Keys could be: -* user + group -* assignuseridexpr -* assigngroupidexpr -* maxclientvhost -* nice -* limituidrange (Linux 3.5.0 or newer) -* limitgidrange (Linux 3.5.0 or newer) - -Usage will typically look like: - -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, - } -``` ###Virtual Host Examples -The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. +The apache module allows you to set up pretty much any configuration of virtual host you might need. This section will address some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. Configure a vhost with a server administrator @@ -1427,48 +1584,67 @@ If you want to add two name-based vhosts so that they will answer on either 10.0 } ``` -##Implementation +###Load Balancing -###Classes and Defined Types +####Defined Type: `apache::balancer` -####Class: `apache::dev` +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). -Installs Apache development libraries +One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. -```puppet - class { 'apache::dev': } -``` +**Parameters within `apache::balancer`:** -On FreeBSD you're required to define `apache::package` or `apache` class before `apache::dev`. +#####`name` -####Defined Type: `apache::listen` +Sets the balancer cluster's title. This parameter will also set the title of the conf.d file. -Controls which ports Apache binds to for listening based on the title: +#####`proxy_set` -```puppet - apache::listen { '80': } - apache::listen { '443': } -``` +Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) lines. Accepts a hash, and defaults to '{}'. -Declaring this defined type will add all `Listen` directives to the `ports.conf` file in the Apache httpd configuration directory. `apache::listen` titles should always take the form of: ``, `:`, or `[]:` +#####`collect_exported` -Apache httpd requires that `Listen` directives must be added for every port. The `apache::vhost` defined type will automatically add `Listen` directives unless the `apache::vhost` is passed `add_listen => false`. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. -####Defined Type: `apache::namevirtualhost` +If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. -Enables named-based hosting of a virtual host +If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. +<<<<<<< HEAD ```puppet apache::namevirtualhost { '*:80': } ``` Declaring this defined type will add all `NameVirtualHost` directives to the `ports.conf` file in the Apache https configuration directory. `apache::namevirtualhost` titles should always take the form of: `*`, `*:`, `_default_:`, ``, or `:`. +======= +If you choose not to use exported resources, all balancer members will be configured in a single puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. +>>>>>>> Updates README ####Defined Type: `apache::balancermember` -Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources. +Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which will set up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. + +**Parameters within `apache::balancermember`:** + +#####`name` + +Sets the title of the resource. This name will also set the name of the concat fragment. -On every app server you can export a balancermember like this: +#####`balancer_cluster` + +Sets the Apache service's instance name. This must match the name of a declared `apache::balancer` resource. Required. + +#####`url` + +Specifies the URL used to contact the balancer member server. Defaults to 'http://${::fqdn}/'. + +#####`options` + +An array of [options](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#balancermember) to be specified after the URL. Accepts any key-value pairs available to [ProxyPass](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass). + +####Examples + +To load balance with exported resources, export the `balancermember` from the balancer member ```puppet @@apache::balancermember { "${::fqdn}-puppet00": @@ -1478,13 +1654,26 @@ On every app server you can export a balancermember like this: } ``` -And on the proxy itself you create the balancer cluster using the defined type apache::balancer: +Then, on the proxy server, create the balancer cluster ```puppet apache::balancer { 'puppet00': } ``` -If you need to use ProxySet in the balncer config you can do as so: +To load balance without exported resources, declare the following on the proxy + +```puppet + apache::balancer { 'puppet00': } + apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009" + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], + } +``` + +Then declare `apache::balancer` and `apache::balancermember` on the proxy server. + +If you need to use ProxySet in the balancer config ```puppet apache::balancer { 'puppet01': @@ -1492,17 +1681,54 @@ If you need to use ProxySet in the balncer config you can do as so: } ``` +##Reference + +###Classes + +####Public Classes + +* [`apache`](#class-apache): Guides the basic setup of Apache. +* `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) +* [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. + +####Private Classes + +* `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. +* `apache::default_confd_files`: Includes conf.d files for FreeBSD. +* `apache::default_mods`: Installs the Apache modules required to run the default configuration. +* `apache::package`: Installs and configures basic Apache packages. +* `apache::params`: Manages Apache parameters. +* `apache::service`: Manages the Apache daemon. + +###Defined Types + +####Public Defined Types + +* `apache::balancer`: Creates an Apache balancer cluster. +* `apache::balancermember`: Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). +* `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. +* `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. +* `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. + +####Private Defined Types + +* `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. +* `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. + ###Templates The Apache module relies heavily on templates to enable the `vhost` and `apache::mod` defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration. ##Limitations -This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04, Debian 7, and RHEL 5 & 6 platforms against both the OSS and Enterprise version of Puppet. + +The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions may occur. ##Development -### Overview +###Contributing Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. @@ -1510,9 +1736,9 @@ We want to keep it as easy as possible to contribute changes so that our modules You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) -### Running tests +###Running tests -This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [rspec-system](https://github.com/puppetlabs/rspec-system) to verify functionality. For in-depth information please see their respective documentation. +This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation. Quickstart: @@ -1520,6 +1746,7 @@ Quickstart: bundle install bundle exec rake spec bundle exec rspec spec/acceptance +<<<<<<< HEAD ##Copyright and License @@ -1538,3 +1765,6 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. +======= + RS_DEBUG=yes bundle exec rspec spec/acceptance +>>>>>>> Updates README From 2712be8569628773b916eae6746e730263282c85 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Tue, 18 Feb 2014 16:30:33 -0800 Subject: [PATCH 0153/2267] Final edits to fix merge conflicts --- README.md | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/README.md b/README.md index c960814f5c..2644c88f7d 100644 --- a/README.md +++ b/README.md @@ -1610,15 +1610,7 @@ If you statically declare all of your backend servers, you should set this to 'f If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. -<<<<<<< HEAD -```puppet - apache::namevirtualhost { '*:80': } -``` - -Declaring this defined type will add all `NameVirtualHost` directives to the `ports.conf` file in the Apache https configuration directory. `apache::namevirtualhost` titles should always take the form of: `*`, `*:`, `_default_:`, ``, or `:`. -======= If you choose not to use exported resources, all balancer members will be configured in a single puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. ->>>>>>> Updates README ####Defined Type: `apache::balancermember` @@ -1746,25 +1738,4 @@ Quickstart: bundle install bundle exec rake spec bundle exec rspec spec/acceptance -<<<<<<< HEAD - -##Copyright and License - -Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc - -Puppet Labs can be contacted at: info@puppetlabs.com - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -======= - RS_DEBUG=yes bundle exec rspec spec/acceptance ->>>>>>> Updates README + RS_DEBUG=yes bundle exec rspec spec/acceptance \ No newline at end of file From 109c25f82ab7bd8bab7d932e5d6bafe6da6d0c78 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Tue, 18 Feb 2014 16:32:20 -0800 Subject: [PATCH 0154/2267] Fix replace/replacements --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2644c88f7d..21b7719327 100644 --- a/README.md +++ b/README.md @@ -185,7 +185,7 @@ To set up a virtual host with WSGI } ``` -Starting in Apache 2.2.16, httpd supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replace for common RewriteRules. +Starting in Apache 2.2.16, HTTPD supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replacement for common RewriteRules. ```puppet apache::vhost { 'wordpress.example.com': From eb0218ba4d22213acdd6cac76cf873c3c0b06d83 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Wed, 19 Feb 2014 10:58:45 -0500 Subject: [PATCH 0155/2267] Change test location to be under /tmp/. --- spec/acceptance/class_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 62107ed61b..b28121be6a 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -38,16 +38,16 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - file { '/apache': ensure => directory, } + file { '/tmp/apache_custom': ensure => directory, } class { 'apache': - mod_dir => '/apache/mods', - vhost_dir => '/apache/vhosts', + mod_dir => '/tmp/apache_custom/mods', + vhost_dir => '/tmp/apache_custom/vhosts', } EOS # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + apply_manifest(pp, :catch_changes => true) end describe service(service_name) do From 964884e2350b06f25dcfca38016098ab7aa21e24 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 18 Feb 2014 15:04:24 -0800 Subject: [PATCH 0156/2267] Add rewrite_base functionality to rewrites Previously rewrite_base was a parameter to vhost, but was removed incorrectly. When rewrites was created to replace rewrite_* parameters, rewrite_base was forgotten. This adds back the deprecated rewrite_base parameter and adds the rewrite_base support to the rewrites parameter. --- manifests/vhost.pp | 4 ++++ spec/defines/vhost_spec.rb | 6 +++++- templates/vhost/_rewrite.erb | 37 +++++++++++++++++++----------------- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 22beec2e82..77c340ace9 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -153,6 +153,7 @@ $headers = undef, $request_headers = undef, $rewrites = undef, + $rewrite_base = undef, $rewrite_rule = undef, $rewrite_cond = undef, $setenv = [], @@ -199,6 +200,9 @@ } # Deprecated backwards-compatibility + if $rewrite_base { + warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') + } if $rewrite_rule { warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2cd2bb29d7..c166c9315f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1138,7 +1138,8 @@ let :params do default_params.merge({ :rewrites => [ { - 'comment' => 'test rewrites', + 'comment' => 'test rewrites', + 'rewrite_base' => '/mytestpath/', 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], 'rewrite_rule' => ['^index\.html$ welcome.html', '^index\.cgi$ index.php'], } @@ -1151,6 +1152,9 @@ should contain_file("25-#{title}.conf").with_content( /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ ) + should contain_file("25-#{title}.conf").with_content( + /^ RewriteBase \/mytestpath\/$/ + ) should contain_file("25-#{title}.conf").with_content( /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ ) diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index dbb437c1d6..af8b45001e 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -1,28 +1,31 @@ -<% if @rewrites -%> +<%- if @rewrites -%> ## Rewrite rules RewriteEngine On -<% if @rewrite_base -%> + <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> -<% end -%> + <%- end -%> -<% [@rewrites].flatten.compact.each do |rewrite_details| -%> -<% if rewrite_details['comment'] -%> + <%- [@rewrites].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> #<%= rewrite_details['comment'] %> -<% end -%> -<% if rewrite_details['rewrite_cond'] -%> -<%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> -<%- Array(commands).each do |command| -%> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> RewriteCond <%= command %> -<%- end -%> -<% end -%> -<% end -%> -<%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> -<%- Array(commands).each do |command| -%> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> RewriteRule <%= command %> -<%- end -%> + <%- end -%> -<% end -%> -<% end -%> + <%- end -%> + <%- end -%> <%- end -%> <%# reverse compatibility %> <% if @rewrite_rule and !@rewrites -%> From b1668d8598e57e5f10085da872193b843c39cfc4 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 20 Feb 2014 11:58:04 -0800 Subject: [PATCH 0157/2267] Document apache::apache_version --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 21b7719327..fd21507cdc 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,10 @@ You may establish a default vhost in this class, the `vhost` class, or both. You **Parameters within `apache`:** +#####`apache_version` + +Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. + #####`confd_dir` Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. @@ -1738,4 +1742,4 @@ Quickstart: bundle install bundle exec rake spec bundle exec rspec spec/acceptance - RS_DEBUG=yes bundle exec rspec spec/acceptance \ No newline at end of file + RS_DEBUG=yes bundle exec rspec spec/acceptance From f73b4d40cc09e9a54578acbb7d5791c0a6ed5197 Mon Sep 17 00:00:00 2001 From: jonoterc Date: Tue, 4 Feb 2014 00:24:10 -0500 Subject: [PATCH 0158/2267] enable overriding mod-level parameters for apache::mod::passenger apache::mod::passenger didn't accept/pass (optional) mod parameters through to apache::mod, so only auto-generated module parameters were used. Without this option apache::mod::passenger could not be used in conjunction with passenger modules beyond those generated by OS package system (in particular, modules compiled via passenger-install-apache2-module, which use differing paths). This commit enables passing in all parameters used with "apache::mod", documented in the passenger README includes basic spec/acceptance tests; verifying a default installation as well as passing in module loading parameters. new tests revealed undocumented Redhat dependencies on a passenger- specific repository as well as the EPEL repository; as a first step these dependencies are being manually resolved during setup for the acceptance testing suite. --- README.passenger.md | 62 +++++++++++++++++++++++++----- manifests/mod/passenger.pp | 37 ++++++++++++++---- manifests/params.pp | 4 +- spec/classes/mod/passenger_spec.rb | 31 ++++++++++++++- spec/spec_helper_acceptance.rb | 23 +++++++++++ 5 files changed, 136 insertions(+), 21 deletions(-) diff --git a/README.passenger.md b/README.passenger.md index cecacccc4f..1cc21202b8 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -2,7 +2,9 @@ Just enabling the Passenger module is insufficient for the use of Passenger in production. Passenger should be tunable to better fit the environment in which it is run while being aware of the resources it required. -To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris' parameter on the `apache::vhost` class, check `README.md`). +To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris` parameter on the `apache::vhost` class, check `README.md`). + +Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. # Parameters for `apache::mod::passenger` @@ -12,59 +14,99 @@ The following declarations are supported and can be passed to `apache::mod::pass class {'apache::mod::passenger': passenger_high_performance => 'on', rails_autodetect => 'off', + mod_lib_path => '/usr/lib/apache2/custom_modules', } ``` The general form is using the all lower case version of the declaration. -If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. +## Parameters used with passenger.conf + +If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. -## passenger_high_performance +### passenger_high_performance Default is `off`, when turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance -## passenger_max_pool_size +### passenger_max_pool_size Set's the maximum number of Passenger application processes that may simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt -## passenger_pool_idle_time +### passenger_pool_idle_time The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime -## passenger_max_requests +### passenger_max_requests The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests -## passenger_stat_throttle_rate +### passenger_stat_throttle_rate Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt -## rack_autodetect +### rack_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rack application. The default is `on` http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt -## rails_autodetect +### rails_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rails application. The default is on. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt -## passenger_use_global_queue +### passenger_use_global_queue Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. +## Parameters used to load the module + +Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. + +### mod_package + +Allows overriding the default package name used for the passenger module package. + +### mod_package_ensure + +Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. + +### mod_id + +Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. + +### mod_lib_path + +Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. + +### mod_lib + +Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. + +### mod_path + +Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. + +# Dependencies + +RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: + +* [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL) +* [Phusion Passenger](http://passenger.stealthymonkeys.com) + +Configuration of these repositories is beyond the scope of this module and is left to the user. + # Attribution The Passenger tuning parameters for the `apache::mod::puppet` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e7561651d6..8eb7d2412d 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -11,14 +11,13 @@ $passenger_ruby = $apache::params::passenger_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, + $mod_package = undef, + $mod_package_ensure = undef, + $mod_lib = undef, + $mod_lib_path = undef, + $mod_id = undef, + $mod_path = undef, ) { - if $::osfamily == 'FreeBSD' { - apache::mod { 'passenger': - lib_path => "${passenger_root}/buildout/apache2" - } - } else { - apache::mod { 'passenger': } - } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { @@ -27,6 +26,30 @@ } } + $_package = $mod_package + $_package_ensure = $mod_package_ensure + $_lib = $mod_lib + if $::osfamily == 'FreeBSD' { + if $mod_lib_path { + $_lib_path = $mod_lib_path + } else { + $_lib_path = "${passenger_root}/buildout/apache2" + } + } else { + $_lib_path = $mod_lib_path + } + + $_id = $mod_id + $_path = $mod_path + apache::mod { 'passenger': + package => $_package, + package_ensure => $_package_ensure, + lib => $_lib, + lib_path => $_lib_path, + id => $_id, + path => $_path, + } + # Template uses: # - $passenger_root # - $passenger_ruby diff --git a/manifests/params.pp b/manifests/params.pp index 1f5f45b413..ea24a87f71 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -58,8 +58,8 @@ $ssl_certs_dir = '/etc/pki/tls/certs' $passenger_conf_file = 'passenger_extra.conf' $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef + $passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19' + $passenger_ruby = '/usr/bin/ruby' $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 37177f477f..a90b85d7a7 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -13,6 +13,9 @@ it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("libapache2-mod-passenger") } + it { should contain_file('passenger.load').with({ + 'path' => '/etc/apache2/mods-available/passenger.load', + }) } it { should contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } @@ -78,6 +81,30 @@ end it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue true$/) } end + describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do + let :params do + { :mod_path => '/usr/lib/foo/mod_foo.so' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } + end + describe "with mod_lib_path => '/usr/lib/foo'" do + let :params do + { :mod_lib_path => '/usr/lib/foo' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } + end + describe "with mod_lib => 'mod_foo.so'" do + let :params do + { :mod_lib => 'mod_foo.so' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } + end + describe "with mod_id => 'mod_foo'" do + let :params do + { :mod_id => 'mod_foo' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + end end context "on a RedHat OS" do @@ -99,8 +126,8 @@ it { should contain_file('passenger.conf').with({ 'path' => '/etc/httpd/conf.d/passenger_extra.conf', }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-3\.0\.19"$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/bin\/ruby"/) } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 176529fdb7..30b4fdb1f8 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -13,6 +13,29 @@ on host, 'gem install puppet --no-ri --no-rdoc' on host, "mkdir -p #{host['distmoduledir']}" end + + # host-specific repositories + repos = { + 'centos-64-x64' => [ + [ + 'http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm' , + nil + ], + [ + 'http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm', + 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc' + ] + ] + } + + host_repos = repos[host.to_s] || [] + host_repos.each do |repo_url,gpg_key| + puts "configuring #{host}-specific repo #{repo_url.inspect}" + unless gpg_key.nil? + shell("rpm --import #{gpg_key}") + end + shell("rpm -Uvh #{repo_url}") + end end RSpec.configure do |c| From 9478cdb1db16f3d449149c3d839169aaf93b2974 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 21 Feb 2014 14:01:25 -0800 Subject: [PATCH 0159/2267] Windows, Suse, Solaris, and AIX are not supported. --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/apache_ssl_spec.rb | 2 +- spec/acceptance/basic_spec.rb | 2 +- spec/acceptance/class_spec.rb | 2 +- spec/acceptance/default_mods_spec.rb | 2 +- spec/acceptance/itk_spec.rb | 28 +++++++++++------------ spec/acceptance/mod_php_spec.rb | 2 +- spec/acceptance/mod_suphp_spec.rb | 2 +- spec/acceptance/prefork_worker_spec.rb | 6 ++--- spec/acceptance/service_spec.rb | 2 +- spec/acceptance/unsupported_spec.rb | 13 +++++++++++ spec/acceptance/version.rb | 2 -- spec/acceptance/vhost_spec.rb | 2 +- spec/spec_helper_acceptance.rb | 6 ++--- 14 files changed, 40 insertions(+), 33 deletions(-) create mode 100644 spec/acceptance/unsupported_spec.rb diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 597739f5c2..eeae55d45e 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache parameters' do +describe 'apache parameters', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do # Currently this test only does something on FreeBSD. describe 'default_confd_files => false' do diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 2d45e40498..649c02d841 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -7,7 +7,7 @@ vhostd = '/etc/apache2/sites-available' end -describe 'apache ssl' do +describe 'apache ssl', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'ssl parameters' do it 'runs without error' do diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb index bc456e9ed1..6c2b3f462f 100644 --- a/spec/acceptance/basic_spec.rb +++ b/spec/acceptance/basic_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'disable selinux:' do +describe 'disable selinux:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do it "because otherwise apache won't work" do apply_manifest(%{ exec { "setenforce 0": diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index b28121be6a..1f5921d596 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache class' do +describe 'apache class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do case fact('osfamily') when 'RedHat' package_name = 'httpd' diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index df6463eca4..03e1445601 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -11,7 +11,7 @@ raise "Unconfigured OS for apache service on #{fact('osfamily')}" end -describe 'apache::default_mods class' do +describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'no default mods' do # Using puppet_apply as a helper it 'should apply with no errors' do diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index cabd71c5c6..86fc2c01ce 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -10,26 +10,24 @@ service_name = :skip end -unless service_name.equal? :skip - describe 'apache::mod::itk class' do - describe 'running puppet code' do - # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS +describe 'apache::mod::itk class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or service_name.equal? :skip do + describe 'running puppet code' do + # Using puppet_apply as a helper + it 'should work with no errors' do + pp = <<-EOS class { 'apache': mpm_module => 'itk', } - EOS + EOS - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero - end + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + end - describe service(service_name) do - it { should be_running } - it { should be_enabled } - end + describe service(service_name) do + it { should be_running } + it { should be_enabled } end end diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 3f3faaf9fe..d1c991621d 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::php class' do +describe 'apache::mod::php class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do case fact('osfamily') when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 725ec2adb8..9e26731d61 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::suphp class' do +describe 'apache::mod::suphp class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do case fact('osfamily') when 'Debian' context "default suphp config" do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 8427fd045a..beffe0a014 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -7,8 +7,6 @@ servicename = 'apache2' when 'FreeBSD' servicename = 'apache22' -else - raise "Unconfigured OS for apache service on #{fact('osfamily')}" end case fact('osfamily') @@ -36,7 +34,7 @@ class { 'apache': end end -describe 'apache::mod::worker class' do +describe 'apache::mod::worker class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do @@ -58,7 +56,7 @@ class { 'apache': end end -describe 'apache::mod::prefork class' do +describe 'apache::mod::prefork class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do diff --git a/spec/acceptance/service_spec.rb b/spec/acceptance/service_spec.rb index c3124c8461..b51ca386f0 100644 --- a/spec/acceptance/service_spec.rb +++ b/spec/acceptance/service_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::service class' do +describe 'apache::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do describe 'adding dependencies in between the base class and service class' do it 'should work with no errors' do pp = <<-EOS diff --git a/spec/acceptance/unsupported_spec.rb b/spec/acceptance/unsupported_spec.rb new file mode 100644 index 0000000000..5a89cd2137 --- /dev/null +++ b/spec/acceptance/unsupported_spec.rb @@ -0,0 +1,13 @@ +equire 'spec_helper_acceptance' + +describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + it 'should fail' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.lan': + docroot => '/var/www', + } + EOS + expect(apply_manifest(pp, :expect_failures => true).to match(/is not supported/)) + end +end diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 62c5f3c397..169054ec21 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -51,7 +51,5 @@ $error_log = 'http-error.log' $apache_version = 2.2 -else - fail RuntimeError, "Unsupported osfamily: #{_osfamily}" end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index a45db82b01..b4458bf257 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::vhost define' do +describe 'apache::vhost define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do context 'no default vhosts' do it 'should create no default vhosts' do pp = <<-EOS diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 176529fdb7..7d334ae9bd 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -8,13 +8,13 @@ if host.is_pe? install_pe else - # Install Puppet - install_package host, 'rubygems' - on host, 'gem install puppet --no-ri --no-rdoc' + install_puppet on host, "mkdir -p #{host['distmoduledir']}" end end +UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris'] + RSpec.configure do |c| # Project root proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) From 2a6c28a5e31251ab44b6db49ec89073752867567 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 21 Feb 2014 14:28:31 -0800 Subject: [PATCH 0160/2267] Fix WSGI import_script and mod_ssl issues on Lucid The WSGIImportScript directive can't be used directly inside a VirtualHost on Lucid, says the apache daemon. --- manifests/mod/ssl.pp | 2 ++ spec/acceptance/vhost_spec.rb | 22 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 323d092b28..c38c111e49 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -13,6 +13,8 @@ 'debian': { if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { $ssl_mutex = 'default' + } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { + $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' } else { $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex' } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b4458bf257..f6749d35a1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -44,9 +44,6 @@ class { 'apache': } context 'default vhost with ssl' do it 'should create default vhost configs' do - # Doesn't work on Ubuntu 10.04 because ssl.conf should contain - # 'file:/var/run/apache2/ssl_mutex' but contains - # 'file:${APACHE_RUN_DIR}/ssl_mutex' pp = <<-EOS file { '#{$run_dir}': ensure => 'directory', @@ -866,7 +863,24 @@ class { 'apache': } end describe 'wsgi' do - it 'applies cleanly' do + it 'import_script applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::wsgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => {processes => '2'}, + wsgi_process_group => 'nobody', + wsgi_script_aliases => { '/test' => '/test1' }, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'import_script applies cleanly', :unless => fact('lsbcodename') == 'lucid' do pp = <<-EOS class { 'apache': } class { 'apache::mod::wsgi': } From 176dc39d2a932fd006e9a3e21d393d70da5f8ac4 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Sat, 22 Feb 2014 15:19:26 -0800 Subject: [PATCH 0161/2267] Checking the stderr wasn't specified correctly --- spec/acceptance/unsupported_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/unsupported_spec.rb b/spec/acceptance/unsupported_spec.rb index 5a89cd2137..f3efa5f5ad 100644 --- a/spec/acceptance/unsupported_spec.rb +++ b/spec/acceptance/unsupported_spec.rb @@ -8,6 +8,6 @@ class { 'apache': } docroot => '/var/www', } EOS - expect(apply_manifest(pp, :expect_failures => true).to match(/is not supported/)) + expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/is not supported/) end end From 127c4ff28533a323ceca39a078d05e6b538312ea Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Mon, 24 Feb 2014 13:54:13 -0800 Subject: [PATCH 0162/2267] Typo'd require and wrong fail message --- spec/acceptance/unsupported_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/unsupported_spec.rb b/spec/acceptance/unsupported_spec.rb index f3efa5f5ad..085845dbfc 100644 --- a/spec/acceptance/unsupported_spec.rb +++ b/spec/acceptance/unsupported_spec.rb @@ -1,4 +1,4 @@ -equire 'spec_helper_acceptance' +require 'spec_helper_acceptance' describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do it 'should fail' do @@ -8,6 +8,6 @@ class { 'apache': } docroot => '/var/www', } EOS - expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/is not supported/) + expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i) end end From bbf9278b24931444022aa67140d3505b748151da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Mon, 24 Feb 2014 17:20:38 +0100 Subject: [PATCH 0163/2267] ensure tests run faster we do this by fully-qualifying classes, defines and variables. --- manifests/balancer.pp | 2 +- manifests/confd/no_accf.pp | 6 +- manifests/default_confd_files.pp | 2 +- manifests/default_mods.pp | 170 +++++++++++++++---------------- manifests/default_mods/load.pp | 4 +- manifests/dev.pp | 4 +- manifests/init.pp | 66 ++++++------ manifests/listen.pp | 2 +- manifests/mod.pp | 18 ++-- manifests/mod/alias.pp | 6 +- manifests/mod/auth_basic.pp | 2 +- manifests/mod/auth_kerb.pp | 2 +- manifests/mod/authnz_ldap.pp | 10 +- manifests/mod/autoindex.pp | 8 +- manifests/mod/cache.pp | 2 +- manifests/mod/cgi.pp | 4 +- manifests/mod/cgid.pp | 10 +- manifests/mod/dav.pp | 2 +- manifests/mod/dav_fs.pp | 10 +- manifests/mod/dav_svn.pp | 6 +- manifests/mod/deflate.pp | 8 +- manifests/mod/dev.pp | 2 +- manifests/mod/dir.pp | 8 +- manifests/mod/disk_cache.pp | 10 +- manifests/mod/event.pp | 10 +- manifests/mod/expires.pp | 2 +- manifests/mod/fastcgi.pp | 10 +- manifests/mod/fcgid.pp | 2 +- manifests/mod/headers.pp | 4 +- manifests/mod/include.pp | 2 +- manifests/mod/info.pp | 8 +- manifests/mod/itk.pp | 10 +- manifests/mod/ldap.pp | 8 +- manifests/mod/mime.pp | 12 +-- manifests/mod/mime_magic.pp | 8 +- manifests/mod/negotiation.pp | 8 +- manifests/mod/nss.pp | 16 +-- manifests/mod/passenger.pp | 20 ++-- manifests/mod/perl.pp | 2 +- manifests/mod/peruser.pp | 26 ++--- manifests/mod/php.pp | 16 +-- manifests/mod/prefork.pp | 14 +-- manifests/mod/proxy.pp | 8 +- manifests/mod/proxy_ajp.pp | 4 +- manifests/mod/proxy_balancer.pp | 10 +- manifests/mod/proxy_html.pp | 18 ++-- manifests/mod/proxy_http.pp | 4 +- manifests/mod/python.pp | 2 +- manifests/mod/reqtimeout.pp | 8 +- manifests/mod/rewrite.pp | 4 +- manifests/mod/rpaf.pp | 8 +- manifests/mod/setenvif.pp | 8 +- manifests/mod/ssl.pp | 12 +-- manifests/mod/status.pp | 8 +- manifests/mod/suphp.pp | 8 +- manifests/mod/userdir.pp | 8 +- manifests/mod/vhost_alias.pp | 2 +- manifests/mod/worker.pp | 14 +-- manifests/mod/wsgi.pp | 8 +- manifests/mod/xsendfile.pp | 4 +- manifests/mpm.pp | 24 ++--- manifests/namevirtualhost.pp | 2 +- manifests/package.pp | 4 +- manifests/params.pp | 2 +- manifests/peruser/multiplexer.pp | 8 +- manifests/peruser/processor.pp | 4 +- manifests/php.pp | 2 +- manifests/proxy.pp | 2 +- manifests/python.pp | 2 +- manifests/service.pp | 2 +- manifests/ssl.pp | 2 +- manifests/vhost.pp | 62 +++++------ 72 files changed, 398 insertions(+), 398 deletions(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 1e4130fa35..30887823b6 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -43,7 +43,7 @@ $collect_exported = true, ) { include concat::setup - include apache::mod::proxy_balancer + include ::apache::mod::proxy_balancer $target = "${::apache::params::confd_dir}/balancer_${name}.conf" diff --git a/manifests/confd/no_accf.pp b/manifests/confd/no_accf.pp index 5f86eab107..f35c0c8b9d 100644 --- a/manifests/confd/no_accf.pp +++ b/manifests/confd/no_accf.pp @@ -2,9 +2,9 @@ # Template uses no variables file { 'no-accf.conf': ensure => 'file', - path => "${apache::confd_dir}/no-accf.conf", + path => "${::apache::confd_dir}/no-accf.conf", content => template('apache/confd/no-accf.conf.erb'), - require => Exec["mkdir ${apache::confd_dir}"], - before => File[$apache::confd_dir], + require => Exec["mkdir ${::apache::confd_dir}"], + before => File[$::apache::confd_dir], } } diff --git a/manifests/default_confd_files.pp b/manifests/default_confd_files.pp index e40840e335..c06b30c83b 100644 --- a/manifests/default_confd_files.pp +++ b/manifests/default_confd_files.pp @@ -5,7 +5,7 @@ if $all { case $::osfamily { 'freebsd': { - include apache::confd::no_accf + include ::apache::confd::no_accf } default: { # do nothing diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 09cc3be1eb..139503e3c5 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -1,154 +1,154 @@ class apache::default_mods ( $all = true, $mods = undef, - $apache_version = $apache::apache_version + $apache_version = $::apache::apache_version ) { # These are modules required to run the default configuration. # They are not configurable at this time, so we just include # them to make sure it works. case $::osfamily { 'redhat', 'freebsd': { - apache::mod { 'log_config': } + ::apache::mod { 'log_config': } } default: {} } - apache::mod { 'authz_host': } + ::apache::mod { 'authz_host': } # The rest of the modules only get loaded if we want all modules enabled if $all { case $::osfamily { 'debian': { - include apache::mod::reqtimeout + include ::apache::mod::reqtimeout } 'redhat': { - include apache::mod::cache - include apache::mod::mime - include apache::mod::mime_magic - include apache::mod::vhost_alias - include apache::mod::rewrite - apache::mod { 'actions': } - apache::mod { 'auth_digest': } - apache::mod { 'authn_anon': } - apache::mod { 'authn_dbm': } - apache::mod { 'authz_dbm': } - apache::mod { 'authz_owner': } - apache::mod { 'expires': } - apache::mod { 'ext_filter': } - apache::mod { 'include': } - apache::mod { 'logio': } - apache::mod { 'speling': } - apache::mod { 'substitute': } - apache::mod { 'suexec': } - apache::mod { 'usertrack': } - apache::mod { 'version': } + include ::apache::mod::cache + include ::apache::mod::mime + include ::apache::mod::mime_magic + include ::apache::mod::vhost_alias + include ::apache::mod::rewrite + ::apache::mod { 'actions': } + ::apache::mod { 'auth_digest': } + ::apache::mod { 'authn_anon': } + ::apache::mod { 'authn_dbm': } + ::apache::mod { 'authz_dbm': } + ::apache::mod { 'authz_owner': } + ::apache::mod { 'expires': } + ::apache::mod { 'ext_filter': } + ::apache::mod { 'include': } + ::apache::mod { 'logio': } + ::apache::mod { 'speling': } + ::apache::mod { 'substitute': } + ::apache::mod { 'suexec': } + ::apache::mod { 'usertrack': } + ::apache::mod { 'version': } if $apache_version >= 2.4 { # Lets fork it - apache::mod { 'systemd': } + ::apache::mod { 'systemd': } - apache::mod { 'unixd': } - apache::mod { 'authn_core': } + ::apache::mod { 'unixd': } + ::apache::mod { 'authn_core': } } else { - apache::mod { 'authn_alias': } - apache::mod { 'authn_default': } + ::apache::mod { 'authn_alias': } + ::apache::mod { 'authn_default': } } } 'freebsd': { - include apache::mod::cache - include apache::mod::disk_cache - include apache::mod::headers - include apache::mod::info - include apache::mod::mime_magic - include apache::mod::reqtimeout - include apache::mod::rewrite - include apache::mod::userdir - include apache::mod::vhost_alias + include ::apache::mod::cache + include ::apache::mod::disk_cache + include ::apache::mod::headers + include ::apache::mod::info + include ::apache::mod::mime_magic + include ::apache::mod::reqtimeout + include ::apache::mod::rewrite + include ::apache::mod::userdir + include ::apache::mod::vhost_alias - apache::mod { 'actions': } - apache::mod { 'asis': } - apache::mod { 'auth_digest': } - apache::mod { 'authn_alias': } - apache::mod { 'authn_anon': } - apache::mod { 'authn_dbm': } - apache::mod { 'authn_default': } - apache::mod { 'authz_dbm': } - apache::mod { 'authz_owner': } - apache::mod { 'cern_meta': } - apache::mod { 'charset_lite': } - apache::mod { 'dumpio': } - apache::mod { 'expires': } - apache::mod { 'file_cache': } - apache::mod { 'filter':} - apache::mod { 'imagemap':} - apache::mod { 'include': } - apache::mod { 'logio': } - apache::mod { 'speling': } - apache::mod { 'unique_id': } - apache::mod { 'usertrack': } - apache::mod { 'version': } + ::apache::mod { 'actions': } + ::apache::mod { 'asis': } + ::apache::mod { 'auth_digest': } + ::apache::mod { 'authn_alias': } + ::apache::mod { 'authn_anon': } + ::apache::mod { 'authn_dbm': } + ::apache::mod { 'authn_default': } + ::apache::mod { 'authz_dbm': } + ::apache::mod { 'authz_owner': } + ::apache::mod { 'cern_meta': } + ::apache::mod { 'charset_lite': } + ::apache::mod { 'dumpio': } + ::apache::mod { 'expires': } + ::apache::mod { 'file_cache': } + ::apache::mod { 'filter':} + ::apache::mod { 'imagemap':} + ::apache::mod { 'include': } + ::apache::mod { 'logio': } + ::apache::mod { 'speling': } + ::apache::mod { 'unique_id': } + ::apache::mod { 'usertrack': } + ::apache::mod { 'version': } } default: {} } - case $apache::mpm_module { + case $::apache::mpm_module { 'prefork': { - include apache::mod::cgi + include ::apache::mod::cgi } 'worker': { - include apache::mod::cgid + include ::apache::mod::cgid } default: { # do nothing } } - include apache::mod::alias - include apache::mod::autoindex - include apache::mod::dav - include apache::mod::dav_fs - include apache::mod::deflate - include apache::mod::dir - include apache::mod::mime - include apache::mod::negotiation - include apache::mod::setenvif - apache::mod { 'auth_basic': } - apache::mod { 'authn_file': } + include ::apache::mod::alias + include ::apache::mod::autoindex + include ::apache::mod::dav + include ::apache::mod::dav_fs + include ::apache::mod::deflate + include ::apache::mod::dir + include ::apache::mod::mime + include ::apache::mod::negotiation + include ::apache::mod::setenvif + ::apache::mod { 'auth_basic': } + ::apache::mod { 'authn_file': } if $apache_version >= 2.4 { # authz_core is needed for 'Require' directive - apache::mod { 'authz_core': + ::apache::mod { 'authz_core': id => 'authz_core_module', } # filter is needed by mod_deflate - apache::mod { 'filter': } + ::apache::mod { 'filter': } } else { - apache::mod { 'authz_default': } + ::apache::mod { 'authz_default': } } - apache::mod { 'authz_groupfile': } - apache::mod { 'authz_user': } - apache::mod { 'env': } + ::apache::mod { 'authz_groupfile': } + ::apache::mod { 'authz_user': } + ::apache::mod { 'env': } } elsif $mods { - apache::default_mods::load { $mods: } + ::apache::default_mods::load { $mods: } if $apache_version >= 2.4 { # authz_core is needed for 'Require' directive - apache::mod { 'authz_core': + ::apache::mod { 'authz_core': id => 'authz_core_module', } # filter is needed by mod_deflate - apache::mod { 'filter': } + ::apache::mod { 'filter': } } } else { if $apache_version >= 2.4 { # authz_core is needed for 'Require' directive - apache::mod { 'authz_core': + ::apache::mod { 'authz_core': id => 'authz_core_module', } # filter is needed by mod_deflate - apache::mod { 'filter': } + ::apache::mod { 'filter': } } } } diff --git a/manifests/default_mods/load.pp b/manifests/default_mods/load.pp index ae2f76e64c..356e9fa00e 100644 --- a/manifests/default_mods/load.pp +++ b/manifests/default_mods/load.pp @@ -1,8 +1,8 @@ # private define define apache::default_mods::load ($module = $title) { if defined("apache::mod::${module}") { - include "apache::mod::${module}" + include "::apache::mod::${module}" } else { - apache::mod { $module: } + ::apache::mod { $module: } } } diff --git a/manifests/dev.pp b/manifests/dev.pp index 057475b159..4eaeb55782 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -2,8 +2,8 @@ if $::osfamily == 'FreeBSD' and !defined(Class['apache::package']) { fail('apache::dev requires apache::package; please include apache or apache::package class first') } - include apache::params - $packages = $apache::params::dev_packages + include ::apache::params + $packages = $::apache::params::dev_packages package { $packages: ensure => present, require => Package['httpd'], diff --git a/manifests/init.pp b/manifests/init.pp index 94900ea5c1..7f2565cf98 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,13 +13,13 @@ # Sample Usage: # class apache ( - $service_name = $apache::params::service_name, + $service_name = $::apache::params::service_name, $default_mods = true, $default_vhost = true, $default_confd_files = true, $default_ssl_vhost = false, - $default_ssl_cert = $apache::params::default_ssl_cert, - $default_ssl_key = $apache::params::default_ssl_key, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, $default_ssl_chain = undef, $default_ssl_ca = undef, $default_ssl_crl_path = undef, @@ -33,31 +33,31 @@ $sendfile = 'On', $error_documents = false, $timeout = '120', - $httpd_dir = $apache::params::httpd_dir, - $server_root = $apache::params::server_root, - $confd_dir = $apache::params::confd_dir, - $vhost_dir = $apache::params::vhost_dir, - $vhost_enable_dir = $apache::params::vhost_enable_dir, - $mod_dir = $apache::params::mod_dir, - $mod_enable_dir = $apache::params::mod_enable_dir, - $mpm_module = $apache::params::mpm_module, - $conf_template = $apache::params::conf_template, - $servername = $apache::params::servername, + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $confd_dir = $::apache::params::confd_dir, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, $manage_user = true, $manage_group = true, - $user = $apache::params::user, - $group = $apache::params::group, - $keepalive = $apache::params::keepalive, - $keepalive_timeout = $apache::params::keepalive_timeout, - $logroot = $apache::params::logroot, - $log_level = $apache::params::log_level, - $ports_file = $apache::params::ports_file, - $apache_version = $apache::version::default, + $user = $::apache::params::user, + $group = $::apache::params::group, + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, + $logroot = $::apache::params::logroot, + $log_level = $::apache::params::log_level, + $ports_file = $::apache::params::ports_file, + $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', $trace_enable = 'On', $package_ensure = 'installed', -) inherits apache::params { +) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) validate_bool($default_confd_files) @@ -81,7 +81,7 @@ if $::osfamily != 'FreeBSD' { package { 'httpd': ensure => $package_ensure, - name => $apache::params::apache_name, + name => $::apache::params::apache_name, notify => Class['Apache::Service'], } } @@ -110,7 +110,7 @@ validate_re($log_level, $valid_log_level_re, "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") - class { 'apache::service': + class { '::apache::service': service_name => $service_name, service_enable => $service_enable, service_ensure => $service_ensure, @@ -206,7 +206,7 @@ concat { $ports_file: owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', notify => Class['Apache::Service'], require => Package['httpd'], @@ -216,7 +216,7 @@ content => template('apache/ports_header.erb') } - if $apache::params::conf_dir and $apache::params::conf_file { + if $::apache::params::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { $docroot = '/var/www' @@ -272,7 +272,7 @@ # - $server_tokens # - $server_signature # - $trace_enable - file { "${apache::params::conf_dir}/${apache::params::conf_file}": + file { "${::apache::params::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), notify => Class['Apache::Service'], @@ -282,20 +282,20 @@ # preserve back-wards compatibility to the times when default_mods was # only a boolean value. Now it can be an array (too) if is_array($default_mods) { - class { 'apache::default_mods': + class { '::apache::default_mods': all => false, mods => $default_mods, } } else { - class { 'apache::default_mods': + class { '::apache::default_mods': all => $default_mods, } } - class { 'apache::default_confd_files': + class { '::apache::default_confd_files': all => $default_confd_files } if $mpm_module { - class { "apache::mod::${mpm_module}": } + class { "::apache::mod::${mpm_module}": } } $default_vhost_ensure = $default_vhost ? { @@ -307,7 +307,7 @@ false => 'absent' } - apache::vhost { 'default': + ::apache::vhost { 'default': ensure => $default_vhost_ensure, port => 80, docroot => $docroot, @@ -321,7 +321,7 @@ 'freebsd' => $access_log_file, default => "ssl_${access_log_file}", } - apache::vhost { 'default-ssl': + ::apache::vhost { 'default-ssl': ensure => $default_ssl_vhost_ensure, port => 443, ssl => true, diff --git a/manifests/listen.pp b/manifests/listen.pp index 3189fa8f77..503ee8860b 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,7 +3,7 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": - target => $apache::ports_file, + target => $::apache::ports_file, content => template('apache/listen.erb'), } } diff --git a/manifests/mod.pp b/manifests/mod.pp index e8ce8a9ab5..8be99afd00 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -2,7 +2,7 @@ $package = undef, $package_ensure = 'present', $lib = undef, - $lib_path = $apache::params::lib_path, + $lib_path = $::apache::params::lib_path, $id = undef, $path = undef, ) { @@ -12,10 +12,10 @@ $mod = $name #include apache #This creates duplicate resources in rspec-puppet - $mod_dir = $apache::mod_dir + $mod_dir = $::apache::mod_dir # Determine if we have special lib - $mod_libs = $apache::params::mod_libs + $mod_libs = $::apache::params::mod_libs $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib @@ -39,7 +39,7 @@ } # Determine if we have a package - $mod_packages = $apache::params::mod_packages + $mod_packages = $::apache::params::mod_packages $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package @@ -54,7 +54,7 @@ $package_before = $::osfamily ? { 'freebsd' => [ File["${mod_dir}/${mod}.load"], - File["${apache::params::conf_dir}/${apache::params::conf_file}"] + File["${::apache::params::conf_dir}/${::apache::params::conf_file}"] ], default => File["${mod_dir}/${mod}.load"], } @@ -70,7 +70,7 @@ ensure => file, path => "${mod_dir}/${mod}.load", owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', content => "LoadModule ${_id} ${_path}\n", require => [ @@ -82,13 +82,13 @@ } if $::osfamily == 'Debian' { - $enable_dir = $apache::mod_enable_dir + $enable_dir = $::apache::mod_enable_dir file{ "${mod}.load symlink": ensure => link, path => "${enable_dir}/${mod}.load", target => "${mod_dir}/${mod}.load", owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', require => [ File["${mod}.load"], @@ -106,7 +106,7 @@ path => "${enable_dir}/${mod}.conf", target => "${mod_dir}/${mod}.conf", owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', require => [ File["${mod}.conf"], diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 29ec831559..ee017b490f 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -10,10 +10,10 @@ # Template uses $icons_path file { 'alias.conf': ensure => file, - path => "${apache::mod_dir}/alias.conf", + path => "${::apache::mod_dir}/alias.conf", content => template('apache/mod/alias.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/auth_basic.pp b/manifests/mod/auth_basic.pp index 8c613eef7e..cacfafa4d3 100644 --- a/manifests/mod/auth_basic.pp +++ b/manifests/mod/auth_basic.pp @@ -1,3 +1,3 @@ class apache::mod::auth_basic { - apache::mod { 'auth_basic': } + ::apache::mod { 'auth_basic': } } diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp index 76c2de5b7b..6b53262a1b 100644 --- a/manifests/mod/auth_kerb.pp +++ b/manifests/mod/auth_kerb.pp @@ -1,5 +1,5 @@ class apache::mod::auth_kerb { - apache::mod { 'auth_kerb': } + ::apache::mod { 'auth_kerb': } } diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 2ca2fc45fd..800e656e89 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,8 +1,8 @@ class apache::mod::authnz_ldap ( $verifyServerCert = true, ) { - include 'apache::mod::ldap' - apache::mod { 'authnz_ldap': } + include '::apache::mod::ldap' + ::apache::mod { 'authnz_ldap': } validate_bool($verifyServerCert) @@ -10,10 +10,10 @@ # - $verifyServerCert file { 'authnz_ldap.conf': ensure => file, - path => "${apache::mod_dir}/authnz_ldap.conf", + path => "${::apache::mod_dir}/authnz_ldap.conf", content => template('apache/mod/authnz_ldap.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp index 85b4278ef7..f5f0f07458 100644 --- a/manifests/mod/autoindex.pp +++ b/manifests/mod/autoindex.pp @@ -1,12 +1,12 @@ class apache::mod::autoindex { - apache::mod { 'autoindex': } + ::apache::mod { 'autoindex': } # Template uses no variables file { 'autoindex.conf': ensure => file, - path => "${apache::mod_dir}/autoindex.conf", + path => "${::apache::mod_dir}/autoindex.conf", content => template('apache/mod/autoindex.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/cache.pp b/manifests/mod/cache.pp index 26d71bd06a..4ab9f44bae 100644 --- a/manifests/mod/cache.pp +++ b/manifests/mod/cache.pp @@ -1,3 +1,3 @@ class apache::mod::cache { - apache::mod { 'cache': } + ::apache::mod { 'cache': } } diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 2ad368a0ef..6c3c6aec8d 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,4 +1,4 @@ class apache::mod::cgi { - Class['apache::mod::prefork'] -> Class['apache::mod::cgi'] - apache::mod { 'cgi': } + Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + ::apache::mod { 'cgi': } } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index c932ae2bec..5c89251a1c 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -1,5 +1,5 @@ class apache::mod::cgid { - Class['apache::mod::worker'] -> Class['apache::mod::cgid'] + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file @@ -8,15 +8,15 @@ 'freebsd' => 'cgisock', default => undef, } - apache::mod { 'cgid': } + ::apache::mod { 'cgid': } if $cgisock_path { # Template uses $cgisock_path file { 'cgid.conf': ensure => file, - path => "${apache::mod_dir}/cgid.conf", + path => "${::apache::mod_dir}/cgid.conf", content => template('apache/mod/cgid.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/dav.pp b/manifests/mod/dav.pp index 06aa087e30..ade9c0809c 100644 --- a/manifests/mod/dav.pp +++ b/manifests/mod/dav.pp @@ -1,3 +1,3 @@ class apache::mod::dav { - apache::mod { 'dav': } + ::apache::mod { 'dav': } } diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index 53219be793..482f316171 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -5,16 +5,16 @@ default => '/var/lib/dav/lockdb', } - Class['apache::mod::dav'] -> Class['apache::mod::dav_fs'] - apache::mod { 'dav_fs': } + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs'] + ::apache::mod { 'dav_fs': } # Template uses: $dav_lock file { 'dav_fs.conf': ensure => file, - path => "${apache::mod_dir}/dav_fs.conf", + path => "${::apache::mod_dir}/dav_fs.conf", content => template('apache/mod/dav_fs.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 4f34bd6954..3ffa759112 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,5 +1,5 @@ class apache::mod::dav_svn { - Class['apache::mod::dav'] -> Class['apache::mod::dav_svn'] - include apache::mod::dav - apache::mod { 'dav_svn': } + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache::mod::dav + ::apache::mod { 'dav_svn': } } diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 97d1fdd8a1..9b597d9466 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -1,12 +1,12 @@ class apache::mod::deflate { - apache::mod { 'deflate': } + ::apache::mod { 'deflate': } # Template uses no variables file { 'deflate.conf': ensure => file, - path => "${apache::mod_dir}/deflate.conf", + path => "${::apache::mod_dir}/deflate.conf", content => template('apache/mod/deflate.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/dev.pp b/manifests/mod/dev.pp index b5d146fbe4..5abdedd361 100644 --- a/manifests/mod/dev.pp +++ b/manifests/mod/dev.pp @@ -1,5 +1,5 @@ class apache::mod::dev { # Development packages are not apache modules warning('apache::mod::dev is deprecated; please use apache::dev') - include apache::dev + include ::apache::dev } diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index 39543e1167..11631305a4 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -6,16 +6,16 @@ $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], ) { validate_array($indexes) - apache::mod { 'dir': } + ::apache::mod { 'dir': } # Template uses # - $indexes file { 'dir.conf': ensure => file, - path => "${apache::mod_dir}/dir.conf", + path => "${::apache::mod_dir}/dir.conf", content => template('apache/mod/dir.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index d28196768f..13c9c78352 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -7,18 +7,18 @@ if $::osfamily != 'FreeBSD' { # FIXME: investigate why disk_cache was dependent on proxy # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not - Class['apache::mod::proxy'] -> Class['apache::mod::disk_cache'] + Class['::apache::mod::proxy'] -> Class['::apache::mod::disk_cache'] } - Class['apache::mod::cache'] -> Class['apache::mod::disk_cache'] + Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] apache::mod { 'disk_cache': } # Template uses $cache_proxy file { 'disk_cache.conf': ensure => file, - path => "${apache::mod_dir}/disk_cache.conf", + path => "${::apache::mod_dir}/disk_cache.conf", content => template('apache/mod/disk_cache.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 172113a287..cad00774c3 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -6,7 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') @@ -22,7 +22,7 @@ } File { owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', } @@ -34,11 +34,11 @@ # - $threadsperchild # - $maxrequestsperchild # - $serverlimit - file { "${apache::mod_dir}/event.conf": + file { "${::apache::mod_dir}/event.conf": ensure => file, content => template('apache/mod/event.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp index 6c4b30aca9..aae4c59d98 100644 --- a/manifests/mod/expires.pp +++ b/manifests/mod/expires.pp @@ -1,3 +1,3 @@ class apache::mod::expires { - apache::mod { 'expires': } + ::apache::mod { 'expires': } } diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index 28673d7bbe..a185bb31fa 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -2,9 +2,9 @@ # Debian specifies it's fastcgi lib path, but RedHat uses the default value # with no config file - $fastcgi_lib_path = $apache::params::fastcgi_lib_path + $fastcgi_lib_path = $::apache::params::fastcgi_lib_path - apache::mod { 'fastcgi': } + ::apache::mod { 'fastcgi': } if $fastcgi_lib_path { # Template uses: @@ -13,10 +13,10 @@ # - $fastcgi_dir file { 'fastcgi.conf': ensure => file, - path => "${apache::mod_dir}/fastcgi.conf", + path => "${::apache::mod_dir}/fastcgi.conf", content => template('apache/mod/fastcgi.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 4c777701e9..9eb7997427 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,3 +1,3 @@ class apache::mod::fcgid { - apache::mod { 'fcgid': } + ::apache::mod { 'fcgid': } } diff --git a/manifests/mod/headers.pp b/manifests/mod/headers.pp index 5ff9887b15..d18c5e2793 100644 --- a/manifests/mod/headers.pp +++ b/manifests/mod/headers.pp @@ -1,3 +1,3 @@ class apache::mod::headers { - apache::mod { 'headers': } -} \ No newline at end of file + ::apache::mod { 'headers': } +} diff --git a/manifests/mod/include.pp b/manifests/mod/include.pp index 9f2592f093..edbe81f324 100644 --- a/manifests/mod/include.pp +++ b/manifests/mod/include.pp @@ -1,3 +1,3 @@ class apache::mod::include { - apache::mod { 'include': } + ::apache::mod { 'include': } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 627bf85ddf..18f9ea1dfe 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -1,6 +1,6 @@ class apache::mod::info ( $allow_from = ['127.0.0.1','::1'], - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ){ apache::mod { 'info': } # Template uses @@ -8,10 +8,10 @@ # $apache_version file { 'info.conf': ensure => file, - path => "${apache::mod_dir}/info.conf", + path => "${::apache::mod_dir}/info.conf", content => template('apache/mod/info.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index cc582ac942..1083e5ed24 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -5,7 +5,7 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::itk and apache::mod::event on the same node') @@ -21,7 +21,7 @@ } File { owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', } @@ -32,11 +32,11 @@ # - $serverlimit # - $maxclients # - $maxrequestsperchild - file { "${apache::mod_dir}/itk.conf": + file { "${::apache::mod_dir}/itk.conf": ensure => file, content => template('apache/mod/itk.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index 097622c51e..f489291a28 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,12 +1,12 @@ class apache::mod::ldap { - apache::mod { 'ldap': } + ::apache::mod { 'ldap': } # Template uses no variables file { 'ldap.conf': ensure => file, - path => "${apache::mod_dir}/ldap.conf", + path => "${::apache::mod_dir}/ldap.conf", content => template('apache/mod/ldap.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index 5c9f4b7ada..8348a06ad3 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -1,21 +1,21 @@ class apache::mod::mime ( - $mime_support_package = $apache::params::mime_support_package, - $mime_types_config = $apache::params::mime_types_config, + $mime_support_package = $::apache::params::mime_support_package, + $mime_types_config = $::apache::params::mime_types_config, ) { apache::mod { 'mime': } # Template uses $mime_types_config file { 'mime.conf': ensure => file, - path => "${apache::mod_dir}/mime.conf", + path => "${::apache::mod_dir}/mime.conf", content => template('apache/mod/mime.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } if $mime_support_package { package { $mime_support_package: ensure => 'installed', - before => File["${apache::mod_dir}/mime.conf"], + before => File["${::apache::mod_dir}/mime.conf"], } } } diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index 5539d20e65..9de8bc4bc6 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -1,14 +1,14 @@ class apache::mod::mime_magic ( - $magic_file = "${apache::params::conf_dir}/magic" + $magic_file = "${::apache::params::conf_dir}/magic" ) { apache::mod { 'mime_magic': } # Template uses $magic_file file { 'mime_magic.conf': ensure => file, - path => "${apache::mod_dir}/mime_magic.conf", + path => "${::apache::mod_dir}/mime_magic.conf", content => template('apache/mod/mime_magic.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index e10c4921de..eff685b15c 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -1,12 +1,12 @@ class apache::mod::negotiation { - apache::mod { 'negotiation': } + ::apache::mod { 'negotiation': } # Template uses no variables file { 'negotiation.conf': ensure => file, - path => "${apache::mod_dir}/negotiation.conf", + path => "${::apache::mod_dir}/negotiation.conf", content => template('apache/mod/negotiation.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index a9a50a1068..f0eff1cdf7 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -1,13 +1,13 @@ class apache::mod::nss ( $transfer_log = "${::apache::params::logroot}/access.log", - $error_log = "${::apache::params::logroot}/error.log", - $passwd_file = undef - ) { - include apache::mod::mime + $error_log = "${::apache::params::logroot}/error.log", + $passwd_file = undef +) { + include ::apache::mod::mime apache::mod { 'nss': } - $httpd_dir = $apache::httpd_dir + $httpd_dir = $::apache::httpd_dir # Template uses: # $transfer_log @@ -16,10 +16,10 @@ # passwd_file file { 'nss.conf': ensure => file, - path => "${apache::mod_dir}/nss.conf", + path => "${::apache::mod_dir}/nss.conf", content => template('apache/mod/nss.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e7561651d6..6a7404daa0 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,29 +1,29 @@ class apache::mod::passenger ( - $passenger_conf_file = $apache::params::passenger_conf_file, - $passenger_conf_package_file = $apache::params::passenger_conf_package_file, + $passenger_conf_file = $::apache::params::passenger_conf_file, + $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, $passenger_high_performance = undef, $passenger_pool_idle_time = undef, $passenger_max_requests = undef, $passenger_stat_throttle_rate = undef, $rack_autodetect = undef, $rails_autodetect = undef, - $passenger_root = $apache::params::passenger_root, - $passenger_ruby = $apache::params::passenger_ruby, + $passenger_root = $::apache::params::passenger_root, + $passenger_ruby = $::apache::params::passenger_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, ) { if $::osfamily == 'FreeBSD' { - apache::mod { 'passenger': + ::apache::mod { 'passenger': lib_path => "${passenger_root}/buildout/apache2" } } else { - apache::mod { 'passenger': } + ::apache::mod { 'passenger': } } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': - path => "${apache::mod_dir}/${passenger_conf_package_file}", + path => "${::apache::mod_dir}/${passenger_conf_package_file}", } } @@ -39,10 +39,10 @@ # - $rails_autodetect file { 'passenger.conf': ensure => file, - path => "${apache::mod_dir}/${passenger_conf_file}", + path => "${::apache::mod_dir}/${passenger_conf_file}", content => template('apache/mod/passenger.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/perl.pp b/manifests/mod/perl.pp index 65832a0342..b57f25fd5f 100644 --- a/manifests/mod/perl.pp +++ b/manifests/mod/perl.pp @@ -1,3 +1,3 @@ class apache::mod::perl { - apache::mod { 'perl': } + ::apache::mod { 'perl': } } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index fafeff23a9..518655a1d4 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -22,11 +22,11 @@ } File { owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', } - $mod_dir = $apache::mod_dir + $mod_dir = $::apache::mod_dir # Template uses: # - $minspareprocessors @@ -38,31 +38,31 @@ # - $expiretimeout # - $keepalive # - $mod_dir - file { "${apache::mod_dir}/peruser.conf": + file { "${::apache::mod_dir}/peruser.conf": ensure => file, content => template('apache/mod/peruser.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } - file { "${apache::mod_dir}/peruser": + file { "${::apache::mod_dir}/peruser": ensure => directory, - require => File[$apache::mod_dir], + require => File[$::apache::mod_dir], } - file { "${apache::mod_dir}/peruser/multiplexers": + file { "${::apache::mod_dir}/peruser/multiplexers": ensure => directory, - require => File["${apache::mod_dir}/peruser"], + require => File["${::apache::mod_dir}/peruser"], } - file { "${apache::mod_dir}/peruser/processors": + file { "${::apache::mod_dir}/peruser/processors": ensure => directory, - require => File["${apache::mod_dir}/peruser"], + require => File["${::apache::mod_dir}/peruser"], } - apache::peruser::multiplexer { '01-default': } + ::apache::peruser::multiplexer { '01-default': } case $::osfamily { 'freebsd' : { - class { 'apache::package': + class { '::apache::package': mpm_module => 'peruser' } } diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index f4e01fe3b4..ace596d42d 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -4,23 +4,23 @@ if ! defined(Class['apache::mod::prefork']) { fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') } - apache::mod { 'php5': + ::apache::mod { 'php5': package_ensure => $package_ensure, } - include apache::mod::mime - include apache::mod::dir - Class['apache::mod::mime'] -> Class['apache::mod::dir'] -> Class['apache::mod::php'] + include ::apache::mod::mime + include ::apache::mod::dir + Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php'] file { 'php5.conf': ensure => file, - path => "${apache::mod_dir}/php5.conf", + path => "${::apache::mod_dir}/php5.conf", content => template('apache/mod/php5.conf.erb'), require => [ - Class['apache::mod::prefork'], - Exec["mkdir ${apache::mod_dir}"], + Class['::apache::mod::prefork'], + Exec["mkdir ${::apache::mod_dir}"], ], - before => File[$apache::mod_dir], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index e5810829e4..d615acbddc 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -5,7 +5,7 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') @@ -21,7 +21,7 @@ } File { owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', } @@ -32,18 +32,18 @@ # - $serverlimit # - $maxclients # - $maxrequestsperchild - file { "${apache::mod_dir}/prefork.conf": + file { "${::apache::mod_dir}/prefork.conf": ensure => file, content => template('apache/mod/prefork.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } case $::osfamily { 'redhat': { if $apache_version >= 2.4 { - apache::mpm{ 'prefork': + ::apache::mpm{ 'prefork': apache_version => $apache_version, } } @@ -59,7 +59,7 @@ } } 'debian', 'freebsd' : { - apache::mpm{ 'prefork': + ::apache::mpm{ 'prefork': apache_version => $apache_version, } } diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index f916734304..b6c0d6df7c 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -2,14 +2,14 @@ $proxy_requests = 'Off', $allow_from = undef, ) { - apache::mod { 'proxy': } + ::apache::mod { 'proxy': } # Template uses $proxy_requests file { 'proxy.conf': ensure => file, - path => "${apache::mod_dir}/proxy.conf", + path => "${::apache::mod_dir}/proxy.conf", content => template('apache/mod/proxy.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/proxy_ajp.pp b/manifests/mod/proxy_ajp.pp index b366cb1df6..a011a17895 100644 --- a/manifests/mod/proxy_ajp.pp +++ b/manifests/mod/proxy_ajp.pp @@ -1,4 +1,4 @@ class apache::mod::proxy_ajp { - Class['apache::mod::proxy'] -> Class['apache::mod::proxy_ajp'] - apache::mod { 'proxy_ajp': } + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp'] + ::apache::mod { 'proxy_ajp': } } diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp index f31e5eaffc..5a0768d8d0 100644 --- a/manifests/mod/proxy_balancer.pp +++ b/manifests/mod/proxy_balancer.pp @@ -1,10 +1,10 @@ class apache::mod::proxy_balancer { - include apache::mod::proxy - include apache::mod::proxy_http + include ::apache::mod::proxy + include ::apache::mod::proxy_http - Class['apache::mod::proxy'] -> Class['apache::mod::proxy_balancer'] - Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_balancer'] - apache::mod { 'proxy_balancer': } + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer'] + Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer'] + ::apache::mod { 'proxy_balancer': } } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 050b65d4fc..91d7bd3c8f 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -1,28 +1,28 @@ class apache::mod::proxy_html { - Class['apache::mod::proxy'] -> Class['apache::mod::proxy_html'] - Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_html'] - apache::mod { 'proxy_html': } + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html'] + Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html'] + ::apache::mod { 'proxy_html': } case $::osfamily { 'RedHat': { - apache::mod { 'xml2enc': } + ::apache::mod { 'xml2enc': } } 'Debian': { - $proxy_html_loadfiles = $apache::params::distrelease ? { + $proxy_html_loadfiles = $::apache::params::distrelease ? { '6' => '/usr/lib/libxml2.so.2', default => "/usr/lib/${::hardwaremodel}-linux-gnu/libxml2.so.2", } } 'FreeBSD': { - apache::mod { 'xml2enc': } + ::apache::mod { 'xml2enc': } } } # Template uses $icons_path file { 'proxy_html.conf': ensure => file, - path => "${apache::mod_dir}/proxy_html.conf", + path => "${::apache::mod_dir}/proxy_html.conf", content => template('apache/mod/proxy_html.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/proxy_http.pp b/manifests/mod/proxy_http.pp index 5b83df2c59..1579e68ee2 100644 --- a/manifests/mod/proxy_http.pp +++ b/manifests/mod/proxy_http.pp @@ -1,4 +1,4 @@ class apache::mod::proxy_http { - Class['apache::mod::proxy'] -> Class['apache::mod::proxy_http'] - apache::mod { 'proxy_http': } + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http'] + ::apache::mod { 'proxy_http': } } diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp index 8158b7e8ad..e326c8d757 100644 --- a/manifests/mod/python.pp +++ b/manifests/mod/python.pp @@ -1,5 +1,5 @@ class apache::mod::python { - apache::mod { 'python': } + ::apache::mod { 'python': } } diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp index b763b37850..80b3018306 100644 --- a/manifests/mod/reqtimeout.pp +++ b/manifests/mod/reqtimeout.pp @@ -1,12 +1,12 @@ class apache::mod::reqtimeout { - apache::mod { 'reqtimeout': } + ::apache::mod { 'reqtimeout': } # Template uses no variables file { 'reqtimeout.conf': ensure => file, - path => "${apache::mod_dir}/reqtimeout.conf", + path => "${::apache::mod_dir}/reqtimeout.conf", content => template('apache/mod/reqtimeout.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/rewrite.pp b/manifests/mod/rewrite.pp index 147faab998..694f0b6f5c 100644 --- a/manifests/mod/rewrite.pp +++ b/manifests/mod/rewrite.pp @@ -1,4 +1,4 @@ class apache::mod::rewrite { - include apache::params - apache::mod { 'rewrite': } + include ::apache::params + ::apache::mod { 'rewrite': } } diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index 94dc31ccac..6fbc1d4e04 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -3,7 +3,7 @@ $proxy_ips = [ '127.0.0.1' ], $header = 'X-Forwarded-For' ) { - apache::mod { 'rpaf': } + ::apache::mod { 'rpaf': } # Template uses: # - $sethostname @@ -11,10 +11,10 @@ # - $header file { 'rpaf.conf': ensure => file, - path => "${apache::mod_dir}/rpaf.conf", + path => "${::apache::mod_dir}/rpaf.conf", content => template('apache/mod/rpaf.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp index 1b60edde8b..15b1441d83 100644 --- a/manifests/mod/setenvif.pp +++ b/manifests/mod/setenvif.pp @@ -1,12 +1,12 @@ class apache::mod::setenvif { - apache::mod { 'setenvif': } + ::apache::mod { 'setenvif': } # Template uses no variables file { 'setenvif.conf': ensure => file, - path => "${apache::mod_dir}/setenvif.conf", + path => "${::apache::mod_dir}/setenvif.conf", content => template('apache/mod/setenvif.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 323d092b28..7b20a9ba72 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,7 +1,7 @@ class apache::mod::ssl ( $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ) { $session_cache = $::osfamily ? { 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', @@ -28,10 +28,10 @@ } } - apache::mod { 'ssl': } + ::apache::mod { 'ssl': } if $apache_version >= 2.4 { - apache::mod { 'socache_shmcb': } + ::apache::mod { 'socache_shmcb': } } # Template uses @@ -44,10 +44,10 @@ # file { 'ssl.conf': ensure => file, - path => "${apache::mod_dir}/ssl.conf", + path => "${::apache::mod_dir}/ssl.conf", content => template('apache/mod/ssl.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index ed73b99fdb..fdaba4b07a 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -29,14 +29,14 @@ ){ validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") - apache::mod { 'status': } + ::apache::mod { 'status': } # Template uses $allow_from, $extended_status file { 'status.conf': ensure => file, - path => "${apache::mod_dir}/status.conf", + path => "${::apache::mod_dir}/status.conf", content => template('apache/mod/status.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index 26473cf2e5..f9a572f463 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -1,13 +1,13 @@ class apache::mod::suphp ( ){ - apache::mod { 'suphp': } + ::apache::mod { 'suphp': } file {'suphp.conf': ensure => file, - path => "${apache::mod_dir}/suphp.conf", + path => "${::apache::mod_dir}/suphp.conf", content => template('apache/mod/suphp.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'] } } diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 69f4044fd4..27af54c667 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -3,15 +3,15 @@ $dir = 'public_html', $disable_root = true, ) { - apache::mod { 'userdir': } + ::apache::mod { 'userdir': } # Template uses $home, $dir, $disable_root file { 'userdir.conf': ensure => file, - path => "${apache::mod_dir}/userdir.conf", + path => "${::apache::mod_dir}/userdir.conf", content => template('apache/mod/userdir.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } } diff --git a/manifests/mod/vhost_alias.pp b/manifests/mod/vhost_alias.pp index ec40447a35..30ae122e15 100644 --- a/manifests/mod/vhost_alias.pp +++ b/manifests/mod/vhost_alias.pp @@ -1,3 +1,3 @@ class apache::mod::vhost_alias { - apache::mod { 'vhost_alias': } + ::apache::mod { 'vhost_alias': } } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index ae259fa0ed..8007953cf8 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -6,7 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', - $apache_version = $apache::apache_version, + $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::worker and apache::mod::event on the same node') @@ -22,7 +22,7 @@ } File { owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', } @@ -34,18 +34,18 @@ # - $threadsperchild # - $maxrequestsperchild # - $serverlimit - file { "${apache::mod_dir}/worker.conf": + file { "${::apache::mod_dir}/worker.conf": ensure => file, content => template('apache/mod/worker.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'], } case $::osfamily { 'redhat': { if $apache_version >= 2.4 { - apache::mpm{ 'worker': + ::apache::mpm{ 'worker': apache_version => $apache_version, } } @@ -61,7 +61,7 @@ } } 'debian', 'freebsd': { - apache::mpm{ 'worker': + ::apache::mpm{ 'worker': apache_version => $apache_version, } } diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 0d42714091..244a3458b4 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -3,7 +3,7 @@ $wsgi_python_path = undef, $wsgi_python_home = undef, ){ - apache::mod { 'wsgi': } + ::apache::mod { 'wsgi': } # Template uses: # - $wsgi_socket_prefix @@ -11,10 +11,10 @@ # - $wsgi_python_home file {'wsgi.conf': ensure => file, - path => "${apache::mod_dir}/wsgi.conf", + path => "${::apache::mod_dir}/wsgi.conf", content => template('apache/mod/wsgi.conf.erb'), - require => Exec["mkdir ${apache::mod_dir}"], - before => File[$apache::mod_dir], + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], notify => Service['httpd'] } } diff --git a/manifests/mod/xsendfile.pp b/manifests/mod/xsendfile.pp index 571501a03b..7c5e88437a 100644 --- a/manifests/mod/xsendfile.pp +++ b/manifests/mod/xsendfile.pp @@ -1,4 +1,4 @@ class apache::mod::xsendfile { - include apache::params - apache::mod { 'xsendfile': } + include ::apache::params + ::apache::mod { 'xsendfile': } } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index fd6f764183..b6b2cfebe8 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -1,13 +1,13 @@ define apache::mpm ( - $lib_path = $apache::params::lib_path, - $apache_version = $apache::apache_version, + $lib_path = $::apache::params::lib_path, + $apache_version = $::apache::apache_version, ) { if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') } $mpm = $name - $mod_dir = $apache::mod_dir + $mod_dir = $::apache::mod_dir $_lib = "mod_mpm_${mpm}.so" $_path = "${lib_path}/${_lib}" @@ -29,20 +29,20 @@ case $::osfamily { 'debian': { - file { "${apache::mod_enable_dir}/${mpm}.conf": + file { "${::apache::mod_enable_dir}/${mpm}.conf": ensure => link, - target => "${apache::mod_dir}/${mpm}.conf", - require => Exec["mkdir ${apache::mod_enable_dir}"], - before => File[$apache::mod_enable_dir], + target => "${::apache::mod_dir}/${mpm}.conf", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } if $apache_version >= 2.4 { - file { "${apache::mod_enable_dir}/${mpm}.load": + file { "${::apache::mod_enable_dir}/${mpm}.load": ensure => link, - target => "${apache::mod_dir}/${mpm}.load", - require => Exec["mkdir ${apache::mod_enable_dir}"], - before => File[$apache::mod_enable_dir], + target => "${::apache::mod_dir}/${mpm}.load", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } } @@ -54,7 +54,7 @@ } } 'freebsd': { - class { 'apache::package': + class { '::apache::package': mpm_module => $mpm } } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index f5f0dad538..4fa8795185 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,7 +3,7 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": - target => $apache::ports_file, + target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } } diff --git a/manifests/package.pp b/manifests/package.pp index b91e25f6b1..c5ef315366 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -1,6 +1,6 @@ class apache::package ( $ensure = 'present', - $mpm_module = $apache::params::mpm_module, + $mpm_module = $::apache::params::mpm_module, ) { case $::osfamily { 'freebsd' : { @@ -37,7 +37,7 @@ }) } default: { - $apache_package = $apache::params::apache_name + $apache_package = $::apache::params::apache_name } } package { 'httpd': diff --git a/manifests/params.pp b/manifests/params.pp index 1f5f45b413..be6e331af8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -18,7 +18,7 @@ # # Sample Usage: # -class apache::params inherits apache::version { +class apache::params inherits ::apache::version { # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, 3 on Amazon, etc. $osr_array = split($::operatingsystemrelease,'[\/\.]') $distrelease = $osr_array[0] diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp index 260f1b5a3d..9e57ac30b2 100644 --- a/manifests/peruser/multiplexer.pp +++ b/manifests/peruser/multiplexer.pp @@ -1,6 +1,6 @@ define apache::peruser::multiplexer ( - $user = $apache::user, - $group = $apache::group, + $user = $::apache::user, + $group = $::apache::group, $file = undef, ) { if ! $file { @@ -8,10 +8,10 @@ } else { $filename = $file } - file { "${apache::mod_dir}/peruser/multiplexers/${filename}": + file { "${::apache::mod_dir}/peruser/multiplexers/${filename}": ensure => file, content => "Multiplexer ${user} ${group}\n", - require => File["${apache::mod_dir}/peruser/multiplexers"], + require => File["${::apache::mod_dir}/peruser/multiplexers"], notify => Service['httpd'], } } diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp index c677cd6ca1..1d68934657 100644 --- a/manifests/peruser/processor.pp +++ b/manifests/peruser/processor.pp @@ -8,10 +8,10 @@ } else { $filename = $file } - file { "${apache::mod_dir}/peruser/processors/${filename}": + file { "${::apache::mod_dir}/peruser/processors/${filename}": ensure => file, content => "Processor ${user} ${group}\n", - require => File["${apache::mod_dir}/peruser/processors"], + require => File["${::apache::mod_dir}/peruser/processors"], notify => Service['httpd'], } } diff --git a/manifests/php.pp b/manifests/php.pp index feb903e7be..9fa9c682e2 100644 --- a/manifests/php.pp +++ b/manifests/php.pp @@ -14,5 +14,5 @@ # class apache::php { warning('apache::php is deprecated; please use apache::mod::php') - include apache::mod::php + include ::apache::mod::php } diff --git a/manifests/proxy.pp b/manifests/proxy.pp index 0f4fde540b..050f36c278 100644 --- a/manifests/proxy.pp +++ b/manifests/proxy.pp @@ -11,5 +11,5 @@ # class apache::proxy { warning('apache::proxy is deprecated; please use apache::mod::proxy') - include apache::mod::proxy + include ::apache::mod::proxy } diff --git a/manifests/python.pp b/manifests/python.pp index 99ef289872..723a753f82 100644 --- a/manifests/python.pp +++ b/manifests/python.pp @@ -14,5 +14,5 @@ # class apache::python { warning('apache::python is deprecated; please use apache::mod::python') - include apache::mod::python + include ::apache::mod::python } diff --git a/manifests/service.pp b/manifests/service.pp index 82a0b8ca61..b21a25f4b7 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -17,7 +17,7 @@ # # class apache::service ( - $service_name = $apache::params::service_name, + $service_name = $::apache::params::service_name, $service_enable = true, $service_ensure = 'running', ) { diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 21662e1685..d0b36593d6 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -14,5 +14,5 @@ # class apache::ssl { warning('apache::ssl is deprecated; please use apache::mod::ssl') - include apache::mod::ssl + include ::apache::mod::ssl } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 77c340ace9..8525235e9d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -93,16 +93,16 @@ $ip_based = false, $add_listen = true, $docroot_owner = 'root', - $docroot_group = $apache::params::root_group, + $docroot_group = $::apache::params::root_group, $serveradmin = undef, $ssl = false, - $ssl_cert = $apache::default_ssl_cert, - $ssl_key = $apache::default_ssl_key, - $ssl_chain = $apache::default_ssl_chain, - $ssl_ca = $apache::default_ssl_ca, - $ssl_crl_path = $apache::default_ssl_crl_path, - $ssl_crl = $apache::default_ssl_crl, - $ssl_certs_dir = $apache::params::ssl_certs_dir, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, $ssl_protocol = undef, $ssl_cipher = undef, $ssl_honorcipherorder = undef, @@ -118,7 +118,7 @@ $override = ['None'], $directoryindex = '', $vhost_name = '*', - $logroot = $apache::logroot, + $logroot = $::apache::logroot, $log_level = undef, $access_log = true, $access_log_file = undef, @@ -138,9 +138,9 @@ $scriptaliases = [], $proxy_dest = undef, $proxy_pass = undef, - $suphp_addhandler = $apache::params::suphp_addhandler, - $suphp_engine = $apache::params::suphp_engine, - $suphp_configpath = $apache::params::suphp_configpath, + $suphp_addhandler = $::apache::params::suphp_addhandler, + $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, $php_admin_flags = [], $php_admin_values = [], $no_proxy_uris = [], @@ -173,14 +173,14 @@ $fastcgi_socket = undef, $fastcgi_dir = undef, $additional_includes = [], - $apache_version = $apache::apache_version + $apache_version = $::apache::apache_version ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') } - $apache_name = $apache::params::apache_name + $apache_name = $::apache::params::apache_name validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. @@ -241,13 +241,13 @@ } if $ssl and $ensure == 'present' { - include apache::mod::ssl + include ::apache::mod::ssl # Required for the AddType lines. - include apache::mod::mime + include ::apache::mod::mime } if $virtual_docroot { - include apache::mod::vhost_alias + include ::apache::mod::vhost_alias } # This ensures that the docroot exists @@ -339,50 +339,50 @@ fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port and $ensure == 'present' { - apache::listen { $listen_addr_port: } + ::apache::listen { $listen_addr_port: } } } if ! $ip_based { if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' { - apache::namevirtualhost { $nvh_addr_port: } + ::apache::namevirtualhost { $nvh_addr_port: } } } # Load mod_rewrite if needed and not yet loaded if $rewrites or $rewrite_cond { if ! defined(Apache::Mod['rewrite']) { - apache::mod { 'rewrite': } + ::apache::mod { 'rewrite': } } } # Load mod_alias if needed and not yet loaded if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { if ! defined(Class['apache::mod::alias']) { - include apache::mod::alias + include ::apache::mod::alias } } # Load mod_proxy if needed and not yet loaded if ($proxy_dest or $proxy_pass) { if ! defined(Class['apache::mod::proxy']) { - include apache::mod::proxy + include ::apache::mod::proxy } if ! defined(Class['apache::mod::proxy_http']) { - include apache::mod::proxy_http + include ::apache::mod::proxy_http } } # Load mod_passenger if needed and not yet loaded if $rack_base_uris { if ! defined(Class['apache::mod::passenger']) { - include apache::mod::passenger + include ::apache::mod::passenger } } # Load mod_fastci if needed and not yet loaded if $fastcgi_server and $fastcgi_socket { if ! defined(Class['apache::mod::fastcgi']) { - include apache::mod::fastcgi + include ::apache::mod::fastcgi } } @@ -398,7 +398,7 @@ # Check if mod_headers is required to process $headers/$request_headers if $headers or $request_headers { if ! defined(Class['apache::mod::headers']) { - include apache::mod::headers + include ::apache::mod::headers } } @@ -516,10 +516,10 @@ # - $wsgi_script_aliases file { "${priority_real}-${filename}.conf": ensure => $ensure, - path => "${apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", content => template('apache/vhost.conf.erb'), owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', require => [ Package['httpd'], @@ -529,7 +529,7 @@ notify => Service['httpd'], } if $::osfamily == 'Debian' { - $vhost_enable_dir = $apache::vhost_enable_dir + $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { present => link, default => $ensure, @@ -537,9 +537,9 @@ file{ "${priority_real}-${filename}.conf symlink": ensure => $vhost_symlink_ensure, path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${apache::vhost_dir}/${priority_real}-${filename}.conf", + target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", owner => 'root', - group => $apache::params::root_group, + group => $::apache::params::root_group, mode => '0644', require => File["${priority_real}-${filename}.conf"], notify => Service['httpd'], From 769ff363a8a3c51e24f63a2494217d2d029289c6 Mon Sep 17 00:00:00 2001 From: jrnt30 Date: Wed, 26 Feb 2014 17:05:11 -0600 Subject: [PATCH 0164/2267] Modifying hierarchy of the Version/Params to allow for proper parsing of release on Amazon Linux --- manifests/params.pp | 7 ------- manifests/version.pp | 11 +++++++++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index be6e331af8..04c3b65fe5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -19,13 +19,6 @@ # Sample Usage: # class apache::params inherits ::apache::version { - # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, 3 on Amazon, etc. - $osr_array = split($::operatingsystemrelease,'[\/\.]') - $distrelease = $osr_array[0] - if ! $distrelease { - fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") - } - if($::fqdn) { $servername = $::fqdn } else { diff --git a/manifests/version.pp b/manifests/version.pp index 4ed960df18..581fdde6fe 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -3,16 +3,23 @@ # Try to automatically detect the version by OS # class apache::version { + # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, 3 on Amazon, etc. + $osr_array = split($::operatingsystemrelease,'[\/\.]') + $distrelease = $osr_array[0] + if ! $distrelease { + fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") + } + case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and $::operatingsystemrelease >= 18) or ($::operatingsystem != 'Fedora' and $::operatingsystemrelease >= 7) { + if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { $default = 2.4 } else { $default = 2.2 } } 'Debian': { - if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { + if $::operatingsystem == 'Ubuntu' and $distrelease >= 13.10 { $default = 2.4 } else { $default = 2.2 From eef1ea1ee5714eb4ed8729fef9efa0f3e530cfc0 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 28 Feb 2014 09:45:27 -0800 Subject: [PATCH 0165/2267] Correct the tests for aix --- spec/acceptance/default_mods_spec.rb | 2 -- spec/acceptance/version.rb | 2 ++ spec/acceptance/vhost_spec.rb | 2 +- spec/spec_helper_acceptance.rb | 21 ++++++++++++--------- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 03e1445601..2b8b409e35 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -7,8 +7,6 @@ servicename = 'apache2' when 'FreeBSD' servicename = 'apache22' -else - raise "Unconfigured OS for apache service on #{fact('osfamily')}" end describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 169054ec21..a3b80c1730 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -51,5 +51,7 @@ $error_log = 'http-error.log' $apache_version = 2.2 +else + $apache_version = 0 end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index f6749d35a1..b5c07290a7 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -880,7 +880,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, :catch_failures => true) end - it 'import_script applies cleanly', :unless => fact('lsbcodename') == 'lucid' do + it 'import_script applies cleanly', :unless => (fact('lsbcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do pp = <<-EOS class { 'apache': } class { 'apache::mod::wsgi': } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 7d334ae9bd..8e4115128d 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,15 +1,18 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' -hosts.each do |host| - if host['platform'] =~ /debian/ - on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' - end - if host.is_pe? - install_pe - else - install_puppet - on host, "mkdir -p #{host['distmoduledir']}" + +unless ENV['RS_PROVISION'] == 'no' + hosts.each do |host| + if host['platform'] =~ /debian/ + on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' + end + if host.is_pe? + install_pe + else + install_puppet + on host, "mkdir -p #{host['distmoduledir']}" + end end end From 655d8dc601d939754e022120c3ec7048f345181d Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 28 Feb 2014 16:28:23 +0000 Subject: [PATCH 0166/2267] Block out WSGI tests for Ubuntu 10. --- README.md | 6 ++++++ spec/acceptance/vhost_spec.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fd21507cdc..ddba31de03 100644 --- a/README.md +++ b/README.md @@ -1718,6 +1718,12 @@ The Apache module relies heavily on templates to enable the `vhost` and `apache: ##Limitations +###Ubuntu 10.04 + +The `apache::vhost::WSGIImportScript` parameter creates a statement inside the VirtualHost which is unsupported on older versions of Apache, causing this to fail. This will be remedied in a future refactoring. + +###General + This module is CI tested on Centos 5 & 6, Ubuntu 12.04, Debian 7, and RHEL 5 & 6 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions may occur. diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b5c07290a7..e715e28ee4 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -899,7 +899,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, :catch_failures => true) end - describe file("#{$vhost_dir}/25-test.server.conf") do + describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do it { should be_file } it { should contain 'WSGIApplicationGroup %{GLOBAL}' } it { should contain 'WSGIDaemonProcess wsgi processes=2' } From 6f45b714b28e44ffb45d990f581c3c928e8d3af2 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Sat, 1 Mar 2014 00:06:58 +0000 Subject: [PATCH 0167/2267] Correct the name of this fact. --- spec/acceptance/vhost_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e715e28ee4..547612e73f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -880,7 +880,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, :catch_failures => true) end - it 'import_script applies cleanly', :unless => (fact('lsbcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do + it 'import_script applies cleanly', :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do pp = <<-EOS class { 'apache': } class { 'apache::mod::wsgi': } @@ -899,7 +899,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, :catch_failures => true) end - describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do + describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do it { should be_file } it { should contain 'WSGIApplicationGroup %{GLOBAL}' } it { should contain 'WSGIDaemonProcess wsgi processes=2' } From 416d4fc381fd4d615b23b8736770fb7872cf9590 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Sat, 1 Mar 2014 12:51:18 -0800 Subject: [PATCH 0168/2267] Adds "Release Notes/Known Bugs" to Changelog, updates file format to markdown, standardizes the format of previous entries Per a request to have initial release notes that specifically listed known issues for this PE 3.2 release, and barred by time constraints from automating a pull from open issues in JIRA, this commit adds a Release Note and Known Bug section to the Changelog for the imminent 3.2 release. As it will display on the Forge, updates file type to markdown and standardizes previous entries. Adds template for release notes to be filled in later. --- CHANGELOG.md | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 57d62e4c19..ddeed5285e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,27 @@ +## 2014-03-04 Supported Release 1.0.x +###Summary + +####Features + +####Bugfixes + +####Known Bugs +* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. +* SLES is unsupported. + +--- + ## 2014-01-31 Release 0.11.0 ### Summary: This release adds preliminary support for Windows compatibility and multiple rewrite support. -### Backwards-incompatible Changes: +#### Backwards-incompatible Changes: - The rewrite_rule parameter is deprecated in favor of the new rewrite parameter and will be removed in a future release. -### Features: +#### Features: - add Match directive - quote paths for windows compatibility @@ -25,7 +38,7 @@ This release adds preliminary support for Windows compatibility and multiple rew - Convert spec tests to beaker. - Support php_admin_(flag|value)s -### Bugfixes: +#### Bugfixes: - directories are either a Hash or an Array of Hashes - Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost @@ -40,7 +53,7 @@ This release adds preliminary support for Windows compatibility and multiple rew This release adds FreeBSD osfamily support and various other improvements to some mods. -### Features: +#### Features: - Add suPHP_UserGroup directive to directory context - Add support for ScriptAliasMatch directives @@ -68,7 +81,7 @@ This release adds FreeBSD osfamily support and various other improvements to som - Add documentation about $ip - Add ability to pass ip (instead of wildcard) in default vhost files -### Bugfixes: +#### Bugfixes: - Don't listen on port or set NameVirtualHost for non-existent vhost - only apply Directory defaults when provider is a directory @@ -80,7 +93,7 @@ This release adds more parameters to the base apache class and apache defined resource to make the module more flexible. It also adds or enhances SuPHP, WSGI, and Passenger mod support, and support for the ITK mpm module. -### Backwards-incompatible Changes: +#### Backwards-incompatible Changes: - Remove many default mods that are not normally needed. - Remove `rewrite_base` `apache::vhost` parameter; did not work anyway. - Specify dependencies on stdlib >=2.4.0 (this was already the case, but @@ -88,7 +101,7 @@ making explicit) - Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod` defined resource. -### Features: +#### Features: - `apache` class - Add `httpd_dir` parameter to change the location of the configuration files. @@ -123,7 +136,7 @@ dependency chaining of `Class['apache'] -> ~> Class['apache::service']` - Added `apache::mod::proxy_balancer` class for `apache::balancer` -### Bugfixes: +#### Bugfixes: - Change dependency to puppetlabs-concat - Fix ruby 1.9 bug for `a2mod` - Change servername to be `$::hostname` if there is no `$::fqdn` @@ -133,17 +146,17 @@ Class['apache::service']` array. ## 2013-07-26 Release 0.8.1 -### Bugfixes: +#### Bugfixes: - Update `apache::mpm_module` detection for worker/prefork - Update `apache::mod::cgi` and `apache::mod::cgid` detection for worker/prefork ## 2013-07-16 Release 0.8.0 -### Features: +#### Features: - Add `servername` parameter to `apache` class - Add `proxy_set` parameter to `apache::balancer` define -### Bugfixes: +#### Bugfixes: - Fix ordering for multiple `apache::balancer` clusters - Fix symlinking for sites-available on Debian-based OSs - Fix dependency ordering for recursive confdir management @@ -151,13 +164,13 @@ worker/prefork - Documentation updates ## 2013-07-09 Release 0.7.0 -### Changes: +#### Changes: - Essentially rewrite the module -- too many to list - `apache::vhost` has many abilities -- see README.md for details - `apache::mod::*` classes provide httpd mod-loading capabilities - `apache` base class is much more configurable -### Bugfixes: +#### Bugfixes: - Many. And many more to come ## 2013-03-2 Release 0.6.0 @@ -166,10 +179,10 @@ worker/prefork - make purging of vhost dir configurable ## 2012-08-24 Release 0.4.0 -### Changes: +#### Changes: - `include apache` is now required when using `apache::mod::*` -### Bugfixes: +#### Bugfixes: - Fix syntax for validate_re - Fix formatting in vhost template - Fix spec tests such that they pass From 736382c3d04932af8ebdcafdadcd020275b961c7 Mon Sep 17 00:00:00 2001 From: Adam Malone Date: Mon, 27 Jan 2014 16:35:24 +1100 Subject: [PATCH 0169/2267] Allows for the configuration of mod_actions, specifically the action type triggered by the request. --- README.md | 1 + manifests/default_mods.pp | 4 ++-- manifests/mod/actions.pp | 3 +++ manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 19 +++++++++++++++++++ spec/defines/vhost_spec.rb | 13 ++++++++++++- templates/vhost.conf.erb | 1 + templates/vhost/_action.erb | 4 ++++ templates/vhost/_scriptalias.erb | 2 +- 9 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 manifests/mod/actions.pp create mode 100644 templates/vhost/_action.erb diff --git a/README.md b/README.md index fd21507cdc..353120e3ca 100644 --- a/README.md +++ b/README.md @@ -413,6 +413,7 @@ Used to enable arbitrary Apache HTTPD modules for which there is no specific `ap There are many `apache::mod::[name]` classes within this module that can be declared using `include`: +* `actions` * `alias` * `auth_basic` * `auth_kerb` diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 139503e3c5..af98896216 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -21,12 +21,12 @@ include ::apache::mod::reqtimeout } 'redhat': { + include ::apache::mod::actions include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic include ::apache::mod::vhost_alias include ::apache::mod::rewrite - ::apache::mod { 'actions': } ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -55,6 +55,7 @@ } } 'freebsd': { + include ::apache::mod::actions include ::apache::mod::cache include ::apache::mod::disk_cache include ::apache::mod::headers @@ -65,7 +66,6 @@ include ::apache::mod::userdir include ::apache::mod::vhost_alias - ::apache::mod { 'actions': } ::apache::mod { 'asis': } ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_alias': } diff --git a/manifests/mod/actions.pp b/manifests/mod/actions.pp new file mode 100644 index 0000000000..3b60f297fd --- /dev/null +++ b/manifests/mod/actions.pp @@ -0,0 +1,3 @@ +class apache::mod::actions { + apache::mod { 'actions': } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8525235e9d..5d61b267a6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -169,6 +169,7 @@ $wsgi_script_aliases = undef, $custom_fragment = undef, $itk = undef, + $action = undef, $fastcgi_server = undef, $fastcgi_socket = undef, $fastcgi_dir = undef, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index f6749d35a1..d3133e0a3d 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -682,6 +682,25 @@ class { 'apache': service_ensure => stopped, } end end + describe 'actions' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + action => 'php-fastcgi', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'Action php-fastcgi /cgi-bin virtual' } + end + end + describe 'suphp' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 46e6fd3950..b16ce88404 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -269,7 +269,7 @@ :attr => 'scriptalias', :value => '/usr/scripts', :match => [ - /^ ScriptAlias \/cgi-bin\/ "\/usr\/scripts"$/, + /^ ScriptAlias \/cgi-bin "\/usr\/scripts"$/, ], }, { @@ -1179,6 +1179,17 @@ end end + describe 'when action is specified specified' do + let :params do default_params.merge({ + :action => 'php-fastcgi', + }) end + it 'should set Action' do + should contain_file("25-#{title}.conf").with_content( + /^ Action php-fastcgi \/cgi-bin virtual$/ + ) + end + end + describe 'when suphp_engine is on and suphp_configpath is specified' do let :params do default_params.merge({ :suphp_engine => 'on', diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 0eb69b0096..673ea0c2bd 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -44,6 +44,7 @@ <% elsif @access_log -%> CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <% end -%> +<%= scope.function_template(['apache/vhost/_action.erb']) -%> <%= scope.function_template(['apache/vhost/_block.erb']) -%> <%= scope.function_template(['apache/vhost/_error_document.erb']) -%> <%= scope.function_template(['apache/vhost/_proxy.erb']) -%> diff --git a/templates/vhost/_action.erb b/templates/vhost/_action.erb new file mode 100644 index 0000000000..8a02290595 --- /dev/null +++ b/templates/vhost/_action.erb @@ -0,0 +1,4 @@ +<% if @action -%> + + Action <%= @action %> /cgi-bin virtual +<% end -%> diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb index 5a757f6170..bb4f6b316e 100644 --- a/templates/vhost/_scriptalias.erb +++ b/templates/vhost/_scriptalias.erb @@ -10,7 +10,7 @@ ## Script alias directives <%# Combine scriptalais and scriptaliases into a single data structure -%> <%# for backward compatibility and ease of implementation -%> -<%- aliases << { 'alias' => '/cgi-bin/', 'path' => @scriptalias } if @scriptalias -%> +<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%> <%- aliases.flatten.compact! -%> <%- aliases.each do |salias| -%> <%- if salias["path"] != '' -%> From c39c04dbf8fce9531f2a8090d34ee7406bb73fb7 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Sun, 2 Mar 2014 09:12:57 -0800 Subject: [PATCH 0170/2267] Cleans up first entry formatting in changelog Somehow I just totally missed that the very first changelog entry wasn't formatted at all. --- CHANGELOG.md | 66 ++++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ddeed5285e..2c7ee39e77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -187,36 +187,36 @@ worker/prefork - Fix formatting in vhost template - Fix spec tests such that they pass - 2012-05-08 Puppet Labs - 0.0.4 - e62e362 Fix broken tests for ssl, vhost, vhost::* - 42c6363 Changes to match style guide and pass puppet-lint without error - 42bc8ba changed name => path for file resources in order to name namevar by it's name - 72e13de One end too much - 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc. - 273f94d fix tests - a35ede5 (#13860) Make a2enmod/a2dismo commands optional - 98d774e (#13860) Autorequire Package['httpd'] - 05fcec5 (#13073) Add missing puppet spec tests - 541afda (#6899) Remove virtual a2mod definition - 976cb69 (#13072) Move mod python and wsgi package names to params - 323915a (#13060) Add .gitignore to repo - fdf40af (#13060) Remove pkg directory from source tree - fd90015 Add LICENSE file and update the ModuleFile - d3d0d23 Re-enable local php class - d7516c7 Make management of firewalls configurable for vhosts - 60f83ba Explicitly lookup scope of apache_name in templates. - f4d287f (#12581) Add explicit ordering for vdir directory - 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall - a776a8b (#11071) Fix to work with latest firewall module - 2b79e8b (#11070) Add support for Scientific Linux - 405b3e9 Fix for a2mod - 57b9048 Commit apache::vhost::redirect Manifest - 8862d01 Commit apache::vhost::proxy Manifest - d5c1fd0 Commit apache::mod::wsgi Manifest - a825ac7 Commit apache::mod::python Manifest - b77062f Commit Templates - 9a51b4a Vhost File Declarations - 6cf7312 Defaults for Parameters - 6a5b11a Ensure installed - f672e46 a2mod fix - 8a56ee9 add pthon support to apache +##2012-05-08 Puppet Labs - 0.0.4 +* e62e362 Fix broken tests for ssl, vhost, vhost::* +* 42c6363 Changes to match style guide and pass puppet-lint without error +* 42bc8ba changed name => path for file resources in order to name namevar by it's name +* 72e13de One end too much +* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc. +* 273f94d fix tests +* a35ede5 (#13860) Make a2enmod/a2dismo commands optional +* 98d774e (#13860) Autorequire Package['httpd'] +* 05fcec5 (#13073) Add missing puppet spec tests +* 541afda (#6899) Remove virtual a2mod definition +* 976cb69 (#13072) Move mod python and wsgi package names to params +* 323915a (#13060) Add .gitignore to repo +* fdf40af (#13060) Remove pkg directory from source tree +* fd90015 Add LICENSE file and update the ModuleFile +* d3d0d23 Re-enable local php class +* d7516c7 Make management of firewalls configurable for vhosts +* 60f83ba Explicitly lookup scope of apache_name in templates. +* f4d287f (#12581) Add explicit ordering for vdir directory +* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall +* a776a8b (#11071) Fix to work with latest firewall module +* 2b79e8b (#11070) Add support for Scientific Linux +* 405b3e9 Fix for a2mod +* 57b9048 Commit apache::vhost::redirect Manifest +* 8862d01 Commit apache::vhost::proxy Manifest +* d5c1fd0 Commit apache::mod::wsgi Manifest +* a825ac7 Commit apache::mod::python Manifest +* b77062f Commit Templates +* 9a51b4a Vhost File Declarations +* 6cf7312 Defaults for Parameters +* 6a5b11a Ensure installed +* f672e46 a2mod fix +* 8a56ee9 add pthon support to apache \ No newline at end of file From b4153791317f895d64fcbe5bd4102156246548e7 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Mon, 3 Mar 2014 11:56:31 -0500 Subject: [PATCH 0171/2267] Add metadata for supported modules. --- metadata.json | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 metadata.json diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000000..2bfd442979 --- /dev/null +++ b/metadata.json @@ -0,0 +1,50 @@ +{ + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "5", + "6" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "5", + "6" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "5", + "6" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "5", + "6" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "10.04", + "12.04" + ] + } + ], + "requirements": [ + { "name": "pe", "version_requirement": "3.2.x" }, + { "name": "puppet", "version_requirement": "3.x" } + ] +} From eba8df9a630ddcdc68baa4fcbd84122e234eaad3 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Mon, 3 Mar 2014 19:14:26 +0000 Subject: [PATCH 0172/2267] Prepare supported module release 1.0.0. --- CHANGELOG.md | 15 +++++++++++++-- Modulefile | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c7ee39e77..74622ba84e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,21 @@ -## 2014-03-04 Supported Release 1.0.x +## 2014-03-04 Supported Release 1.0.0 ###Summary +This is a supported release. This release introduces Apache 2.4 support for +Debian and RHEL based osfamilies. + ####Features +- Add apache24 support +- Add rewrite_base functionality to rewrites +- Updated README documentation +- Add WSGIApplicationGroup and WSGIImportScript directives + ####Bugfixes +- Replace mutating hashes with merge() for Puppet 3.5 +- Fix WSGI import_script and mod_ssl issues on Lucid + ####Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. @@ -219,4 +230,4 @@ worker/prefork * 6cf7312 Defaults for Parameters * 6a5b11a Ensure installed * f672e46 a2mod fix -* 8a56ee9 add pthon support to apache \ No newline at end of file +* 8a56ee9 add pthon support to apache diff --git a/Modulefile b/Modulefile index 1a1db1427f..1bee8e4ce5 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '0.11.0' +version '1.0.0' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' From 67d284a05d39076faedd4897a529c148a82f33c8 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Mon, 3 Mar 2014 21:41:38 +0000 Subject: [PATCH 0173/2267] Add in missing fields to work around a Puppet bug. --- metadata.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 2bfd442979..e5a6ae0eb3 100644 --- a/metadata.json +++ b/metadata.json @@ -1,4 +1,11 @@ { + "name": "puppetlabs-apache", + "version": "1.0.0", + "source": "https://github.com/puppetlabs/puppetlabs-apache", + "author": "Puppet Labs", + "license": "Apache-2.0", + "project_page": "https://github.com/puppetlabs/puppetlabs-apache", + "summary": "Puppet module for Apache", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -46,5 +53,6 @@ "requirements": [ { "name": "pe", "version_requirement": "3.2.x" }, { "name": "puppet", "version_requirement": "3.x" } - ] + ], + "dependencies": [] } From efffa854f8ceed8c3b4094903df1619795eb5f95 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 4 Mar 2014 12:49:26 +0100 Subject: [PATCH 0174/2267] Include mod wsgi when wsgi_daemon_process is given --- manifests/vhost.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5d61b267a6..b6c75dc51e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -251,6 +251,10 @@ include ::apache::mod::vhost_alias } + if $wsgi_daemon_process { + include ::apache::mod::wsgi + } + # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources if ! defined(File[$docroot]) { From 2ec128f0f63e49c74ebb87a6b41cfc2bda637614 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Tue, 4 Mar 2014 16:26:54 +0000 Subject: [PATCH 0175/2267] Replace the symlink with the actual file to resolve a PMT issue. --- spec/acceptance/nodesets/default.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) mode change 120000 => 100644 spec/acceptance/nodesets/default.yml diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 120000 index 2719644a6e..0000000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1 +0,0 @@ -centos-64-x64.yml \ No newline at end of file diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000000..ce47212a8c --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-64-x64: + roles: + - master + platform: el-6-x86_64 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git From 701f7113c322332fc48efdf61d27b57d7df9b80e Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Tue, 4 Mar 2014 16:30:21 +0000 Subject: [PATCH 0176/2267] Prepare a 1.0.1 supported release. --- CHANGELOG.md | 13 +++++++++++++ Modulefile | 2 +- metadata.json | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74622ba84e..26e8d75d4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +## 2014-03-04 Supported Release 1.0.1 +###Summary + +This is a supported release. This release removes a testing symlink that can +cause trouble on systems where /var is on a seperate filesystem from the +modulepath. + +####Features +####Bugfixes +####Known Bugs +* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. +* SLES is unsupported. + ## 2014-03-04 Supported Release 1.0.0 ###Summary diff --git a/Modulefile b/Modulefile index 1bee8e4ce5..227947cbba 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '1.0.0' +version '1.0.1' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' diff --git a/metadata.json b/metadata.json index e5a6ae0eb3..58ef979304 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.0.0", + "version": "1.0.1", "source": "https://github.com/puppetlabs/puppetlabs-apache", "author": "Puppet Labs", "license": "Apache-2.0", From e00f2783288eeaaff90f37122cbd5a8675173c94 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 5 Mar 2014 09:04:29 -0800 Subject: [PATCH 0177/2267] Remove PE support for master --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index 58ef979304..26a14ae42a 100644 --- a/metadata.json +++ b/metadata.json @@ -51,7 +51,6 @@ } ], "requirements": [ - { "name": "pe", "version_requirement": "3.2.x" }, { "name": "puppet", "version_requirement": "3.x" } ], "dependencies": [] From 64fb41f85c17d9be74291f721c6d5e7f7acf5d14 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 5 Mar 2014 09:04:41 -0800 Subject: [PATCH 0178/2267] Remove travis autorelease --- .travis.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5efc64fa76..7269dd1390 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,9 +5,6 @@ branches: language: ruby bundler_args: --without development script: "bundle exec rake spec SPEC_OPTS='--format documentation'" -after_success: - - git clone -q git://github.com/puppetlabs/ghpublisher.git .forge-releng - - .forge-releng/publish rvm: - 1.8.7 - 1.9.3 @@ -17,12 +14,6 @@ env: - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - PUPPET_GEM_VERSION="~> 3.0" - global: - - PUBLISHER_LOGIN=puppetlabs - - secure: |- - MO4pB4bqBQJjm2yFHf3Mgho+y0Qv4GmMxTMhzI02tGy1V0HMtruZbR7EBN0i - n2CiR7V9V0mNR7/ymzDMF9yVBcgqyXMsp/C6u992Dd0U63ZwFpbRWkxuAeEY - ioupWBkiczjVEo+sxn+gVOnx28pcH/X8kDWbr6wFOMIjO03K66Y= matrix: fast_finish: true exclude: From 7d84d59d4e1dcbbcd6b56c482e473ee4fc574b18 Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Tue, 25 Feb 2014 17:14:28 -0500 Subject: [PATCH 0179/2267] Add support for mod_pagespeed --- README.md | 53 ++++++++++++++ manifests/mod/pagespeed.pp | 48 ++++++++++++ manifests/params.pp | 2 + spec/acceptance/mod_pagespeed_spec.rb | 85 ++++++++++++++++++++++ spec/classes/mod/pagespeed_spec.rb | 32 ++++++++ spec/spec_helper_acceptance.rb | 4 + templates/mod/pagespeed.conf.erb | 101 ++++++++++++++++++++++++++ 7 files changed, 325 insertions(+) create mode 100644 manifests/mod/pagespeed.pp create mode 100644 spec/acceptance/mod_pagespeed_spec.rb create mode 100644 spec/classes/mod/pagespeed_spec.rb create mode 100644 templates/mod/pagespeed.conf.erb diff --git a/README.md b/README.md index 3b072f8d7e..f71ee33e53 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::ssl](#class-apachemodssl) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Defined Type: apache::vhost](#defined-type-apachevhost) @@ -442,6 +443,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `mime_magic`* * `negotiation` * `nss`* +* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed) below) * `passenger`* * `perl` * `peruser` @@ -470,6 +472,57 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install and the module will not work without the template. Any module without a template will install the package but drop no files. +####Class: `apache::mod::pagespeed` + +Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth. + +This module does *not* manage the software repositories needed to automatically install the +mod-pagespeed-stable package. The module does however require that the package be installed, +or be installable using the system's default package provider. You should ensure that this +pre-requisite is met or declaring `apache::mod::pagespeed` will cause the puppet run to fail. + +These are the defaults: + +```puppet + class { 'apache::mod::pagespeed': + inherit_vhost_config => 'on', + filter_xhtml => false, + cache_path => '/var/cache/mod_pagespeed/', + log_dir => '/var/log/pagespeed', + memache_servers => [], + rewrite_level => 'CoreFilters', + disable_filters => [], + enable_filters => [], + forbid_filters => [], + rewrite_deadline_per_flush_ms => 10, + additional_domains => undef, + file_cache_size_kb => 102400, + file_cache_clean_interval_ms => 3600000, + lru_cache_per_process => 1024, + lru_cache_byte_limit => 16384, + css_flatten_max_bytes => 2048, + css_inline_max_bytes => 2048, + css_image_inline_max_bytes => 2048, + image_inline_max_bytes => 2048, + js_inline_max_bytes => 2048, + css_outline_min_bytes => 3000, + js_outline_min_bytes => 3000, + inode_limit => 500000, + image_max_rewrites_at_once => 8, + num_rewrite_threads => 4, + num_expensive_rewrite_threads => 4, + collect_statistics => 'on', + statistics_logging => 'on', + allow_view_stats => [], + allow_pagespeed_console => [], + allow_pagespeed_message => [], + message_buffer_size => 100000, + additional_configuration => { } + } +``` + +Full documentation for mod_pagespeed is available from [Google](http://modpagespeed.com). + ####Class: `apache::mod::ssl` Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp new file mode 100644 index 0000000000..d58f99fe2e --- /dev/null +++ b/manifests/mod/pagespeed.pp @@ -0,0 +1,48 @@ +class apache::mod::pagespeed ( + $inherit_vhost_config = 'on', + $filter_xhtml = false, + $cache_path = '/var/cache/mod_pagespeed/', + $log_dir = '/var/log/pagespeed', + $memache_servers = [], + $rewrite_level = 'CoreFilters', + $disable_filters = [], + $enable_filters = [], + $forbid_filters = [], + $rewrite_deadline_per_flush_ms = 10, + $additional_domains = undef, + $file_cache_size_kb = 102400, + $file_cache_clean_interval_ms = 3600000, + $lru_cache_per_process = 1024, + $lru_cache_byte_limit = 16384, + $css_flatten_max_bytes = 2048, + $css_inline_max_bytes = 2048, + $css_image_inline_max_bytes = 2048, + $image_inline_max_bytes = 2048, + $js_inline_max_bytes = 2048, + $css_outline_min_bytes = 3000, + $js_outline_min_bytes = 3000, + $inode_limit = 500000, + $image_max_rewrites_at_once = 8, + $num_rewrite_threads = 4, + $num_expensive_rewrite_threads = 4, + $collect_statistics = 'on', + $statistics_logging = 'on', + $allow_view_stats = [], + $allow_pagespeed_console = [], + $allow_pagespeed_message = [], + $message_buffer_size = 100000, + $additional_configuration = {}, +){ + + apache::mod { 'pagespeed': } + + file { 'pagespeed.conf': + ensure => file, + path => "${::apache::mod_dir}/pagespeed.conf", + content => template('apache/mod/pagespeed.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 04c3b65fe5..33c4927945 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -61,6 +61,7 @@ 'authnz_ldap' => 'mod_authz_ldap', 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', + 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', 'php5' => $distrelease ? { @@ -123,6 +124,7 @@ 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', 'php5' => 'libapache2-mod-php5', diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb new file mode 100644 index 0000000000..de59a347c1 --- /dev/null +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -0,0 +1,85 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::pagespeed class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + vhost_dir = '/etc/apache2/sites-enabled' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + vhost_dir = '/etc/httpd/conf.d' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + vhost_dir = '/usr/local/etc/apache22/Vhosts' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + end + + context "default pagespeed config" do + it 'succeeds in puppeting pagespeed' do + pp= <<-EOS + if $::osfamily == 'Debian' { + class { 'apt': } + + apt::source { 'mod-pagespeed': + key => '7FAC5991', + key_server => 'pgp.mit.edu', + location => 'http://dl.google.com/linux/mod-pagespeed/deb/', + release => 'stable', + repos => 'main', + include_src => false, + before => Class['apache'], + } + } elsif $::osfamily == 'RedHat' { + yumrepo { 'mod-pagespeed': + baseurl => 'http://dl.google.com/linux/mod-pagespeed/rpm/stable/x86_64', + enabled => 1, + gpgcheck => 1, + gpgkey => 'https://dl-ssl.google.com/linux/linux_signing_key.pub', + before => Class['apache'], + } + } + + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::pagespeed': + enable_filters => ['remove_comments'], + disable_filters => ['extend_cache'], + forbid_filters => ['rewrite_javascript'], + } + apache::vhost { 'pagespeed.example.com': + port => '80', + docroot => '/var/www/pagespeed', + } + host { 'pagespeed.example.com': ip => '127.0.0.1', } + file { '/var/www/pagespeed/index.html': + ensure => file, + content => "\n\n\n

Hello World!

\n\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{mod_dir}/pagespeed.conf") do + it { should contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } + it { should contain "ModPagespeedEnableFilters remove_comments" } + it { should contain "ModPagespeedDisableFilters extend_cache" } + it { should contain "ModPagespeedForbidFilters rewrite_javascript" } + end + + it 'should answer to pagespeed.example.com and include and be stripped of comments by mod_pagespeed' do + shell("/usr/bin/curl pagespeed.example.com:80") do |r| + r.stdout.should =~ // + r.stdout.should_not =~ // + r.exit_code.should == 0 + end + end + end +end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb new file mode 100644 index 0000000000..7480a2b52f --- /dev/null +++ b/spec/classes/mod/pagespeed_spec.rb @@ -0,0 +1,32 @@ +describe 'apache::mod::pagespeed', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_class("apache::params") } + it { should contain_apache__mod('pagespeed') } + it { should contain_package("mod-pagespeed-stable") } + it { should contain_file('pagespeed.conf') } + end + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_class("apache::params") } + it { should contain_apache__mod('pagespeed') } + it { should contain_package("mod-pagespeed-stable") } + it { should contain_file('pagespeed.conf') } + end +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 8e4115128d..370de46c0d 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -34,6 +34,10 @@ if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } end + # Required for manifest to make mod_pagespeed repository available + if fact('osfamily') == 'Debian' + on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] } + end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } end diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb new file mode 100644 index 0000000000..3bbf7f29b4 --- /dev/null +++ b/templates/mod/pagespeed.conf.erb @@ -0,0 +1,101 @@ +ModPagespeed on + +ModPagespeedInheritVHostConfig <%= @inherit_vhost_config %> +AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html +<% if @filter_xhtml -%> +AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml +<% end -%> +ModPagespeedFileCachePath "<%= @cache_path %>" +ModPagespeedLogDir "<%= @log_dir %>" + +<% @memache_servers.each do |server| -%> +ModPagespeedMemcachedServers <%= server -%> +<% end -%> + +ModPagespeedRewriteLevel <%= @rewrite_level -%> + +<% @disable_filters.each do |filter| -%> +ModPagespeedDisableFilters <%= filter -%> +<% end -%> + +<% @enable_filters.each do |filter| -%> +ModPagespeedEnableFilters <%= filter -%> +<% end -%> + +<% @forbid_filters.each do |filter| -%> +ModPagespeedForbidFilters <%= filter -%> +<% end -%> + +ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %> + +<% if @additional_domains -%> +ModPagespeedDomain <%= @additional_domains -%> +<% end -%> + +ModPagespeedFileCacheSizeKb <%= @file_cache_size_kb %> +ModPagespeedFileCacheCleanIntervalMs <%= @file_cache_clean_interval_ms %> +ModPagespeedLRUCacheKbPerProcess <%= @lru_cache_per_process %> +ModPagespeedLRUCacheByteLimit <%= @lru_cache_byte_limit %> +ModPagespeedCssFlattenMaxBytes <%= @css_flatten_max_bytes %> +ModPagespeedCssInlineMaxBytes <%= @css_inline_max_bytes %> +ModPagespeedCssImageInlineMaxBytes <%= @css_image_inline_max_bytes %> +ModPagespeedImageInlineMaxBytes <%= @image_inline_max_bytes %> +ModPagespeedJsInlineMaxBytes <%= @js_inline_max_bytes %> +ModPagespeedCssOutlineMinBytes <%= @css_outline_min_bytes %> +ModPagespeedJsOutlineMinBytes <%= @js_outline_min_bytes %> + + +ModPagespeedFileCacheInodeLimit <%= @inode_limit %> +ModPagespeedImageMaxRewritesAtOnce <%= @image_max_rewrites_at_once %> + +ModPagespeedNumRewriteThreads <%= @num_rewrite_threads %> +ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %> + +ModPagespeedStatistics <%= @collect_statistics %> + + + Order allow,deny + # You may insert other "Allow from" lines to add hosts you want to + # allow to look at generated statistics. Another possibility is + # to comment out the "Order" and "Allow" options from the config + # file, to allow any client that can reach your server to examine + # statistics. This might be appropriate in an experimental setup or + # if the Apache server is protected by a reverse proxy that will + # filter URLs in some fashion. + Allow from localhost + Allow from 127.0.0.1 + Allow from ::1 + <% @allow_view_stats.each do |host| -%> + Allow from <%= host %> + <% end -%> + SetHandler mod_pagespeed_statistics + + +ModPagespeedStatisticsLogging <%= @statistics_logging %> + + Order allow,deny + Allow from localhost + Allow from 127.0.0.1 + Allow from ::1 + <% @allow_pagespeed_console.each do |host| -%> + Allow from <%= host %> + <% end -%> + SetHandler pagespeed_console + + +ModPagespeedMessageBufferSize <%= @message_buffer_size %> + + + Order allow,deny + Allow from localhost + Allow from 127.0.0.1 + Allow from ::1 + <% @allow_pagespeed_message.each do |host| -%> + Allow from <%= host %> + <% end -%> + SetHandler mod_pagespeed_message + + +<% @additional_configuration.each_pair do |key, value| -%> +<%= key %> <%= value %> +<% end -%> From 094000e0b63b66a2eabc92986b77df9b5e38c96e Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Mon, 10 Mar 2014 12:03:58 +0100 Subject: [PATCH 0180/2267] lint fixes --- manifests/params.pp | 2 +- manifests/version.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 04c3b65fe5..fbb53c0ae4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -63,7 +63,7 @@ 'fcgid' => 'mod_fcgid', 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', - 'php5' => $distrelease ? { + 'php5' => $::apache::version::distrelease ? { '5' => 'php53', default => 'php', }, diff --git a/manifests/version.pp b/manifests/version.pp index 581fdde6fe..70fe919b6e 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -9,7 +9,7 @@ if ! $distrelease { fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") } - + case $::osfamily { 'RedHat': { if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { From 391bd5b54d9eabc443fd1c3fe8c3c9baca6340e0 Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Mon, 10 Mar 2014 11:52:09 +0100 Subject: [PATCH 0181/2267] Apache version in Ubuntu 13.10 is 2.4 Fix incorrect distrelease comparison --- manifests/version.pp | 2 +- spec/classes/apache_spec.rb | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index 581fdde6fe..f3cec42594 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -19,7 +19,7 @@ } } 'Debian': { - if $::operatingsystem == 'Ubuntu' and $distrelease >= 13.10 { + if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { $default = 2.4 } else { $default = 2.2 diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 1a9a58d1b8..b437928973 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -140,6 +140,39 @@ it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } end end + + context "on Ubuntu" do + let :facts do + super().merge({ + :operatingsystem => 'Ubuntu' + }) + end + + context "13.10" do + let :facts do + super().merge({ + :operatingsystemrelease => '13.10' + }) + end + it { should contain_class('apache').with_apache_version('2.4') } + end + context "12.04" do + let :facts do + super().merge({ + :operatingsystemrelease => '12.04' + }) + end + it { should contain_class('apache').with_apache_version('2.2') } + end + context "13.04" do + let :facts do + super().merge({ + :operatingsystemrelease => '13.04' + }) + end + it { should contain_class('apache').with_apache_version('2.2') } + end + end end context "on a RedHat 5 OS" do let :facts do From ac167f3881fb8af632afc36c69a69c75db4d360b Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Mon, 10 Mar 2014 14:03:35 +0100 Subject: [PATCH 0182/2267] actions module is not included by default in Debian/Ubuntu Fix acceptance tests --- spec/acceptance/vhost_spec.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index dc759dbf62..a2fa419407 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -688,10 +688,11 @@ class { 'apache': service_ensure => stopped, } class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': - docroot => '/tmp', - action => 'php-fastcgi', + docroot => '/tmp', + action => 'php-fastcgi', } EOS + pp = pp + "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian' apply_manifest(pp, :catch_failures => true) end From df5df926b6adfd7dcdb2923bda932f2a3011fafe Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Tue, 18 Feb 2014 12:29:49 +0100 Subject: [PATCH 0183/2267] apache::mod::mime does not compile due to wrong file dependency Update rspec-puppet and add compilation specs to catch these errors Add basic acceptance test for apache::mod::mime Fix too many backslashes in FreeBSD regex for APACHE_PORT --- Gemfile | 2 +- manifests/mod/mime.pp | 2 +- manifests/package.pp | 2 +- spec/acceptance/mod_mime_spec.rb | 34 +++++++++++++++++++++++++ spec/classes/mod/mime_spec.rb | 43 ++++++++++++++++++++++++++++++++ spec/spec_helper.rb | 8 ++++++ 6 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 spec/acceptance/mod_mime_spec.rb create mode 100644 spec/classes/mod/mime_spec.rb diff --git a/Gemfile b/Gemfile index dd87fe8cff..679e7d3efc 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-puppet', '>=1.0.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'serverspec', :require => false gem 'puppet-lint', :require => false diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index 8348a06ad3..ccdb5d4b3c 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -15,7 +15,7 @@ if $mime_support_package { package { $mime_support_package: ensure => 'installed', - before => File["${::apache::mod_dir}/mime.conf"], + before => File['mime.conf'], } } } diff --git a/manifests/package.pp b/manifests/package.pp index c5ef315366..b86167a397 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -26,7 +26,7 @@ ensure => $ensure, path => '/etc/make.conf', line => "APACHE_PORT=${apache_package}", - match => '^\\s*#?\\s*APACHE_PORT\\s*=\\s*', + match => '^\s*#?\s*APACHE_PORT\s*=\s*', before => Package['httpd'], } # remove other packages diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb new file mode 100644 index 0000000000..71a7037a62 --- /dev/null +++ b/spec/acceptance/mod_mime_spec.rb @@ -0,0 +1,34 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::mime class' do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + end + + context "default mime config" do + it 'succeeds in puppeting mime' do + pp= <<-EOS + class { 'apache': } + include apache::mod::mime + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{mod_dir}/mime.conf") do + it { should contain "AddType application/x-compress .Z" } + end + end +end diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb new file mode 100644 index 0000000000..835a5a9004 --- /dev/null +++ b/spec/classes/mod/mime_spec.rb @@ -0,0 +1,43 @@ +require 'spec_helper' + +# This function is called inside the OS specific conte, :compilexts +def general_mime_specs + it { should contain_apache__mod("mime") } +end + +describe 'apache::mod::mime', :type => :class do + let :pre_condition do + 'include apache' + end + + context "On a Debian OS with default params", :compile do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + general_mime_specs() + + it { should contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') } + + end + + context "on a RedHat OS with default params", :compile do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + general_mime_specs() + + it { should contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") } + + end + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2c6f56649a..f880d274d8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1 +1,9 @@ require 'puppetlabs_spec_helper/module_spec_helper' + +RSpec.configure do |c| + c.treat_symbols_as_metadata_keys_with_true_values = true +end + +shared_examples :compile, :compile => true do + it { should compile.with_all_deps } +end From 59600890fa372be4ba459882cac4214cbcc446fe Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Sat, 8 Mar 2014 19:26:13 +0100 Subject: [PATCH 0184/2267] Bad dependency to .load files in apache::mod Fixes error "expected that the catalogue would include File[/etc/apache2/mods-available/proxy_html.load]" Add compilation specs --- manifests/mod.pp | 4 ++-- spec/classes/mod/auth_kerb_spec.rb | 6 +++--- spec/classes/mod/proxy_html_spec.rb | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 8be99afd00..318012680a 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -53,10 +53,10 @@ # the module gets installed. $package_before = $::osfamily ? { 'freebsd' => [ - File["${mod_dir}/${mod}.load"], + File["${mod}.load"], File["${::apache::params::conf_dir}/${::apache::params::conf_file}"] ], - default => File["${mod_dir}/${mod}.load"], + default => File["${mod}.load"], } # $_package may be an array package { $_package: diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 71c2349c39..670270d228 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -2,7 +2,7 @@ let :pre_condition do 'include apache' end - context "on a Debian OS" do + context "on a Debian OS", :compile do let :facts do { :osfamily => 'Debian', @@ -14,7 +14,7 @@ it { should contain_apache__mod("auth_kerb") } it { should contain_package("libapache2-mod-auth-kerb") } end - context "on a RedHat OS" do + context "on a RedHat OS", :compile do let :facts do { :osfamily => 'RedHat', @@ -26,7 +26,7 @@ it { should contain_apache__mod("auth_kerb") } it { should contain_package("mod_auth_kerb") } end - context "on a FreeBSD OS" do + context "on a FreeBSD OS", :compile do let :facts do { :osfamily => 'FreeBSD', diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 90be60b0fe..5ae11f6d06 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -6,7 +6,7 @@ 'include apache::mod::proxy_http', ] end - context "on a Debian OS" do + context "on a Debian OS", :compile do let :facts do { :osfamily => 'Debian', @@ -18,7 +18,7 @@ it { should contain_apache__mod('proxy_html') } it { should contain_package("libapache2-mod-proxy-html") } end - context "on a RedHat OS" do + context "on a RedHat OS", :compile do let :facts do { :osfamily => 'RedHat', @@ -30,7 +30,7 @@ it { should contain_apache__mod('proxy_html') } it { should contain_package("mod_proxy_html") } end - context "on a FreeBSD OS" do + context "on a FreeBSD OS", :compile do let :facts do { :osfamily => 'FreeBSD', From eee54e962a8c3039427e78984d6e1f7d49972376 Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Sun, 9 Mar 2014 12:23:00 +0100 Subject: [PATCH 0185/2267] proxy_html needs to load libxml2 library before loading module in Debian Allow passing list of files to load before loading the module to apache::mod libxml2 path in i686 hardwaremodel is /usr/lib/i386-linux-gnu/libxml2.so.2 Add acceptance tests for proxy_html and debian 7.3 --- manifests/mod.pp | 3 +- manifests/mod/proxy_html.pp | 23 +++++++---- spec/acceptance/mod_proxy_html_spec.rb | 36 ++++++++++++++++++ spec/acceptance/nodesets/debian-73-i386.yml | 11 ++++++ spec/acceptance/nodesets/debian-73-x64.yml | 11 ++++++ spec/classes/mod/proxy_html_spec.rb | 42 ++++++++++++++++----- templates/mod/load.erb | 7 ++++ templates/mod/proxy_html.conf.erb | 6 --- 8 files changed, 115 insertions(+), 24 deletions(-) create mode 100644 spec/acceptance/mod_proxy_html_spec.rb create mode 100644 spec/acceptance/nodesets/debian-73-i386.yml create mode 100644 spec/acceptance/nodesets/debian-73-x64.yml create mode 100644 templates/mod/load.erb diff --git a/manifests/mod.pp b/manifests/mod.pp index 318012680a..9d65bd91f1 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -5,6 +5,7 @@ $lib_path = $::apache::params::lib_path, $id = undef, $path = undef, + $loadfiles = undef, ) { if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -72,7 +73,7 @@ owner => 'root', group => $::apache::params::root_group, mode => '0644', - content => "LoadModule ${_id} ${_path}\n", + content => template('apache/mod/load.erb'), require => [ Package['httpd'], Exec["mkdir ${mod_dir}"], diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 91d7bd3c8f..a30c328c90 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -1,21 +1,28 @@ class apache::mod::proxy_html { Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html'] Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html'] - ::apache::mod { 'proxy_html': } + + # Add libxml2 case $::osfamily { - 'RedHat': { + /RedHat|FreeBSD/: { ::apache::mod { 'xml2enc': } } 'Debian': { - $proxy_html_loadfiles = $::apache::params::distrelease ? { - '6' => '/usr/lib/libxml2.so.2', - default => "/usr/lib/${::hardwaremodel}-linux-gnu/libxml2.so.2", + $gnu_path = $::hardwaremodel ? { + 'i686' => 'i386', + default => $::hardwaremodel, + } + $loadfiles = $::apache::params::distrelease ? { + '6' => ['/usr/lib/libxml2.so.2'], + default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"], } } - 'FreeBSD': { - ::apache::mod { 'xml2enc': } - } } + + ::apache::mod { 'proxy_html': + loadfiles => $loadfiles, + } + # Template uses $icons_path file { 'proxy_html.conf': ensure => file, diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb new file mode 100644 index 0000000000..ddfa66dd91 --- /dev/null +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -0,0 +1,36 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::proxy_html class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + service_name = 'apache2' + when 'RedHat' + service_name = 'httpd' + when 'FreeBSD' + service_name = 'apache22' + end + + context "default proxy_html config" do + if fact('osfamily') == 'RedHat' + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + + it 'succeeds in puppeting proxy_html' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::proxy': } + class { 'apache::mod::proxy_http': } + class { 'apache::mod::proxy_html': } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end +end diff --git a/spec/acceptance/nodesets/debian-73-i386.yml b/spec/acceptance/nodesets/debian-73-i386.yml new file mode 100644 index 0000000000..a38902d897 --- /dev/null +++ b/spec/acceptance/nodesets/debian-73-i386.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-73-i386: + roles: + - master + platform: debian-7-i386 + box : debian-73-i386-virtualbox-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-i386-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/nodesets/debian-73-x64.yml b/spec/acceptance/nodesets/debian-73-x64.yml new file mode 100644 index 0000000000..f9cf0c9b8a --- /dev/null +++ b/spec/acceptance/nodesets/debian-73-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-73-x64: + roles: + - master + platform: debian-7-amd64 + box : debian-73-x64-virtualbox-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 5ae11f6d06..000a24e2f9 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -6,17 +6,41 @@ 'include apache::mod::proxy_http', ] end - context "on a Debian OS", :compile do + context "on a Debian OS" do + shared_examples "debian" do |loadfiles| + it { should contain_class("apache::params") } + it { should contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) } + it { should contain_package("libapache2-mod-proxy-html") } + end let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', + :osfamily => 'Debian', + :concat_basedir => '/dne', + :architecture => 'i386' } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html') } - it { should contain_package("libapache2-mod-proxy-html") } + + context "on squeeze" do + let(:facts) { super().merge({ :operatingsystemrelease => '6' }) } + it_behaves_like "debian", ['/usr/lib/libxml2.so.2'] + end + context "on wheezy" do + let(:facts) { super().merge({ :operatingsystemrelease => '7' }) } + context "i386" do + let(:facts) { super().merge({ + :hardwaremodel => 'i686', + :architecture => 'i386' + })} + it_behaves_like "debian", ["/usr/lib/i386-linux-gnu/libxml2.so.2"] + end + context "x64" do + let(:facts) { super().merge({ + :hardwaremodel => 'x86_64', + :architecture => 'amd64' + })} + it_behaves_like "debian", ["/usr/lib/x86_64-linux-gnu/libxml2.so.2"] + end + end end context "on a RedHat OS", :compile do let :facts do @@ -27,7 +51,7 @@ } end it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html') } + it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } it { should contain_package("mod_proxy_html") } end context "on a FreeBSD OS", :compile do @@ -39,7 +63,7 @@ } end it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html') } + it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } it { should contain_package("www/mod_proxy_html") } end end diff --git a/templates/mod/load.erb b/templates/mod/load.erb new file mode 100644 index 0000000000..51f45edb21 --- /dev/null +++ b/templates/mod/load.erb @@ -0,0 +1,7 @@ +<% if @loadfiles -%> +<% Array(@loadfiles).each do |loadfile| -%> +LoadFile <%= loadfile %> +<% end -%> + +<% end -%> +LoadModule <%= @_id %> <%= @_path %> diff --git a/templates/mod/proxy_html.conf.erb b/templates/mod/proxy_html.conf.erb index 7f5898ef74..fea15f393f 100644 --- a/templates/mod/proxy_html.conf.erb +++ b/templates/mod/proxy_html.conf.erb @@ -1,9 +1,3 @@ -<% if @proxy_html_loadfiles -%> -<% Array(@proxy_html_loadfiles).each do |loadfile| -%> -LoadFile <%= loadfile %> -<% end -%> - -<% end -%> ProxyHTMLLinks a href ProxyHTMLLinks area href ProxyHTMLLinks link href From eabdb5056fa65a0670905d23c8380dcc28d4fc9d Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Sun, 9 Mar 2014 17:00:21 +0100 Subject: [PATCH 0186/2267] Add a CentOS 6.5 beaker node --- spec/acceptance/nodesets/centos-65-x64.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 spec/acceptance/nodesets/centos-65-x64.yml diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml new file mode 100644 index 0000000000..89de021346 --- /dev/null +++ b/spec/acceptance/nodesets/centos-65-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-65-x64: + roles: + - master + platform: el-6-x86_65 + box : centos-65-x64-virtualbox-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + log_level: debug + type: git From 43c175f58d3089846a540d4154431303cf7421e7 Mon Sep 17 00:00:00 2001 From: Niek Beernink Date: Mon, 17 Mar 2014 15:15:23 +0100 Subject: [PATCH 0187/2267] Add extra parameters to mod::php --- manifests/mod/php.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index ace596d42d..ed9b008b30 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -1,11 +1,15 @@ class apache::mod::php ( + $package = undef, $package_ensure = 'present', + $path = undef, ) { if ! defined(Class['apache::mod::prefork']) { fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') } ::apache::mod { 'php5': + package => $package, package_ensure => $package_ensure, + path => $path, } include ::apache::mod::mime From 98f21a076fc0d20c71537a708e140faeaf4995b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Tue, 18 Mar 2014 14:37:16 +0100 Subject: [PATCH 0188/2267] fix missing ensure on concat::fragment resources --- manifests/balancer.pp | 3 +++ manifests/balancermember.pp | 1 + manifests/init.pp | 1 + manifests/listen.pp | 1 + manifests/namevirtualhost.pp | 1 + 5 files changed, 7 insertions(+) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 30887823b6..ac2bc88e44 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -55,6 +55,7 @@ } concat::fragment { "00-${name}-header": + ensure => present, target => $target, order => '01', content => "\n", @@ -67,12 +68,14 @@ # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": + ensure => present, target => $target, order => '19', content => inline_template("<% proxy_set.each do |key, value| %> Proxyset <%= key %>=<%= value %>\n<% end %>"), } concat::fragment { "01-${name}-footer": + ensure => present, target => $target, order => '20', content => "\n", diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index c48cb1ebbf..121e2c5533 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -46,6 +46,7 @@ ) { concat::fragment { "BalancerMember ${url}": + ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } diff --git a/manifests/init.pp b/manifests/init.pp index 7f2565cf98..6287ff8580 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -212,6 +212,7 @@ require => Package['httpd'], } concat::fragment { 'Apache ports header': + ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } diff --git a/manifests/listen.pp b/manifests/listen.pp index 503ee8860b..e6a8a3c767 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,6 +3,7 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/listen.erb'), } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index 4fa8795185..f8c3a80d85 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,6 +3,7 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } From 3b6a46faea0728b89732e8d59bfb9a6087793c5a Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Sun, 23 Mar 2014 10:33:50 -0400 Subject: [PATCH 0189/2267] fix missing comma in sample config there was a missing comma in the sample to handle redirect from http to https site, making it invalid puppet syntax. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f71ee33e53..d4a454c685 100644 --- a/README.md +++ b/README.md @@ -1555,7 +1555,7 @@ Configure a vhost to redirect non-SSL connections to SSL servername => 'sixteenth.example.com', port => '80', docroot => '/var/www/sixteenth', - redirect_status => 'permanent' + redirect_status => 'permanent', redirect_dest => 'https://sixteenth.example.com/' } apache::vhost { 'sixteenth.example.com ssl': From af13807b8e528ecc8e379213a19ceb9056d51d86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 19 Mar 2014 10:24:47 +0100 Subject: [PATCH 0190/2267] Allow extending LogFormats by passing a hash of additional LogFormats, we can extend the existing definitions. --- README.md | 8 ++++++++ manifests/init.pp | 1 + spec/acceptance/apache_parameters_spec.rb | 23 +++++++++++++++++++++++ spec/classes/apache_spec.rb | 14 ++++++++++++++ templates/httpd.conf.erb | 5 +++++ 5 files changed, 51 insertions(+) diff --git a/README.md b/README.md index d4a454c685..4bbda2952d 100644 --- a/README.md +++ b/README.md @@ -309,6 +309,14 @@ Sets the amount of time the server will wait for subsequent requests on a persis Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. +#####`log_formats` + +Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat). This is done in a Hash: + +```puppet + $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } +``` + #####`logroot` Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD. diff --git a/manifests/init.pp b/manifests/init.pp index 6287ff8580..cabeee4c0e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -51,6 +51,7 @@ $keepalive_timeout = $::apache::params::keepalive_timeout, $logroot = $::apache::params::logroot, $log_level = $::apache::params::log_level, + $log_formats = {}, $ports_file = $::apache::params::ports_file, $apache_version = $::apache::version::default, $server_tokens = 'OS', diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index eeae55d45e..90134be144 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -286,6 +286,29 @@ class { 'apache': end end + describe 'logformats' do + describe 'setup' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': + { log_formats => { + 'vhost_common' => '%v %h %l %u %t \"%r\" %>s %b', + 'vhost_combined' => '%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"', + } + } + EOS + apply_manifest(pp, :catch_failures => true) + end + end + + describe file($conf_file) do + it { should be_file } + it { should contain 'LogFormat %v %h %l %u %t \"%r\" %>s %b" vhost_common' } + it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } + end + end + + describe 'keepalive' do describe 'setup' do it 'applies cleanly' do diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index b437928973..6e0b705333 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -141,6 +141,20 @@ end end + describe "Add extra LogFormats" do + context "When parameter log_formats is a hash" do + let :params do + { :log_formats => { + 'vhost_common' => "%v %h %l %u %t \"%r\" %>s %b", + 'vhost_combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + } } + end + + it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } + it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + end + end + context "on Ubuntu" do let :facts do super().merge({ diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 66b70836bb..43b32bda2c 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -55,6 +55,11 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combine LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent +<% if @log_formats and !@log_formats.empty? -%> + <%- @log_formats.each do |nickname,format| -%> +LogFormat "<%= format -%>" <%= nickname %> + <%- end -%> +<% end -%> <%- if @apache_version >= '2.4' -%> IncludeOptional "<%= @confd_dir %>/*.conf" From 0bb362ad68797816ac0b01e58286dc5e149d26e1 Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Tue, 25 Mar 2014 08:45:05 -0700 Subject: [PATCH 0191/2267] Fixed travis by updating Gemfile to pin Rake to 10.1.1 The latest Rake update requires Ruby >= 1.9. This update fixes the failing 1.8.7 tests by pinning Rake to the last supported version on ruby 1.8.7. --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 679e7d3efc..0ad4ddffca 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'rake', :require => false + gem 'rake', '10.1.1', :require => false gem 'rspec-puppet', '>=1.0.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'serverspec', :require => false From fd3ebd143b6c5b84528013245afb305e6946c286 Mon Sep 17 00:00:00 2001 From: Niek Beernink Date: Tue, 25 Mar 2014 17:19:11 +0100 Subject: [PATCH 0192/2267] rename package param, add tests and documentation --- README.md | 13 +++++++++++++ manifests/mod/php.pp | 4 ++-- spec/classes/mod/php_spec.rb | 18 ++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f71ee33e53..1804fe5971 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) + * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Defined Type: apache::vhost](#defined-type-apachevhost) @@ -523,6 +524,18 @@ These are the defaults: Full documentation for mod_pagespeed is available from [Google](http://modpagespeed.com). +####Class: `apache::mod::php` + +Installs and configures mod_php. The defaults are OS-dependant. + +Overriding the package name: +``` + class {'::apache::mod::php': + package_name => "php54-php", + path => "${::apache::params::lib_path}/libphp54-php5.so", + } +``` + ####Class: `apache::mod::ssl` Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index ed9b008b30..8c1b94d6bb 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -1,5 +1,5 @@ class apache::mod::php ( - $package = undef, + $package_name = undef, $package_ensure = 'present', $path = undef, ) { @@ -7,7 +7,7 @@ fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') } ::apache::mod { 'php5': - package => $package, + package => $package_name, package_ensure => $package_ensure, path => $path, } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 57708a398c..29adc870f4 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -46,6 +46,24 @@ :content => "LoadModule php5_module modules/libphp5.so\n" ) } end + context "with alternative package name" do let :pre_condition do + 'class { "apache": }' + end + let :params do + { :package_name => 'php54'} + end + it { should contain_package("php54") } + end + context "with alternative path" do let :pre_condition do + 'class { "apache": }' + end + let :params do + { :path => 'alternative-path'} + end + it { should contain_file("php5.load").with( + :content => "LoadModule php5_module alternative-path\n" + ) } + end context "with specific version" do let :pre_condition do 'class { "apache": }' From 835b3422ee585c9503e61b5009d815c20a8a4787 Mon Sep 17 00:00:00 2001 From: Christian Kaenzig Date: Thu, 27 Mar 2014 15:09:01 +0100 Subject: [PATCH 0193/2267] Fix typo in service.pp doc --- manifests/service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/service.pp b/manifests/service.pp index b21a25f4b7..e958b1bc51 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -12,7 +12,7 @@ # Sample Usage: # # sometype { 'foo': -# notify => Class['apache::service], +# notify => Class['apache::service'], # } # # From d0883b92116939695217a72681c1a8b1c5cd85d8 Mon Sep 17 00:00:00 2001 From: jonoterc Date: Sat, 29 Mar 2014 02:56:06 -0400 Subject: [PATCH 0194/2267] Enable overriding mod-level parameters for apache::mod::passenger Apache::mod::passenger didn't accept/pass (optional) mod parameters through to apache::mod, so only auto-generated module parameters were used. Without this option, apache::mod::passenger could not be used in conjunction with passenger modules beyond those generated by the OS package system (in particular, modules compiled via passenger-install-apache2-module, which uses differing paths). This commit enables passing in all parameters used with "apache::mod", documented in the passenger README file. Modified default RedHat passenger parameters for cleaned-up installation (prior parameters worked with Apache, but broke passenger-* utilities, incl. passenger-status & passenger-root). Updated spec/class tests to verify mod-level parameters; also, updated RedHat tests to accomodate updated default parameters. Added spec/acceptance tests for passenger, verifying default installations for RedHat and Debian systems. RedHat installation test installs (required) EPEL and http://passenger.stealthymonkeys.com package repositories. --- .gitignore | 1 + README.passenger.md | 62 ++++++-- manifests/mod/passenger.pp | 38 ++++- manifests/params.pp | 8 +- spec/acceptance/mod_passenger_spec.rb | 213 ++++++++++++++++++++++++++ spec/classes/mod/passenger_spec.rb | 40 +++-- 6 files changed, 331 insertions(+), 31 deletions(-) create mode 100644 spec/acceptance/mod_passenger_spec.rb diff --git a/.gitignore b/.gitignore index e8f52b4451..f751a15d6e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,5 @@ vendor spec/fixtures .rspec_system .bundle +.vagrant .*sw* diff --git a/README.passenger.md b/README.passenger.md index cecacccc4f..1cc21202b8 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -2,7 +2,9 @@ Just enabling the Passenger module is insufficient for the use of Passenger in production. Passenger should be tunable to better fit the environment in which it is run while being aware of the resources it required. -To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris' parameter on the `apache::vhost` class, check `README.md`). +To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris` parameter on the `apache::vhost` class, check `README.md`). + +Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. # Parameters for `apache::mod::passenger` @@ -12,59 +14,99 @@ The following declarations are supported and can be passed to `apache::mod::pass class {'apache::mod::passenger': passenger_high_performance => 'on', rails_autodetect => 'off', + mod_lib_path => '/usr/lib/apache2/custom_modules', } ``` The general form is using the all lower case version of the declaration. -If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. +## Parameters used with passenger.conf + +If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. -## passenger_high_performance +### passenger_high_performance Default is `off`, when turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance -## passenger_max_pool_size +### passenger_max_pool_size Set's the maximum number of Passenger application processes that may simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt -## passenger_pool_idle_time +### passenger_pool_idle_time The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime -## passenger_max_requests +### passenger_max_requests The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests -## passenger_stat_throttle_rate +### passenger_stat_throttle_rate Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt -## rack_autodetect +### rack_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rack application. The default is `on` http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt -## rails_autodetect +### rails_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rails application. The default is on. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt -## passenger_use_global_queue +### passenger_use_global_queue Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. +## Parameters used to load the module + +Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. + +### mod_package + +Allows overriding the default package name used for the passenger module package. + +### mod_package_ensure + +Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. + +### mod_id + +Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. + +### mod_lib_path + +Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. + +### mod_lib + +Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. + +### mod_path + +Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. + +# Dependencies + +RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: + +* [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL) +* [Phusion Passenger](http://passenger.stealthymonkeys.com) + +Configuration of these repositories is beyond the scope of this module and is left to the user. + # Attribution The Passenger tuning parameters for the `apache::mod::puppet` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 6a7404daa0..b39ae2634e 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -11,15 +11,13 @@ $passenger_ruby = $::apache::params::passenger_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, + $mod_package = undef, + $mod_package_ensure = undef, + $mod_lib = undef, + $mod_lib_path = undef, + $mod_id = undef, + $mod_path = undef, ) { - if $::osfamily == 'FreeBSD' { - ::apache::mod { 'passenger': - lib_path => "${passenger_root}/buildout/apache2" - } - } else { - ::apache::mod { 'passenger': } - } - # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': @@ -27,6 +25,30 @@ } } + $_package = $mod_package + $_package_ensure = $mod_package_ensure + $_lib = $mod_lib + if $::osfamily == 'FreeBSD' { + if $mod_lib_path { + $_lib_path = $mod_lib_path + } else { + $_lib_path = "${passenger_root}/buildout/apache2" + } + } else { + $_lib_path = $mod_lib_path + } + + $_id = $mod_id + $_path = $mod_path + ::apache::mod { 'passenger': + package => $_package, + package_ensure => $_package_ensure, + lib => $_lib, + lib_path => $_lib_path, + id => $_id, + path => $_path, + } + # Template uses: # - $passenger_root # - $passenger_ruby diff --git a/manifests/params.pp b/manifests/params.pp index 43f3566aff..eaedc148e7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,10 +49,10 @@ $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' $default_ssl_key = '/etc/pki/tls/private/localhost.key' $ssl_certs_dir = '/etc/pki/tls/certs' - $passenger_conf_file = 'passenger_extra.conf' - $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + $passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19' + $passenger_ruby = '/usr/bin/ruby' $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb new file mode 100644 index 0000000000..7443b0e8b5 --- /dev/null +++ b/spec/acceptance/mod_passenger_spec.rb @@ -0,0 +1,213 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::passenger class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + service_name = 'apache2' + mod_dir = '/etc/apache2/mods-available/' + conf_file = "#{mod_dir}passenger.conf" + load_file = "#{mod_dir}passenger.load" + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so' + rackapp_user = 'www-data' + rackapp_group = 'www-data' + when 'RedHat' + service_name = 'httpd' + mod_dir = '/etc/httpd/conf.d/' + conf_file = "#{mod_dir}passenger.conf" + load_file = "#{mod_dir}passenger.load" + passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19' + passenger_ruby = '/usr/bin/ruby' + passenger_module_path = 'modules/mod_passenger.so' + rackapp_user = 'apache' + rackapp_group = 'apache' + end + + pp_rackapp = <<-EOS + /* a simple ruby rack 'hellow world' app */ + file { '/var/www/passenger': + ensure => directory, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + require => Class['apache::mod::passenger'], + } + file { '/var/www/passenger/config.ru': + ensure => file, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello world\\"]] }\\nrun app", + require => File['/var/www/passenger'] , + } + apache::vhost { 'passenger.example.com': + port => '80', + docroot => '/var/www/passenger/public', + docroot_group => '#{rackapp_group}' , + docroot_owner => '#{rackapp_user}' , + custom_fragment => "PassengerRuby #{passenger_ruby}\\nRailsEnv development" , + require => File['/var/www/passenger/config.ru'] , + } + host { 'passenger.example.com': ip => '127.0.0.1', } + EOS + + case fact('osfamily') + when 'Debian' + context "default passenger config" do + it 'succeeds in puppeting passenger' do + pp = <<-EOS + /* stock apache and mod_passenger */ + class { 'apache': } + class { 'apache::mod::passenger': } + #{pp_rackapp} + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file(conf_file) do + it { should contain "PassengerRoot \"#{passenger_root}\"" } + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + end + + describe file(load_file) do + it { should contain "LoadModule passenger_module #{passenger_module_path}" } + end + + it 'should output status via passenger-memory-stats' do + shell("sudo /usr/sbin/passenger-memory-stats") do |r| + r.stdout.should =~ /Apache processes/ + r.stdout.should =~ /Nginx processes/ + r.stdout.should =~ /Passenger processes/ + r.stdout.should =~ /### Processes: [0-9]+/ + r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + + r.exit_code.should == 0 + end + end + + # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, + # even when the passenger process is successfully installed and running + unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' + it 'should output status via passenger-status' do + # xml output not available on ubunutu <= 10.04, so sticking with default pool output + shell("sudo /usr/sbin/passenger-status") do |r| + # spacing may vary + r.stdout.should =~ /[\-]+ General information [\-]+/ + r.stdout.should =~ /max[ ]+= [0-9]+/ + r.stdout.should =~ /count[ ]+= [0-9]+/ + r.stdout.should =~ /active[ ]+= [0-9]+/ + r.stdout.should =~ /inactive[ ]+= [0-9]+/ + r.stdout.should =~ /Waiting on global queue: [0-9]+/ + + r.exit_code.should == 0 + end + end + end + + it 'should answer to passenger.example.com' do + shell("/usr/bin/curl passenger.example.com:80") do |r| + r.stdout.should =~ /^hello world<\/b>$/ + r.exit_code.should == 0 + end + end + + end + + when 'RedHat' + # no fedora 18 passenger package yet + unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) + + context "default passenger config" do + it 'succeeds in puppeting passenger' do + pp = <<-EOS + /* EPEL and passenger repositories */ + class { 'epel': } + exec { 'passenger.repo GPG key': + command => '/usr/bin/sudo /usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', + creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', + } + file { 'passenger.repo GPG key': + ensure => file, + path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', + require => Exec['passenger.repo GPG key'], + } + epel::rpm_gpg_key { 'passenger.stealthymonkeys.com': + path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', + require => [ + Class['epel'], + File['passenger.repo GPG key'], + ] + } + yumrepo { 'passenger': + baseurl => 'http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch' , + descr => 'Red Hat Enterprise $releasever - Phusion Passenger', + enabled => 1, + gpgcheck => 1, + gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', + mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors', + require => [ + Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'], + ], + } + /* apache and mod_passenger */ + class { 'apache': + require => [ + Class['epel'], + ], + } + class { 'apache::mod::passenger': + require => [ + Yumrepo['passenger'] + ], + } + #{pp_rackapp} + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file(conf_file) do + it { should contain "PassengerRoot \"#{passenger_root}\"" } + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + end + + describe file(load_file) do + it { should contain "LoadModule passenger_module #{passenger_module_path}" } + end + + # note: passenger-memory-stats is not installed on Redhat + + it 'should output status via passenger-status' do + shell("sudo /usr/bin/passenger-status") do |r| + # spacing may vary + r.stdout.should =~ /[\-]+ General information [\-]+/ + r.stdout.should =~ /max[ ]+= [0-9]+/ + r.stdout.should =~ /count[ ]+= [0-9]+/ + r.stdout.should =~ /active[ ]+= [0-9]+/ + r.stdout.should =~ /inactive[ ]+= [0-9]+/ + r.stdout.should =~ /Waiting on global queue: [0-9]+/ + + r.exit_code.should == 0 + end + end + + it 'should answer to passenger.example.com' do + shell("/usr/bin/curl passenger.example.com:80") do |r| + r.stdout.should =~ /^hello world<\/b>$/ + r.exit_code.should == 0 + end + end + end + + end + + end +end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 37177f477f..e65798a355 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -13,6 +13,9 @@ it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("libapache2-mod-passenger") } + it { should contain_file('passenger.load').with({ + 'path' => '/etc/apache2/mods-available/passenger.load', + }) } it { should contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } @@ -78,6 +81,30 @@ end it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue true$/) } end + describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do + let :params do + { :mod_path => '/usr/lib/foo/mod_foo.so' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } + end + describe "with mod_lib_path => '/usr/lib/foo'" do + let :params do + { :mod_lib_path => '/usr/lib/foo' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } + end + describe "with mod_lib => 'mod_foo.so'" do + let :params do + { :mod_lib => 'mod_foo.so' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } + end + describe "with mod_id => 'mod_foo'" do + let :params do + { :mod_id => 'mod_foo' } + end + it { should contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + end end context "on a RedHat OS" do @@ -91,16 +118,11 @@ it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("mod_passenger") } - it { should contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } - it { should contain_file('passenger_package.conf').without_content } - it { should contain_file('passenger_package.conf').without_source } - it { should contain_file('passenger.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger_extra.conf', + it { should contain_file('passenger.load').with({ + 'path' => '/etc/httpd/conf.d/passenger.load', }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-3\.0\.19"$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/bin\/ruby"/) } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } From fa0fd41938cba1ae2433fd89a15af217aef6cee9 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Sat, 29 Mar 2014 07:29:19 -0400 Subject: [PATCH 0195/2267] fix inverted ssl compression Apache 2.4 defaults SSLCompression Off. The ssl module provides a parameter for ssl_compression which defaults false. If it is set to true, the template actually would add another SSLCompression Off stanza (not the expected SSLCompression On). --- templates/mod/ssl.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index e1597f2f8b..bcaddffe70 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -11,7 +11,7 @@ SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout 300 <% if @ssl_compression -%> - SSLCompression Off + SSLCompression On <% end -%> <% if @apache_version >= '2.4' -%> Mutex <%= @ssl_mutex %> From 679e3ddd6ee2ee6fd6a631568cc2ef68ac07ed30 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Sat, 29 Mar 2014 07:33:30 -0400 Subject: [PATCH 0196/2267] allow global setting of SSL cipher ssl_cipher is setable per vhost already, this makes it an option that can be sent once per the entire configuration instead of at each vhost. --- manifests/mod/ssl.pp | 1 + templates/mod/ssl.conf.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index d644ac5ef7..7370746e60 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,6 +1,7 @@ class apache::mod::ssl ( $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $apache_version = $::apache::apache_version, ) { $session_cache = $::osfamily ? { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index bcaddffe70..a393193a76 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -20,7 +20,7 @@ <% end -%> SSLCryptoDevice builtin SSLHonorCipherOrder On - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + SSLCipherSuite <%= @ssl_cipher %> SSLProtocol all -SSLv2 <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> From ee1d846f0c6d1b910ee70a8acd2cb522d0258fc3 Mon Sep 17 00:00:00 2001 From: arnoudj Date: Tue, 1 Apr 2014 15:38:09 +0200 Subject: [PATCH 0197/2267] Allow Apache service not to be managed by Puppet Currently Apache can either configured to be 'running' or 'stopped'. In our cluster setup Apache is managed by Pacemaker, so Puppet should not interfere. Setting ensure to 'UNSET' will now set ensure to undef for the Apache service. --- manifests/service.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/service.pp b/manifests/service.pp index e958b1bc51..acb01473c4 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -27,8 +27,13 @@ } validate_bool($service_enable) + $_service_ensure = $service_ensure ? { + 'UNSET' => undef, + default => $service_ensure, + } + service { 'httpd': - ensure => $service_ensure, + ensure => $_service_ensure, name => $service_name, enable => $service_enable, } From 97ba6c5c53fcaddce51f4387cb343d946f474c32 Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Mon, 3 Feb 2014 16:12:11 +0000 Subject: [PATCH 0198/2267] Add support for SetHandler directive --- README.md | 15 +++++++++++++++ templates/vhost/_directories.erb | 3 +++ 2 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 53e68e164d..9bfc8e7516 100644 --- a/README.md +++ b/README.md @@ -1335,6 +1335,21 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum } ``` +######`sethandler` + +Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', + } + ], + } +``` + ######`passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 516d0798da..efa26ce4e9 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -63,6 +63,9 @@ AddHandler <%= addhandler['handler'] %> <%= Array(addhandler['extensions']).join(' ') %> <%- end -%> <%- end -%> + <%- if directory['sethandler'] and directory['sethandler'] != '' -%> + SetHandler <%= directory['sethandler'] %> + <%- end -%> <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> From b05d141a8d81f871e9540f8fb53aba926e9d82d4 Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Tue, 4 Feb 2014 16:33:36 +0000 Subject: [PATCH 0199/2267] Add SetHandler tests --- spec/acceptance/vhost_spec.rb | 32 ++++++++++++++++++++++++++++++++ spec/defines/vhost_spec.rb | 2 ++ 2 files changed, 34 insertions(+) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index a2fa419407..01c9dcbb0f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -252,6 +252,38 @@ class { 'apache': } shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) end end + + describe 'SetHandler directive' do + it 'should configure a vhost with a SetHandler directive' do + pp = <<-EOS + class { 'apache': } + apache::mod { 'status': } + host { 'files.example.net': ip => '127.0.0.1', } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { path => '/var/www/files', }, + { path => '/server-status', provider => 'location', sethandler => 'server-status', }, + ], + } + file { '/var/www/files/index.html': + ensure => file, + content => "Hello World\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { should be_enabled } + it { should be_running } + end + + it 'should answer to files.example.net' do + shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout.should match(/Scoreboard: /) + end + end end case fact('lsbdistcodename') diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b16ce88404..234fdbd0b0 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -686,6 +686,7 @@ 'options' => '-MultiViews', 'order' => 'deny,yned', 'passenger_enabled' => 'onf', + 'sethandler' => 'None', }, :match => [ /^ $/, @@ -695,6 +696,7 @@ /^ Deny from google.com$/, /^ Options -MultiViews$/, /^ Order deny,yned$/, + /^ SetHandler None$/, /^ PassengerEnabled onf$/, /^ <\/Directory>$/, ], From f4b824120447013e63b73ea366b43a5ed8e4fe6b Mon Sep 17 00:00:00 2001 From: Arnoud de Jonge Date: Thu, 3 Apr 2014 12:47:17 +0000 Subject: [PATCH 0200/2267] The apache class now accepts true, false, 'running' or 'stopped' for the parameter service_ensure. Any other value wil result in the parameter 'ensure' for the Apache service being set to undef. --- README.md | 2 +- manifests/service.pp | 12 ++++++++---- spec/classes/service_spec.rb | 5 +++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 53e68e164d..f530992264 100644 --- a/README.md +++ b/README.md @@ -388,7 +388,7 @@ Determines whether the HTTPD service is enabled when the machine is booted. Defa #####`service_ensure` -Determines whether the service should be running. Can be set to 'undef', which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. +Determines whether the service should be running. Valid values are true, false, 'running' or 'stopped' when Puppet should manage the service. Any other value will set ensure to false for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. #####`service_name` diff --git a/manifests/service.pp b/manifests/service.pp index acb01473c4..381741c68d 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -27,11 +27,15 @@ } validate_bool($service_enable) - $_service_ensure = $service_ensure ? { - 'UNSET' => undef, - default => $service_ensure, + case $service_ensure { + true, false, 'running', 'stopped': { + $_service_enable = $service_enable + } + default: { + $_service_enable = undef + } } - + service { 'httpd': ensure => $_service_ensure, name => $service_name, diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index accc549462..5419a68160 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -72,6 +72,11 @@ ) } end + + context "with $service_ensure => 'UNDEF'" do + let (:params) {{ :service_ensure => 'UNDEF' }} + it { should contain_service("httpd").without_ensure } + end end From d37004a7de5c77df461531971e8db5f941b48239 Mon Sep 17 00:00:00 2001 From: Arnoud de Jonge Date: Thu, 3 Apr 2014 13:10:37 +0000 Subject: [PATCH 0201/2267] Whoops --- manifests/service.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/service.pp b/manifests/service.pp index 381741c68d..0c1f7b96aa 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -29,10 +29,10 @@ case $service_ensure { true, false, 'running', 'stopped': { - $_service_enable = $service_enable + $_service_ensure = $service_ensure } default: { - $_service_enable = undef + $_service_ensure = undef } } From 9aa2ded1a2aec47aa31f1ccc592defed5547c585 Mon Sep 17 00:00:00 2001 From: Ryan Chouinard Date: Wed, 26 Feb 2014 18:27:21 -0500 Subject: [PATCH 0202/2267] Add basic support for mod_speling --- README.md | 1 + manifests/default_mods.pp | 4 ++-- manifests/mod/speling.pp | 3 +++ spec/classes/mod/speling_spec.rb | 26 ++++++++++++++++++++++++++ 4 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/speling.pp create mode 100644 spec/classes/mod/speling_spec.rb diff --git a/README.md b/README.md index 9bfc8e7516..3d422fd092 100644 --- a/README.md +++ b/README.md @@ -468,6 +468,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rewrite` * `rpaf`* * `setenvif` +* `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) * `status`* * `suphp` diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index af98896216..cf26e2802f 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -27,6 +27,7 @@ include ::apache::mod::mime_magic include ::apache::mod::vhost_alias include ::apache::mod::rewrite + include ::apache::mod::speling ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -36,7 +37,6 @@ ::apache::mod { 'ext_filter': } ::apache::mod { 'include': } ::apache::mod { 'logio': } - ::apache::mod { 'speling': } ::apache::mod { 'substitute': } ::apache::mod { 'suexec': } ::apache::mod { 'usertrack': } @@ -65,6 +65,7 @@ include ::apache::mod::rewrite include ::apache::mod::userdir include ::apache::mod::vhost_alias + include ::apache::mod::speling ::apache::mod { 'asis': } ::apache::mod { 'auth_digest': } @@ -83,7 +84,6 @@ ::apache::mod { 'imagemap':} ::apache::mod { 'include': } ::apache::mod { 'logio': } - ::apache::mod { 'speling': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } ::apache::mod { 'version': } diff --git a/manifests/mod/speling.pp b/manifests/mod/speling.pp new file mode 100644 index 0000000000..eb46d78f04 --- /dev/null +++ b/manifests/mod/speling.pp @@ -0,0 +1,3 @@ +class apache::mod::speling { + ::apache::mod { 'speling': } +} diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb new file mode 100644 index 0000000000..987291a3f3 --- /dev/null +++ b/spec/classes/mod/speling_spec.rb @@ -0,0 +1,26 @@ +describe 'apache::mod::speling', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_apache__mod('speling') } + end + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_apache__mod('speling') } + end +end From 1fa0d705fde87e86ffe2e7608c872976c9802d80 Mon Sep 17 00:00:00 2001 From: Christian Kaenzig Date: Sat, 5 Apr 2014 15:37:30 +0200 Subject: [PATCH 0203/2267] add docroot_mode parameter to vhost --- README.md | 4 ++++ manifests/vhost.pp | 2 ++ spec/acceptance/vhost_spec.rb | 2 ++ spec/defines/vhost_spec.rb | 6 ++++-- tests/vhost.pp | 3 ++- 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 53e68e164d..50ca5ea00e 100644 --- a/README.md +++ b/README.md @@ -674,6 +674,10 @@ Sets group access to the docroot directory. Defaults to 'root'. Sets individual user access to the docroot directory. Defaults to 'root'. +#####`docroot_mode` + +Sets access permissions of the docroot directory. Defaults to 'undef'. + #####`error_log` Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b6c75dc51e..7cfe11ab4d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -94,6 +94,7 @@ $add_listen = true, $docroot_owner = 'root', $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, $serveradmin = undef, $ssl = false, $ssl_cert = $::apache::default_ssl_cert, @@ -262,6 +263,7 @@ ensure => directory, owner => $docroot_owner, group => $docroot_group, + mode => $docroot_mode, require => Package['httpd'], } } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index a2fa419407..0353f58c04 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -427,6 +427,7 @@ class { 'apache': } docroot => '/tmp/test', docroot_owner => 'test_owner', docroot_group => 'test_group', + docroot_mode => '0750', } EOS apply_manifest(pp, :catch_failures => true) @@ -436,6 +437,7 @@ class { 'apache': } it { should be_directory } it { should be_owned_by 'test_owner' } it { should be_grouped_into 'test_group' } + it { should be_mode '0750' } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b16ce88404..efba89dd90 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1096,16 +1096,18 @@ expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/) end end - describe 'when docroot owner is specified' do + describe 'when docroot owner and mode is specified' do let :params do default_params.merge({ :docroot_owner => 'testuser', :docroot_group => 'testgroup', + :docroot_mode => '0750', }) end - it 'should set vhost ownership' do + it 'should set vhost ownership and permissions' do should contain_file(params[:docroot]).with({ :ensure => :directory, :owner => 'testuser', :group => 'testgroup', + :mode => '0750', }) end end diff --git a/tests/vhost.pp b/tests/vhost.pp index f0d3f58e47..a6c61360a7 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -13,12 +13,13 @@ docroot => '/var/www/first', } -# Vhost with different docroot owner/group +# Vhost with different docroot owner/group/mode apache::vhost { 'second.example.com': port => '80', docroot => '/var/www/second', docroot_owner => 'third', docroot_group => 'third', + docroot_mode => '0770', } # Vhost with serveradmin From 73f94870ebbf39f62073675c7228faf4cbee19b8 Mon Sep 17 00:00:00 2001 From: jonoterc Date: Mon, 7 Apr 2014 13:41:47 -0400 Subject: [PATCH 0204/2267] revert apache::mod::passenger default parameters for RedHat The prior commit modified the default parameters for mod::passenger for RedHat, hardcoding paths related to the installed package; these changes were unnecessary and are being reverted. The changes were originally prompted by (new) spec acceptance temps leveraging passenger-status (to verify that passenger is running); these tests were not working under RedHat; revisiting with the original default parameters revealed that the RedHat tests were misconfigured (the required PASSENGER_TMPDIR environment was not being set), so those have been corrected. Also, spec/class tests have be reverted to reflect the (reverted) expected parameters. --- manifests/params.pp | 8 +++--- spec/acceptance/mod_passenger_spec.rb | 41 ++++++++++++++++++--------- spec/classes/mod/passenger_spec.rb | 9 ++++-- 3 files changed, 38 insertions(+), 20 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index eaedc148e7..43f3566aff 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,10 +49,10 @@ $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' $default_ssl_key = '/etc/pki/tls/private/localhost.key' $ssl_certs_dir = '/etc/pki/tls/certs' - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - $passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19' - $passenger_ruby = '/usr/bin/ruby' + $passenger_conf_file = 'passenger_extra.conf' + $passenger_conf_package_file = 'passenger.conf' + $passenger_root = undef + $passenger_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 7443b0e8b5..e1ea23ec80 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -17,8 +17,10 @@ mod_dir = '/etc/httpd/conf.d/' conf_file = "#{mod_dir}passenger.conf" load_file = "#{mod_dir}passenger.load" - passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.19' + # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part + passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1' passenger_ruby = '/usr/bin/ruby' + passenger_tempdir = '/var/run/rubygem-passenger' passenger_module_path = 'modules/mod_passenger.so' rackapp_user = 'apache' rackapp_group = 'apache' @@ -67,7 +69,7 @@ class { 'apache::mod::passenger': } it { should be_enabled } it { should be_running } end - + describe file(conf_file) do it { should contain "PassengerRoot \"#{passenger_root}\"" } it { should contain "PassengerRuby \"#{passenger_ruby}\"" } @@ -84,11 +86,11 @@ class { 'apache::mod::passenger': } r.stdout.should =~ /Passenger processes/ r.stdout.should =~ /### Processes: [0-9]+/ r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ - + r.exit_code.should == 0 end end - + # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, # even when the passenger process is successfully installed and running unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' @@ -102,19 +104,19 @@ class { 'apache::mod::passenger': } r.stdout.should =~ /active[ ]+= [0-9]+/ r.stdout.should =~ /inactive[ ]+= [0-9]+/ r.stdout.should =~ /Waiting on global queue: [0-9]+/ - + r.exit_code.should == 0 end end end - + it 'should answer to passenger.example.com' do shell("/usr/bin/curl passenger.example.com:80") do |r| r.stdout.should =~ /^hello world<\/b>$/ r.exit_code.should == 0 end end - + end when 'RedHat' @@ -173,20 +175,31 @@ class { 'apache::mod::passenger': it { should be_enabled } it { should be_running } end - + describe file(conf_file) do - it { should contain "PassengerRoot \"#{passenger_root}\"" } - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should contain "PassengerRoot #{passenger_root}" } + it { should contain "PassengerRuby #{passenger_ruby}" } + it { should contain "PassengerTempDir #{passenger_tempdir}" } end describe file(load_file) do it { should contain "LoadModule passenger_module #{passenger_module_path}" } end - # note: passenger-memory-stats is not installed on Redhat + it 'should output status via passenger-memory-stats' do + shell("sudo /usr/bin/passenger-memory-stats") do |r| + r.stdout.should =~ /Apache processes/ + r.stdout.should =~ /Nginx processes/ + r.stdout.should =~ /Passenger processes/ + r.stdout.should =~ /### Processes: [0-9]+/ + r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + + r.exit_code.should == 0 + end + end it 'should output status via passenger-status' do - shell("sudo /usr/bin/passenger-status") do |r| + shell("sudo PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| # spacing may vary r.stdout.should =~ /[\-]+ General information [\-]+/ r.stdout.should =~ /max[ ]+= [0-9]+/ @@ -194,11 +207,11 @@ class { 'apache::mod::passenger': r.stdout.should =~ /active[ ]+= [0-9]+/ r.stdout.should =~ /inactive[ ]+= [0-9]+/ r.stdout.should =~ /Waiting on global queue: [0-9]+/ - + r.exit_code.should == 0 end end - + it 'should answer to passenger.example.com' do shell("/usr/bin/curl passenger.example.com:80") do |r| r.stdout.should =~ /^hello world<\/b>$/ diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index e65798a355..08cff41554 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -118,11 +118,16 @@ it { should contain_class("apache::params") } it { should contain_apache__mod('passenger') } it { should contain_package("mod_passenger") } + it { should contain_file('passenger_package.conf').with({ + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } + it { should contain_file('passenger_package.conf').without_content } + it { should contain_file('passenger_package.conf').without_source } it { should contain_file('passenger.load').with({ 'path' => '/etc/httpd/conf.d/passenger.load', }) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/ruby\/gems\/1.8\/gems\/passenger-3\.0\.19"$/) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/bin\/ruby"/) } + it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } From 5ab2a471e46c3d12b6999cd13613828085bf69f6 Mon Sep 17 00:00:00 2001 From: Bryan Hughes Date: Thu, 3 Apr 2014 14:13:18 -0600 Subject: [PATCH 0205/2267] Add rewrites to vhost directories (#MODULES-111) Duplicate rewrites parameter from apache::vhost as an array of hashes placed in the directories parameter to enable use of mod_rewrite directives in vhost directories. Add documentation to Parameter directories for apache::vhost for rewrites array. Add tests to vhost directory rewrites Add spec/acceptance and spec/defines tests for vhost entries of directory with rewrites. These tests are based on WP permalinks. --- README.md | 25 ++++++++++++ spec/acceptance/vhost_spec.rb | 39 ++++++++++++++++++ spec/defines/vhost_spec.rb | 68 ++++++++++++++++++++++++++++++++ templates/vhost/_directories.erb | 24 +++++++++++ 4 files changed, 156 insertions(+) diff --git a/README.md b/README.md index 9bfc8e7516..8c5ca23708 100644 --- a/README.md +++ b/README.md @@ -1371,6 +1371,31 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). +######`rewrites` + +Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], + } +``` + ######`ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 01c9dcbb0f..f1be842620 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -874,6 +874,45 @@ class { 'apache': } end end + describe 'directory rewrite rules' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + directories => [ + { + path => '/tmp', + rewrites => [ + { + comment => 'Permalink Rewrites', + rewrite_base => '/', + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] }, + { rewrite_cond => [ + '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], } + ], + }, + ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain '#Permalink Rewrites' } + it { should contain 'RewriteEngine On' } + it { should contain 'RewriteBase /' } + it { should contain 'RewriteRule ^index\.php$ - [L]' } + it { should contain 'RewriteCond %{REQUEST_FILENAME} !-f' } + it { should contain 'RewriteCond %{REQUEST_FILENAME} !-d' } + it { should contain 'RewriteRule . /index.php [L]' } + end + end + describe 'setenv/setenvif' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 234fdbd0b0..4941ecf33d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -739,6 +739,40 @@ /^ <\/Directory>$/, ], }, + { + :title => 'should accept directory directives with rewrites array', + :attr => 'directories', + :value => [ + { + 'path' => '/opt/app3', + 'rewrites' => [ + { + 'comment' => 'Permalink Rewrites', + 'rewrite_base' => '/', + 'rewrite_rule' => [ '^index\.php$ - [L]' ], + }, + { + 'rewrite_cond' => [ + '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + 'rewrite_rule' => [ '. /index.php [L]' ], + } + ] + } + ], + :match => [ + /^ $/, + /^ #Permalink Rewrites$/, + /^ RewriteEngine On$/, + /^ RewriteBase \/$/, + /^ RewriteRule \^index\\.php\$ - \[L\]$/, + /^ RewriteCond %{REQUEST_FILENAME} !-f$/, + /^ RewriteCond %{REQUEST_FILENAME} !-d$/, + /^ RewriteRule . \/index.php \[L\]$/, + /^ <\/Directory>$/, + ], + }, { :title => 'should accept location for provider', :attr => 'directories', @@ -879,6 +913,40 @@ /^ <\/Directory>$/, ], }, + { + :title => 'should accept directory directives with rewrites array', + :attr => 'directories', + :value => [ + { + 'path' => '/opt/app3', + 'rewrites' => [ + { + 'comment' => 'Permalink Rewrites', + 'rewrite_base' => '/', + 'rewrite_rule' => [ '^index\.php$ - [L]' ], + }, + { + 'rewrite_cond' => [ + '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + 'rewrite_rule' => [ '. /index.php [L]' ], + } + ] + } + ], + :match => [ + /^ $/, + /^ #Permalink Rewrites$/, + /^ RewriteEngine On$/, + /^ RewriteBase \/$/, + /^ RewriteRule \^index\\.php\$ - \[L\]$/, + /^ RewriteCond %{REQUEST_FILENAME} !-f$/, + /^ RewriteCond %{REQUEST_FILENAME} !-d$/, + /^ RewriteRule . \/index.php \[L\]$/, + /^ <\/Directory>$/, + ], + }, { :title => 'should accept location for provider', :attr => 'directories', diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index efa26ce4e9..dbc38e41ec 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -153,6 +153,30 @@ <%- if directory['suphp'] and @suphp_engine == 'on' -%> suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> <%- end -%> + <%- if directory['rewrites'] -%> + # Rewrite rules + RewriteEngine On + <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 00fb3fa4c8d7cf37791a433586e1e28181bf97a4 Mon Sep 17 00:00:00 2001 From: Chris Baldauf Date: Fri, 11 Apr 2014 20:54:48 -0400 Subject: [PATCH 0206/2267] Fixing typo with braces in the rewrite section. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9bfc8e7516..98cebb9a97 100644 --- a/README.md +++ b/README.md @@ -927,7 +927,7 @@ Multiple rewrites and conditions are also possible rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], rewrite_rule => ['^index\.html$ /index.IE.html [L]'], }, - } + { rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, From a444355f84445c0dcf2ca475f07bbbd1a64eb963 Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Mon, 14 Apr 2014 14:34:25 +0200 Subject: [PATCH 0207/2267] order proxy_set option so it doesn't change between runs --- manifests/balancer.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index ac2bc88e44..173aaec2dd 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -71,7 +71,7 @@ ensure => present, target => $target, order => '19', - content => inline_template("<% proxy_set.each do |key, value| %> Proxyset <%= key %>=<%= value %>\n<% end %>"), + content => inline_template("<% proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": From a6f92a98b864e218eb3fde0405ffcca1a1bde2f3 Mon Sep 17 00:00:00 2001 From: Bram Vogelaar Date: Tue, 22 Apr 2014 15:04:18 +0200 Subject: [PATCH 0208/2267] turning MaxKeepAliveRequests into a variable --- manifests/init.pp | 2 ++ manifests/params.pp | 3 +++ spec/acceptance/apache_parameters_spec.rb | 3 ++- templates/httpd.conf.erb | 2 +- 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index cabeee4c0e..6f94f44e70 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -49,6 +49,7 @@ $group = $::apache::params::group, $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, + $maxkeepaliverequests = $apache::params::maxkeepaliverequests, $logroot = $::apache::params::logroot, $log_level = $::apache::params::log_level, $log_formats = {}, @@ -270,6 +271,7 @@ # - $apxs_workaround # - $keepalive # - $keepalive_timeout + # - $maxkeepaliverequests # - $server_root # - $server_tokens # - $server_signature diff --git a/manifests/params.pp b/manifests/params.pp index eaedc148e7..fc8e29c4f2 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -85,6 +85,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 + $maxkeepaliverequests = 100 $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' @@ -141,6 +142,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 + $maxkeepaliverequests = 100 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' @@ -199,6 +201,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 + $maxkeepaliverequests = 100 $fastcgi_lib_path = undef # TODO: revisit $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 90134be144..45903cd3d3 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -312,7 +312,7 @@ class { 'apache': describe 'keepalive' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30' }" + pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30', maxkeepaliverequests => '200' }" apply_manifest(pp, :catch_failures => true) end end @@ -321,6 +321,7 @@ class { 'apache': it { should be_file } it { should contain 'KeepAlive On' } it { should contain 'KeepAliveTimeout 30' } + it { should contain 'MaxKeepAliveRequests 200' } end end diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 43b32bda2c..7ee8f1fe66 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -8,7 +8,7 @@ ServerRoot "<%= @server_root %>" PidFile <%= @pidfile %> Timeout <%= @timeout %> KeepAlive <%= @keepalive %> -MaxKeepAliveRequests 100 +MaxKeepAliveRequests <%= @maxkeepaliverequests %> KeepAliveTimeout <%= @keepalive_timeout %> User <%= @user %> From e42f7685e5229ba3b4fcf58ebeaa50bcdbb6d657 Mon Sep 17 00:00:00 2001 From: Bram Vogelaar Date: Tue, 22 Apr 2014 16:08:32 +0200 Subject: [PATCH 0209/2267] introducing new setting to documentation --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 98cebb9a97..ad37b72dc3 100644 --- a/README.md +++ b/README.md @@ -306,6 +306,10 @@ Enables persistent connections. Sets the amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. +#####`maxkeepaliverequests` + +Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. + #####`log_level` Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. From 94f2d772360a2a9e7acbf15e513d50753c209771 Mon Sep 17 00:00:00 2001 From: Bram Vogelaar Date: Wed, 23 Apr 2014 09:35:00 +0200 Subject: [PATCH 0210/2267] renaming variable to be inline with other variables maxkeepaliverequests => max_keepalive_requests --- README.md | 2 +- manifests/init.pp | 4 ++-- manifests/params.pp | 6 +++--- spec/acceptance/apache_parameters_spec.rb | 2 +- templates/httpd.conf.erb | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index ad37b72dc3..df07f09b46 100644 --- a/README.md +++ b/README.md @@ -306,7 +306,7 @@ Enables persistent connections. Sets the amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. -#####`maxkeepaliverequests` +#####`max_keepalive_requests` Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. diff --git a/manifests/init.pp b/manifests/init.pp index 6f94f44e70..069399b6da 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -49,7 +49,7 @@ $group = $::apache::params::group, $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, - $maxkeepaliverequests = $apache::params::maxkeepaliverequests, + $max_keepalive_requests = $apache::params::max_keepalive_requests, $logroot = $::apache::params::logroot, $log_level = $::apache::params::log_level, $log_formats = {}, @@ -271,7 +271,7 @@ # - $apxs_workaround # - $keepalive # - $keepalive_timeout - # - $maxkeepaliverequests + # - $max_keepalive_requests # - $server_root # - $server_tokens # - $server_signature diff --git a/manifests/params.pp b/manifests/params.pp index fc8e29c4f2..33297674cd 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -85,7 +85,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 - $maxkeepaliverequests = 100 + $max_keepalive_requests = 100 $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' @@ -142,7 +142,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 - $maxkeepaliverequests = 100 + $max_keepalive_requests = 100 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' @@ -201,7 +201,7 @@ $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' $keepalive_timeout = 15 - $maxkeepaliverequests = 100 + $max_keepalive_requests = 100 $fastcgi_lib_path = undef # TODO: revisit $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 45903cd3d3..670ceaebe1 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -312,7 +312,7 @@ class { 'apache': describe 'keepalive' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30', maxkeepaliverequests => '200' }" + pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30', max_keepalive_requests => '200' }" apply_manifest(pp, :catch_failures => true) end end diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 7ee8f1fe66..dd43cb95d2 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -8,7 +8,7 @@ ServerRoot "<%= @server_root %>" PidFile <%= @pidfile %> Timeout <%= @timeout %> KeepAlive <%= @keepalive %> -MaxKeepAliveRequests <%= @maxkeepaliverequests %> +MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> User <%= @user %> From 8c504df09f614f69269409e605c6274dba107850 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 24 Apr 2014 13:36:44 -0700 Subject: [PATCH 0211/2267] Fixing typos! --- spec/acceptance/apache_parameters_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 90134be144..058bd6452e 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -291,9 +291,9 @@ class { 'apache': it 'applies cleanly' do pp = <<-EOS class { 'apache': - { log_formats => { - 'vhost_common' => '%v %h %l %u %t \"%r\" %>s %b', - 'vhost_combined' => '%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"', + log_formats => { + 'vhost_common' => '%v %h %l %u %t \\\"%r\\\" %>s %b', + 'vhost_combined' => '%v %h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"', } } EOS @@ -303,7 +303,7 @@ class { 'apache': describe file($conf_file) do it { should be_file } - it { should contain 'LogFormat %v %h %l %u %t \"%r\" %>s %b" vhost_common' } + it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } end end From 373a8a9e6b9e43b23e6cd641602a8cf7aa5e8a65 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 25 Apr 2014 15:04:38 -0700 Subject: [PATCH 0212/2267] Don't include the NameVirtualHost directives in apache >= 2.4, and add tests for this that will at least work with Ubuntu 13.10 and Ubuntu 14.04. Tests will still work anywhere with apache < 2.4, but haven't been updated to support RHEL7 yet. --- manifests/vhost.pp | 2 +- spec/acceptance/vhost_spec.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b6c75dc51e..24b782e76d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -348,7 +348,7 @@ } } if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and $apache_version < 2.4 { ::apache::namevirtualhost { $nvh_addr_port: } } } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 01c9dcbb0f..72294e2ea8 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -484,6 +484,16 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end + describe file($ports_file) do + it { should be_file } + case fact('lsbdistcodename') + when 'saucy', 'trusty' + it { should_not contain 'NameVirtualHost test.server' } + else + it { should contain 'NameVirtualHost test.server' } + end + end + describe file("#{$vhost_dir}/10-test.server.conf") do it { should be_file } end From c733ea438e8c105b90faf1aec425a1187402d85f Mon Sep 17 00:00:00 2001 From: cvdwel Date: Sat, 26 Apr 2014 20:50:00 +0200 Subject: [PATCH 0213/2267] Remove non-SSL rewrite example from apache::vhost As apache::vhosts requires $docroot to be set, this example doesn't work. However the non-SSL to SSL rewrite is a very common use case (and setting $docroot to /dev/null doesn't work either). Parameter $docroot should be optional. Or at least it should be possible to skip docroot management (create dir, set owner etc.) for example by setting $manage_docroot = false. --- manifests/vhost.pp | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b6c75dc51e..0a9bf2e418 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -70,16 +70,6 @@ # docroot => '/path/to/docroot', # } # apache::vhost { 'site.name.fqdn': -# port => '80', -# rewrites => [ -# { -# comment => "redirect non-SSL traffic to SSL site", -# rewrite_cond => ['%{HTTPS} off'], -# rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'] -# } -# ] -# } -# apache::vhost { 'site.name.fqdn': # port => '80', # docroot => '/path/to/other_docroot', # custom_fragment => template("${module_name}/my_fragment.erb"), From 2e6648d2eacb2b8f3375acb495226830fbe25e8a Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Sat, 26 Apr 2014 21:02:21 +0200 Subject: [PATCH 0214/2267] Fix platform for centos-6.5 It looks like an accidental replace from 64 to 65 in the platform. --- spec/acceptance/nodesets/centos-65-x64.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml index 89de021346..ac76349736 100644 --- a/spec/acceptance/nodesets/centos-65-x64.yml +++ b/spec/acceptance/nodesets/centos-65-x64.yml @@ -2,7 +2,7 @@ HOSTS: centos-65-x64: roles: - master - platform: el-6-x86_65 + platform: el-6-x86_64 box : centos-65-x64-virtualbox-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box hypervisor : vagrant From debc086adb591179678be8908320671129d5ecfe Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Fri, 4 Apr 2014 10:23:14 +1300 Subject: [PATCH 0215/2267] Added WSGIPassAuthorization option to vhost. --- manifests/vhost.pp | 1 + templates/vhost/_wsgi.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 24b782e76d..f2e736cbf1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -167,6 +167,7 @@ $wsgi_import_script_options = undef, $wsgi_process_group = undef, $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, $custom_fragment = undef, $itk = undef, $action = undef, diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 474c30ff19..473b223ab6 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -19,3 +19,6 @@ <%- end -%> <%- end -%> <% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%> From 920df08fc87c065e477c86ed42d6fa3734228804 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Mon, 7 Apr 2014 10:08:52 +1200 Subject: [PATCH 0216/2267] Added The ProxyPreserveHost option to vhosts. --- manifests/vhost.pp | 1 + templates/vhost/_proxy.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f2e736cbf1..5797482330 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -144,6 +144,7 @@ $php_admin_flags = [], $php_admin_values = [], $no_proxy_uris = [], + $proxy_preserve_host = false, $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 7e0221f957..2c5e24edef 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -3,6 +3,9 @@ ## Proxy rules ProxyRequests Off <%- end -%> +<% if @proxy_preserve_host %> + ProxyPreserveHost On +<% end %> <% [@proxy_pass].flatten.compact.each do |proxy| %> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > From 8481e7de122040d0db691cec6620c9de97534333 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Mon, 7 Apr 2014 19:00:31 +1200 Subject: [PATCH 0217/2267] Updated readme with WSGIPassAuthorization information, updated spec and rspec tests for WSGIPassAuthorization. --- README.md | 4 +++- spec/acceptance/vhost_spec.rb | 3 +++ spec/defines/vhost_spec.rb | 6 ++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 98cebb9a97..a2b328a5d2 100644 --- a/README.md +++ b/README.md @@ -1031,7 +1031,7 @@ Sets up a virtual host with a wildcard alias subdomain mapped to a directory wit } ``` -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, & `wsgi_script_aliases` +#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1043,6 +1043,8 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). `wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. +`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache will set the defaults setting to 'Off'. + To set up a virtual host with WSGI ```puppet diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 72294e2ea8..7b4deac841 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -937,6 +937,7 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -956,6 +957,7 @@ class { 'apache::mod::wsgi': } wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -968,6 +970,7 @@ class { 'apache::mod::wsgi': } it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } it { should contain 'WSGIProcessGroup nobody' } it { should contain 'WSGIScriptAlias /test "/test1"' } + it { should contain 'WSGIPassAuthorization On' } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 234fdbd0b0..f3244cd65c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -607,6 +607,12 @@ :value => '%{GLOBAL}', :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], }, + { + :title => 'should accept a wsgi pass authorization', + :attr => 'wsgi_pass_authorization', + :value => 'On', + :match => [/^ WSGIPassAuthorization On$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', From 16e8c500ad008b98e4a6bc9b89403448370f5696 Mon Sep 17 00:00:00 2001 From: Michael Speth Date: Thu, 10 Apr 2014 12:07:17 +1200 Subject: [PATCH 0218/2267] added documentation and test for ProxyPreserveHost option --- README.md | 4 ++++ manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 2 ++ spec/defines/vhost_spec.rb | 8 +++++++- 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a2b328a5d2..654423f5b4 100644 --- a/README.md +++ b/README.md @@ -759,6 +759,10 @@ Specifies the verbosity of the error log. Defaults to 'warn' for the global serv Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +#####`proxy_preserve_host` + +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). + #####`options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5797482330..21f9907aae 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -478,6 +478,7 @@ # proxy fragment: # - $proxy_dest # - $no_proxy_uris + # - $proxy_preserve_host (true to set ProxyPreserveHost to on and false to off # rack fragment: # - $rack_base_uris # redirect fragment: diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7b4deac841..7a2874920f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -102,6 +102,7 @@ class { 'apache': } proxy_pass => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], + proxy_preserve_host => true, } EOS apply_manifest(pp, :catch_failures => true) @@ -111,6 +112,7 @@ class { 'apache': } it { should contain '' } it { should contain "ServerName proxy.example.com" } it { should contain "ProxyPass" } + it { should contain "ProxyPreserveHost On" } it { should_not contain "" } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f3244cd65c..b6c48a86cd 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -608,11 +608,17 @@ :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], }, { - :title => 'should accept a wsgi pass authorization', + :title => 'should set wsgi pass authorization', :attr => 'wsgi_pass_authorization', :value => 'On', :match => [/^ WSGIPassAuthorization On$/], }, + { + :title => 'should set wsgi pass authorization false', + :attr => 'wsgi_pass_authorization', + :value => 'Off', + :match => [/^ WSGIPassAuthorization Off$/], + }, { :title => 'should contain environment variables', :attr => 'access_log_env_var', From c647db040758cbe2a3fb08662126819701062831 Mon Sep 17 00:00:00 2001 From: Xavier leune Date: Tue, 1 Apr 2014 11:48:03 +0200 Subject: [PATCH 0219/2267] Allow custom extensions for php handler --- manifests/mod/php.pp | 2 ++ templates/mod/php5.conf.erb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 8c1b94d6bb..2d954db5b7 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -2,10 +2,12 @@ $package_name = undef, $package_ensure = 'present', $path = undef, + $extensions = ['.php'], ) { if ! defined(Class['apache::mod::prefork']) { fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') } + validate_array($extensions) ::apache::mod { 'php5': package => $package_name, package_ensure => $package_ensure, diff --git a/templates/mod/php5.conf.erb b/templates/mod/php5.conf.erb index 9eef7628a8..2b0c8f7845 100644 --- a/templates/mod/php5.conf.erb +++ b/templates/mod/php5.conf.erb @@ -14,7 +14,7 @@ # # Cause the PHP interpreter to handle files with a .php extension. # -AddHandler php5-script .php +AddHandler php5-script <%= @extensions.join(' ') %> AddType text/html .php # From 5a8df9ff5c7033cdf302425444fa4f5abd1d3808 Mon Sep 17 00:00:00 2001 From: Xavier leune Date: Tue, 1 Apr 2014 16:01:26 +0200 Subject: [PATCH 0220/2267] Changing extensions.join to extensions.flatten.compact.join --- templates/mod/php5.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/php5.conf.erb b/templates/mod/php5.conf.erb index 2b0c8f7845..25ae102e09 100644 --- a/templates/mod/php5.conf.erb +++ b/templates/mod/php5.conf.erb @@ -14,7 +14,7 @@ # # Cause the PHP interpreter to handle files with a .php extension. # -AddHandler php5-script <%= @extensions.join(' ') %> +AddHandler php5-script <%= @@extensions.flatten.compact.join(' ') %> AddType text/html .php # From fc347a870155dbfb9b8e9075ed15c296ccb66f29 Mon Sep 17 00:00:00 2001 From: Xavier leune Date: Tue, 1 Apr 2014 16:10:33 +0200 Subject: [PATCH 0221/2267] Typo --- templates/mod/php5.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/php5.conf.erb b/templates/mod/php5.conf.erb index 25ae102e09..44df2ae066 100644 --- a/templates/mod/php5.conf.erb +++ b/templates/mod/php5.conf.erb @@ -14,7 +14,7 @@ # # Cause the PHP interpreter to handle files with a .php extension. # -AddHandler php5-script <%= @@extensions.flatten.compact.join(' ') %> +AddHandler php5-script <%= @extensions.flatten.compact.join(' ') %> AddType text/html .php # From 15b3adc6f6d2b587db1b97b6ba742cc0e713b756 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 1 May 2014 17:01:19 -0700 Subject: [PATCH 0222/2267] Use access_compat on 2.4, and update pagespeed to load the correct module in 2.4. --- manifests/default_mods.pp | 3 +++ manifests/mod/pagespeed.pp | 10 ++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index cf26e2802f..e38f2422a4 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -121,6 +121,9 @@ # filter is needed by mod_deflate ::apache::mod { 'filter': } + + # lots of stuff seems to break without access_compat + ::apache::mod { 'access_compat': } } else { ::apache::mod { 'authz_default': } } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index d58f99fe2e..cca30eb50e 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -34,7 +34,14 @@ $additional_configuration = {}, ){ - apache::mod { 'pagespeed': } + $_lib = $::apache::apache_version ? { + 2.4 => 'mod_pagespeed_ap24.so', + default => undef + } + + apache::mod { 'pagespeed': + lib => $_lib, + } file { 'pagespeed.conf': ensure => file, @@ -44,5 +51,4 @@ before => File[$::apache::mod_dir], notify => Service['httpd'], } - } From 8fb2dfd46c5a17a36bef16081b25ce4e401115b7 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 1 May 2014 17:04:09 -0700 Subject: [PATCH 0223/2267] Update specs --- manifests/mod/php.pp | 1 + spec/acceptance/mod_php_spec.rb | 8 +++++--- spec/classes/mod/php_spec.rb | 8 ++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 2d954db5b7..b797936bde 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -18,6 +18,7 @@ include ::apache::mod::dir Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php'] + # Template uses $extensions file { 'php5.conf': ensure => file, path => "${::apache::mod_dir}/php5.conf", diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index d1c991621d..cf8054053e 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -53,13 +53,15 @@ class { 'apache::mod::php': } end end - context "custom php admin_flag and php_admin_value" do + context "custom extensions, php_admin_flag, and php_admin_value" do it 'succeeds in puppeting php' do pp= <<-EOS class { 'apache': mpm_module => 'prefork', } - class { 'apache::mod::php': } + class { 'apache::mod::php': + extensions => ['.php','.php5'], + } apache::vhost { 'php.example.com': port => '80', docroot => '/var/www/php', @@ -67,7 +69,7 @@ class { 'apache::mod::php': } php_admin_flags => { 'engine' => 'on', }, } host { 'php.example.com': ip => '127.0.0.1', } - file { '/var/www/php/index.php': + file { '/var/www/php/index.php5': ensure => file, content => "\\n", } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 29adc870f4..32b2ff0994 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -64,6 +64,14 @@ :content => "LoadModule php5_module alternative-path\n" ) } end + context "with alternative extensions" do let :pre_condition do + 'class { "apache": }' + end + let :params do + { :extensions => ['.php','.php5']} + end + it { should contain_file("php5.conf").with_content =~ /AddHandler php5-script .php .php5\n/ } + end context "with specific version" do let :pre_condition do 'class { "apache": }' From 9d2067c2e71ecc9bea9402e535536d47db4f3a4c Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Thu, 1 May 2014 19:22:52 +0200 Subject: [PATCH 0224/2267] Add suexec support This adds the suexec_user_group parameter to vhost and introduces a class apache::mod::suexec, which is included when the parameter is used. --- manifests/default_mods.pp | 2 +- manifests/mod/suexec.pp | 3 +++ manifests/vhost.pp | 12 +++++++++++- spec/defines/vhost_spec.rb | 10 ++++++++++ templates/vhost.conf.erb | 1 + templates/vhost/_suexec.erb | 4 ++++ 6 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/suexec.pp create mode 100644 templates/vhost/_suexec.erb diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index af98896216..adeef8f25c 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -26,6 +26,7 @@ include ::apache::mod::mime include ::apache::mod::mime_magic include ::apache::mod::vhost_alias + include ::apache::mod::suexec include ::apache::mod::rewrite ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } @@ -38,7 +39,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'speling': } ::apache::mod { 'substitute': } - ::apache::mod { 'suexec': } ::apache::mod { 'usertrack': } ::apache::mod { 'version': } diff --git a/manifests/mod/suexec.pp b/manifests/mod/suexec.pp new file mode 100644 index 0000000000..ded013d499 --- /dev/null +++ b/manifests/mod/suexec.pp @@ -0,0 +1,3 @@ +class apache::mod::suexec { + ::apache::mod { 'suexec': } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 24b782e76d..90162f13a8 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -174,7 +174,8 @@ $fastcgi_socket = undef, $fastcgi_dir = undef, $additional_includes = [], - $apache_version = $::apache::apache_version + $apache_version = $::apache::apache_version, + $suexec_user_group = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -200,6 +201,11 @@ validate_hash($rewrites[0]) } + if $suexec_user_group { + validate_re($suexec_user_group, '^\w+ \w+$', + "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") + } + # Deprecated backwards-compatibility if $rewrite_base { warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') @@ -255,6 +261,10 @@ include ::apache::mod::wsgi } + if $suexec_user_group { + include ::apache::mod::suexec + } + # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources if ! defined(File[$docroot]) { diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 234fdbd0b0..0e63701486 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1308,6 +1308,16 @@ end end + describe 'when suexec_user_group is specified' do + let :params do + default_params.merge({ + :suexec_user_group => 'nobody nogroup', + }) + end + + it { should contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } + end + describe 'redirect rules' do describe 'without lockstep arrays' do let :params do diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 673ea0c2bd..64024cfef3 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -62,4 +62,5 @@ <%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> <%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> <%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%> +<%= scope.function_template(['apache/vhost/_suexec.erb']) -%> diff --git a/templates/vhost/_suexec.erb b/templates/vhost/_suexec.erb new file mode 100644 index 0000000000..8a7ae0f17f --- /dev/null +++ b/templates/vhost/_suexec.erb @@ -0,0 +1,4 @@ +<% if @suexec_user_group -%> + + SuexecUserGroup <%= @suexec_user_group %> +<% end -%> From 6b14fd08e13a27fa11eb5169c2baa8079b0228c5 Mon Sep 17 00:00:00 2001 From: Greg Sutcliffe Date: Mon, 28 Apr 2014 15:38:59 +0100 Subject: [PATCH 0225/2267] Configure Passenger in separate .conf file on Debian so PassengerRoot isn't lost The changes in 005bf615c are also necessary for Ubuntu 14.04 which now ships Passenger 4.x --- manifests/params.pp | 72 +++++++++++++-------------- spec/acceptance/mod_passenger_spec.rb | 23 ++++++--- spec/classes/mod/passenger_spec.rb | 35 +++++++++---- 3 files changed, 77 insertions(+), 53 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 29e9fd2fc9..c7a042a7db 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -90,36 +90,36 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' } elsif $::osfamily == 'Debian' { - $user = 'www-data' - $group = 'www-data' - $root_group = 'root' - $apache_name = 'apache2' - $service_name = 'apache2' - $httpd_dir = '/etc/apache2' - $server_root = '/etc/apache2' - $conf_dir = $httpd_dir - $confd_dir = "${httpd_dir}/conf.d" - $mod_dir = "${httpd_dir}/mods-available" - $mod_enable_dir = "${httpd_dir}/mods-enabled" - $vhost_dir = "${httpd_dir}/sites-available" - $vhost_enable_dir = "${httpd_dir}/sites-enabled" - $conf_file = 'apache2.conf' - $ports_file = "${conf_dir}/ports.conf" - $logroot = '/var/log/apache2' - $lib_path = '/usr/lib/apache2/modules' - $mpm_module = 'worker' - $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] - $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' - $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' - $ssl_certs_dir = '/etc/ssl/certs' - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $suphp_addhandler = 'x-httpd-php' - $suphp_engine = 'off' - $suphp_configpath = '/etc/php5/apache2' - $mod_packages = { + $user = 'www-data' + $group = 'www-data' + $root_group = 'root' + $apache_name = 'apache2' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-available" + $vhost_enable_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'apache2.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $lib_path = '/usr/lib/apache2/modules' + $mpm_module = 'worker' + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $passenger_conf_file = 'passenger_extra.conf' + $passenger_conf_package_file = 'passenger.conf' + $passenger_root = undef + $passenger_ruby = undef + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { 'auth_kerb' => 'libapache2-mod-auth-kerb', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', @@ -136,16 +136,16 @@ 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', } - $mod_libs = { + $mod_libs = { 'php5' => 'libphp5.so', } - $conf_template = 'apache/httpd.conf.erb' - $keepalive = 'Off' - $keepalive_timeout = 15 + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 $max_keepalive_requests = 100 - $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' - $mime_types_config = '/etc/mime.types' + $mime_types_config = '/etc/mime.types' } elsif $::osfamily == 'FreeBSD' { $user = 'www' $group = 'www' diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index e1ea23ec80..5b6c6d8570 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -5,7 +5,7 @@ when 'Debian' service_name = 'apache2' mod_dir = '/etc/apache2/mods-available/' - conf_file = "#{mod_dir}passenger.conf" + conf_file = "#{mod_dir}passenger_extra.conf" load_file = "#{mod_dir}passenger.load" passenger_root = '/usr' passenger_ruby = '/usr/bin/ruby' @@ -71,8 +71,9 @@ class { 'apache::mod::passenger': } end describe file(conf_file) do - it { should contain "PassengerRoot \"#{passenger_root}\"" } - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + # passenger_extra.conf only contains directives if overridden from the class params + it { should_not contain "PassengerRoot \"#{passenger_root}\"" } + it { should_not contain "PassengerRuby \"#{passenger_ruby}\"" } end describe file(load_file) do @@ -99,11 +100,17 @@ class { 'apache::mod::passenger': } shell("sudo /usr/sbin/passenger-status") do |r| # spacing may vary r.stdout.should =~ /[\-]+ General information [\-]+/ - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ + if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' + r.stdout.should =~ /Max pool size[ ]+: [0-9]+/ + r.stdout.should =~ /Processes[ ]+: [0-9]+/ + r.stdout.should =~ /Requests in top-level queue[ ]+: [0-9]+/ + else + r.stdout.should =~ /max[ ]+= [0-9]+/ + r.stdout.should =~ /count[ ]+= [0-9]+/ + r.stdout.should =~ /active[ ]+= [0-9]+/ + r.stdout.should =~ /inactive[ ]+= [0-9]+/ + r.stdout.should =~ /Waiting on global queue: [0-9]+/ + end r.exit_code.should == 0 end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 08cff41554..608b3c47d9 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -16,11 +16,28 @@ it { should contain_file('passenger.load').with({ 'path' => '/etc/apache2/mods-available/passenger.load', }) } - it { should contain_file('passenger.conf').with({ + it { should contain_file('passenger_package.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr"$/) } - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/bin\/ruby"$/) } + it { should contain_file('passenger_package.conf').without_content } + it { should contain_file('passenger_package.conf').without_source } + it { should contain_file('passenger.conf').with({ + 'path' => '/etc/apache2/mods-available/passenger_extra.conf', + }) } + it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + describe "with passenger_root => '/usr/lib/example'" do + let :params do + { :passenger_root => '/usr/lib/example' } + end + it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } + end + describe "with passenger_ruby => /usr/lib/example/ruby" do + let :params do + { :passenger_ruby => '/usr/lib/example/ruby' } + end + it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } + end describe "with passenger_high_performance => true" do let :params do { :passenger_high_performance => 'true' } @@ -69,11 +86,11 @@ end it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end - describe "with passenger_ruby => /user/lib/example/ruby" do + describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do - { :passenger_ruby => '/user/lib/example/ruby' } + { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/user\/lib\/example\/ruby"$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } end describe "with passenger_use_global_queue => true" do let :params do @@ -134,11 +151,11 @@ end it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end - describe "with passenger_ruby => /user/lib/example/ruby" do + describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do - { :passenger_ruby => '/user/lib/example/ruby' } + { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/user\/lib\/example\/ruby"$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } end end context "on a FreeBSD OS" do From 1d72c4146034dc94e02cb9c37fa6c050f1b08a24 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 24 Apr 2014 13:36:15 -0700 Subject: [PATCH 0226/2267] Add a nodeset for Ubuntu 14.04. --- spec/acceptance/nodesets/ubuntu-server-1404-x64.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 spec/acceptance/nodesets/ubuntu-server-1404-x64.yml diff --git a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 0000000000..cba1cd04c2 --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-1404-x64: + roles: + - master + platform: ubuntu-14.04-amd64 + box : puppetlabs/ubuntu-14.04-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor : vagrant +CONFIG: + log_level : debug + type: git From 7895319cd0cb5ac3172ecbf59fe71791e7724453 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 5 May 2014 14:27:03 -0400 Subject: [PATCH 0227/2267] 'be_mode' was getting confused by the leading 0. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 6fa42a6b16..93b3f1f3a2 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -469,7 +469,7 @@ class { 'apache': } it { should be_directory } it { should be_owned_by 'test_owner' } it { should be_grouped_into 'test_group' } - it { should be_mode '0750' } + it { should be_mode 750 } end end From f19ec7670fbc10913867c102478dd8e2381f85e7 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 7 May 2014 19:23:07 -0400 Subject: [PATCH 0228/2267] Some initial cleanup for RHEL7. There are still some test issues, although mostly related to the lack of 'normal' EPEL and passenger packages. Also, still need to fix SELinux for non-standard paths, but that's going to be a big change. --- manifests/default_mods.pp | 9 +++++---- spec/acceptance/apache_parameters_spec.rb | 12 ++++++++---- spec/acceptance/class_spec.rb | 7 ++++--- spec/acceptance/mod_proxy_html_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 16 +++++++++------- 5 files changed, 27 insertions(+), 19 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 3800b5b79c..c8f7446cf6 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -9,6 +9,11 @@ case $::osfamily { 'redhat', 'freebsd': { ::apache::mod { 'log_config': } + if $apache_version >= 2.4 { + # Lets fork it + ::apache::mod { 'systemd': } + ::apache::mod { 'unixd': } + } } default: {} } @@ -43,10 +48,6 @@ ::apache::mod { 'version': } if $apache_version >= 2.4 { - # Lets fork it - ::apache::mod { 'systemd': } - - ::apache::mod { 'unixd': } ::apache::mod { 'authn_core': } } else { diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 629c360e34..808190dfaa 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -328,12 +328,15 @@ class { 'apache': describe 'logging' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': logroot => '/tmp' }" + pp = <<-EOS + file { '/apache_spec': ensure => directory, } + class { 'apache': logroot => '/apache_spec' } + EOS apply_manifest(pp, :catch_failures => true) end end - describe file("/tmp/#{$error_log}") do + describe file("/apache_spec/#{$error_log}") do it { should be_file } end end @@ -341,8 +344,9 @@ class { 'apache': describe 'ports_file' do it 'applys cleanly' do pp = <<-EOS + file { '/apache_spec': ensure => directory, } class { 'apache': - ports_file => '/tmp/ports_file', + ports_file => '/apache_spec/ports_file', ip => '10.1.1.1', service_ensure => stopped } @@ -350,7 +354,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file('/tmp/ports_file') do + describe file('/apache_spec/ports_file') do it { should be_file } it { should contain 'Listen 10.1.1.1' } end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 1f5921d596..ca1255745f 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -38,10 +38,11 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - file { '/tmp/apache_custom': ensure => directory, } + file { '/apache_spec': ensure => directory, } + file { '/apache_spec/apache_custom': ensure => directory, } class { 'apache': - mod_dir => '/tmp/apache_custom/mods', - vhost_dir => '/tmp/apache_custom/vhosts', + mod_dir => '/apache_spec/apache_custom/mods', + vhost_dir => '/apache_spec/apache_custom/vhosts', } EOS diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index ddfa66dd91..b34daacbff 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -11,7 +11,7 @@ end context "default proxy_html config" do - if fact('osfamily') == 'RedHat' + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do pp = "class { 'epel': }" apply_manifest(pp, :catch_failures => true) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 93b3f1f3a2..816327f3c9 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -488,8 +488,9 @@ class { 'apache': } describe file($ports_file) do it { should be_file } - case fact('lsbdistcodename') - when 'saucy', 'trusty' + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + it { should_not contain 'NameVirtualHost test.server' } + elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/ it { should_not contain 'NameVirtualHost test.server' } else it { should contain 'NameVirtualHost test.server' } @@ -1012,7 +1013,7 @@ class { 'apache': } end # So what does this work on? - if default['platform'] !~ /^(debian-(6|7)|el-(5|6))/ + if default['platform'] !~ /^(debian-(6|7)|el-(5|6|7))/ describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS @@ -1042,10 +1043,11 @@ class { 'apache::mod::fastcgi': } pp = <<-EOS class { 'apache': } host { 'test.server': ip => '127.0.0.1' } - file { '/tmp/include': ensure => present, content => '#additional_includes' } + file { '/apache_spec': ensure => directory, } + file { '/apache_spec/include': ensure => present, content => '#additional_includes' } apache::vhost { 'test.server': - docroot => '/tmp', - additional_includes => '/tmp/include', + docroot => '/apache_spec', + additional_includes => '/apache_spec/include', } EOS apply_manifest(pp, :catch_failures => true) @@ -1053,7 +1055,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain 'Include "/tmp/include"' } + it { should contain 'Include "/apache_spec/include"' } end end From 2ea49e1cb462b7ef7ca573595f348ea2dee9e601 Mon Sep 17 00:00:00 2001 From: Jesse Cotton Date: Wed, 23 Apr 2014 14:14:18 +0000 Subject: [PATCH 0229/2267] Add fastcgi external server defined type --- README.md | 51 ++++++++++++++++ manifests/fastcgi/server.pp | 23 ++++++++ spec/defines/fastcgi_server_spec.rb | 90 +++++++++++++++++++++++++++++ templates/fastcgi/server.erb | 3 + 4 files changed, 167 insertions(+) create mode 100644 manifests/fastcgi/server.pp create mode 100644 spec/defines/fastcgi_server_spec.rb create mode 100644 templates/fastcgi/server.erb diff --git a/README.md b/README.md index 98cebb9a97..ec579af217 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) + * [Defined Type: apache::fastcgi::server](#defined-type-fastcgi-server) * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) * [Load Balancing](#load-balancing) * [Defined Type: apache::balancer](#defined-type-apachebalancer) @@ -1507,6 +1508,56 @@ An array: Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. +####Defined Type: FastCGI Server + +This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. + +Ex: + +```puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +``` + +Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. + +```puppet +apache::vhost { 'www': + ... + custom_fragment = 'AddType application/x-httpd-php .php' + ... +} +``` + +#####`host` + +The hostname or IP address and TCP port number (1-65535) of the FastCGI server. + +#####`timeout` + +The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request will be aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. + +#####`flush` + +Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. + +#####`faux_path` + +`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename will be handled by this external FastCGI application. + +#####`alias` + +A unique alias. This is used internally to link the action with the FastCGI server. + +#####`file_type` + +The MIME-type of the file's that will be processed by the FastCGI server. ###Virtual Host Examples diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp new file mode 100644 index 0000000000..f62cb04530 --- /dev/null +++ b/manifests/fastcgi/server.pp @@ -0,0 +1,23 @@ +define apache::fastcgi::server ( + $host = '127.0.0.1:9000', + $timeout = 15, + $flush = false, + $faux_path = "/var/www/$name.fcgi", + $alias = "/$name.fcgi", + $file_type = 'application/x-httpd-php' +) { + + Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server["$title"] + + file { "fastcgi-pool-$name.conf": + ensure => present, + path => "${::apache::confd_dir}/fastcgi-pool-$name.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + content => template('apache/fastcgi/server.erb'), + require => Exec["mkdir ${::apache::confd_dir}"], + before => File[$::apache::confd_dir], + notify => Service['httpd'] + } +} diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb new file mode 100644 index 0000000000..89e9b2041f --- /dev/null +++ b/spec/defines/fastcgi_server_spec.rb @@ -0,0 +1,90 @@ +require 'spec_helper' + +describe 'apache::fastcgi::server', :type => :define do + let :pre_condition do + 'include apache' + end + let :title do + 'www' + end + describe 'os-dependent items' do + context "on RedHat based systems" do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf" + ) } + end + context "on Debian based systems" do + let :default_facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf" + ) } + end + context "on FreeBSD systems" do + let :default_facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/usr/local/etc/apache22/Includes/fastcgi-pool-#{title}.conf" + ) } + end + end + describe 'os-independent items' do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + describe ".conf content" do + let :params do + { + :host => '127.0.0.1:9001', + :timeout => 30, + :flush => true, + :faux_path => '/var/www/php-www.fcgi', + :alias => '/php-www.fcgi', + :file_type => 'application/x-httpd-php' + } + end + let :expected do +'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 +Alias /php-www.fcgi /var/www/php-www.fcgi +Action application/x-httpd-php /php-www.fcgi +' + end + it do + should contain_file("fastcgi-pool-www.conf").with_content(expected) + end + end + end +end diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb new file mode 100644 index 0000000000..c16eae8cfd --- /dev/null +++ b/templates/fastcgi/server.erb @@ -0,0 +1,3 @@ +FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %> +Alias <%= @alias %> <%= faux_path %> +Action <%= @file_type %> <%= @alias %> From 8f03f6c873706a70127b3e96532bbb4a5962c019 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 8 May 2014 18:50:16 -0400 Subject: [PATCH 0230/2267] SELinux updates. Updates to the tests to make them work when SELinux is in enforcing mode. Also update the documentation with information on what needs to be done if you're using custom paths with SELinux. --- README.md | 33 ++++++++++++++++++++++- spec/acceptance/apache_parameters_spec.rb | 14 ++++++++++ spec/acceptance/class_spec.rb | 14 ++++++++++ spec/acceptance/vhost_spec.rb | 14 ++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b317cd50b..2e509cb9d6 100644 --- a/README.md +++ b/README.md @@ -1823,10 +1823,41 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04, Debian 7, and RHEL 5 & 6 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions may occur. +###SELinux and Custom Paths + +If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you will need to manage the context for the files yourself. + +Something along the lines of: + +```puppet + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], + } + package { 'policycoreutils-python': ensure => installed } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + } + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + file { '/custom/path': ensure => directory, } + file { '/custom/path/include': ensure => present, content => '#additional_includes' } + apache::vhost { 'test.server': + docroot => '/custom/path', + additional_includes => '/custom/path/include', + } +``` + +You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources will reset the context to the values in the database if the resource isn't specifying the context. + ##Development ###Contributing diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 808190dfaa..187d6ffe81 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -329,6 +329,20 @@ class { 'apache': describe 'setup' do it 'applies cleanly' do pp = <<-EOS + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + package { 'policycoreutils-python': ensure => installed } + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_log_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], + } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + } + } file { '/apache_spec': ensure => directory, } class { 'apache': logroot => '/apache_spec' } EOS diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index ca1255745f..c942cf8377 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -38,6 +38,20 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + package { 'policycoreutils-python': ensure => installed } + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], + } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + } + } file { '/apache_spec': ensure => directory, } file { '/apache_spec/apache_custom': ensure => directory, } class { 'apache': diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 816327f3c9..3591a07322 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1041,6 +1041,20 @@ class { 'apache::mod::fastcgi': } describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], + } + package { 'policycoreutils-python': ensure => installed } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + } + } class { 'apache': } host { 'test.server': ip => '127.0.0.1' } file { '/apache_spec': ensure => directory, } From e7a512e0163d3f198b44402dc3555a665dd4081d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 9 May 2014 14:29:19 -0400 Subject: [PATCH 0231/2267] Fix issues in the travis-ci build. --- spec/classes/mod/php_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 32b2ff0994..e228dd7817 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -70,7 +70,7 @@ let :params do { :extensions => ['.php','.php5']} end - it { should contain_file("php5.conf").with_content =~ /AddHandler php5-script .php .php5\n/ } + it { should contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } end context "with specific version" do let :pre_condition do From fc9e519214398588eed6f32cbf24f94b69d3183b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 12 May 2014 14:38:26 -0400 Subject: [PATCH 0232/2267] Fix failing tests on RHEL5. A couple of missing packages, and the RHEL5 image also had SELinux in enforcing mode. --- spec/acceptance/apache_parameters_spec.rb | 11 ++++++++--- spec/acceptance/class_spec.rb | 11 ++++++++--- spec/acceptance/mod_passenger_spec.rb | 4 ++-- spec/acceptance/mod_proxy_html_spec.rb | 5 ++++- spec/acceptance/vhost_spec.rb | 11 ++++++++--- 5 files changed, 30 insertions(+), 12 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 187d6ffe81..14e5a1b8e3 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -329,12 +329,17 @@ class { 'apache': describe 'setup' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { - package { 'policycoreutils-python': ensure => installed } + if $::osfamily == 'RedHat' and $::selinux == 'true' { + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + 'default' => 'policycoreutils-python', + } + + package { $semanage_package: ensure => installed } exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_log_t "/apache_spec(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], + require => Package[$semanage_package], } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index c942cf8377..830e3ed5b6 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -38,12 +38,17 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { - package { 'policycoreutils-python': ensure => installed } + if $::osfamily == 'RedHat' and $::selinux == 'true' { + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + 'default' => 'policycoreutils-python', + } + + package { $semanage_package: ensure => installed } exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], + require => Package[$semanage_package], } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 5b6c6d8570..68622eecbc 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -127,8 +127,8 @@ class { 'apache::mod::passenger': } end when 'RedHat' - # no fedora 18 passenger package yet - unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) + # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 + unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') context "default passenger config" do it 'succeeds in puppeting passenger' do diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index b34daacbff..f015f99941 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -23,7 +23,10 @@ class { 'apache': } class { 'apache::mod::proxy': } class { 'apache::mod::proxy_http': } - class { 'apache::mod::proxy_html': } + # mod_proxy_html doesn't exist in RHEL5 + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease != '5' { + class { 'apache::mod::proxy_html': } + } EOS apply_manifest(pp, :catch_failures => true) end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 3591a07322..34778cc049 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1041,13 +1041,18 @@ class { 'apache::mod::fastcgi': } describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + if $::osfamily == 'RedHat' and $::selinux == 'true' { exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], + require => Package[$semanage_package], } - package { 'policycoreutils-python': ensure => installed } + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + 'default' => 'policycoreutils-python', + } + + package { $semanage_package: ensure => installed } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', path => '/bin:/usr/bin/:/sbin:/usr/sbin', From 8e7ef1550cc8a4f816a0f4d7235df36b48664998 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 12 May 2014 15:01:44 -0400 Subject: [PATCH 0233/2267] Fix lib path for Ubuntu 10.04. --- manifests/mod/proxy_html.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index a30c328c90..69894f21c3 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -14,6 +14,7 @@ } $loadfiles = $::apache::params::distrelease ? { '6' => ['/usr/lib/libxml2.so.2'], + '10' => ['/usr/lib/libxml2.so.2'], default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"], } } From 204038e1f8767db504b3ccf07dd54f3f0aa7958b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 12 May 2014 16:50:12 -0400 Subject: [PATCH 0234/2267] Add notes in README about untested functionality for RHEL5 and RHEL7. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 2e509cb9d6..3f5fbfecaa 100644 --- a/README.md +++ b/README.md @@ -1821,6 +1821,14 @@ The Apache module relies heavily on templates to enable the `vhost` and `apache: The `apache::vhost::WSGIImportScript` parameter creates a statement inside the VirtualHost which is unsupported on older versions of Apache, causing this to fail. This will be remedied in a future refactoring. +###RHEL/CentOS 5 + +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. + +###RHEL/CentOS 7 + +The `apache::mod::passenger` class is untested as the repository does not have packages for EL7 yet. The fact that passenger packages aren't available also makes us unable to test the `rack_base_uri` parameter in `apache::vhost`. + ###General This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. From e083e8f306bb3879c92da9050ed9622a9fcbab2c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 13 May 2014 16:55:53 -0400 Subject: [PATCH 0235/2267] Update supported versions in metadata.json --- metadata.json | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/metadata.json b/metadata.json index 26a14ae42a..92663a43c4 100644 --- a/metadata.json +++ b/metadata.json @@ -11,28 +11,35 @@ "operatingsystem": "RedHat", "operatingsystemrelease": [ "5", - "6" + "6", + "7" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "5", - "6" + "6", + "7" + ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "5", - "6" + "6", + "7" + ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "5", - "6" + "6", + "7" + ] }, { @@ -46,7 +53,8 @@ "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "10.04", - "12.04" + "12.04", + "14.04" ] } ], From 2c58046332145c024f7b848f040b6f139be784ba Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Wed, 14 May 2014 17:39:23 -0400 Subject: [PATCH 0236/2267] Prepare a 1.1.0 release. --- CHANGELOG.md | 35 +++++++++++++++++++++++++++++++++++ Modulefile | 2 +- metadata.json | 2 +- 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26e8d75d4d..c77316a488 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +## 2014-04-14 Supported Release 1.1.0 + +###Summary + +This release primarily focuses on extending the httpd 2.4 support, tested +through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger +4 support, as well as several new modules and important bugfixes. + +####Features + +- Add support for RHEL7 and Ubuntu 14.04 +- More complete apache24 support +- Passenger 4 support +- Add support for max_keepalive_requests and log_formats parameters +- Add mod_pagespeed support +- Add mod_speling support +- Added several parameters for mod_passenger +- Added ssl_cipher parameter to apache::mod::ssl +- Improved examples in documentation +- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost +- Add support for custom extensions for mod_php +- Improve proxy_html support for Debian + +####Bugfixes + +- Remove NameVirtualHost directive for apache >= 2.4 +- Order proxy_set option so it doesn't change between runs +- Fix inverted SSL compression +- Fix missing ensure on concat::fragment resources +- Fix bad dependencies in apache::mod and apache::mod::mime + +####Known Bugs +* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. +* SLES is unsupported. + ## 2014-03-04 Supported Release 1.0.1 ###Summary diff --git a/Modulefile b/Modulefile index 227947cbba..49a712bcdd 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '1.0.1' +version '1.1.0' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' diff --git a/metadata.json b/metadata.json index 92663a43c4..5fd476b7f1 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.0.1", + "version": "1.1.0", "source": "https://github.com/puppetlabs/puppetlabs-apache", "author": "Puppet Labs", "license": "Apache-2.0", From 0aa6b0f72f07d80974a4743a59ff1ac342937ebf Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Wed, 14 May 2014 12:12:22 -0700 Subject: [PATCH 0237/2267] (MODULES-910) Convert @apache_version to a string Three part version numbers cannot be floats and must be represented as strings. This commit changes all instances of $apache_version and any comparsions to use strings and the versioncmp function. This also fixes comparsion of Float and String errors with future parser enabled. --- manifests/default_mods.pp | 10 +++++----- manifests/init.pp | 2 +- manifests/mod/event.pp | 2 +- manifests/mod/pagespeed.pp | 2 +- manifests/mod/prefork.pp | 2 +- manifests/mod/ssl.pp | 4 ++-- manifests/mod/worker.pp | 2 +- manifests/mpm.pp | 6 +++--- manifests/version.pp | 10 +++++----- manifests/vhost.pp | 4 ++-- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/version.rb | 12 ++++++------ spec/acceptance/vhost_spec.rb | 4 ++-- spec/classes/apache_spec.rb | 8 ++++---- spec/classes/mod/event_spec.rb | 6 +++--- spec/classes/mod/itk_spec.rb | 4 ++-- spec/classes/mod/prefork_spec.rb | 8 ++++---- spec/classes/mod/worker_spec.rb | 8 ++++---- spec/defines/vhost_spec.rb | 4 ++-- templates/httpd.conf.erb | 6 +++--- templates/mod/alias.conf.erb | 2 +- templates/mod/info.conf.erb | 2 +- templates/mod/ssl.conf.erb | 2 +- templates/vhost/_block.erb | 2 +- templates/vhost/_directories.erb | 2 +- templates/vhost/_fastcgi.erb | 2 +- 26 files changed, 59 insertions(+), 59 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index c8f7446cf6..f665d7383e 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -9,7 +9,7 @@ case $::osfamily { 'redhat', 'freebsd': { ::apache::mod { 'log_config': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it ::apache::mod { 'systemd': } ::apache::mod { 'unixd': } @@ -47,7 +47,7 @@ ::apache::mod { 'usertrack': } ::apache::mod { 'version': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } } else { @@ -114,7 +114,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', @@ -135,7 +135,7 @@ } elsif $mods { ::apache::default_mods::load { $mods: } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', @@ -145,7 +145,7 @@ ::apache::mod { 'filter': } } } else { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', diff --git a/manifests/init.pp b/manifests/init.pp index 069399b6da..9f77d5b4e7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -67,7 +67,7 @@ validate_bool($service_enable) $valid_mpms_re = $apache_version ? { - 2.4 => '(event|itk|peruser|prefork|worker)', + '2.4' => '(event|itk|peruser|prefork|worker)', default => '(event|itk|prefork|worker)' } diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index cad00774c3..cb7ed96cd6 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -44,7 +44,7 @@ case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { apache::mpm{ 'event': apache_version => $apache_version, } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index cca30eb50e..f4827c22a7 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -35,7 +35,7 @@ ){ $_lib = $::apache::apache_version ? { - 2.4 => 'mod_pagespeed_ap24.so', + '2.4' => 'mod_pagespeed_ap24.so', default => undef } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index d615acbddc..b3adeae8c8 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -42,7 +42,7 @@ case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mpm{ 'prefork': apache_version => $apache_version, } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7370746e60..dd178150c9 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -12,7 +12,7 @@ case $::osfamily { 'debian': { - if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { + if versioncmp($apache_version, '2.4') >= 0 and $::operatingsystem == 'Ubuntu' { $ssl_mutex = 'default' } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' @@ -33,7 +33,7 @@ ::apache::mod { 'ssl': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'socache_shmcb': } } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 8007953cf8..3251a1a0ed 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -44,7 +44,7 @@ case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mpm{ 'worker': apache_version => $apache_version, } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index b6b2cfebe8..6437016ba7 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -13,7 +13,7 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { file { "${mod_dir}/${mpm}.load": ensure => file, path => "${mod_dir}/${mpm}.load", @@ -37,7 +37,7 @@ notify => Service['httpd'], } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { file { "${::apache::mod_enable_dir}/${mpm}.load": ensure => link, target => "${::apache::mod_dir}/${mpm}.load", @@ -47,7 +47,7 @@ } } - if $apache_version < 2.4 { + if versioncmp($apache_version, '2.4') < 0 { package { "apache2-mpm-${mpm}": ensure => present, } diff --git a/manifests/version.pp b/manifests/version.pp index 9deb37631e..a8592d5e95 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -13,20 +13,20 @@ case $::osfamily { 'RedHat': { if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { - $default = 2.4 + $default = '2.4' } else { - $default = 2.2 + $default = '2.2' } } 'Debian': { if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { - $default = 2.4 + $default = '2.4' } else { - $default = 2.2 + $default = '2.2' } } 'FreeBSD': { - $default = 2.2 + $default = '2.2' } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 45897e8e01..0cdfd708ed 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -350,7 +350,7 @@ } } if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and $apache_version < 2.4 { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { ::apache::namevirtualhost { $nvh_addr_port: } } } @@ -427,7 +427,7 @@ directoryindex => $directoryindex, } - if $apache_version == 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { $_directory_version = { require => 'all granted', } diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 14e5a1b8e3..4fa3bf6ec6 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -218,7 +218,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - if $apache_version >= 2.4 + if $apache_version == '2.4' describe file($conf_file) do it { should be_file } it { should contain 'IncludeOptional "/tmp/root/*.conf"' } diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index a3b80c1730..27498354b4 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -17,9 +17,9 @@ $suphp_configpath = 'undef' if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7) - $apache_version = 2.4 + $apache_version = '2.4' else - $apache_version = 2.2 + $apache_version = '2.2' end when 'Debian' $confd_dir = '/etc/apache2/mods-available' @@ -35,9 +35,9 @@ $suphp_configpath = '/etc/php5/apache2' if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10 - $apache_version = 2.4 + $apache_version = '2.4' else - $apache_version = 2.2 + $apache_version = '2.2' end when 'FreeBSD' $confd_dir = '/usr/local/etc/apache22/Includes' @@ -50,8 +50,8 @@ $package_name = 'apache22' $error_log = 'http-error.log' - $apache_version = 2.2 + $apache_version = '2.2' else - $apache_version = 0 + $apache_version = '0' end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 34778cc049..186a9986f0 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -165,7 +165,7 @@ class { 'apache': } pp = <<-EOS class { 'apache': } - if $apache::apache_version >= 2.4 { + if versioncmp($apache::apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } } else { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } @@ -209,7 +209,7 @@ class { 'apache': } pp = <<-EOS class { 'apache': } - if $apache::apache_version >= 2.4 { + if versioncmp($apache::apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } } else { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6e0b705333..3290f5b425 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -75,7 +75,7 @@ context "with Apache version < 2.4" do let :params do - { :apache_version => 2.2 } + { :apache_version => '2.2' } end it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } @@ -83,7 +83,7 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => 2.4 } + { :apache_version => '2.4' } end it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } @@ -279,7 +279,7 @@ context "with Apache version < 2.4" do let :params do - { :apache_version => 2.2 } + { :apache_version => '2.2' } end it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } @@ -287,7 +287,7 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => 2.4 } + { :apache_version => '2.4' } end it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 320374a00d..6ae471ff3f 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -31,7 +31,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -44,7 +44,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end @@ -68,7 +68,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 032e122d48..d431c5c766 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -18,7 +18,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -31,7 +31,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 8eff78e4ab..9ef49d78f2 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -18,7 +18,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -31,7 +31,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end @@ -58,7 +58,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -71,7 +71,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 504018e689..a8176c570d 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -18,7 +18,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -31,7 +31,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end @@ -58,7 +58,7 @@ context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end @@ -71,7 +71,7 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index efdeaae57d..f085e13ed9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -788,7 +788,7 @@ describe "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value], - :apache_version => 2.2, + :apache_version => '2.2', }) end it { should contain_file("25-#{title}.conf").with_mode('0644') } @@ -925,7 +925,7 @@ describe "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value], - :apache_version => 2.4, + :apache_version => '2.4', }) end it { should contain_file("25-#{title}.conf").with_mode('0644') } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index dd43cb95d2..c73a33dfc9 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -16,7 +16,7 @@ Group <%= @group %> AccessFileName .htaccess -<%- if @apache_version >= '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> Order allow,deny @@ -61,7 +61,7 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if @apache_version >= '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" @@ -79,7 +79,7 @@ Alias /error/ "<%= @error_documents_path %>/" Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var -<%- if @apache_version == '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb index 0a0c81593d..151a806c9f 100644 --- a/templates/mod/alias.conf.erb +++ b/templates/mod/alias.conf.erb @@ -3,7 +3,7 @@ Alias /icons/ "<%= @icons_path %>/" "> Options Indexes MultiViews AllowOverride None -<%- if @apache_version == '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb index 0747da4307..d5288fb8c9 100644 --- a/templates/mod/info.conf.erb +++ b/templates/mod/info.conf.erb @@ -1,6 +1,6 @@ SetHandler server-info - <%- if @apache_version >= '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> <%- else -%> Order deny,allow diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index a393193a76..24274050c2 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -13,7 +13,7 @@ <% if @ssl_compression -%> SSLCompression On <% end -%> - <% if @apache_version >= '2.4' -%> + <% if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Mutex <%= @ssl_mutex %> <% else -%> SSLMutex <%= @ssl_mutex %> diff --git a/templates/vhost/_block.erb b/templates/vhost/_block.erb index f3c835d2cb..d0776829da 100644 --- a/templates/vhost/_block.erb +++ b/templates/vhost/_block.erb @@ -4,7 +4,7 @@ <% if @block.include? 'scm' -%> # Block access to SCM directories. - <%- if @apache_version >= '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> Deny From All diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index efa26ce4e9..71c61a02c8 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -34,7 +34,7 @@ AllowOverride None <%- end -%> <%- end -%> - <%- if @apache_version == '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['require'] and directory['require'] != '' -%> Require <%= Array(directory['require']).join(' ') %> <%- else -%> diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index 07129bc197..3a2baa5596 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -8,7 +8,7 @@ Options +ExecCGI AllowOverride All SetHandler fastcgi-script - <%- if @apache_version >= '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny From 644cb9694db682880196a7ed10daf00fddb59f6e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 21 May 2014 18:20:10 -0400 Subject: [PATCH 0238/2267] default shouldn't be quoted in the selector. --- spec/acceptance/apache_parameters_spec.rb | 4 ++-- spec/acceptance/class_spec.rb | 4 ++-- spec/acceptance/vhost_spec.rb | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 14e5a1b8e3..019ad24deb 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -331,8 +331,8 @@ class { 'apache': pp = <<-EOS if $::osfamily == 'RedHat' and $::selinux == 'true' { $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - 'default' => 'policycoreutils-python', + '5' => 'policycoreutils', + default => 'policycoreutils-python', } package { $semanage_package: ensure => installed } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 830e3ed5b6..bb41bf8f80 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -40,8 +40,8 @@ class { 'apache': } pp = <<-EOS if $::osfamily == 'RedHat' and $::selinux == 'true' { $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - 'default' => 'policycoreutils-python', + '5' => 'policycoreutils', + default => 'policycoreutils-python', } package { $semanage_package: ensure => installed } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 34778cc049..7b229d1f5f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1048,8 +1048,8 @@ class { 'apache::mod::fastcgi': } require => Package[$semanage_package], } $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - 'default' => 'policycoreutils-python', + '5' => 'policycoreutils', + default => 'policycoreutils-python', } package { $semanage_package: ensure => installed } From 731329c8586c8af67203c3757a88af5a332fedfb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 21 May 2014 19:23:51 -0400 Subject: [PATCH 0239/2267] Update PE version requirements. --- metadata.json | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata.json b/metadata.json index 5fd476b7f1..15317ff18e 100644 --- a/metadata.json +++ b/metadata.json @@ -59,6 +59,7 @@ } ], "requirements": [ + { "name": "pe", "version_requirement": ">= 3.2.0 < 3.4.0" }, { "name": "puppet", "version_requirement": "3.x" } ], "dependencies": [] From 6a60fe48b1c8a2a813191cd9670258b559fc3c49 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 22 May 2014 18:56:04 -0400 Subject: [PATCH 0240/2267] Resolve test failures on apache. --- spec/acceptance/class_spec.rb | 17 ++++++++++------- spec/acceptance/mod_passenger_spec.rb | 10 +++++----- spec/acceptance/vhost_spec.rb | 9 ++++----- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index bb41bf8f80..a2899f6bfb 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -46,15 +46,18 @@ class { 'apache': } package { $semanage_package: ensure => installed } exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package[$semanage_package], + command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + subscribe => Package[$semanage_package], + refreshonly => true, } exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + subscribe => Exec['set_apache_defaults'], + refreshonly => true, } } file { '/apache_spec': ensure => directory, } diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 68622eecbc..dd65c5d3ed 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -81,7 +81,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/sbin/passenger-memory-stats") do |r| + shell("/usr/sbin/passenger-memory-stats") do |r| r.stdout.should =~ /Apache processes/ r.stdout.should =~ /Nginx processes/ r.stdout.should =~ /Passenger processes/ @@ -97,7 +97,7 @@ class { 'apache::mod::passenger': } unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' it 'should output status via passenger-status' do # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("sudo /usr/sbin/passenger-status") do |r| + shell("/usr/sbin/passenger-status") do |r| # spacing may vary r.stdout.should =~ /[\-]+ General information [\-]+/ if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' @@ -136,7 +136,7 @@ class { 'apache::mod::passenger': } /* EPEL and passenger repositories */ class { 'epel': } exec { 'passenger.repo GPG key': - command => '/usr/bin/sudo /usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', + command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', } file { 'passenger.repo GPG key': @@ -194,7 +194,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/bin/passenger-memory-stats") do |r| + shell("/usr/bin/passenger-memory-stats") do |r| r.stdout.should =~ /Apache processes/ r.stdout.should =~ /Nginx processes/ r.stdout.should =~ /Passenger processes/ @@ -206,7 +206,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-status' do - shell("sudo PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| + shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| # spacing may vary r.stdout.should =~ /[\-]+ General information [\-]+/ r.stdout.should =~ /max[ ]+= [0-9]+/ diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7b229d1f5f..c99e7d5246 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1042,16 +1042,15 @@ class { 'apache::mod::fastcgi': } it 'applies cleanly' do pp = <<-EOS if $::osfamily == 'RedHat' and $::selinux == 'true' { + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + default => 'policycoreutils-python', + } exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', require => Package[$semanage_package], } - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } - package { $semanage_package: ensure => installed } exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', From 179fb89d0d00fa5c214004581d8bc7c8ec4f2fb1 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 23 May 2014 16:29:25 +0200 Subject: [PATCH 0241/2267] Add fcgid options This adds fcgid.conf to configure the fcgid module. It also adds the FcgidWrapper option to vhost's directories. The vhost option lacks any validation and allows users to shoot themselves in the foot, but without iteration from the puppet future parser I don't see a way to add the validation. Iteration would also allow auto including apache::mod::fcgid. --- README.md | 36 ++++++++++++++++++ manifests/mod/fcgid.pp | 15 +++++++- spec/acceptance/mod_fcgid_spec.rb | 62 +++++++++++++++++++++++++++++++ spec/classes/mod/fcgid_spec.rb | 40 ++++++++++++++++++-- spec/defines/vhost_spec.rb | 36 ++++++++++++++++++ templates/mod/fcgid.conf.erb | 5 +++ templates/vhost/_directories.erb | 3 ++ 7 files changed, 192 insertions(+), 5 deletions(-) create mode 100644 spec/acceptance/mod_fcgid_spec.rb create mode 100644 templates/mod/fcgid.conf.erb diff --git a/README.md b/README.md index fd5cb87dc3..d4f388ccc4 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) * [Class: apache::mod::wsgi](#class-apachemodwsgi) + * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -578,6 +579,41 @@ For customized parameters, which tell Apache how Python is currently configured More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). +####Class: `apache::mod::fcgid` + +Installs and configures mod_fcgid. + +The class makes no effort to list all available options, but rather uses an options hash to allow for ultimate flexibility: + +```puppet + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, + } +``` + +For a full list op options, see the [official mod_fcgid documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html). + +It is also possible to set the FcgidWrapper per directory per vhost. You must ensure the fcgid module is loaded because there is no auto loading. + +```puppet + include apache::mod::fcgid + apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, + } +``` + +See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information. + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 9eb7997427..70997768bc 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,3 +1,16 @@ -class apache::mod::fcgid { +class apache::mod::fcgid( + $options = {}, +) { ::apache::mod { 'fcgid': } + + # Template uses: + # - $options + file { 'fcgid.conf': + ensure => file, + path => "${::apache::mod_dir}/fcgid.conf", + content => template('apache/mod/fcgid.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } } diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb new file mode 100644 index 0000000000..52f793be06 --- /dev/null +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + # Not implemented + when 'RedHat' + context "default fcgid config" do + it 'succeeds in puppeting fcgid' do + pp = <<-EOS + class { 'epel': } # mod_fcgid lives in epel + class { 'apache': } + class { 'apache::mod::php': } # For /usr/bin/php-cgi + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + }, + } + apache::vhost { 'fcgid.example.com': + port => '80', + docroot => '/var/www/fcgid', + directories => { + path => '/var/www/fcgid', + options => '+ExecCGI', + addhandlers => { + handler => 'fcgid-script', + extensions => '.php', + }, + fcgiwrapper => { + command => '/usr/bin/php-cgi', + suffix => '.php', + } + }, + } + file { '/var/www/fcgid/index.php': + ensure => file, + owner => 'root', + group => 'root', + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service('httpd') do + it { should be_enabled } + it { should be_running } + end + + it 'should answer to fcgid.example.com' do + shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| + r.stdout.should =~ /^Hello world$/ + r.exit_code.should == 0 + end + end + + it 'should run a php-cgi process' do + shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) + end + end + end +end diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index 5cc337291a..df5da582e7 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -1,7 +1,10 @@ -describe 'apache::mod::fcgid', :type => :class do +require 'spec_helper' + +describe 'apache::mod::fcgid' do let :pre_condition do 'include apache' end + context "on a Debian OS" do let :facts do { @@ -14,6 +17,7 @@ it { should contain_apache__mod('fcgid') } it { should contain_package("libapache2-mod-fcgid") } end + context "on a RedHat OS" do let :facts do { @@ -22,10 +26,37 @@ :concat_basedir => '/dne', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("mod_fcgid") } + + describe 'without parameters' do + it { should contain_class("apache::params") } + it { should contain_apache__mod('fcgid') } + it { should contain_package("mod_fcgid") } + end + + describe 'with parameters' do + let :params do { + :options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'FcgidMinProcessesPerClass' => '0', + 'AddHandler' => 'fcgid-script .fcgi', + } + } end + + it 'should contain the correct config' do + content = subject.resource('file', 'fcgid.conf').send(:parameters)[:content] + content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [ + '', + ' AddHandler fcgid-script .fcgi', + ' FcgidIPCDir /var/run/fcgidsock', + ' FcgidMinProcessesPerClass 0', + ' SharememPath /var/run/fcgid_shm', + '', + ] + end + end end + context "on a FreeBSD OS" do let :facts do { @@ -34,6 +65,7 @@ :concat_basedir => '/dne', } end + it { should contain_class("apache::params") } it { should contain_apache__mod('fcgid') } it { should contain_package("www/mod_fcgid") } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 933d31fb94..fde65d1f20 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1280,6 +1280,42 @@ end end + describe 'fcgid directory options' do + describe 'No fcgiwrapper' do + let :params do + default_params.merge({ + :directories => { 'path' => '/srv/www' }, + }) + end + + it { should_not contain_file("25-#{title}.conf").with_content(%r{FcgidWrapper}) } + end + + describe 'Only a command' do + let :params do + default_params.merge({ + :directories => { 'path' => '/srv/www', + 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper' }, + } + }) + end + + it { should contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper $}) } + end + + describe 'All parameters' do + let :params do + default_params.merge({ + :directories => { 'path' => '/srv/www', + 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper', 'suffix' => '.php', 'virtual' => 'virtual' }, + } + }) + end + + it { should contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper .php virtual$}) } + end + end + describe 'various ip/port combos' do describe 'when ip_based is true' do let :params do default_params.merge({ :ip_based => true }) end diff --git a/templates/mod/fcgid.conf.erb b/templates/mod/fcgid.conf.erb new file mode 100644 index 0000000000..a82bc30df9 --- /dev/null +++ b/templates/mod/fcgid.conf.erb @@ -0,0 +1,5 @@ + +<% @options.sort_by {|key, value| key}.each do |key, value| -%> + <%= key %> <%= value %> +<% end -%> + diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 71c61a02c8..498bfc699a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -153,6 +153,9 @@ <%- if directory['suphp'] and @suphp_engine == 'on' -%> suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> <%- end -%> + <%- if directory['fcgiwrapper'] -%> + FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 9cc8f3dec01fcb0cef11a44166d84f3d4b2b442e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 23 May 2014 13:54:45 -0400 Subject: [PATCH 0242/2267] MODULES-956 Added loadfile_name parameter to apache::mod. This will allow for more control over the module load order, since they appear to be loaded alphabetically. --- README.md | 4 ++++ manifests/mod.pp | 25 ++++++++++++++++--------- spec/acceptance/default_mods_spec.rb | 25 +++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index fd5cb87dc3..d5b82e9351 100644 --- a/README.md +++ b/README.md @@ -310,6 +310,10 @@ Sets the amount of time the server will wait for subsequent requests on a persis Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. +#####`loadfile_name` + +Sets the file name for the module loadfile. Should be in the format *.load. This can be used to set the module load order. + #####`log_level` Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. diff --git a/manifests/mod.pp b/manifests/mod.pp index 9d65bd91f1..968bd3eb48 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -1,11 +1,12 @@ define apache::mod ( - $package = undef, + $package = undef, $package_ensure = 'present', - $lib = undef, - $lib_path = $::apache::params::lib_path, - $id = undef, - $path = undef, - $loadfiles = undef, + $lib = undef, + $lib_path = $::apache::params::lib_path, + $id = undef, + $path = undef, + $loadfile_name = undef, + $loadfiles = undef, ) { if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -39,6 +40,12 @@ $_id = "${mod}_module" } + if $loadfile_name { + $_loadfile_name = $loadfile_name + } else { + $_loadfile_name = "${mod}.load" + } + # Determine if we have a package $mod_packages = $::apache::params::mod_packages $mod_package = $mod_packages[$mod] # 2.6 compatibility hack @@ -69,7 +76,7 @@ file { "${mod}.load": ensure => file, - path => "${mod_dir}/${mod}.load", + path => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -86,8 +93,8 @@ $enable_dir = $::apache::mod_enable_dir file{ "${mod}.load symlink": ensure => link, - path => "${enable_dir}/${mod}.load", - target => "${mod_dir}/${mod}.load", + path => "${enable_dir}/${_loadfile_name}", + target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, mode => '0644', diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 2b8b409e35..c7f8755605 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -2,10 +2,13 @@ case fact('osfamily') when 'RedHat' + mod_dir = '/etc/httpd/conf.d' servicename = 'httpd' when 'Debian' + mod_dir = '/etc/apache2/mods-available' servicename = 'apache2' when 'FreeBSD' + mod_dir = '/usr/local/etc/apache22/Modules' servicename = 'apache22' end @@ -92,4 +95,26 @@ class { 'apache': it { should be_running } end end + + describe 'change loadfile name' do + it 'should apply with no errors' do + pp = <<-EOS + class { 'apache': default_mods => false } + ::apache::mod { 'auth_basic': + loadfile_name => 'zz_auth_basic.load', + } + EOS + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + end + + describe service(servicename) do + it { should be_running } + end + + describe file("#{mod_dir}/zz_auth_basic.load") do + it { should be_file } + end + end end From bfa206ec522aa2cad5a4a33da7d4297693c1e77e Mon Sep 17 00:00:00 2001 From: Ken Geis Date: Sun, 25 May 2014 16:28:56 -0700 Subject: [PATCH 0243/2267] Update README.md Add http:// protocol to URLs referring to Apache web site so that markdown processor doesn't think that they are relative URLs. --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index fd5cb87dc3..ffd2ae7aed 100644 --- a/README.md +++ b/README.md @@ -730,7 +730,7 @@ Sets the IP address the vhost listens on. Defaults to listen on all IPs. #####`ip_based` -Enables an [IP-based](httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. +Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. #####`itk` @@ -1169,35 +1169,35 @@ Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/curren ######`auth_basic_fake` -Sets the value for [AuthBasicFake](httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. +Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. ######`auth_basic_provider` -Sets the value for [AuthBasicProvider] (httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. +Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. ######`auth_digest_algorithm` -Sets the value for [AuthDigestAlgorithm](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. +Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. ######`auth_digest_domain` -Sets the value for [AuthDigestDomain](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. +Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. ######`auth_digest_nonce_lifetime` -Sets the value for [AuthDigestNonceLifetime](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. +Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. ######`auth_digest_provider` -Sets the value for [AuthDigestProvider](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. +Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. ######`auth_digest_qop` -Sets the value for [AuthDigestQop](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. +Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. ######`auth_digest_shmem_size` -Sets the value for [AuthAuthDigestShmemSize](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. +Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. ######`auth_group_file` @@ -1213,11 +1213,11 @@ Sets the entity name you're requiring to allow access. Read more about [Require] ######`auth_type` -Sets the value for [AuthType](httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. +Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. ######`auth_user_file` -Sets the value for [AuthUserFile](httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. +Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. ######`custom_fragment` @@ -1290,7 +1290,7 @@ Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.htm ######`index_options` -Allows configuration settings for [directory indexing](httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). +Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). ```puppet apache::vhost { 'sample.example.net': @@ -1322,7 +1322,7 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ######`options` -Lists the [Options](httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. +Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ```puppet apache::vhost { 'sample.example.net': From 88408f13dc1ebcde320748f82d766ad2847f3adc Mon Sep 17 00:00:00 2001 From: Malefitz Date: Mon, 26 May 2014 09:50:33 +0200 Subject: [PATCH 0244/2267] Add ability for handling more than one 'Allow from'-directive in _directories.erb --- README.md | 2 +- spec/acceptance/vhost_spec.rb | 13 ++++++++++++- templates/vhost/_directories.erb | 6 ++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fd5cb87dc3..648823cd4e 100644 --- a/README.md +++ b/README.md @@ -1135,7 +1135,7 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand ######`allow` -Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ```puppet apache::vhost { 'sample.example.net': diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 2a55a5d133..c43d3f9e9e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -214,7 +214,10 @@ class { 'apache': } if versioncmp($apache::apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } } else { - $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' } + $_files_match_directory = [ + { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }, + { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] }, + ] } $_directories = [ @@ -238,6 +241,13 @@ class { 'apache': } ensure => file, content => "Hello World\\n", } + file { '/var/www/files/bar': + ensure => directory, + } + file { '/var/www/files/bar/bar.html': + ensure => file, + content => "Hello Bar\\n", + } host { 'files.example.net': ip => '127.0.0.1', } EOS apply_manifest(pp, :catch_failures => true) @@ -252,6 +262,7 @@ class { 'apache': } shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n") shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n") shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) + shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout.should eq("Hello Bar\n") end end diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 71c61a02c8..5a719e0932 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -50,7 +50,13 @@ Deny <%= directory['deny'] %> <%- end -%> <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- if directory['allow'].kind_of?(Array) -%> + <%- Array(directory['allow']).each do |access| -%> + Allow <%= access %> + <%- end -%> + <%- else -%> Allow <%= directory['allow'] %> + <%- end -%> <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> Deny from all From 8a44be7e1e977bc3d5d7386dce21a46407113d14 Mon Sep 17 00:00:00 2001 From: Xavier leune Date: Mon, 26 May 2014 11:51:09 +0200 Subject: [PATCH 0245/2267] Change inclusion of apache::mod::rewrite in vhost.pp --- manifests/vhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 45897e8e01..049c85b8cf 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -357,8 +357,8 @@ # Load mod_rewrite if needed and not yet loaded if $rewrites or $rewrite_cond { - if ! defined(Apache::Mod['rewrite']) { - ::apache::mod { 'rewrite': } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite } } From a3632214e3e793d5199d015054715bf4e706630d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 27 May 2014 12:48:45 -0400 Subject: [PATCH 0246/2267] Let's not hardcode x86_64... --- spec/acceptance/mod_pagespeed_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index de59a347c1..2b55627295 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -33,7 +33,7 @@ class { 'apt': } } } elsif $::osfamily == 'RedHat' { yumrepo { 'mod-pagespeed': - baseurl => 'http://dl.google.com/linux/mod-pagespeed/rpm/stable/x86_64', + baseurl => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture", enabled => 1, gpgcheck => 1, gpgkey => 'https://dl-ssl.google.com/linux/linux_signing_key.pub', From ad0500ea53b019985f368e01489ee7a7a69d9a72 Mon Sep 17 00:00:00 2001 From: n00by Date: Tue, 27 May 2014 19:15:28 +0200 Subject: [PATCH 0247/2267] Update _proxy.erb doing some formatting. removing unnecessary line breaks. --- templates/vhost/_proxy.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 2c5e24edef..a1d2e52923 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -5,15 +5,15 @@ <%- end -%> <% if @proxy_preserve_host %> ProxyPreserveHost On -<% end %> -<% [@proxy_pass].flatten.compact.each do |proxy| %> +<%- end -%> +<%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > ProxyPassReverse <%= proxy['url'] %> <% end %> <% if @proxy_dest -%> -<% Array(@no_proxy_uris).each do |uri| %> +<%- Array(@no_proxy_uris).each do |uri| -%> ProxyPass <%= uri %> ! <% end %> ProxyPass / <%= @proxy_dest %>/ From 7bc201a1de78840d417a279decd3d6ca8222f20b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 28 May 2014 12:57:14 -0400 Subject: [PATCH 0248/2267] Renamed file resource to use loadfile_name if provided. --- manifests/mod.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 968bd3eb48..964ef51a41 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -74,7 +74,7 @@ } } - file { "${mod}.load": + file { "${_loadfile_name}": ensure => file, path => "${mod_dir}/${_loadfile_name}", owner => 'root', From d4dbd9ba6491e88838aa3d7d3bb64bbfe1761e5e Mon Sep 17 00:00:00 2001 From: Matthias Baur Date: Sat, 5 Apr 2014 19:19:05 +0200 Subject: [PATCH 0249/2267] Add support for SVN authentication (mod_authz_svn) Add dependency for authz_svn. This is needed, since the mod is included in the dav_svn system package. Thanks @hunner for pointing this out! - Add parameter for controling the enabl-/disabling of the authz_svn module. (Disabled by default) - Optimize the dependency management Mark dav_svn module as a module which has optional setings. Add loadfile_name parameter for better module load order Add acceptance test for dav_svn module --- README.md | 2 +- manifests/mod/dav_svn.pp | 17 ++++++--- spec/acceptance/mod_dav_svn_spec.rb | 55 +++++++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 spec/acceptance/mod_dav_svn_spec.rb diff --git a/README.md b/README.md index d5b82e9351..e5c053788a 100644 --- a/README.md +++ b/README.md @@ -442,7 +442,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `cgid` * `dav` * `dav_fs` -* `dav_svn` +* `dav_svn`* * `deflate` * `dev` * `dir`* diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 3ffa759112..0fd667bc3f 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,5 +1,14 @@ -class apache::mod::dav_svn { - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] - include ::apache::mod::dav - ::apache::mod { 'dav_svn': } +class apache::mod::dav_svn ( + $authz_svn_enabled = false, +) { + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache::mod::dav + ::apache::mod { 'dav_svn': } + + if $authz_svn_enabled { + ::apache::mod { 'authz_svn': + loadfile_name => 'dav_svn_authz_svn.load', + require => Apache::Mod['dav_svn'], + } + } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb new file mode 100644 index 0000000000..299ce2f12e --- /dev/null +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::dav_svn class' do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + end + + context "default dav_svn config" do + it 'succeeds in puppeting dav_svn' do + pp= <<-EOS + class { 'apache': } + include apache::mod::dav_svn + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{mod_dir}/dav_svn.load") do + it { should contain "LoadModule dav_svn_module" } + end + end + + context "dav_svn with enabled authz_svn config" do + it 'succeeds in puppeting dav_svn' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::dav_svn': + authz_svn_enabled => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{mod_dir}/authz_svn.load") do + it { should contain "LoadModule authz_svn_module" } + end + end +end From a4f8c39509e4ef4b078d9f2ad4ca5277e2fc4922 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 29 May 2014 12:36:15 -0400 Subject: [PATCH 0250/2267] Only run mod_mime test on supported platforms. --- spec/acceptance/mod_mime_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index 71a7037a62..04b7dacc3e 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::mime class' do +describe 'apache::mod::mime class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' From 22e660dca231526e4c9ff8c28f25c41119a6c4f7 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 30 May 2014 15:56:37 -0700 Subject: [PATCH 0251/2267] Fix passenger repo on Scientific linux Because passenger is lame and only provides repos for `$releasever` of 6, 6Server, and 6.0 through 6.3, but Scientific linux has a `$releasever` of `6.5` (rhel6 has `6Sverver`) --- spec/acceptance/mod_passenger_spec.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index dd65c5d3ed..085904975c 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -151,9 +151,13 @@ class { 'epel': } File['passenger.repo GPG key'], ] } + $releasever_string = $operatingsystem ? { + 'Scientific' => '6', + default => '$releasever', + } yumrepo { 'passenger': - baseurl => 'http://passenger.stealthymonkeys.com/rhel/$releasever/$basearch' , - descr => 'Red Hat Enterprise $releasever - Phusion Passenger', + baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" , + descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger", enabled => 1, gpgcheck => 1, gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', From 722cdc09c4eb60770ddef79a690064d3e6e47b93 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 2 Jun 2014 14:25:43 -0400 Subject: [PATCH 0252/2267] Filename not updated in the test. --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 299ce2f12e..412b794540 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -48,7 +48,7 @@ class { 'apache::mod::dav_svn': it { should be_running } end - describe file("#{mod_dir}/authz_svn.load") do + describe file("#{mod_dir}/dav_svn_authz_svn.load") do it { should contain "LoadModule authz_svn_module" } end end From 460775670a3297c0850fda53c82af2d3272ce827 Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Mon, 2 Jun 2014 13:27:02 -0400 Subject: [PATCH 0253/2267] Add better native support for Apache 2.4 when mod_access_compat isn't installed/enabled --- manifests/mod/ldap.pp | 6 ++++-- manifests/mod/pagespeed.pp | 1 + manifests/mod/proxy.pp | 3 ++- manifests/mod/status.pp | 3 ++- manifests/mod/userdir.pp | 3 ++- templates/mod/ldap.conf.erb | 4 ++++ templates/mod/pagespeed.conf.erb | 35 +++++++++++++++----------------- templates/mod/proxy.conf.erb | 4 ++++ templates/mod/status.conf.erb | 4 ++++ templates/mod/userdir.conf.erb | 12 +++++++++-- 10 files changed, 49 insertions(+), 26 deletions(-) diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index f489291a28..d3b17ff5b8 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,6 +1,8 @@ -class apache::mod::ldap { +class apache::mod::ldap ( + $apache_version = $::apache::apache_version, +){ ::apache::mod { 'ldap': } - # Template uses no variables + # Template uses $apache_version file { 'ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index f4827c22a7..8c1c03bd5d 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -32,6 +32,7 @@ $allow_pagespeed_message = [], $message_buffer_size = 100000, $additional_configuration = {}, + $apache_version = $::apache::apache_version, ){ $_lib = $::apache::apache_version ? { diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index b6c0d6df7c..03c1e78c95 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -1,9 +1,10 @@ class apache::mod::proxy ( $proxy_requests = 'Off', $allow_from = undef, + $apache_version = $::apache::apache_version, ) { ::apache::mod { 'proxy': } - # Template uses $proxy_requests + # Template uses $proxy_requests, $apache_version file { 'proxy.conf': ensure => file, path => "${::apache::mod_dir}/proxy.conf", diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index fdaba4b07a..cfab5d58ea 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -26,11 +26,12 @@ class apache::mod::status ( $allow_from = ['127.0.0.1','::1'], $extended_status = 'On', + $apache_version = $::apache::apache_version, ){ validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } - # Template uses $allow_from, $extended_status + # Template uses $allow_from, $extended_status, $apache_version file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 27af54c667..accfe64a79 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -2,10 +2,11 @@ $home = '/home', $dir = 'public_html', $disable_root = true, + $apache_version = $::apache::apache_version, ) { ::apache::mod { 'userdir': } - # Template uses $home, $dir, $disable_root + # Template uses $home, $dir, $disable_root, $apache_version file { 'userdir.conf': ensure => file, path => "${::apache::mod_dir}/userdir.conf", diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb index 14f33ab2b2..0019776175 100644 --- a/templates/mod/ldap.conf.erb +++ b/templates/mod/ldap.conf.erb @@ -1,7 +1,11 @@ SetHandler ldap-status + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 + <%- else -%> Order deny,allow Deny from all Allow from 127.0.0.1 ::1 Satisfy all + <%- end -%> diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index 3bbf7f29b4..a4d8a7220e 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -54,7 +54,6 @@ ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %> ModPagespeedStatistics <%= @collect_statistics %> - Order allow,deny # You may insert other "Allow from" lines to add hosts you want to # allow to look at generated statistics. Another possibility is # to comment out the "Order" and "Allow" options from the config @@ -62,37 +61,35 @@ ModPagespeedStatistics <%= @collect_statistics %> # statistics. This might be appropriate in an experimental setup or # if the Apache server is protected by a reverse proxy that will # filter URLs in some fashion. - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_view_stats.each do |host| -%> - Allow from <%= host %> - <% end -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> + <%- else -%> + Order allow,deny + Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> + <%- end -%> SetHandler mod_pagespeed_statistics ModPagespeedStatisticsLogging <%= @statistics_logging %> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> + <%- else -%> Order allow,deny - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_pagespeed_console.each do |host| -%> - Allow from <%= host %> - <% end -%> + Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> + <%- end -%> SetHandler pagespeed_console ModPagespeedMessageBufferSize <%= @message_buffer_size %> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> + <%- else -%> Order allow,deny - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_pagespeed_message.each do |host| -%> - Allow from <%= host %> - <% end -%> + Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> + <%- end -%> SetHandler mod_pagespeed_message diff --git a/templates/mod/proxy.conf.erb b/templates/mod/proxy.conf.erb index 1f4a4129c8..5ea829eeb3 100644 --- a/templates/mod/proxy.conf.erb +++ b/templates/mod/proxy.conf.erb @@ -10,9 +10,13 @@ <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> Order deny,allow Deny from all Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> <% end -%> diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index c00c16a78d..84f2e03430 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,8 +1,12 @@ SetHandler server-status + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> Order deny,allow Deny from all Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> ExtendedStatus <%= @extended_status %> diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index e4c6ba55dd..add525d5ea 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -8,12 +8,20 @@ AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> Order allow,deny Allow from all + <%- end -%> - Order deny,allow - Deny from all + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> + Order allow,deny + Allow from all + <%- end -%> From 9c3da14815da62500b9c4c650e334b0e087d6d0d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 2 Jun 2014 14:45:57 -0400 Subject: [PATCH 0254/2267] Missed some file resource namechanges. --- manifests/mod.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 964ef51a41..69a081912a 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -61,10 +61,10 @@ # the module gets installed. $package_before = $::osfamily ? { 'freebsd' => [ - File["${mod}.load"], + File[$_loadfile_name], File["${::apache::params::conf_dir}/${::apache::params::conf_file}"] ], - default => File["${mod}.load"], + default => File[$_loadfile_name], } # $_package may be an array package { $_package: @@ -91,7 +91,7 @@ if $::osfamily == 'Debian' { $enable_dir = $::apache::mod_enable_dir - file{ "${mod}.load symlink": + file{ "${_loadfile_name} symlink": ensure => link, path => "${enable_dir}/${_loadfile_name}", target => "${mod_dir}/${_loadfile_name}", @@ -99,7 +99,7 @@ group => $::apache::params::root_group, mode => '0644', require => [ - File["${mod}.load"], + File[$_loadfile_name], Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], From 78ee7ff8eec066553fe1334efe9ee0f225df68d0 Mon Sep 17 00:00:00 2001 From: Thomas Steinert Date: Tue, 3 Jun 2014 08:36:45 +0200 Subject: [PATCH 0255/2267] Change the site-include regexp to work better with Debian/Ubuntu as it is commonly used practice to omit the '.conf' part on vhost files. --- spec/classes/apache_spec.rb | 2 +- templates/httpd.conf.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 3290f5b425..5bf9851d4e 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -293,7 +293,7 @@ it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*\.conf"$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } end diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index c73a33dfc9..cac3aaf102 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -67,7 +67,7 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> -Include "<%= @vhost_load_dir %>/*.conf" +Include "<%= @vhost_load_dir %>/*" <% end -%> <% if @error_documents -%> From 22cb343ab0e6d36a6e92a1795fa4b30bdc1e25c1 Mon Sep 17 00:00:00 2001 From: Niek Beernink Date: Tue, 3 Jun 2014 12:16:23 +0200 Subject: [PATCH 0256/2267] make logroot_mode configurable --- manifests/vhost.pp | 2 ++ spec/defines/vhost_spec.rb | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fe0ef28c3d..d894fca71f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -110,6 +110,7 @@ $directoryindex = '', $vhost_name = '*', $logroot = $::apache::logroot, + $logroot_mode = undef, $log_level = undef, $access_log = true, $access_log_file = undef, @@ -274,6 +275,7 @@ if ! defined(File[$logroot]) { file { $logroot: ensure => directory, + mode => $logroot_mode, require => Package['httpd'], } } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index fde65d1f20..2152d79b55 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1110,6 +1110,18 @@ expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/) end end + describe 'when logroot and logroot_mode are specified' do + let :params do default_params.merge({ + :logroot => '/rspec/logroot', + :logroot_mode => '0755', + }) end + it 'should set logroot mode' do + should contain_file(params[:logroot]).with({ + :ensure => :directory, + :mode => '0755', + }) + end + end describe 'when docroot owner and mode is specified' do let :params do default_params.merge({ :docroot_owner => 'testuser', From c07e6f7fa6edc21aaeabc52464cab55afd8c085b Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Tue, 3 Jun 2014 13:44:34 +0100 Subject: [PATCH 0257/2267] Add DeflateFilterNote directives Add the three standard DeflateFilterNote directives when using mod_deflate based on the examples in the documentation here: http://httpd.apache.org/docs/2.2/mod/mod_deflate.html --- spec/acceptance/mod_deflate_spec.rb | 40 +++++++++++++++ spec/classes/mod/deflate_spec.rb | 78 +++++++++++++++++++++++++++++ templates/mod/deflate.conf.erb | 4 ++ 3 files changed, 122 insertions(+) create mode 100644 spec/acceptance/mod_deflate_spec.rb create mode 100644 spec/classes/mod/deflate_spec.rb diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb new file mode 100644 index 0000000000..b2ffc1436a --- /dev/null +++ b/spec/acceptance/mod_deflate_spec.rb @@ -0,0 +1,40 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::deflate class' do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + end + + context "default deflate config" do + it 'succeeds in puppeting deflate' do + pp= <<-EOS + class { 'apache': } + include apache::mod::deflate + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + + describe file("#{mod_dir}/deflate.conf") do + it { should contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" } + it { should contain "AddOutputFilterByType DEFLATE text/css" } + it { should contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" } + it { should contain "AddOutputFilterByType DEFLATE application/rss+xml" } + it { should contain "DeflateFilterNote Input instream" } + it { should contain "DeflateFilterNote Output outstream" } + it { should contain "DeflateFilterNote Ratio ratio" } + end + end +end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb new file mode 100644 index 0000000000..405d1a42b9 --- /dev/null +++ b/spec/classes/mod/deflate_spec.rb @@ -0,0 +1,78 @@ +# This function is called inside the OS specific contexts +def general_deflate_specs + it { should contain_apache__mod("deflate") } + + it do + should contain_file("deflate.conf").with_content( + "AddOutputFilterByType DEFLATE text/html text/plain text/xml\n"\ + "AddOutputFilterByType DEFLATE text/css\n"\ + "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript\n"\ + "AddOutputFilterByType DEFLATE application/rss+xml\n"\ + "\n"\ + "DeflateFilterNote Input instream\n"\ + "DeflateFilterNote Output outstream\n"\ + "DeflateFilterNote Ratio ratio\n" + ) + end +end + +describe 'apache::mod::deflate', :type => :class do + let :pre_condition do + 'include apache' + end + + context "On a Debian OS with default params" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { should contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/deflate.conf', + } ) } + it { should contain_file("deflate.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/deflate.conf', + } ) } + end + + context "on a RedHat OS with default params" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { should contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } + end + + context "On a FreeBSD OS with default params" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { should contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/usr/local/etc/apache22/Modules/deflate.conf', + } ) } + end +end diff --git a/templates/mod/deflate.conf.erb b/templates/mod/deflate.conf.erb index d0997dfebb..a3cdf0552e 100644 --- a/templates/mod/deflate.conf.erb +++ b/templates/mod/deflate.conf.erb @@ -2,3 +2,7 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript AddOutputFilterByType DEFLATE application/rss+xml + +DeflateFilterNote Input instream +DeflateFilterNote Output outstream +DeflateFilterNote Ratio ratio From cae25161a2ecf12c63ca3fd99a38e494cf141592 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Mon, 26 May 2014 20:32:04 +0200 Subject: [PATCH 0258/2267] Rework Passenger support for Debian and update docs This will undo the changes introduced in PR #711 because they are not useful or necessary for Debian and Ubuntu, and did not work correctly anyway. Fixes MODULES-1012. Set correct default values for PassengerRoot, PassengerRuby and PassengerDefaultRuby depending on the Debian or Ubuntu release. For Debian 7 and Ubuntu 12.04 PassengerRoot is '/usr' while for Ubuntu 14.04 it is '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'. PassengerRuby is '/usr/bin/ruby' for Debian 7/Ubuntu 12.04 while PassengerDefaultRuby is unset, because this directive does not exist for the Passenger verions packaged for these operating systems. For Ubuntu 14.04 PassengerRuby is unset and PassengerDefaultRuby is '/usr/bin/ruby' instead. Includes partially rewritten and updated Passenger documentation in README.passenger.md, explaining the way things are handled for Debian/Ubuntu and CentOS, where 'passenger.conf' is left untouched and 'passenger_extra.conf' contains the Puppet-managed Passenger configuration. Also explains the user's responsibility to set PassengerRoot correctly when using third-party or custom Passenger packages, as the defaults only work for the Passenger versions and packages shipped with the operating system. Since Debian and Ubuntu ship with libapache2-mod-passenger packages that will not change the packaged Passenger version over time (unlike EPEL might) there is no need to tip-toe around the 'passenger.conf' file installed by these packages. Also contains updated and cleaned up Passenger spec and acceptance tests. --- README.passenger.md | 201 ++++++++++++++++++++++---- manifests/mod/passenger.pp | 16 ++ manifests/params.pp | 53 ++++++- spec/acceptance/mod_passenger_spec.rb | 77 +++++++++- spec/classes/mod/passenger_spec.rb | 100 +++++++++---- templates/mod/passenger.conf.erb | 3 + 6 files changed, 377 insertions(+), 73 deletions(-) diff --git a/README.passenger.md b/README.passenger.md index 1cc21202b8..4b4caa8c09 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -1,115 +1,258 @@ # Passenger -Just enabling the Passenger module is insufficient for the use of Passenger in production. Passenger should be tunable to better fit the environment in which it is run while being aware of the resources it required. +Just enabling the Passenger module is insufficient for the use of Passenger in +production. Passenger should be tunable to better fit the environment in which +it is run while being aware of the resources it required. -To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris` parameter on the `apache::vhost` class, check `README.md`). +To this end the Apache passenger module has been modified to apply system wide +Passenger tuning declarations to `passenger.conf`. Declarations specific to a +virtual host should be passed through when defining a `vhost` (e.g. +`rack_base_uris` parameter on the `apache::vhost` type, check `README.md`). -Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. +Also, general apache module loading parameters can be supplied to enable using +a customized passenger module in place of a default-package-based version of +the module. + +# Operating system support and Passenger versions + +The most important configuration directive for the Apache Passenger module is +`PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or +4.x) and on the operating system package from which the Apache Passenger module +is installed. + +The following table summarises the current *default versions* and +`PassengerRoot` settings for the operating systems supported by +puppetlabs-apache: + +OS | Passenger version | `PassengerRoot` +---------------- | ------------------ | ---------------- +Debian 7 | 3.0.13 | /usr +Ubuntu 12.04 | 2.2.11 | /usr +Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini +RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21 + +As mentioned in `README.md` there are no compatible packages available for +RHEL/CentOS 5 or RHEL/CentOS 7. + +## Configuration files and locations on RHEL/CentOS + +Notice two important points: + +1. The Passenger version packaged in the EPEL repositories may change over time. +2. The value of `PassengerRoot` depends on the Passenger version installed. + +To prevent the puppetlabs-apache module from having to keep up with these +package versions the Passenger configuration files installed by the +packages are left untouched by this module. All configuration is placed in an +extra configuration file managed by puppetlabs-apache. + +This means '/etc/httpd/conf.d/passenger.conf' is installed by the +`mod_passenger` package and contains correct values for `PassengerRoot` and +`PassengerRuby`. Puppet will ignore this file. Additional configuration +directives as described in the remainder of this document are placed in +'/etc/httpd/conf.d/passenger_extra.conf', managed by Puppet. + +This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu. + +## Third-party and custom Passenger packages and versions + +The Passenger version distributed by the default OS packages may be too old to +be useful. Newer versions may be installed via Gems, from source or from +third-party OS packages. + +Most notably the Passenger developers officially provide Debian packages for a +variety of Debian and Ubuntu releases in the [Passenger APT +repository](https://oss-binaries.phusionpassenger.com/apt/passenger). Read more +about [installing these packages in the offical user +guide](http://www.modrails.com/documentation/Users%20guide%20Apache.html#install_on_debian_ubuntu). + +If you install custom Passenger packages and newer version make sure to set the +directives `PassengerRoot`, `PassengerRuby` and/or `PassengerDefaultRuby` +correctly, or Passenger and Apache will fail to function properly. + +For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive +should almost universally be set to +`/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`. # Parameters for `apache::mod::passenger` -The following declarations are supported and can be passed to `apache::mod::passenger` as parameters, for example: +The following class parameters configure Passenger in a global, server-wide +context. -``` -class {'apache::mod::passenger': - passenger_high_performance => 'on', - rails_autodetect => 'off', - mod_lib_path => '/usr/lib/apache2/custom_modules', +Example: + +```puppet +class { 'apache::mod::passenger': + passenger_root => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', + passenger_default_ruby => '/usr/bin/ruby1.9.3', + passenger_high_performance => 'on', + rails_autodetect => 'off', + mod_lib_path => '/usr/lib/apache2/custom_modules', } ``` -The general form is using the all lower case version of the declaration. +The general form is using the all lower-case version of the configuration +directive, with underscores instead of CamelCase. ## Parameters used with passenger.conf -If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. +If you pass a default value to `apache::mod::passenger` it will be ignored and +not passed through to the configuration file. + +### passenger_root + +The location to the Phusion Passenger root directory. This configuration option +is essential to Phusion Passenger, and allows Phusion Passenger to locate its +own data files. + +The default depends on the Passenger version and the means of installation. See +the above section on operating system support, versions and packages for more +information. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt + +### passenger_default_ruby + +This option specifies the default Ruby interpreter to use for web apps as well +as for all sorts of internal Phusion Passenger helper scripts, e.g. the one +used by PassengerPreStart. + +This directive was introduced in Passenger 4.0.0 and will not work in versions +< 4.x. Do not set this parameter if your Passenger version is older than 4.0.0. + +Defaults to `undef` for all operating systems except Ubuntu 14.04, where it is +set to '/usr/bin/ruby'. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby + +### passenger_ruby + +This directive is the same as `passenger_default_ruby` for Passenger versions +< 4.x and must be used instead of `passenger_default_ruby` for such versions. + +It makes no sense to set `PassengerRuby` for Passenger >= 4.x. That +directive should only be used to override the value of `PassengerDefaultRuby` +on a non-global context, i.e. in ``, ``, `` +and so on. + +Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu +14.04, where it is set to `undef`. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby ### passenger_high_performance -Default is `off`, when turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. +Default is `off`. When turned `on` Passenger runs in a higher performance mode +that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance ### passenger_max_pool_size -Set's the maximum number of Passenger application processes that may simultaneously run. The default value is 6. +Sets the maximum number of Passenger application processes that may +simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt ### passenger_pool_idle_time -The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. +The maximum number of seconds a Passenger Application process will be allowed +to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime ### passenger_max_requests -The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only shut down if the Pool Idle Time (see above) expires. +The maximum number of request a Passenger application will process before being +restarted. The default value is 0, which indicates that a process will only +shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests ### passenger_stat_throttle_rate -Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. +Sets how often Passenger performs file system checks, at most once every _x_ +seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt ### rack_autodetect -Should Passenger automatically detect if the document root of a virtual host is a Rack application. The default is `on` +Should Passenger automatically detect if the document root of a virtual host is +a Rack application. Not set by default (`undef`). Note that this directive has +been removed in Passenger 4.0.0 and `PassengerEnabled` should be used instead. +Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt ### rails_autodetect -Should Passenger automatically detect if the document root of a virtual host is a Rails application. The default is on. +Should Passenger automatically detect if the document root of a virtual host is +a Rails application. Not set by default (`undef`). Note that this directive +has been removed in Passenger 4.0.0 and `PassengerEnabled` should be used +instead. Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt ### passenger_use_global_queue -Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. +Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is +the default in Passenger 4.x and the versions >= 4.x have disabled this +configuration option altogether. Use with caution. ## Parameters used to load the module -Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. +Unlike the tuning parameters specified above, the following parameters are only +used when loading customized passenger modules. ### mod_package -Allows overriding the default package name used for the passenger module package. +Allows overriding the default package name used for the passenger module +package. ### mod_package_ensure -Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. +Allows overriding the package installation setting used by puppet when +installing the passenger module. The default is 'present'. ### mod_id -Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. +Allows overriding the value used by apache to identify the passenger module. +The default is 'passenger_module'. ### mod_lib_path -Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. +Allows overriding the directory path used by apache when loading the passenger +module. The default is the value of `$apache::params::lib_path`. ### mod_lib -Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. +Allows overriding the library file name used by apache when loading the +passenger module. The default is 'mod_passenger.so'. ### mod_path -Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. +Allows overriding the full path to the library file used by apache when loading +the passenger module. The default is the concatenation of the `mod_lib_path` +and `mod_lib` parameters. # Dependencies -RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: +RedHat-based systems will need to configure additional package repositories in +order to install Passenger, specifically: * [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL) * [Phusion Passenger](http://passenger.stealthymonkeys.com) -Configuration of these repositories is beyond the scope of this module and is left to the user. +Configuration of these repositories is beyond the scope of this module and is +left to the user. # Attribution -The Passenger tuning parameters for the `apache::mod::puppet` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. +The Passenger tuning parameters for the `apache::mod::passenger` Puppet class +was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the +NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the +PuppetLabs Apache module on GitHub. * https://github.com/puppetlabs/puppetlabs-apache * https://github.com/nesi/puppetlabs-apache diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index b39ae2634e..12139cb2b4 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -9,6 +9,7 @@ $rails_autodetect = undef, $passenger_root = $::apache::params::passenger_root, $passenger_ruby = $::apache::params::passenger_ruby, + $passenger_default_ruby = $::apache::params::passenger_default_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, $mod_package = undef, @@ -23,6 +24,20 @@ file { 'passenger_package.conf': path => "${::apache::mod_dir}/${passenger_conf_package_file}", } + } else { + # Remove passenger_extra.conf left over from before Passenger support was + # reworked for Debian. This is a temporary fix for users running this + # module from master after release 1.0.1 It will be removed in two + # releases from now. + $passenger_package_conf_ensure = $::osfamily ? { + 'Debian' => 'absent', + default => undef, + } + + file { 'passenger_package.conf': + ensure => $passenger_package_conf_ensure, + path => "${::apache::mod_dir}/passenger_extra.conf", + } } $_package = $mod_package @@ -52,6 +67,7 @@ # Template uses: # - $passenger_root # - $passenger_ruby + # - $passenger_default_ruby # - $passenger_max_pool_size # - $passenger_high_performance # - $passenger_max_requests diff --git a/manifests/params.pp b/manifests/params.pp index c7a042a7db..f9e98623b3 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -53,6 +53,7 @@ $passenger_conf_package_file = 'passenger.conf' $passenger_root = undef $passenger_ruby = undef + $passenger_default_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef @@ -112,10 +113,6 @@ $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_certs_dir = '/etc/ssl/certs' - $passenger_conf_file = 'passenger_extra.conf' - $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' @@ -146,6 +143,53 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + case $::operatingsystem { + 'Ubuntu': { + case $::lsbdistrelease { + '12.04': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + '14.04': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } + default: { + # The following settings may or may not work on Ubuntu releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + 'Debian': { + case $::lsbdistcodename { + 'wheezy': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + default: { + # The following settings may or may not work on Debian releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + } } elsif $::osfamily == 'FreeBSD' { $user = 'www' $group = 'www' @@ -173,6 +217,7 @@ $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 68622eecbc..fbfac1672a 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -5,10 +5,39 @@ when 'Debian' service_name = 'apache2' mod_dir = '/etc/apache2/mods-available/' - conf_file = "#{mod_dir}passenger_extra.conf" + conf_file = "#{mod_dir}passenger.conf" load_file = "#{mod_dir}passenger.load" - passenger_root = '/usr' - passenger_ruby = '/usr/bin/ruby' + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + when '12.04' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + when '14.04' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' + else + # This may or may not work on Ubuntu releases other than the above + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + else + # This may or may not work on Debian releases other than the above + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + end + end + passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so' rackapp_user = 'www-data' rackapp_group = 'www-data' @@ -71,9 +100,36 @@ class { 'apache::mod::passenger': } end describe file(conf_file) do - # passenger_extra.conf only contains directives if overridden from the class params - it { should_not contain "PassengerRoot \"#{passenger_root}\"" } - it { should_not contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should contain "PassengerRoot \"#{passenger_root}\"" } + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerDefaultRuby/" } + when '12.04' + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerDefaultRuby/" } + when '14.04' + it { should contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerRuby/" } + else + # This may or may not work on Ubuntu releases other than the above + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerDefaultRuby/" } + end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerDefaultRuby/" } + else + # This may or may not work on Debian releases other than the above + it { should contain "PassengerRuby \"#{passenger_ruby}\"" } + it { should_not contain "/PassengerDefaultRuby/" } + end + end end describe file(load_file) do @@ -85,8 +141,13 @@ class { 'apache::mod::passenger': } r.stdout.should =~ /Apache processes/ r.stdout.should =~ /Nginx processes/ r.stdout.should =~ /Passenger processes/ - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + + # passenger-memory-stats output on Ubuntu 14.04 does not contain + # these two lines + unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' + r.stdout.should =~ /### Processes: [0-9]+/ + r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + end r.exit_code.should == 0 end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 608b3c47d9..1821e0c710 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -16,16 +16,10 @@ it { should contain_file('passenger.load').with({ 'path' => '/etc/apache2/mods-available/passenger.load', }) } - it { should contain_file('passenger_package.conf').with({ - 'path' => '/etc/apache2/mods-available/passenger.conf', - }) } - it { should contain_file('passenger_package.conf').without_content } - it { should contain_file('passenger_package.conf').without_source } it { should contain_file('passenger.conf').with({ - 'path' => '/etc/apache2/mods-available/passenger_extra.conf', + 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { should contain_file('passenger_package.conf').with_ensure('absent') } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } @@ -38,11 +32,17 @@ end it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } end - describe "with passenger_high_performance => true" do + describe "with passenger_default_ruby => /usr/lib/example/ruby1.9.3" do + let :params do + { :passenger_ruby => '/usr/lib/example/ruby1.9.3' } + end + it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } + end + describe "with passenger_high_performance => on" do let :params do - { :passenger_high_performance => 'true' } + { :passenger_high_performance => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerHighPerformance true$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerHighPerformance on$/) } end describe "with passenger_pool_idle_time => 1200" do let :params do @@ -68,35 +68,23 @@ end it { should contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } end - describe "with rack_autodetect => true" do + describe "with rack_autodetect => on" do let :params do - { :rack_autodetect => true } + { :rack_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ RackAutoDetect true$/) } + it { should contain_file('passenger.conf').with_content(/^ RackAutoDetect on$/) } end - describe "with rails_autodetect => true" do + describe "with rails_autodetect => on" do let :params do - { :rails_autodetect => true } + { :rails_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ RailsAutoDetect true$/) } + it { should contain_file('passenger.conf').with_content(/^ RailsAutoDetect on$/) } end - describe "with passenger_root => '/usr/lib/example'" do + describe "with passenger_use_global_queue => on" do let :params do - { :passenger_root => '/usr/lib/example' } + { :passenger_use_global_queue => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } - end - describe "with passenger_ruby => /usr/lib/example/ruby" do - let :params do - { :passenger_ruby => '/usr/lib/example/ruby' } - end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } - end - describe "with passenger_use_global_queue => true" do - let :params do - { :passenger_use_global_queue => 'true' } - end - it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue true$/) } + it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) } end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do @@ -123,7 +111,55 @@ it { should contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } end + context "with Ubuntu 12.04 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '12.04', + :operatingsystem => 'Ubuntu', + :lsbdistrelease => '12.04', + :concat_basedir => '/dne', + } + end + + it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { should contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } + end + + context "with Ubuntu 14.04 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '14.04', + :operatingsystem => 'Ubuntu', + :lsbdistrelease => '14.04', + :concat_basedir => '/dne', + } + end + + it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { should contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end + + context "with Debian 7 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '7.3', + :operatingsystem => 'Debian', + :lsbdistcodename => 'wheezy', + :concat_basedir => '/dne', + } + end + + it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { should contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } + end end + context "on a RedHat OS" do let :facts do { diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 63c3f9e61b..dd9eee3b13 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -7,6 +7,9 @@ <%- if @passenger_ruby -%> PassengerRuby "<%= @passenger_ruby %>" <%- end -%> + <%- if @passenger_default_ruby -%> + PassengerDefaultRuby "<%= @passenger_default_ruby %>" + <%- end -%> <%- if @passenger_high_performance -%> PassengerHighPerformance <%= @passenger_high_performance %> <%- end -%> From 2771531843fc4062f8136b9e41e75175f629a9c6 Mon Sep 17 00:00:00 2001 From: Niek Beernink Date: Tue, 3 Jun 2014 12:16:23 +0200 Subject: [PATCH 0259/2267] make logroot_mode configurable --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index e57ef983c7..300aa66507 100644 --- a/README.md +++ b/README.md @@ -331,6 +331,11 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD. +#####`logroot_mode` + +Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored +in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. + #####`manage_group` Setting this to 'false' will stop the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. From c605967c1f7d187f316caee752c1cba10ce327e8 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Thu, 5 Jun 2014 00:02:47 +0200 Subject: [PATCH 0260/2267] Remove an unnecessary empty line in directories This just replaces a closing `%>` with a `-%>` in `_directories.erb`. --- templates/vhost/_directories.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 498bfc699a..922d94cd61 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -10,7 +10,7 @@ <%- else -%> <%- provider = 'Directory' -%> <%- end -%> - <%- path = directory['path'] %> + <%- path = directory['path'] -%> <<%= provider %> "<%= path %>"> <%- if directory['headers'] -%> From 12e90abb375f6ddb7b593cfb473fe8c9a25bbd21 Mon Sep 17 00:00:00 2001 From: "Angel L. Mateo" Date: Fri, 23 May 2014 13:09:15 +0200 Subject: [PATCH 0261/2267] Add parameters to provide content, template or source to the php module --- README.md | 23 +++++++++ manifests/mod/php.pp | 24 +++++++++- spec/acceptance/mod_php_spec.rb | 76 +++++++++++++++++++++++++++++ spec/classes/mod/php_spec.rb | 84 +++++++++++++++++++++++++++++++++ spec/fixtures/files/spec | 1 + 5 files changed, 207 insertions(+), 1 deletion(-) create mode 100644 spec/fixtures/files/spec diff --git a/README.md b/README.md index 3f472c9bc9..385130df31 100644 --- a/README.md +++ b/README.md @@ -554,6 +554,29 @@ Overriding the package name: } ``` +Overriding the default configuartion: +```puppet + class {'::apache::mod::php': + source => 'puppet:///modules/apache/my_php.conf', + } +``` + +or +```puppet + class {'::apache::mod::php': + template => 'apache/php.conf.erb', + } +``` + +or + +```puppet + class {'::apache::mod::php': + content => ' +AddHandler php5-script .php +AddType text/html .php', + } +``` ####Class: `apache::mod::ssl` Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index b797936bde..a94bfe50bd 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -3,11 +3,29 @@ $package_ensure = 'present', $path = undef, $extensions = ['.php'], + $content = undef, + $template = 'apache/mod/php5.conf.erb', + $source = undef, ) { if ! defined(Class['apache::mod::prefork']) { fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') } validate_array($extensions) + + if $source and ($content or $template != 'apache/mod/php5.conf.erb') { + warning('source and content or template parameters are provided. source parameter will be used') + } elsif $content and $template != 'apache/mod/php5.conf.erb' { + warning('content and template parameters are provided. content parameter will be used') + } + + $manage_content = $source ? { + undef => $content ? { + undef => template($template), + default => $content, + }, + default => undef, + } + ::apache::mod { 'php5': package => $package_name, package_ensure => $package_ensure, @@ -22,7 +40,11 @@ file { 'php5.conf': ensure => file, path => "${::apache::mod_dir}/php5.conf", - content => template('apache/mod/php5.conf.erb'), + owner => 'root', + group => 'root', + mode => '0644', + content => $manage_content, + source => $source, require => [ Class['::apache::mod::prefork'], Exec["mkdir ${::apache::mod_dir}"], diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index cf8054053e..ca21fbcd7e 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -94,4 +94,80 @@ class { 'apache::mod::php': end end end + + context "provide custom config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end + end + + context "provide content and template config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + template => 'apache/mod/php5.conf.erb', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end + end + + context "provide source has priority over content" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + source => 'puppet:///modules/apache/spec', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# This is a file only for spec testing" } + end + end + + context "provide source has priority over template" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + template => 'apache/mod/php5.conf.erb', + source => 'puppet:///modules/apache/spec', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# This is a file only for spec testing" } + end + end + end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index e228dd7817..7d13bffba0 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -122,4 +122,88 @@ end end end + describe "OS independent tests" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context 'with content param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :content => 'somecontent' } + end + it { should contain_file('php5.conf').with( + :content => 'somecontent' + ) } + end + context 'with template param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :template => 'apache/mod/php5.conf.erb' } + end + it { should contain_file('php5.conf').with( + :content => /^# PHP is an HTML-embedded scripting language which attempts to make it/ + ) } + end + context 'with source param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :source => 'some-path' } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end + context 'content has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :template => 'apache/mod/php5.conf.erb', + :content => 'somecontent' + } + end + it { should contain_file('php5.conf').with( + :content => 'somecontent' + ) } + end + context 'source has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :template => 'apache/mod/php5.conf.erb', + :source => 'some-path' + } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end + context 'source has priority over content' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :content => 'somecontent', + :source => 'some-path' + } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end + end end diff --git a/spec/fixtures/files/spec b/spec/fixtures/files/spec new file mode 100644 index 0000000000..76e9a14466 --- /dev/null +++ b/spec/fixtures/files/spec @@ -0,0 +1 @@ +# This is a file only for spec testing From 240197fe3b12759bf6b913dda8956f1158e3ff97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Wed, 7 May 2014 16:35:31 +0200 Subject: [PATCH 0262/2267] Fix module usage with strict_variables --- .travis.yml | 1 + manifests/mod.pp | 2 ++ manifests/mod/proxy_html.pp | 1 + manifests/package.pp | 2 +- manifests/params.pp | 2 ++ manifests/vhost.pp | 2 ++ spec/classes/apache_spec.rb | 20 +++++++++++++++++ spec/classes/dev_spec.rb | 4 ++++ spec/classes/mod/auth_kerb_spec.rb | 15 +++++++++++++ spec/classes/mod/authnz_ldap_spec.rb | 11 ++++++++++ spec/classes/mod/dav_svn_spec.rb | 15 +++++++++++++ spec/classes/mod/deflate_spec.rb | 12 +++++++++++ spec/classes/mod/dev_spec.rb | 11 ++++++---- spec/classes/mod/dir_spec.rb | 15 +++++++++++++ spec/classes/mod/event_spec.rb | 15 +++++++++++++ spec/classes/mod/fastcgi_spec.rb | 11 ++++++++++ spec/classes/mod/fcgid_spec.rb | 15 ++++++++++++- spec/classes/mod/info_spec.rb | 20 +++++++++++++++++ spec/classes/mod/itk_spec.rb | 11 ++++++++++ spec/classes/mod/mime_magic_spec.rb | 16 ++++++++++++++ spec/classes/mod/mime_spec.rb | 9 ++++++++ spec/classes/mod/pagespeed_spec.rb | 11 ++++++++++ spec/classes/mod/passenger_spec.rb | 21 ++++++++++++++++++ spec/classes/mod/perl_spec.rb | 15 +++++++++++++ spec/classes/mod/peruser_spec.rb | 6 ++++++ spec/classes/mod/php_spec.rb | 15 +++++++++++++ spec/classes/mod/prefork_spec.rb | 15 +++++++++++++ spec/classes/mod/proxy_html_spec.rb | 22 ++++++++++++++++--- spec/classes/mod/python_spec.rb | 15 +++++++++++++ spec/classes/mod/rpaf_spec.rb | 11 ++++++++++ spec/classes/mod/speling_spec.rb | 11 ++++++++++ spec/classes/mod/ssl_spec.rb | 19 +++++++++++++++++ spec/classes/mod/status_spec.rb | 32 ++++++++++++++++++++++++++++ spec/classes/mod/suphp_spec.rb | 11 ++++++++++ spec/classes/mod/worker_spec.rb | 15 +++++++++++++ spec/classes/mod/wsgi_spec.rb | 15 +++++++++++++ spec/classes/params_spec.rb | 5 +++++ spec/classes/service_spec.rb | 13 +++++++++++ spec/defines/mod_spec.rb | 13 +++++++++++ spec/defines/vhost_spec.rb | 18 ++++++++++++++++ spec/spec_helper.rb | 16 ++++++++++++++ 41 files changed, 500 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7269dd1390..1d00b8eb04 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ env: - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - PUPPET_GEM_VERSION="~> 3.0" + - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" matrix: fast_finish: true exclude: diff --git a/manifests/mod.pp b/manifests/mod.pp index 69a081912a..aa5ea3f3bd 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -53,6 +53,8 @@ $_package = $package } elsif $mod_package { $_package = $mod_package + } else { + $_package = undef } if $_package and ! defined(Package[$_package]) { # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 69894f21c3..549eb117fa 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -6,6 +6,7 @@ case $::osfamily { /RedHat|FreeBSD/: { ::apache::mod { 'xml2enc': } + $loadfiles = undef } 'Debian': { $gnu_path = $::hardwaremodel ? { diff --git a/manifests/package.pp b/manifests/package.pp index b86167a397..a4e4015c52 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -1,7 +1,7 @@ class apache::package ( $ensure = 'present', $mpm_module = $::apache::params::mpm_module, -) { +) inherits ::apache::params { case $::osfamily { 'freebsd' : { $all_mpms = [ diff --git a/manifests/params.pp b/manifests/params.pp index f9e98623b3..d272afb319 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -39,7 +39,9 @@ $conf_dir = "${httpd_dir}/conf" $confd_dir = "${httpd_dir}/conf.d" $mod_dir = "${httpd_dir}/conf.d" + $mod_enable_dir = undef $vhost_dir = "${httpd_dir}/conf.d" + $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/httpd' diff --git a/manifests/vhost.pp b/manifests/vhost.pp index acb1bb50ad..40edad7e21 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -327,6 +327,7 @@ $listen_addr_port = "${ip}:${port}" $nvh_addr_port = "${ip}:${port}" } else { + $listen_addr_port = undef $nvh_addr_port = $ip if ! $servername and ! $ip_based { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") @@ -337,6 +338,7 @@ $listen_addr_port = $port $nvh_addr_port = "${vhost_name}:${port}" } else { + $listen_addr_port = undef $nvh_addr_port = $name if ! $servername { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 5bf9851d4e..f32fec8088 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -4,8 +4,13 @@ context "on a Debian OS" do let :facts do { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end @@ -165,6 +170,7 @@ context "13.10" do let :facts do super().merge({ + :lsbdistrelease => '13.10', :operatingsystemrelease => '13.10' }) end @@ -173,6 +179,7 @@ context "12.04" do let :facts do super().merge({ + :lsbdistrelease => '12.04', :operatingsystemrelease => '12.04' }) end @@ -181,6 +188,7 @@ context "13.04" do let :facts do super().merge({ + :lsbdistrelease => '13.04', :operatingsystemrelease => '13.04' }) end @@ -191,9 +199,13 @@ context "on a RedHat 5 OS" do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '5', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -444,9 +456,13 @@ context "on a FreeBSD OS" do let :facts do { + :id => 'root', + :kernel => 'FreeBSD', :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -516,9 +532,13 @@ context 'on all OSes' do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context 'default vhost defaults' do diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index e3d7dee399..eceadca4a7 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -4,7 +4,9 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', } end @@ -17,6 +19,7 @@ let :facts do { :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', } end @@ -30,6 +33,7 @@ let :facts do { :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', } end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 670270d228..6e2c16b7e9 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::auth_kerb', :type => :class do let :pre_condition do 'include apache' @@ -5,8 +7,13 @@ context "on a Debian OS", :compile do let :facts do { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end @@ -17,8 +24,12 @@ context "on a RedHat OS", :compile do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end @@ -29,8 +40,12 @@ context "on a FreeBSD OS", :compile do let :facts do { + :id => 'root', + :kernel => 'FreeBSD', :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index c8e832d950..d9ca5398b1 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::authnz_ldap', :type => :class do let :pre_condition do 'include apache' @@ -6,9 +8,14 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -38,6 +45,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index fe11bb8cb5..4898cdece1 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::dav_svn', :type => :class do let :pre_condition do 'include apache' @@ -5,9 +7,14 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -20,6 +27,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -32,6 +43,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 405d1a42b9..f8eb881013 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + # This function is called inside the OS specific contexts def general_deflate_specs it { should contain_apache__mod("deflate") } @@ -24,8 +26,12 @@ def general_deflate_specs context "On a Debian OS with default params" do let :facts do { + :id => 'root', + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end @@ -46,8 +52,11 @@ def general_deflate_specs context "on a RedHat OS with default params" do let :facts do { + :id => 'root', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end @@ -61,8 +70,11 @@ def general_deflate_specs context "On a FreeBSD OS with default params" do let :facts do { + :id => 'root', :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', } end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index b72217aadd..0de62afcb5 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -1,10 +1,11 @@ require 'spec_helper' + describe 'apache::mod::dev', :type => :class do [ - ['RedHat', '6'], - ['Debian', '6'], - ['FreeBSD', '9'], - ].each do |osfamily, operatingsystemrelease| + ['RedHat', '6', 'Santiago'], + ['Debian', '6', 'squeeze'], + ['FreeBSD', '9', 'FreeBSD'], + ].each do |osfamily, operatingsystemrelease, lsbdistcodename| if osfamily == 'FreeBSD' let :pre_condition do 'include apache::package' @@ -13,7 +14,9 @@ context "on a #{osfamily} OS" do let :facts do { + :lsbdistcodename => lsbdistcodename, :osfamily => osfamily, + :operatingsystem => osfamily, :operatingsystemrelease => operatingsystemrelease, } end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index b195eda0f7..8bcdc0b6be 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::dir', :type => :class do let :pre_condition do 'class { "apache": @@ -10,6 +12,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', } end context "passing no parameters" do @@ -37,6 +44,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Redhat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context "passing no parameters" do @@ -64,6 +75,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context "passing no parameters" do diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 6ae471ff3f..850bd5c55b 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::event', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,6 +10,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -17,9 +23,14 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -62,6 +73,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 8138bbab70..98ad2e8706 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::fastcgi', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -22,6 +29,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index df5da582e7..16719415d5 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -describe 'apache::mod::fcgid' do +describe 'apache::mod::fcgid', :type => :class do let :pre_condition do 'include apache' end @@ -11,6 +11,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -24,6 +29,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -63,6 +72,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 21d253e98a..ed078c519f 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + # This function is called inside the OS specific contexts def general_info_specs it { should contain_apache__mod("info") } @@ -25,6 +27,11 @@ def general_info_specs :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -47,6 +54,10 @@ def general_info_specs :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -62,6 +73,10 @@ def general_info_specs :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -80,6 +95,11 @@ def general_info_specs :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index d431c5c766..d9fe2e3d12 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::itk', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -49,6 +56,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index d10d8345b8..e9984ecbaf 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + # This function is called inside the OS specific contexts def general_mime_magic_specs it { should contain_apache__mod("mime_magic") } @@ -14,6 +16,11 @@ def general_mime_magic_specs :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -54,6 +61,10 @@ def general_mime_magic_specs :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -75,6 +86,11 @@ def general_mime_magic_specs :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb index 835a5a9004..2b6154fb81 100644 --- a/spec/classes/mod/mime_spec.rb +++ b/spec/classes/mod/mime_spec.rb @@ -16,6 +16,11 @@ def general_mime_specs :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -31,6 +36,10 @@ def general_mime_specs :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index 7480a2b52f..9439f719e6 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::pagespeed', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -22,6 +29,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 1821e0c710..3bf7d29952 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::passenger', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -119,6 +126,8 @@ :operatingsystem => 'Ubuntu', :lsbdistrelease => '12.04', :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -135,6 +144,8 @@ :operatingsystem => 'Ubuntu', :lsbdistrelease => '14.04', :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -151,6 +162,8 @@ :operatingsystem => 'Debian', :lsbdistcodename => 'wheezy', :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -166,6 +179,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -200,6 +217,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 3cb7a3e67a..f674318e28 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::perl', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -20,6 +27,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -32,6 +43,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index 062905ccc9..e1ee004e93 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::peruser', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,6 +10,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index e228dd7817..cba128a826 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::php', :type => :class do describe "on a Debian OS" do let :facts do @@ -5,6 +7,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context "with mpm_module => prefork" do @@ -33,6 +40,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context "with default params" do @@ -101,6 +112,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context "with mpm_module => prefork" do diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 9ef49d78f2..847aecf9c7 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::prefork', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -49,6 +56,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -90,6 +101,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 000a24e2f9..77e1ab15de 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::proxy_html', :type => :class do let :pre_condition do [ @@ -14,9 +16,15 @@ end let :facts do { - :osfamily => 'Debian', - :concat_basedir => '/dne', - :architecture => 'i386' + :osfamily => 'Debian', + :concat_basedir => '/dne', + :architecture => 'i386', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :hardwaremodel => 'i386', } end @@ -48,6 +56,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -60,6 +72,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 9042d0f1bf..d2d1fca7b9 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::python', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -20,6 +27,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -32,6 +43,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index d9c9015abf..949dd5702b 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::rpaf', :type => :class do let :pre_condition do [ @@ -10,6 +12,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -45,6 +52,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb index 987291a3f3..e7e6e1d640 100644 --- a/spec/classes/mod/speling_spec.rb +++ b/spec/classes/mod/speling_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::speling', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_apache__mod('speling') } @@ -19,6 +26,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_apache__mod('speling') } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 45005a1913..11e7964ded 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::ssl', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,10 @@ :osfamily => 'Magic', :operatingsystemrelease => '0', :concat_basedir => '/dne', + :operatingsystem => 'Magic', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { expect { subject }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } @@ -19,6 +25,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class('apache::params') } @@ -32,6 +42,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class('apache::params') } @@ -45,6 +60,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class('apache::params') } diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 0a06588792..5023bc7bf1 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -31,6 +31,11 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -56,6 +61,10 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -73,6 +82,11 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do @@ -92,6 +106,11 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do @@ -110,6 +129,10 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do @@ -130,6 +153,11 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do @@ -150,6 +178,10 @@ def status_conf_spec(allow_from, extended_status) :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index 382314d9a9..cb91997ac1 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::suphp', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -19,6 +26,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index a8176c570d..3c9c1cf246 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::worker', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -49,6 +56,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -90,6 +101,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 44917cb88f..d4c391a291 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::wsgi', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -20,6 +27,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } @@ -45,6 +56,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_class("apache::params") } diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index de1108af08..eaa178c41d 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -7,6 +7,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_apache__params } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 5419a68160..2cd075357d 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -10,6 +10,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_service("httpd").with( @@ -86,6 +91,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '5', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_service("httpd").with( @@ -102,6 +111,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { should contain_service("httpd").with( diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index bbc5f0bdce..e6d5214097 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -10,6 +10,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -48,6 +52,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -83,6 +92,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index fde65d1f20..4037b3011c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -20,6 +20,10 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do default_params end @@ -33,6 +37,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do default_params end @@ -55,6 +64,10 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :params do default_params end @@ -73,6 +86,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end describe 'basic assumptions' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f880d274d8..65379ee38a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -2,6 +2,22 @@ RSpec.configure do |c| c.treat_symbols_as_metadata_keys_with_true_values = true + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if ENV['STRICT_VARIABLES'] == 'yes' + Puppet.settings[:strict_variables]=true + end + end end shared_examples :compile, :compile => true do From 815f5cd745f5f89e5fe9d3c5db623db956f4b8f4 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 6 Jun 2014 10:08:35 -0400 Subject: [PATCH 0263/2267] Convert specs to RSpec 3.0.0 syntax with Transpec This conversion is done by Transpec 2.2.1 with the following command: transpec spec/classes * 384 conversions from: it { should ... } to: it { is_expected.to ... } * 47 conversions from: it { should_not ... } to: it { is_expected.not_to ... } * 3 conversions from: obj.should to: expect(obj).to * 2 conversions from: == expected to: eq(expected) For more details: https://github.com/yujinakayama/transpec#supported-conversions --- spec/classes/apache_spec.rb | 182 +++++++++++++-------------- spec/classes/dev_spec.rb | 14 +-- spec/classes/mod/auth_kerb_spec.rb | 18 +-- spec/classes/mod/authnz_ldap_spec.rb | 24 ++-- spec/classes/mod/dav_svn_spec.rb | 18 +-- spec/classes/mod/deflate_spec.rb | 12 +- spec/classes/mod/dev_spec.rb | 2 +- spec/classes/mod/dir_spec.rb | 66 +++++----- spec/classes/mod/event_spec.rb | 34 ++--- spec/classes/mod/fastcgi_spec.rb | 16 +-- spec/classes/mod/fcgid_spec.rb | 22 ++-- spec/classes/mod/info_spec.rb | 14 +-- spec/classes/mod/itk_spec.rb | 24 ++-- spec/classes/mod/mime_magic_spec.rb | 16 +-- spec/classes/mod/mime_spec.rb | 6 +- spec/classes/mod/pagespeed_spec.rb | 16 +-- spec/classes/mod/passenger_spec.rb | 88 ++++++------- spec/classes/mod/perl_spec.rb | 18 +-- spec/classes/mod/peruser_spec.rb | 6 +- spec/classes/mod/php_spec.rb | 42 +++---- spec/classes/mod/prefork_spec.rb | 36 +++--- spec/classes/mod/proxy_html_spec.rb | 18 +-- spec/classes/mod/python_spec.rb | 18 +-- spec/classes/mod/rpaf_spec.rb | 32 ++--- spec/classes/mod/speling_spec.rb | 4 +- spec/classes/mod/ssl_spec.rb | 16 +-- spec/classes/mod/status_spec.rb | 20 +-- spec/classes/mod/suphp_spec.rb | 8 +- spec/classes/mod/worker_spec.rb | 36 +++--- spec/classes/mod/wsgi_spec.rb | 22 ++-- spec/classes/params_spec.rb | 4 +- spec/classes/service_spec.rb | 18 +-- 32 files changed, 435 insertions(+), 435 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index f32fec8088..55d71e0397 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -14,16 +14,16 @@ :concat_basedir => '/dne', } end - it { should contain_class("apache::params") } - it { should contain_package("httpd").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' ) } - it { should contain_user("www-data") } - it { should contain_group("www-data") } - it { should contain_class("apache::service") } - it { should contain_file("/etc/apache2/sites-enabled").with( + it { is_expected.to contain_user("www-data") } + it { is_expected.to contain_group("www-data") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -31,7 +31,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_file("/etc/apache2/mods-enabled").with( + it { is_expected.to contain_file("/etc/apache2/mods-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -39,7 +39,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_file("/etc/apache2/mods-available").with( + it { is_expected.to contain_file("/etc/apache2/mods-available").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'false', @@ -47,7 +47,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_concat("/etc/apache2/ports.conf").with( + it { is_expected.to contain_concat("/etc/apache2/ports.conf").with( 'owner' => 'root', 'group' => 'root', 'mode' => '0644', @@ -65,17 +65,17 @@ 'dav', 'env' ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.load symlink").with( + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.load" ) } - it { should_not contain_file("#{modname}.conf") } - it { should_not contain_file("#{modname}.conf symlink") } + it { is_expected.not_to contain_file("#{modname}.conf") } + it { is_expected.not_to contain_file("#{modname}.conf symlink") } end context "with Apache version < 2.4" do @@ -83,7 +83,7 @@ { :apache_version => '2.2' } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } end context "with Apache version >= 2.4" do @@ -91,7 +91,7 @@ { :apache_version => '2.4' } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } end # Assert that both load files and conf files are placed and symlinked for these mods @@ -105,20 +105,20 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.load symlink").with( + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.load" ) } - it { should contain_file("#{modname}.conf").with( + it { is_expected.to contain_file("#{modname}.conf").with( 'path' => "/etc/apache2/mods-available/#{modname}.conf", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.conf symlink").with( + it { is_expected.to contain_file("#{modname}.conf symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.conf", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.conf" @@ -131,8 +131,8 @@ { :manage_user => false } end - it { should_not contain_user('www-data') } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} } + it { is_expected.not_to contain_user('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} } end end describe "Don't create group resource" do @@ -141,8 +141,8 @@ { :manage_group => false } end - it { should_not contain_group('www-data') } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } + it { is_expected.not_to contain_group('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } end end @@ -155,8 +155,8 @@ } } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } end end @@ -174,7 +174,7 @@ :operatingsystemrelease => '13.10' }) end - it { should contain_class('apache').with_apache_version('2.4') } + it { is_expected.to contain_class('apache').with_apache_version('2.4') } end context "12.04" do let :facts do @@ -183,7 +183,7 @@ :operatingsystemrelease => '12.04' }) end - it { should contain_class('apache').with_apache_version('2.2') } + it { is_expected.to contain_class('apache').with_apache_version('2.2') } end context "13.04" do let :facts do @@ -192,7 +192,7 @@ :operatingsystemrelease => '13.04' }) end - it { should contain_class('apache').with_apache_version('2.2') } + it { is_expected.to contain_class('apache').with_apache_version('2.2') } end end end @@ -208,16 +208,16 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_package("httpd").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' ) } - it { should contain_user("apache") } - it { should contain_group("apache") } - it { should contain_class("apache::service") } - it { should contain_file("/etc/httpd/conf.d").with( + it { is_expected.to contain_user("apache") } + it { is_expected.to contain_group("apache") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -225,7 +225,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_concat("/etc/httpd/conf/ports.conf").with( + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( 'owner' => 'root', 'group' => 'root', 'mode' => '0644', @@ -242,7 +242,7 @@ end ['mod.d','site.d','conf.d'].each do |dir| - it { should contain_file("/etc/httpd/#{dir}").with( + it { is_expected.to contain_file("/etc/httpd/#{dir}").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -262,10 +262,10 @@ 'dav', 'env', ].each do |modname| - it { should contain_file("#{modname}.load").with_path( + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load" ) } - it { should_not contain_file("#{modname}.conf").with_path( + it { is_expected.not_to contain_file("#{modname}.conf").with_path( "/etc/httpd/mod.d/#{modname}.conf" ) } end @@ -281,10 +281,10 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with_path( + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load" ) } - it { should contain_file("#{modname}.conf").with_path( + it { is_expected.to contain_file("#{modname}.conf").with_path( "/etc/httpd/mod.d/#{modname}.conf" ) } end @@ -294,7 +294,7 @@ { :apache_version => '2.2' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } end context "with Apache version >= 2.4" do @@ -302,12 +302,12 @@ { :apache_version => '2.4' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } end describe "Alternate conf.d directory" do @@ -315,7 +315,7 @@ { :confd_dir => '/etc/httpd/special_conf.d' } end - it { should contain_file("/etc/httpd/special_conf.d").with( + it { is_expected.to contain_file("/etc/httpd/special_conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -330,32 +330,32 @@ { :mpm_module => false } end it 'should not declare mpm modules' do - should_not contain_class('apache::mod::event') - should_not contain_class('apache::mod::itk') - should_not contain_class('apache::mod::peruser') - should_not contain_class('apache::mod::prefork') - should_not contain_class('apache::mod::worker') + is_expected.not_to contain_class('apache::mod::event') + is_expected.not_to contain_class('apache::mod::itk') + is_expected.not_to contain_class('apache::mod::peruser') + is_expected.not_to contain_class('apache::mod::prefork') + is_expected.not_to contain_class('apache::mod::worker') end end context "when declaring mpm_module => prefork" do let :params do { :mpm_module => 'prefork' } end - it { should contain_class('apache::mod::prefork') } - it { should_not contain_class('apache::mod::event') } - it { should_not contain_class('apache::mod::itk') } - it { should_not contain_class('apache::mod::peruser') } - it { should_not contain_class('apache::mod::worker') } + it { is_expected.to contain_class('apache::mod::prefork') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::worker') } end context "when declaring mpm_module => worker" do let :params do { :mpm_module => 'worker' } end - it { should contain_class('apache::mod::worker') } - it { should_not contain_class('apache::mod::event') } - it { should_not contain_class('apache::mod::itk') } - it { should_not contain_class('apache::mod::peruser') } - it { should_not contain_class('apache::mod::prefork') } + it { is_expected.to contain_class('apache::mod::worker') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::prefork') } end context "when declaring mpm_module => breakme" do let :params do @@ -370,13 +370,13 @@ let :params do { :conf_template => 'apache/httpd.conf.erb' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } end context "with non-default" do let :params do { :conf_template => 'site_apache/fake.conf.erb' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } end end @@ -386,8 +386,8 @@ { :default_mods => false } end - it { should contain_apache__mod('authz_host') } - it { should_not contain_apache__mod('env') } + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.not_to contain_apache__mod('env') } end context "custom" do let :params do @@ -401,10 +401,10 @@ ]} end - it { should contain_apache__mod('authz_host') } - it { should contain_apache__mod('env') } - it { should contain_class('apache::mod::info') } - it { should contain_class('apache::mod::mime') } + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.to contain_apache__mod('env') } + it { is_expected.to contain_class('apache::mod::info') } + it { is_expected.to contain_class('apache::mod::mime') } end end describe "Don't create user resource" do @@ -413,8 +413,8 @@ { :manage_user => false } end - it { should_not contain_user('apache') } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} } + it { is_expected.not_to contain_user('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} } end end describe "Don't create group resource" do @@ -423,8 +423,8 @@ { :manage_group => false } end - it { should_not contain_group('apache') } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} } + it { is_expected.not_to contain_group('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} } end end @@ -443,13 +443,13 @@ let :params do { :sendfile => 'On' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} } end context "Off" do let :params do { :sendfile => 'Off' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } end end end @@ -465,26 +465,26 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_class("apache::package").with({'ensure' => 'present'}) } - it { should contain_user("www") } - it { should contain_group("www") } - it { should contain_class("apache::service") } - it { should contain_file("/usr/local/etc/apache22/Vhosts").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) } + it { is_expected.to contain_user("www") } + it { is_expected.to contain_group("www") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { should contain_file("/usr/local/etc/apache22/Modules").with( + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { should contain_concat("/usr/local/etc/apache22/ports.conf").with( + it { is_expected.to contain_concat("/usr/local/etc/apache22/ports.conf").with( 'owner' => 'root', 'group' => 'wheel', 'mode' => '0644', @@ -501,11 +501,11 @@ 'dav', 'env' ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", 'ensure' => 'file' ) } - it { should_not contain_file("#{modname}.conf") } + it { is_expected.not_to contain_file("#{modname}.conf") } end # Assert that both load files and conf files are placed for these mods @@ -519,11 +519,11 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.conf").with( + it { is_expected.to contain_file("#{modname}.conf").with( 'path' => "/usr/local/etc/apache22/Modules/#{modname}.conf", 'ensure' => 'file' ) } @@ -542,22 +542,22 @@ } end context 'default vhost defaults' do - it { should contain_apache__vhost('default').with_ensure('present') } - it { should contain_apache__vhost('default-ssl').with_ensure('absent') } + it { is_expected.to contain_apache__vhost('default').with_ensure('present') } + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } end context 'without default non-ssl vhost' do let :params do { :default_vhost => false } end - it { should contain_apache__vhost('default').with_ensure('absent') } + it { is_expected.to contain_apache__vhost('default').with_ensure('absent') } end context 'with default ssl vhost' do let :params do { :default_ssl_vhost => true } end - it { should contain_apache__vhost('default-ssl').with_ensure('present') } + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') } end end end diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index eceadca4a7..df342d40e8 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -10,10 +10,10 @@ :operatingsystemrelease => '6', } end - it { should contain_class("apache::params") } - it { should contain_package("libaprutil1-dev") } - it { should contain_package("libapr1-dev") } - it { should contain_package("apache2-prefork-dev") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("libaprutil1-dev") } + it { is_expected.to contain_package("libapr1-dev") } + it { is_expected.to contain_package("apache2-prefork-dev") } end context "on a RedHat OS" do let :facts do @@ -23,8 +23,8 @@ :operatingsystemrelease => '6', } end - it { should contain_class("apache::params") } - it { should contain_package("httpd-devel") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd-devel") } end context "on a FreeBSD OS" do let :pre_condition do @@ -37,6 +37,6 @@ :operatingsystemrelease => '9', } end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 6e2c16b7e9..1706bfb8d3 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -17,9 +17,9 @@ :concat_basedir => '/dne', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("libapache2-mod-auth-kerb") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("libapache2-mod-auth-kerb") } end context "on a RedHat OS", :compile do let :facts do @@ -33,9 +33,9 @@ :concat_basedir => '/dne', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("mod_auth_kerb") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("mod_auth_kerb") } end context "on a FreeBSD OS", :compile do let :facts do @@ -49,8 +49,8 @@ :concat_basedir => '/dne', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("www/mod_auth_kerb2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("www/mod_auth_kerb2") } end end diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index d9ca5398b1..a0a913a6e2 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -18,23 +18,23 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_class("apache::mod::ldap") } - it { should contain_apache__mod('authnz_ldap') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do let(:params) { { :verifyServerCert => 'wrong' } } it 'should raise an error' do - expect { should raise_error Puppet::Error } + expect { is_expected.to raise_error Puppet::Error } end end end #Debian @@ -51,23 +51,23 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_class("apache::mod::ldap") } - it { should contain_apache__mod('authnz_ldap') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do let(:params) { { :verifyServerCert => 'wrong' } } it 'should raise an error' do - expect { should raise_error Puppet::Error } + expect { is_expected.to raise_error Puppet::Error } end end end # Redhat diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 4898cdece1..859174af77 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -17,9 +17,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("libapache2-svn") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("libapache2-svn") } end context "on a RedHat OS" do let :facts do @@ -33,9 +33,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("mod_dav_svn") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("mod_dav_svn") } end context "on a FreeBSD OS" do let :facts do @@ -49,8 +49,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("devel/subversion") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("devel/subversion") } end end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index f8eb881013..227c97a829 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -2,10 +2,10 @@ # This function is called inside the OS specific contexts def general_deflate_specs - it { should contain_apache__mod("deflate") } + it { is_expected.to contain_apache__mod("deflate") } it do - should contain_file("deflate.conf").with_content( + is_expected.to contain_file("deflate.conf").with_content( "AddOutputFilterByType DEFLATE text/html text/plain text/xml\n"\ "AddOutputFilterByType DEFLATE text/css\n"\ "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript\n"\ @@ -39,11 +39,11 @@ def general_deflate_specs # Load the more generic tests for this context general_deflate_specs() - it { should contain_file("deflate.conf").with({ + it { is_expected.to contain_file("deflate.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/deflate.conf', } ) } - it { should contain_file("deflate.conf symlink").with({ + it { is_expected.to contain_file("deflate.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/deflate.conf', } ) } @@ -64,7 +64,7 @@ def general_deflate_specs # Load the more generic tests for this context general_deflate_specs() - it { should contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } + it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } end context "On a FreeBSD OS with default params" do @@ -82,7 +82,7 @@ def general_deflate_specs # Load the more generic tests for this context general_deflate_specs() - it { should contain_file("deflate.conf").with({ + it { is_expected.to contain_file("deflate.conf").with({ :ensure => 'file', :path => '/usr/local/etc/apache22/Modules/deflate.conf', } ) } diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index 0de62afcb5..84d80e344a 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -20,7 +20,7 @@ :operatingsystemrelease => operatingsystemrelease, } end - it { should contain_class('apache::dev') } + it { is_expected.to contain_class('apache::dev') } end end end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 8bcdc0b6be..1efed2fe79 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -20,22 +20,22 @@ } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end context "on a RedHat OS" do @@ -51,22 +51,22 @@ } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end context "on a FreeBSD OS" do @@ -82,22 +82,22 @@ } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end end diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 850bd5c55b..3061ca9b1f 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -16,9 +16,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('event') } - it { should contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('event') } + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } end context "on a Debian OS" do let :facts do @@ -34,10 +34,10 @@ } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('event') } - it { should contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('event') } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do @@ -46,10 +46,10 @@ } end - it { should_not contain_file("/etc/apache2/mods-available/event.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/event.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/event.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/event.load") } - it { should contain_package("apache2-mpm-event") } + it { is_expected.to contain_package("apache2-mpm-event") } end context "with Apache version >= 2.4" do @@ -59,12 +59,12 @@ } end - it { should contain_file("/etc/apache2/mods-available/event.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/event.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -87,13 +87,13 @@ } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should_not contain_apache__mod('prefork') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.not_to contain_apache__mod('prefork') } - it { should contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') } - it { should contain_file("/etc/httpd/conf.d/event.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/event.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n", }) diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 98ad2e8706..126c5cc3ef 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -17,10 +17,10 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fastcgi') } - it { should contain_package("libapache2-mod-fastcgi") } - it { should contain_file('fastcgi.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package("libapache2-mod-fastcgi") } + it { is_expected.to contain_file('fastcgi.conf') } end context "on a RedHat OS" do @@ -35,9 +35,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fastcgi') } - it { should contain_package("mod_fastcgi") } - it { should_not contain_file('fastcgi.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package("mod_fastcgi") } + it { is_expected.not_to contain_file('fastcgi.conf') } end end diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index 16719415d5..ab47a5a8e3 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -18,9 +18,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("libapache2-mod-fcgid") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("libapache2-mod-fcgid") } end context "on a RedHat OS" do @@ -37,9 +37,9 @@ end describe 'without parameters' do - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("mod_fcgid") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("mod_fcgid") } end describe 'with parameters' do @@ -54,14 +54,14 @@ it 'should contain the correct config' do content = subject.resource('file', 'fcgid.conf').send(:parameters)[:content] - content.split("\n").reject { |c| c =~ /(^#|^$)/ }.should == [ + expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ '', ' AddHandler fcgid-script .fcgi', ' FcgidIPCDir /var/run/fcgidsock', ' FcgidMinProcessesPerClass 0', ' SharememPath /var/run/fcgid_shm', '', - ] + ]) end end end @@ -79,8 +79,8 @@ } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("www/mod_fcgid") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("www/mod_fcgid") } end end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index ed078c519f..3415dec67e 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -2,10 +2,10 @@ # This function is called inside the OS specific contexts def general_info_specs - it { should contain_apache__mod("info") } + it { is_expected.to contain_apache__mod("info") } it do - should contain_file("info.conf").with_content( + is_expected.to contain_file("info.conf").with_content( "\n"\ " SetHandler server-info\n"\ " Order deny,allow\n"\ @@ -38,11 +38,11 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { should contain_file("info.conf").with({ + it { is_expected.to contain_file("info.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/info.conf', } ) } - it { should contain_file("info.conf symlink").with({ + it { is_expected.to contain_file("info.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/info.conf', } ) } @@ -64,7 +64,7 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { should contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } + it { is_expected.to contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } end context "On a FreeBSD OS with default params" do @@ -83,7 +83,7 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { should contain_file("info.conf").with({ + it { is_expected.to contain_file("info.conf").with({ :ensure => 'file', :path => '/usr/local/etc/apache22/Modules/info.conf', } ) } @@ -106,7 +106,7 @@ def general_info_specs { :allow_from => ['10.10.10.10','11.11.11.11'] } end it do - should contain_file("info.conf").with_content( + is_expected.to contain_file("info.conf").with_content( "\n"\ " SetHandler server-info\n"\ " Order deny,allow\n"\ diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index d9fe2e3d12..b5d50a18af 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -17,10 +17,10 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('itk') } - it { should contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('itk') } + it { is_expected.to contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do @@ -29,10 +29,10 @@ } end - it { should_not contain_file("/etc/apache2/mods-available/itk.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/itk.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/itk.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/itk.load") } - it { should contain_package("apache2-mpm-itk") } + it { is_expected.to contain_package("apache2-mpm-itk") } end context "with Apache version >= 2.4" do @@ -42,12 +42,12 @@ } end - it { should contain_file("/etc/apache2/mods-available/itk.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/itk.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } end end context "on a FreeBSD OS" do @@ -62,8 +62,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('itk') } - it { should contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('itk') } + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index e9984ecbaf..5e78230e28 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -2,7 +2,7 @@ # This function is called inside the OS specific contexts def general_mime_magic_specs - it { should contain_apache__mod("mime_magic") } + it { is_expected.to contain_apache__mod("mime_magic") } end describe 'apache::mod::mime_magic', :type => :class do @@ -27,16 +27,16 @@ def general_mime_magic_specs general_mime_magic_specs() it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/etc/apache2/magic\"\n" ) end - it { should contain_file("mime_magic.conf").with({ + it { is_expected.to contain_file("mime_magic.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/mime_magic.conf', } ) } - it { should contain_file("mime_magic.conf symlink").with({ + it { is_expected.to contain_file("mime_magic.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/mime_magic.conf', } ) } @@ -47,7 +47,7 @@ def general_mime_magic_specs end it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/tmp/Debian_magic\"\n" ) end @@ -71,12 +71,12 @@ def general_mime_magic_specs general_mime_magic_specs() it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/etc/httpd/conf/magic\"\n" ) end - it { should contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") } + it { is_expected.to contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") } end @@ -99,7 +99,7 @@ def general_mime_magic_specs end it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/tmp/magic\"\n" ) end diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb index 2b6154fb81..32edbc4b02 100644 --- a/spec/classes/mod/mime_spec.rb +++ b/spec/classes/mod/mime_spec.rb @@ -2,7 +2,7 @@ # This function is called inside the OS specific conte, :compilexts def general_mime_specs - it { should contain_apache__mod("mime") } + it { is_expected.to contain_apache__mod("mime") } end describe 'apache::mod::mime', :type => :class do @@ -26,7 +26,7 @@ def general_mime_specs general_mime_specs() - it { should contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') } + it { is_expected.to contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') } end @@ -45,7 +45,7 @@ def general_mime_specs general_mime_specs() - it { should contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") } + it { is_expected.to contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") } end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index 9439f719e6..c4abd3e100 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -17,10 +17,10 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('pagespeed') } - it { should contain_package("mod-pagespeed-stable") } - it { should contain_file('pagespeed.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('pagespeed') } + it { is_expected.to contain_package("mod-pagespeed-stable") } + it { is_expected.to contain_file('pagespeed.conf') } end context "on a RedHat OS" do @@ -35,9 +35,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('pagespeed') } - it { should contain_package("mod-pagespeed-stable") } - it { should contain_file('pagespeed.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('pagespeed') } + it { is_expected.to contain_package("mod-pagespeed-stable") } + it { is_expected.to contain_file('pagespeed.conf') } end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 3bf7d29952..7fc1e3a63f 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -17,105 +17,105 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("libapache2-mod-passenger") } - it { should contain_file('passenger.load').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("libapache2-mod-passenger") } + it { is_expected.to contain_file('passenger.load').with({ 'path' => '/etc/apache2/mods-available/passenger.load', }) } - it { should contain_file('passenger.conf').with({ + it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { should contain_file('passenger_package.conf').with_ensure('absent') } + it { is_expected.to contain_file('passenger_package.conf').with_ensure('absent') } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } end describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } end describe "with passenger_default_ruby => /usr/lib/example/ruby1.9.3" do let :params do { :passenger_ruby => '/usr/lib/example/ruby1.9.3' } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } end describe "with passenger_high_performance => on" do let :params do { :passenger_high_performance => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerHighPerformance on$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerHighPerformance on$/) } end describe "with passenger_pool_idle_time => 1200" do let :params do { :passenger_pool_idle_time => 1200 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) } end describe "with passenger_max_requests => 20" do let :params do { :passenger_max_requests => 20 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } end describe "with passenger_stat_throttle_rate => 10" do let :params do { :passenger_stat_throttle_rate => 10 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerStatThrottleRate 10$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerStatThrottleRate 10$/) } end describe "with passenger_max_pool_size => 16" do let :params do { :passenger_max_pool_size => 16 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } end describe "with rack_autodetect => on" do let :params do { :rack_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ RackAutoDetect on$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ RackAutoDetect on$/) } end describe "with rails_autodetect => on" do let :params do { :rails_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ RailsAutoDetect on$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ RailsAutoDetect on$/) } end describe "with passenger_use_global_queue => on" do let :params do { :passenger_use_global_queue => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) } end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } end describe "with mod_lib_path => '/usr/lib/foo'" do let :params do { :mod_lib_path => '/usr/lib/foo' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } end describe "with mod_lib => 'mod_foo.so'" do let :params do { :mod_lib => 'mod_foo.so' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } end describe "with mod_id => 'mod_foo'" do let :params do { :mod_id => 'mod_foo' } end - it { should contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } end context "with Ubuntu 12.04 defaults" do @@ -131,9 +131,9 @@ } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } - it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } - it { should contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } end context "with Ubuntu 14.04 defaults" do @@ -149,9 +149,9 @@ } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } - it { should contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } end context "with Debian 7 defaults" do @@ -167,9 +167,9 @@ } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } - it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } - it { should contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } end end @@ -185,30 +185,30 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("mod_passenger") } - it { should contain_file('passenger_package.conf').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("mod_passenger") } + it { is_expected.to contain_file('passenger_package.conf').with({ 'path' => '/etc/httpd/conf.d/passenger.conf', }) } - it { should contain_file('passenger_package.conf').without_content } - it { should contain_file('passenger_package.conf').without_source } - it { should contain_file('passenger.load').with({ + it { is_expected.to contain_file('passenger_package.conf').without_content } + it { is_expected.to contain_file('passenger_package.conf').without_source } + it { is_expected.to contain_file('passenger.load').with({ 'path' => '/etc/httpd/conf.d/passenger.load', }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } end end context "on a FreeBSD OS" do @@ -223,8 +223,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("www/rubygem-passenger") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("www/rubygem-passenger") } end end diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index f674318e28..2c14c31f06 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -17,9 +17,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("libapache2-mod-perl2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("libapache2-mod-perl2") } end context "on a RedHat OS" do let :facts do @@ -33,9 +33,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("mod_perl") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("mod_perl") } end context "on a FreeBSD OS" do let :facts do @@ -49,8 +49,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("www/mod_perl2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("www/mod_perl2") } end end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index e1ee004e93..c0dfc96f55 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -16,8 +16,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('peruser') } - it { should contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('peruser') } + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index cba128a826..c1fd14b01e 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -18,10 +18,10 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("libapache2-mod-php5") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("libapache2-mod-php5") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" ) } end @@ -50,10 +50,10 @@ let :pre_condition do 'class { "apache": }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("php") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("php") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module modules/libphp5.so\n" ) } end @@ -63,7 +63,7 @@ let :params do { :package_name => 'php54'} end - it { should contain_package("php54") } + it { is_expected.to contain_package("php54") } end context "with alternative path" do let :pre_condition do 'class { "apache": }' @@ -71,7 +71,7 @@ let :params do { :path => 'alternative-path'} end - it { should contain_file("php5.load").with( + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module alternative-path\n" ) } end @@ -81,7 +81,7 @@ let :params do { :extensions => ['.php','.php5']} end - it { should contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } + it { is_expected.to contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } end context "with specific version" do let :pre_condition do @@ -90,7 +90,7 @@ let :params do { :package_ensure => '5.3.13'} end - it { should contain_package("php").with( + it { is_expected.to contain_package("php").with( :ensure => '5.3.13' ) } end @@ -98,10 +98,10 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("php") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("php") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module modules/libphp5.so\n" ) } end @@ -122,10 +122,10 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class('apache::params') } - it { should contain_apache__mod('php5') } - it { should contain_package("lang/php5") } - it { should contain_file('php5.load') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_file('php5.load') } end # FIXME: not sure about the following context context 'with mpm_module => worker' do @@ -133,7 +133,7 @@ 'class { "apache": mpm_module => worker, }' end it 'should raise an error' do - expect { subject.should contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ end end end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 847aecf9c7..34bca08dc0 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -17,10 +17,10 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do @@ -29,10 +29,10 @@ } end - it { should_not contain_file("/etc/apache2/mods-available/prefork.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/prefork.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/prefork.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/prefork.load") } - it { should contain_package("apache2-mpm-prefork") } + it { is_expected.to contain_package("apache2-mpm-prefork") } end context "with Apache version >= 2.4" do @@ -42,12 +42,12 @@ } end - it { should contain_file("/etc/apache2/mods-available/prefork.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -62,9 +62,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } context "with Apache version < 2.4" do let :params do @@ -73,7 +73,7 @@ } end - it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ + it { is_expected.to contain_file_line("/etc/sysconfig/httpd prefork enable").with({ 'require' => 'Package[httpd]', }) } @@ -86,9 +86,9 @@ } end - it { should_not contain_apache__mod('event') } + it { is_expected.not_to contain_apache__mod('event') } - it { should contain_file("/etc/httpd/conf.d/prefork.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n", }) @@ -107,8 +107,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 77e1ab15de..81a2bb5371 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -10,9 +10,9 @@ end context "on a Debian OS" do shared_examples "debian" do |loadfiles| - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) } - it { should contain_package("libapache2-mod-proxy-html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) } + it { is_expected.to contain_package("libapache2-mod-proxy-html") } end let :facts do { @@ -62,9 +62,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } - it { should contain_package("mod_proxy_html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_package("mod_proxy_html") } end context "on a FreeBSD OS", :compile do let :facts do @@ -78,8 +78,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } - it { should contain_package("www/mod_proxy_html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_package("www/mod_proxy_html") } end end diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index d2d1fca7b9..17b62d43bd 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -17,9 +17,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("libapache2-mod-python") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("libapache2-mod-python") } end context "on a RedHat OS" do let :facts do @@ -33,9 +33,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("mod_python") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("mod_python") } end context "on a FreeBSD OS" do let :facts do @@ -49,8 +49,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("www/mod_python3") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("www/mod_python3") } end end diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 949dd5702b..ca3a594848 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -19,31 +19,31 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('rpaf') } - it { should contain_package("libapache2-mod-rpaf") } - it { should contain_file('rpaf.conf').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('rpaf') } + it { is_expected.to contain_package("libapache2-mod-rpaf") } + it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/mods-available/rpaf.conf', }) } - it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end context "on a FreeBSD OS" do @@ -58,31 +58,31 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('rpaf') } - it { should contain_package("www/mod_rpaf2") } - it { should contain_file('rpaf.conf').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('rpaf') } + it { is_expected.to contain_package("www/mod_rpaf2") } + it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/usr/local/etc/apache22/Modules/rpaf.conf', }) } - it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end end diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb index e7e6e1d640..814e0d6720 100644 --- a/spec/classes/mod/speling_spec.rb +++ b/spec/classes/mod/speling_spec.rb @@ -17,7 +17,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_apache__mod('speling') } + it { is_expected.to contain_apache__mod('speling') } end context "on a RedHat OS" do @@ -32,6 +32,6 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_apache__mod('speling') } + it { is_expected.to contain_apache__mod('speling') } end end diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 11e7964ded..fb6ba4eb57 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -31,9 +31,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } - it { should contain_package('mod_ssl') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_package('mod_ssl') } end context 'on a Debian OS' do @@ -49,9 +49,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } - it { should_not contain_package('libapache2-mod-ssl') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.not_to contain_package('libapache2-mod-ssl') } end context 'on a FreeBSD OS' do @@ -66,7 +66,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } end end diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 5023bc7bf1..adb60861ba 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -3,7 +3,7 @@ # Helper function for testing the contents of `status.conf` def status_conf_spec(allow_from, extended_status) it do - should contain_file("status.conf").with_content( + is_expected.to contain_file("status.conf").with_content( "\n"\ " SetHandler server-status\n"\ " Order deny,allow\n"\ @@ -39,16 +39,16 @@ def status_conf_spec(allow_from, extended_status) } end - it { should contain_apache__mod("status") } + it { is_expected.to contain_apache__mod("status") } status_conf_spec(["127.0.0.1", "::1"], "On") - it { should contain_file("status.conf").with({ + it { is_expected.to contain_file("status.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/status.conf', } ) } - it { should contain_file("status.conf symlink").with({ + it { is_expected.to contain_file("status.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/status.conf', } ) } @@ -68,11 +68,11 @@ def status_conf_spec(allow_from, extended_status) } end - it { should contain_apache__mod("status") } + it { is_expected.to contain_apache__mod("status") } status_conf_spec(["127.0.0.1", "::1"], "On") - it { should contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } + it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } end @@ -118,7 +118,7 @@ def status_conf_spec(allow_from, extended_status) end it 'should expect to succeed array validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.not_to raise_error() end end @@ -140,7 +140,7 @@ def status_conf_spec(allow_from, extended_status) end it 'should expect to fail array validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.to raise_error(Puppet::Error) end end @@ -165,7 +165,7 @@ def status_conf_spec(allow_from, extended_status) end it 'should expect to succeed regular expression validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.not_to raise_error() end end @@ -189,7 +189,7 @@ def status_conf_spec(allow_from, extended_status) end it 'should expect to fail regular expression validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.to raise_error(Puppet::Error) end end diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index cb91997ac1..b74b4c8646 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -17,8 +17,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_package("libapache2-mod-suphp") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("libapache2-mod-suphp") } end context "on a RedHat OS" do let :facts do @@ -32,7 +32,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_package("mod_suphp") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("mod_suphp") } end end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 3c9c1cf246..c0a790b180 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -17,10 +17,10 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do @@ -29,10 +29,10 @@ } end - it { should_not contain_file("/etc/apache2/mods-available/worker.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/worker.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/worker.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/worker.load") } - it { should contain_package("apache2-mpm-worker") } + it { is_expected.to contain_package("apache2-mpm-worker") } end context "with Apache version >= 2.4" do @@ -42,12 +42,12 @@ } end - it { should contain_file("/etc/apache2/mods-available/worker.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/worker.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -62,9 +62,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } context "with Apache version < 2.4" do let :params do @@ -73,7 +73,7 @@ } end - it { should contain_file_line("/etc/sysconfig/httpd worker enable").with({ + it { is_expected.to contain_file_line("/etc/sysconfig/httpd worker enable").with({ 'require' => 'Package[httpd]', }) } @@ -86,9 +86,9 @@ } end - it { should_not contain_apache__mod('event') } + it { is_expected.not_to contain_apache__mod('event') } - it { should contain_file("/etc/httpd/conf.d/worker.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/worker.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n", }) @@ -107,8 +107,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index d4c391a291..5945e3bebf 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -17,9 +17,9 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("libapache2-mod-wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_package("libapache2-mod-wsgi") } end context "on a RedHat OS" do let :facts do @@ -33,21 +33,21 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("mod_wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_package("mod_wsgi") } describe "with custom WSGISocketPrefix" do let :params do { :wsgi_socket_prefix => 'run/wsgi' } end - it {should contain_file('wsgi.conf').with_content(/^ WSGISocketPrefix run\/wsgi$/)} + it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGISocketPrefix run\/wsgi$/)} end describe "with custom WSGIPythonHome" do let :params do { :wsgi_python_home => '/path/to/virtenv' } end - it {should contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} + it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} end end context "on a FreeBSD OS" do @@ -62,8 +62,8 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("www/mod_wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_package("www/mod_wsgi") } end end diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index eaa178c41d..6f63758a3a 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -14,13 +14,13 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_apache__params } + it { is_expected.to contain_apache__params } # There are 4 resources in this class currently # there should not be any more resources because it is a params class # The resources are class[apache::version], class[apache::params], class[main], class[settings], stage[main] it "Should not contain any resources" do - subject.resources.size.should == 5 + expect(subject.resources.size).to eq(5) end end end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 2cd075357d..4d6efbe3fd 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -17,7 +17,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' @@ -26,7 +26,7 @@ context "with $service_name => 'foo'" do let (:params) {{ :service_name => 'foo' }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'foo' ) } @@ -34,7 +34,7 @@ context "with $service_enable => true" do let (:params) {{ :service_enable => true }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' @@ -44,7 +44,7 @@ context "with $service_enable => false" do let (:params) {{ :service_enable => false }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'false' @@ -62,7 +62,7 @@ context "with $service_ensure => 'running'" do let (:params) {{ :service_ensure => 'running', }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'ensure' => 'running', 'enable' => 'true' ) @@ -71,7 +71,7 @@ context "with $service_ensure => 'stopped'" do let (:params) {{ :service_ensure => 'stopped', }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'ensure' => 'stopped', 'enable' => 'true' ) @@ -80,7 +80,7 @@ context "with $service_ensure => 'UNDEF'" do let (:params) {{ :service_ensure => 'UNDEF' }} - it { should contain_service("httpd").without_ensure } + it { is_expected.to contain_service("httpd").without_ensure } end end @@ -97,7 +97,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'httpd', 'ensure' => 'running', 'enable' => 'true' @@ -117,7 +117,7 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache22', 'ensure' => 'running', 'enable' => 'true' From 9f97fc7c8d5cee1e62dac560bf034ca3997e1f33 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 6 Jun 2014 10:11:14 -0400 Subject: [PATCH 0264/2267] Convert specs to RSpec 3.0.0 syntax with Transpec This conversion is done by Transpec 2.2.1 with the following command: transpec spec/defines * 65 conversions from: it { should ... } to: it { is_expected.to ... } * 9 conversions from: it { should_not ... } to: it { is_expected.not_to ... } For more details: https://github.com/yujinakayama/transpec#supported-conversions --- spec/defines/mod_spec.rb | 18 ++--- spec/defines/vhost_spec.rb | 130 ++++++++++++++++++------------------- 2 files changed, 74 insertions(+), 74 deletions(-) diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index e6d5214097..377c877926 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -21,9 +21,9 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ + is_expected.to contain_file('spec_m.load').with({ :path => '/etc/httpd/conf.d/spec_m.load', :content => "LoadModule spec_m_module modules/mod_spec_m.so\n", :owner => 'root', @@ -41,8 +41,8 @@ # parameters let(:params) { {:package => 'mod_xsendfile'} } - it { should contain_class("apache::params") } - it { should contain_package('mod_xsendfile') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package('mod_xsendfile') } end end @@ -64,9 +64,9 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ + is_expected.to contain_file('spec_m.load').with({ :path => '/etc/apache2/mods-available/spec_m.load', :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", :owner => 'root', @@ -75,7 +75,7 @@ } ) end it "should link the module load file" do - should contain_file('spec_m.load symlink').with({ + is_expected.to contain_file('spec_m.load symlink').with({ :path => '/etc/apache2/mods-enabled/spec_m.load', :target => '/etc/apache2/mods-available/spec_m.load', :owner => 'root', @@ -103,9 +103,9 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ + is_expected.to contain_file('spec_m.load').with({ :path => '/usr/local/etc/apache22/Modules/spec_m.load', :content => "LoadModule spec_m_module /usr/local/libexec/apache22/mod_spec_m.so\n", :owner => 'root', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4037b3011c..d8233a323e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -28,8 +28,8 @@ end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } end context "on Debian based systems" do let :default_facts do @@ -46,13 +46,13 @@ end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } - it { should contain_file("25-rspec.example.com.conf symlink").with( + it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with( :ensure => 'link', :path => '/etc/apache2/sites-enabled/25-rspec.example.com.conf', :target => '/etc/apache2/sites-available/25-rspec.example.com.conf' @@ -72,9 +72,9 @@ end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' ) } @@ -95,10 +95,10 @@ end describe 'basic assumptions' do let :params do default_params end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_apache__listen(params[:port]) } - it { should contain_apache__namevirtualhost("*:#{params[:port]}") } + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__listen(params[:port]) } + it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } end # All match and notmatch should be a list of regexs and exact match strings @@ -669,18 +669,18 @@ describe "when #{param[:attr]} is #{param[:value]}" do let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - it { should contain_file("25-#{title}.conf").with_mode('0644') } + it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] it "#{param[:title]}: matches" do param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) + is_expected.to contain_file("25-#{title}.conf").with_content( match ) end end end if param[:notmatch] it "#{param[:title]}: notmatches" do param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) + is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) end end end @@ -821,18 +821,18 @@ :apache_version => '2.2', }) end - it { should contain_file("25-#{title}.conf").with_mode('0644') } + it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] it "#{param[:title]}: matches" do param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) + is_expected.to contain_file("25-#{title}.conf").with_content( match ) end end end if param[:notmatch] it "#{param[:title]}: notmatches" do param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) + is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) end end end @@ -958,18 +958,18 @@ :apache_version => '2.4', }) end - it { should contain_file("25-#{title}.conf").with_mode('0644') } + it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] it "#{param[:title]}: matches" do param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) + is_expected.to contain_file("25-#{title}.conf").with_content( match ) end end end if param[:notmatch] it "#{param[:title]}: notmatches" do param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) + is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) end end end @@ -1090,18 +1090,18 @@ :ssl => true, } ) end - it { should contain_file("25-#{title}.conf").with_mode('0644') } + it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } if param[:match] it "#{param[:title]}: matches" do param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) + is_expected.to contain_file("25-#{title}.conf").with_content( match ) end end end if param[:notmatch] it "#{param[:title]}: notmatches" do param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) + is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) end end end @@ -1135,7 +1135,7 @@ :docroot_mode => '0750', }) end it 'should set vhost ownership and permissions' do - should contain_file(params[:docroot]).with({ + is_expected.to contain_file(params[:docroot]).with({ :ensure => :directory, :owner => 'testuser', :group => 'testgroup', @@ -1150,7 +1150,7 @@ :wsgi_daemon_process_options => { 'processes' => '2', 'threads' => '15' }, }) end it 'should set wsgi_daemon_process_options' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ WSGIDaemonProcess example.org processes=2 threads=15$/ ) end @@ -1162,7 +1162,7 @@ :wsgi_import_script_options => { 'application-group' => '%{GLOBAL}', 'process-group' => 'wsgi' }, }) end it 'should set wsgi_import_script_options' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ WSGIImportScript \/var\/www\/demo.wsgi application-group=%{GLOBAL} process-group=wsgi$/ ) end @@ -1180,22 +1180,22 @@ ] }) end it 'should set RewriteConds and RewriteRules' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ #test rewrites$/ ) - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ ) - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteBase \/mytestpath\/$/ ) - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ ) - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteRule \^index\\.html\$ welcome.html$/ ) - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteRule \^index\\.cgi\$ index.php$/ ) end @@ -1207,7 +1207,7 @@ :rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', }) end it 'should set RewriteCond' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ RewriteCond %\{HTTPS\} off$/ ) end @@ -1218,7 +1218,7 @@ :action => 'php-fastcgi', }) end it 'should set Action' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ Action php-fastcgi \/cgi-bin virtual$/ ) end @@ -1230,7 +1230,7 @@ :suphp_configpath => '/etc/php5/apache2', }) end it 'should set suphp_configpath' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ suPHP_ConfigPath "\/etc\/php5\/apache2"$/ ) end @@ -1242,7 +1242,7 @@ :suphp_addhandler => 'x-httpd-php', }) end it 'should set suphp_addhandler' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ suPHP_AddHandler x-httpd-php/ ) end @@ -1256,7 +1256,7 @@ } }) end it 'should set suphp_UserGroup' do - should contain_file("25-#{title}.conf").with_content( + is_expected.to contain_file("25-#{title}.conf").with_content( /^ suPHP_UserGroup myappuser myappgroup/ ) end @@ -1265,7 +1265,7 @@ describe 'priority/default settings' do describe 'when neither priority/default is specified' do let :params do default_params end - it { should contain_file("25-#{title}.conf").with_path( + it { is_expected.to contain_file("25-#{title}.conf").with_path( /25-#{title}.conf/ ) } end @@ -1276,7 +1276,7 @@ :default_vhost => true, }) end - it { should contain_file("15-#{title}.conf").with_path( + it { is_expected.to contain_file("15-#{title}.conf").with_path( /15-#{title}.conf/ ) } end @@ -1284,7 +1284,7 @@ let :params do default_params.merge({ :priority => 14, }) end - it { should contain_file("14-#{title}.conf").with_path( + it { is_expected.to contain_file("14-#{title}.conf").with_path( /14-#{title}.conf/ ) } end @@ -1292,7 +1292,7 @@ let :params do default_params.merge({ :default_vhost => true, }) end - it { should contain_file("10-#{title}.conf").with_path( + it { is_expected.to contain_file("10-#{title}.conf").with_path( /10-#{title}.conf/ ) } end @@ -1306,7 +1306,7 @@ }) end - it { should_not contain_file("25-#{title}.conf").with_content(%r{FcgidWrapper}) } + it { is_expected.not_to contain_file("25-#{title}.conf").with_content(%r{FcgidWrapper}) } end describe 'Only a command' do @@ -1318,7 +1318,7 @@ }) end - it { should contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper $}) } + it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper $}) } end describe 'All parameters' do @@ -1330,7 +1330,7 @@ }) end - it { should contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper .php virtual$}) } + it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper .php virtual$}) } end end @@ -1338,25 +1338,25 @@ describe 'when ip_based is true' do let :params do default_params.merge({ :ip_based => true }) end it 'should not specify a NameVirtualHost' do - should contain_apache__listen(params[:port]) - should_not contain_apache__namevirtualhost("*:#{params[:port]}") + is_expected.to contain_apache__listen(params[:port]) + is_expected.not_to contain_apache__namevirtualhost("*:#{params[:port]}") end end describe 'when ip_based is default' do let :params do default_params end it 'should specify a NameVirtualHost' do - should contain_apache__listen(params[:port]) - should contain_apache__namevirtualhost("*:#{params[:port]}") + is_expected.to contain_apache__listen(params[:port]) + is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") end end describe 'when an ip is set' do let :params do default_params.merge({ :ip => '10.0.0.1' }) end it 'should specify a NameVirtualHost for the ip' do - should_not contain_apache__listen(params[:port]) - should contain_apache__listen("10.0.0.1:#{params[:port]}") - should contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") + is_expected.not_to contain_apache__listen(params[:port]) + is_expected.to contain_apache__listen("10.0.0.1:#{params[:port]}") + is_expected.to contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") end end @@ -1369,9 +1369,9 @@ } end it 'should specify a NameVirtualHost for the ip' do - should_not contain_apache__listen(params[:ip]) - should_not contain_apache__namevirtualhost(params[:ip]) - should contain_file("25-#{title}.conf").with_content %r{} + is_expected.not_to contain_apache__listen(params[:ip]) + is_expected.not_to contain_apache__namevirtualhost(params[:ip]) + is_expected.to contain_file("25-#{title}.conf").with_content %r{} end end end @@ -1383,7 +1383,7 @@ }) end - it { should contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } end describe 'redirect rules' do @@ -1405,8 +1405,8 @@ }) end - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } end describe 'redirect match rules' do let :params do @@ -1420,7 +1420,7 @@ }) end - it { should contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } end describe 'without a status' do let :params do @@ -1436,8 +1436,8 @@ }) end - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } end describe 'with a single status and dest' do let :params do @@ -1451,8 +1451,8 @@ }) end - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } end describe 'with a directoryindex specified' do @@ -1461,7 +1461,7 @@ :directoryindex => 'index.php' }) end - it { should contain_file("25-#{title}.conf").with_content %r{DirectoryIndex index.php} } + it { is_expected.to contain_file("25-#{title}.conf").with_content %r{DirectoryIndex index.php} } end end end From 013251853f36c1e957c6e0f80d001a21ba93b163 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 6 Jun 2014 10:12:25 -0400 Subject: [PATCH 0265/2267] Convert specs to RSpec 3.0.0 syntax with Transpec This conversion is done by Transpec 2.2.1 with the following command: transpec spec/unit * 4 conversions from: obj.should to: expect(obj).to * 3 conversions from: == expected to: eq(expected) For more details: https://github.com/yujinakayama/transpec#supported-conversions --- spec/unit/provider/a2mod/gentoo_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/unit/provider/a2mod/gentoo_spec.rb b/spec/unit/provider/a2mod/gentoo_spec.rb index ddb9dddda4..78f902bf72 100644 --- a/spec/unit/provider/a2mod/gentoo_spec.rb +++ b/spec/unit/provider/a2mod/gentoo_spec.rb @@ -11,7 +11,7 @@ [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method| it "should respond to the class method #{method}" do - provider_class.should respond_to(method) + expect(provider_class).to respond_to(method) end end @@ -24,21 +24,21 @@ @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) provider_class.expects(:filetype).returns(@filetype) - provider_class.modules.should == %w{bar baz foo} + expect(provider_class.modules).to eq(%w{bar baz foo}) end it "should cache the module list" do @filetype.expects(:read).once.returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) provider_class.expects(:filetype).once.returns(@filetype) - 2.times { provider_class.modules.should == %w{bar baz foo} } + 2.times { expect(provider_class.modules).to eq(%w{bar baz foo}) } end it "should normalize parameters" do @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAR"\n}) provider_class.expects(:filetype).returns(@filetype) - provider_class.modules.should == %w{bar foo} + expect(provider_class.modules).to eq(%w{bar foo}) end end From 2d3724db4182e6682bc9d228b997d7f0bc344502 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 6 Jun 2014 10:14:15 -0400 Subject: [PATCH 0266/2267] Convert specs to RSpec 3.0.0 syntax with Transpec This conversion is done by Transpec 2.2.1 with the following command: transpec spec/acceptance * 234 conversions from: it { should ... } to: it { is_expected.to ... } * 58 conversions from: obj.should to: expect(obj).to * 33 conversions from: =~ /pattern/ to: match(/pattern/) * 20 conversions from: it { should_not ... } to: it { is_expected.not_to ... } * 18 conversions from: == expected to: eq(expected) * 1 conversion from: obj.should_not to: expect(obj).not_to For more details: https://github.com/yujinakayama/transpec#supported-conversions --- spec/acceptance/apache_parameters_spec.rb | 104 +++++----- spec/acceptance/apache_ssl_spec.rb | 42 ++-- spec/acceptance/class_spec.rb | 10 +- spec/acceptance/default_mods_spec.rb | 10 +- spec/acceptance/itk_spec.rb | 4 +- spec/acceptance/mod_dav_svn_spec.rb | 12 +- spec/acceptance/mod_deflate_spec.rb | 18 +- spec/acceptance/mod_fcgid_spec.rb | 8 +- spec/acceptance/mod_mime_spec.rb | 6 +- spec/acceptance/mod_pagespeed_spec.rb | 18 +- spec/acceptance/mod_passenger_spec.rb | 110 +++++----- spec/acceptance/mod_php_spec.rb | 22 +- spec/acceptance/mod_proxy_html_spec.rb | 4 +- spec/acceptance/mod_suphp_spec.rb | 8 +- spec/acceptance/prefork_worker_spec.rb | 12 +- spec/acceptance/vhost_spec.rb | 238 +++++++++++----------- 16 files changed, 313 insertions(+), 313 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 4fa3bf6ec6..54b4242251 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -12,7 +12,7 @@ if fact('osfamily') == 'FreeBSD' describe file("#{confd_dir}/no-accf.conf.erb") do - it { should_not be_file } + it { is_expected.not_to be_file } end end end @@ -24,7 +24,7 @@ if fact('osfamily') == 'FreeBSD' describe file("#{$confd_dir}/no-accf.conf.erb") do - it { should be_file } + it { is_expected.to be_file } end end end @@ -36,8 +36,8 @@ end describe file($ports_file) do - it { should be_file } - it { should contain 'Listen 10.1.1.1' } + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 10.1.1.1' } end end @@ -53,8 +53,8 @@ class { 'apache': end describe service($service_name) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end @@ -70,8 +70,8 @@ class { 'apache': end describe service($service_name) do - it { should_not be_running } - it { should_not be_enabled } + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } end end @@ -89,7 +89,7 @@ class { 'apache': # Ensure the file didn't disappear. describe file("#{$confd_dir}/test.conf") do - it { should be_file } + it { is_expected.to be_file } end end @@ -108,7 +108,7 @@ class { 'apache': # File should be gone describe file("#{$confd_dir}/test.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end end end @@ -120,8 +120,8 @@ class { 'apache': end describe file($vhost) do - it { should be_file } - it { should contain 'ServerAdmin test@example.com' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerAdmin test@example.com' } end end @@ -134,8 +134,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'EnableSendfile On' } + it { is_expected.to be_file } + it { is_expected.to contain 'EnableSendfile On' } end describe 'setup' do @@ -146,8 +146,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'Sendfile Off' } + it { is_expected.to be_file } + it { is_expected.to contain 'Sendfile Off' } end end @@ -160,8 +160,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'Alias /error/' } + it { is_expected.to be_file } + it { is_expected.to contain 'Alias /error/' } end end @@ -174,8 +174,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'Timeout 1234' } + it { is_expected.to be_file } + it { is_expected.to contain 'Timeout 1234' } end end @@ -191,8 +191,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end describe file("#{$confd_dir}/mime.conf") do - it { should be_file } - it { should contain 'AddLanguage eo .eo' } + it { is_expected.to be_file } + it { is_expected.to contain 'AddLanguage eo .eo' } end end @@ -205,8 +205,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerRoot "/tmp/root"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerRoot "/tmp/root"' } end end @@ -220,13 +220,13 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } if $apache_version == '2.4' describe file($conf_file) do - it { should be_file } - it { should contain 'IncludeOptional "/tmp/root/*.conf"' } + it { is_expected.to be_file } + it { is_expected.to contain 'IncludeOptional "/tmp/root/*.conf"' } end else describe file($conf_file) do - it { should be_file } - it { should contain 'Include "/tmp/root/*.conf"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Include "/tmp/root/*.conf"' } end end end @@ -242,8 +242,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end describe file($conf_file) do - it { should be_file } - it { should contain 'testcontent' } + it { is_expected.to be_file } + it { is_expected.to contain 'testcontent' } end end @@ -256,8 +256,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerName "test.server"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerName "test.server"' } end end @@ -277,12 +277,12 @@ class { 'apache': end describe user('testweb') do - it { should exist } - it { should belong_to_group 'testweb' } + it { is_expected.to exist } + it { is_expected.to belong_to_group 'testweb' } end describe group('testweb') do - it { should exist } + it { is_expected.to exist } end end @@ -302,9 +302,9 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } - it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } + it { is_expected.to be_file } + it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } + it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } end end @@ -318,10 +318,10 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'KeepAlive On' } - it { should contain 'KeepAliveTimeout 30' } - it { should contain 'MaxKeepAliveRequests 200' } + it { is_expected.to be_file } + it { is_expected.to contain 'KeepAlive On' } + it { is_expected.to contain 'KeepAliveTimeout 30' } + it { is_expected.to contain 'MaxKeepAliveRequests 200' } end end @@ -356,7 +356,7 @@ class { 'apache': logroot => '/apache_spec' } end describe file("/apache_spec/#{$error_log}") do - it { should be_file } + it { is_expected.to be_file } end end @@ -374,8 +374,8 @@ class { 'apache': end describe file('/apache_spec/ports_file') do - it { should be_file } - it { should contain 'Listen 10.1.1.1' } + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 10.1.1.1' } end end @@ -390,8 +390,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerTokens Minor' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerTokens Minor' } end end @@ -407,8 +407,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerSignature testsig' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerSignature testsig' } end end @@ -423,8 +423,8 @@ class { 'apache': end describe file($conf_file) do - it { should be_file } - it { should contain 'TraceEnable Off' } + it { is_expected.to be_file } + it { is_expected.to contain 'TraceEnable Off' } end end @@ -439,7 +439,7 @@ class { 'apache': end describe package($package_name) do - it { should be_installed } + it { is_expected.to be_installed } end end diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 649c02d841..3cfe593481 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -27,13 +27,13 @@ class { 'apache': end describe file("#{vhostd}/15-default-ssl.conf") do - it { should be_file } - it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } end end @@ -67,20 +67,20 @@ class { 'apache': end describe file("#{vhostd}/25-test_ssl.conf") do - it { should be_file } - it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } - it { should contain 'SSLProxyEngine On' } - it { should contain 'SSLProtocol test' } - it { should contain 'SSLCipherSuite test' } - it { should contain 'SSLHonorCipherOrder test' } - it { should contain 'SSLVerifyClient test' } - it { should contain 'SSLVerifyDepth test' } - it { should contain 'SSLOptions test test1' } + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.to contain 'SSLProxyEngine On' } + it { is_expected.to contain 'SSLProtocol test' } + it { is_expected.to contain 'SSLCipherSuite test' } + it { is_expected.to contain 'SSLHonorCipherOrder test' } + it { is_expected.to contain 'SSLVerifyClient test' } + it { is_expected.to contain 'SSLVerifyDepth test' } + it { is_expected.to contain 'SSLOptions test test1' } end end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 830e3ed5b6..d9b80b5c35 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -25,12 +25,12 @@ class { 'apache': } end describe package(package_name) do - it { should be_installed } + it { is_expected.to be_installed } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end end @@ -71,8 +71,8 @@ class { 'apache': end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end end end diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index c7f8755605..2565ce77b9 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -28,7 +28,7 @@ class { 'apache': end describe service(servicename) do - it { should be_running } + it { is_expected.to be_running } end end @@ -54,7 +54,7 @@ class { 'apache': # Are these the same? describe service(servicename) do - it { should_not be_running } + it { is_expected.not_to be_running } end describe "service #{servicename}" do it 'should not be running' do @@ -92,7 +92,7 @@ class { 'apache': end describe service(servicename) do - it { should be_running } + it { is_expected.to be_running } end end @@ -110,11 +110,11 @@ class { 'apache': default_mods => false } end describe service(servicename) do - it { should be_running } + it { is_expected.to be_running } end describe file("#{mod_dir}/zz_auth_basic.load") do - it { should be_file } + it { is_expected.to be_file } end end end diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index 86fc2c01ce..b810657ec3 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -27,7 +27,7 @@ class { 'apache': end describe service(service_name) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 412b794540..ff90d331f3 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -23,12 +23,12 @@ class { 'apache': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/dav_svn.load") do - it { should contain "LoadModule dav_svn_module" } + it { is_expected.to contain "LoadModule dav_svn_module" } end end @@ -44,12 +44,12 @@ class { 'apache::mod::dav_svn': end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/dav_svn_authz_svn.load") do - it { should contain "LoadModule authz_svn_module" } + it { is_expected.to contain "LoadModule authz_svn_module" } end end end diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index b2ffc1436a..6052cc283f 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -23,18 +23,18 @@ class { 'apache': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/deflate.conf") do - it { should contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" } - it { should contain "AddOutputFilterByType DEFLATE text/css" } - it { should contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" } - it { should contain "AddOutputFilterByType DEFLATE application/rss+xml" } - it { should contain "DeflateFilterNote Input instream" } - it { should contain "DeflateFilterNote Output outstream" } - it { should contain "DeflateFilterNote Ratio ratio" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE text/css" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE application/rss+xml" } + it { is_expected.to contain "DeflateFilterNote Input instream" } + it { is_expected.to contain "DeflateFilterNote Output outstream" } + it { is_expected.to contain "DeflateFilterNote Ratio ratio" } end end end diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 52f793be06..8e94fa08fa 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -43,14 +43,14 @@ class { 'apache::mod::fcgid': end describe service('httpd') do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to fcgid.example.com' do shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| - r.stdout.should =~ /^Hello world$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^Hello world$/) + expect(r.exit_code).to eq(0) end end diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index 71a7037a62..e2a2512db6 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -23,12 +23,12 @@ class { 'apache': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/mime.conf") do - it { should contain "AddType application/x-compress .Z" } + it { is_expected.to contain "AddType application/x-compress .Z" } end end end diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index de59a347c1..14e75b4d79 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -63,22 +63,22 @@ class { 'apache::mod::pagespeed': end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/pagespeed.conf") do - it { should contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } - it { should contain "ModPagespeedEnableFilters remove_comments" } - it { should contain "ModPagespeedDisableFilters extend_cache" } - it { should contain "ModPagespeedForbidFilters rewrite_javascript" } + it { is_expected.to contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } + it { is_expected.to contain "ModPagespeedEnableFilters remove_comments" } + it { is_expected.to contain "ModPagespeedDisableFilters extend_cache" } + it { is_expected.to contain "ModPagespeedForbidFilters rewrite_javascript" } end it 'should answer to pagespeed.example.com and include and be stripped of comments by mod_pagespeed' do shell("/usr/bin/curl pagespeed.example.com:80") do |r| - r.stdout.should =~ // - r.stdout.should_not =~ // - r.exit_code.should == 0 + expect(r.stdout).to match(//) + expect(r.stdout).not_to match(//) + expect(r.exit_code).to eq(0) end end end diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index fbfac1672a..3362daeb27 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -95,61 +95,61 @@ class { 'apache::mod::passenger': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file(conf_file) do - it { should contain "PassengerRoot \"#{passenger_root}\"" } + it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } case fact('operatingsystem') when 'Ubuntu' case fact('lsbdistrelease') when '10.04' - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerDefaultRuby/" } + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } when '12.04' - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerDefaultRuby/" } + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } when '14.04' - it { should contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerRuby/" } + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } else # This may or may not work on Ubuntu releases other than the above - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerDefaultRuby/" } + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } end when 'Debian' case fact('lsbdistcodename') when 'wheezy' - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerDefaultRuby/" } + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } else # This may or may not work on Debian releases other than the above - it { should contain "PassengerRuby \"#{passenger_ruby}\"" } - it { should_not contain "/PassengerDefaultRuby/" } + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } end end end describe file(load_file) do - it { should contain "LoadModule passenger_module #{passenger_module_path}" } + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } end it 'should output status via passenger-memory-stats' do shell("sudo /usr/sbin/passenger-memory-stats") do |r| - r.stdout.should =~ /Apache processes/ - r.stdout.should =~ /Nginx processes/ - r.stdout.should =~ /Passenger processes/ + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) # passenger-memory-stats output on Ubuntu 14.04 does not contain # these two lines unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end @@ -160,28 +160,28 @@ class { 'apache::mod::passenger': } # xml output not available on ubunutu <= 10.04, so sticking with default pool output shell("sudo /usr/sbin/passenger-status") do |r| # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ + expect(r.stdout).to match(/[\-]+ General information [\-]+/) if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' - r.stdout.should =~ /Max pool size[ ]+: [0-9]+/ - r.stdout.should =~ /Processes[ ]+: [0-9]+/ - r.stdout.should =~ /Requests in top-level queue[ ]+: [0-9]+/ + expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) + expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) + expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) else - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ + expect(r.stdout).to match(/max[ ]+= [0-9]+/) + expect(r.stdout).to match(/count[ ]+= [0-9]+/) + expect(r.stdout).to match(/active[ ]+= [0-9]+/) + expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) + expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) end - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end end it 'should answer to passenger.example.com' do shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello world<\/b>$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^hello world<\/b>$/) + expect(r.exit_code).to eq(0) end end @@ -240,50 +240,50 @@ class { 'apache::mod::passenger': end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file(conf_file) do - it { should contain "PassengerRoot #{passenger_root}" } - it { should contain "PassengerRuby #{passenger_ruby}" } - it { should contain "PassengerTempDir #{passenger_tempdir}" } + it { is_expected.to contain "PassengerRoot #{passenger_root}" } + it { is_expected.to contain "PassengerRuby #{passenger_ruby}" } + it { is_expected.to contain "PassengerTempDir #{passenger_tempdir}" } end describe file(load_file) do - it { should contain "LoadModule passenger_module #{passenger_module_path}" } + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } end it 'should output status via passenger-memory-stats' do shell("sudo /usr/bin/passenger-memory-stats") do |r| - r.stdout.should =~ /Apache processes/ - r.stdout.should =~ /Nginx processes/ - r.stdout.should =~ /Passenger processes/ - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end it 'should output status via passenger-status' do shell("sudo PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ + expect(r.stdout).to match(/[\-]+ General information [\-]+/) + expect(r.stdout).to match(/max[ ]+= [0-9]+/) + expect(r.stdout).to match(/count[ ]+= [0-9]+/) + expect(r.stdout).to match(/active[ ]+= [0-9]+/) + expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) + expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end it 'should answer to passenger.example.com' do shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello world<\/b>$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^hello world<\/b>$/) + expect(r.exit_code).to eq(0) end end end diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index cf8054053e..0b46dbc66f 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -37,18 +37,18 @@ class { 'apache::mod::php': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/php5.conf") do - it { should contain "DirectoryIndex index.php" } + it { is_expected.to contain "DirectoryIndex index.php" } end it 'should answer to php.example.com' do shell("/usr/bin/curl php.example.com:80") do |r| - r.stdout.should =~ /PHP Version/ - r.exit_code.should == 0 + expect(r.stdout).to match(/PHP Version/) + expect(r.exit_code).to eq(0) end end end @@ -78,19 +78,19 @@ class { 'apache::mod::php': end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{vhost_dir}/25-php.example.com.conf") do - it { should contain " php_admin_flag engine on" } - it { should contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } + it { is_expected.to contain " php_admin_flag engine on" } + it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } end it 'should answer to php.example.com' do shell("/usr/bin/curl php.example.com:80") do |r| - r.stdout.should =~ /\/usr\/share\/pear\// - r.exit_code.should == 0 + expect(r.stdout).to match(/\/usr\/share\/pear\//) + expect(r.exit_code).to eq(0) end end end diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index f015f99941..eab162b1a3 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -32,8 +32,8 @@ class { 'apache::mod::proxy_html': } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end end end diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 9e26731d61..1b91581441 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -27,14 +27,14 @@ class { 'apache::mod::suphp': } end describe service('apache2') do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to suphp.example.com' do shell("/usr/bin/curl suphp.example.com:80") do |r| - r.stdout.should =~ /^daemon$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^daemon$/) + expect(r.exit_code).to eq(0) end end end diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index beffe0a014..562ff5323d 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -28,8 +28,8 @@ class { 'apache': end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end end @@ -51,8 +51,8 @@ class { 'apache': end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end @@ -73,7 +73,7 @@ class { 'apache': end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index c43d3f9e9e..259581c54f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -16,11 +16,11 @@ class { 'apache': end describe file("#{$vhost_dir}/15-default.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end end @@ -34,11 +34,11 @@ class { 'apache': } end describe file("#{$vhost_dir}/15-default.conf") do - it { should contain '' } + it { is_expected.to contain '' } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end end @@ -59,12 +59,12 @@ class { 'apache': end describe file("#{$vhost_dir}/15-default.conf") do - it { should contain '' } + it { is_expected.to contain '' } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should contain '' } - it { should contain "SSLEngine on" } + it { is_expected.to contain '' } + it { is_expected.to contain "SSLEngine on" } end end @@ -87,8 +87,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-first.example.com.conf") do - it { should contain '' } - it { should contain "ServerName first.example.com" } + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName first.example.com" } end end @@ -109,11 +109,11 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-proxy.example.com.conf") do - it { should contain '' } - it { should contain "ServerName proxy.example.com" } - it { should contain "ProxyPass" } - it { should contain "ProxyPreserveHost On" } - it { should_not contain "" } + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName proxy.example.com" } + it { is_expected.to contain "ProxyPass" } + it { is_expected.to contain "ProxyPreserveHost On" } + it { is_expected.not_to contain "" } end end @@ -144,19 +144,19 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to first.example.com' do shell("/usr/bin/curl first.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from first\n" + expect(r.stdout).to eq("Hello from first\n") end end it 'should answer to second.example.com' do shell("/usr/bin/curl second.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from second\n" + expect(r.stdout).to eq("Hello from second\n") end end end @@ -196,13 +196,13 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr).to match(/curl: $22$ The requested URL returned error: 403/) end end @@ -254,15 +254,15 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n") - shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 403/) - shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout.should eq("Hello Bar\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout).to eq("Hello Foo\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr).to match(/curl: $22$ The requested URL returned error: 403/) + expect(shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout).to eq("Hello Bar\n") end end @@ -288,13 +288,13 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout.should match(/Scoreboard: /) + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout).to match(/Scoreboard: /) end end end @@ -319,13 +319,13 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to fallback.example.net' do shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r| - r.stdout.should == "Hello World\n" + expect(r.stdout).to eq("Hello World\n") end end @@ -360,19 +360,19 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to a.virt.example.com' do shell("/usr/bin/curl a.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from a.virt\n" + expect(r.stdout).to eq("Hello from a.virt\n") end end it 'should answer to b.virt.example.com' do shell("/usr/bin/curl b.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from b.virt\n" + expect(r.stdout).to eq("Hello from b.virt\n") end end end @@ -406,14 +406,14 @@ class { 'apache': default_vhost => false, } end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should get a response from the back end' do shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| - r.stdout.should == "Hello from localhost\n" - r.exit_code.should == 0 + expect(r.stdout).to eq("Hello from localhost\n") + expect(r.exit_code).to eq(0) end end end @@ -433,8 +433,8 @@ class { 'apache': } end describe file($ports_file) do - it { should be_file } - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.to be_file } + it { is_expected.not_to contain 'NameVirtualHost test.server' } end end @@ -455,9 +455,9 @@ class { 'apache': default_vhost => false } end describe file($ports_file) do - it { should be_file } - it { should_not contain 'Listen 80' } - it { should contain 'Listen 81' } + it { is_expected.to be_file } + it { is_expected.not_to contain 'Listen 80' } + it { is_expected.to contain 'Listen 81' } end end @@ -479,10 +479,10 @@ class { 'apache': } end describe file('/tmp/test') do - it { should be_directory } - it { should be_owned_by 'test_owner' } - it { should be_grouped_into 'test_group' } - it { should be_mode 750 } + it { is_expected.to be_directory } + it { is_expected.to be_owned_by 'test_owner' } + it { is_expected.to be_grouped_into 'test_group' } + it { is_expected.to be_mode 750 } end end @@ -500,18 +500,18 @@ class { 'apache': } end describe file($ports_file) do - it { should be_file } + it { is_expected.to be_file } if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.not_to contain 'NameVirtualHost test.server' } elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/ - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.not_to contain 'NameVirtualHost test.server' } else - it { should contain 'NameVirtualHost test.server' } + it { is_expected.to contain 'NameVirtualHost test.server' } end end describe file("#{$vhost_dir}/10-test.server.conf") do - it { should be_file } + it { is_expected.to be_file } end end @@ -529,8 +529,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Options Indexes FollowSymLinks ExecCGI' } + it { is_expected.to be_file } + it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' } end end @@ -548,8 +548,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'AllowOverride All' } + it { is_expected.to be_file } + it { is_expected.to contain 'AllowOverride All' } end end @@ -567,8 +567,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain ' CustomLog "/tmp' } + it { is_expected.to be_file } + it { is_expected.to contain ' CustomLog "/tmp' } end end @@ -595,8 +595,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should_not contain " #{logname} \"/tmp" } + it { is_expected.to be_file } + it { is_expected.not_to contain " #{logname} \"/tmp" } end end @@ -615,8 +615,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain " #{logname} \"|/bin/sh" } + it { is_expected.to be_file } + it { is_expected.to contain " #{logname} \"|/bin/sh" } end end @@ -635,8 +635,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain " #{logname} \"syslog\"" } + it { is_expected.to be_file } + it { is_expected.to contain " #{logname} \"syslog\"" } end end end @@ -657,8 +657,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'CustomLog "syslog" "%h %l"' } + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "syslog" "%h %l"' } end end @@ -678,8 +678,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'CustomLog "syslog" combined env=admin' } + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "syslog" combined env=admin' } end end @@ -697,8 +697,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Alias /image "/ftp/pub/image"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Alias /image "/ftp/pub/image"' } end end @@ -716,8 +716,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ScriptAlias /myscript "/usr/share/myscript"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end end @@ -735,8 +735,8 @@ class { 'apache': service_ensure => stopped, } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ProxyPass / test2/' } + it { is_expected.to be_file } + it { is_expected.to contain 'ProxyPass / test2/' } end end @@ -755,8 +755,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Action php-fastcgi /cgi-bin virtual' } + it { is_expected.to be_file } + it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' } end end @@ -776,10 +776,10 @@ class { 'apache': service_ensure => stopped, } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain "suPHP_AddHandler #{$suphp_handler}" } - it { should contain 'suPHP_Engine on' } - it { should contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } + it { is_expected.to be_file } + it { is_expected.to contain "suPHP_AddHandler #{$suphp_handler}" } + it { is_expected.to contain 'suPHP_Engine on' } + it { is_expected.to contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } end end @@ -798,9 +798,9 @@ class { 'apache': service_ensure => stopped, } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ProxyPass / http://test2/' } - it { should contain 'ProxyPass http://test2/test !' } + it { is_expected.to be_file } + it { is_expected.to contain 'ProxyPass / http://test2/' } + it { is_expected.to contain 'ProxyPass http://test2/test !' } end end @@ -820,8 +820,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Redirect permanent /images http://test.server/' } + it { is_expected.to be_file } + it { is_expected.to contain 'Redirect permanent /images http://test.server/' } end end @@ -848,8 +848,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'RackBaseURI /test' } + it { is_expected.to be_file } + it { is_expected.to contain 'RackBaseURI /test' } end end end @@ -869,8 +869,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'append MirrorID "mirror 12"' } + it { is_expected.to be_file } + it { is_expected.to contain 'append MirrorID "mirror 12"' } end end @@ -893,10 +893,10 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain '#test' } - it { should contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } - it { should contain 'RewriteRule ^index.html$ welcome.html' } + it { is_expected.to be_file } + it { is_expected.to contain '#test' } + it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } + it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' } end end @@ -915,9 +915,9 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'SetEnv TEST /test' } - it { should contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } + it { is_expected.to be_file } + it { is_expected.to contain 'SetEnv TEST /test' } + it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } end end @@ -935,8 +935,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain '' } + it { is_expected.to be_file } + it { is_expected.to contain '' } end end @@ -980,13 +980,13 @@ class { 'apache::mod::wsgi': } end describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do - it { should be_file } - it { should contain 'WSGIApplicationGroup %{GLOBAL}' } - it { should contain 'WSGIDaemonProcess wsgi processes=2' } - it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } - it { should contain 'WSGIProcessGroup nobody' } - it { should contain 'WSGIScriptAlias /test "/test1"' } - it { should contain 'WSGIPassAuthorization On' } + it { is_expected.to be_file } + it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } + it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } + it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } + it { is_expected.to contain 'WSGIProcessGroup nobody' } + it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } + it { is_expected.to contain 'WSGIPassAuthorization On' } end end @@ -1004,8 +1004,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain '#weird test string' } + it { is_expected.to be_file } + it { is_expected.to contain '#weird test string' } end end @@ -1023,8 +1023,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'AssignUserId nobody nobody' } + it { is_expected.to be_file } + it { is_expected.to contain 'AssignUserId nobody nobody' } end end @@ -1047,9 +1047,9 @@ class { 'apache::mod::fastcgi': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } - it { should contain '' } + it { is_expected.to be_file } + it { is_expected.to contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } + it { is_expected.to contain '' } end end end @@ -1089,8 +1089,8 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Include "/apache_spec/include"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Include "/apache_spec/include"' } end end From ae714e0fa7dda9a741c1cefef7541815366582a8 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 2 Jun 2014 09:17:47 -0600 Subject: [PATCH 0267/2267] MODULES-1065: Add ThreadLimit to mod::worker --- manifests/mod/worker.pp | 2 ++ spec/classes/mod/worker_spec.rb | 47 +++++++++++++++++++++++++++++++++ templates/mod/worker.conf.erb | 1 + 3 files changed, 50 insertions(+) diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 3251a1a0ed..0d2815964b 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -6,6 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', + $threadlimit = '64', $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { @@ -34,6 +35,7 @@ # - $threadsperchild # - $maxrequestsperchild # - $serverlimit + # - $threadLimit file { "${::apache::mod_dir}/worker.conf": ensure => file, content => template('apache/mod/worker.conf.erb'), diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index a8176c570d..e6cca61860 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -96,4 +96,51 @@ it { should_not contain_apache__mod('worker') } it { should contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } end + + # Template config doesn't vary by distro + context "on all distros" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + context 'defaults' do + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+2$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+150$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+75$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) } + end + + context 'setting params' do + let :params do + { + :serverlimit => 10, + :startservers => 11, + :maxclients => 12, + :minsparethreads => 13, + :maxsparethreads => 14, + :threadsperchild => 15, + :maxrequestsperchild => 16, + :threadlimit => 17 + } + end + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+10$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+11$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+12$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+13$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+14$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) } + end + end end diff --git a/templates/mod/worker.conf.erb b/templates/mod/worker.conf.erb index f0bba39085..597e05f8d5 100644 --- a/templates/mod/worker.conf.erb +++ b/templates/mod/worker.conf.erb @@ -6,4 +6,5 @@ MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> From aa012cf397e5bc54c1fab6bb1755f826c7673e1f Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Mon, 9 Jun 2014 11:28:15 -0400 Subject: [PATCH 0268/2267] Pin rspec to 2.x. --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 0ad4ddffca..ae7ff8c56b 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do gem 'rake', '10.1.1', :require => false + gem 'rspec', '~> 2.11', :require => false gem 'rspec-puppet', '>=1.0.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'serverspec', :require => false From 3ad5b244c947b173007df5b27da48376284eb438 Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Mon, 9 Jun 2014 08:37:48 -0700 Subject: [PATCH 0269/2267] Pin rspec to ~> 2.11 --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 0ad4ddffca..fc45295a10 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,8 @@ group :development, :test do gem 'puppet-lint', :require => false gem 'beaker', :require => false gem 'beaker-rspec', :require => false -end + gem 'rspec', '~> 2.11', :require => false +end if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false From 0925fc2991841c1d59bfcdc820eef2b9dcb4e830 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 9 Jun 2014 13:12:37 -0400 Subject: [PATCH 0270/2267] Delete gentoo a2mod tests. The tests are broken and we don't support gentoo, so deleting. --- spec/unit/provider/a2mod/gentoo_spec.rb | 184 ------------------------ 1 file changed, 184 deletions(-) delete mode 100644 spec/unit/provider/a2mod/gentoo_spec.rb diff --git a/spec/unit/provider/a2mod/gentoo_spec.rb b/spec/unit/provider/a2mod/gentoo_spec.rb deleted file mode 100644 index ddb9dddda4..0000000000 --- a/spec/unit/provider/a2mod/gentoo_spec.rb +++ /dev/null @@ -1,184 +0,0 @@ -#!/usr/bin/env rspec - -require 'spec_helper' - -provider_class = Puppet::Type.type(:a2mod).provider(:gentoo) - -describe provider_class do - before :each do - provider_class.clear - end - - [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method| - it "should respond to the class method #{method}" do - provider_class.should respond_to(method) - end - end - - describe "when fetching modules" do - before do - @filetype = mock() - end - - it "should return a sorted array of the defined parameters" do - @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) - provider_class.expects(:filetype).returns(@filetype) - - provider_class.modules.should == %w{bar baz foo} - end - - it "should cache the module list" do - @filetype.expects(:read).once.returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) - provider_class.expects(:filetype).once.returns(@filetype) - - 2.times { provider_class.modules.should == %w{bar baz foo} } - end - - it "should normalize parameters" do - @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAR"\n}) - provider_class.expects(:filetype).returns(@filetype) - - provider_class.modules.should == %w{bar foo} - end - end - - describe "when prefetching" do - it "should match providers to resources" do - provider = mock("ssl_provider", :name => "ssl") - resource = mock("ssl_resource") - resource.expects(:provider=).with(provider) - - provider_class.expects(:instances).returns([provider]) - provider_class.prefetch("ssl" => resource) - end - end - - describe "when flushing" do - before :each do - @filetype = mock() - @filetype.stubs(:backup) - provider_class.expects(:filetype).at_least_once.returns(@filetype) - - @info = mock() - @info.stubs(:[]).with(:name).returns("info") - @info.stubs(:provider=) - - @mpm = mock() - @mpm.stubs(:[]).with(:name).returns("mpm") - @mpm.stubs(:provider=) - - @ssl = mock() - @ssl.stubs(:[]).with(:name).returns("ssl") - @ssl.stubs(:provider=) - end - - it "should add modules whose ensure is present" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO"}) - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - - provider_class.flush - end - - it "should remove modules whose ensure is present" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO"}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS=""}) - - @info.stubs(:should).with(:ensure).returns(:absent) - @info.stubs(:provider=) - provider_class.prefetch("info" => @info) - - provider_class.flush - end - - it "should not modify providers without resources" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO -D MPM"}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"}) - - @info.stubs(:should).with(:ensure).returns(:absent) - provider_class.prefetch("info" => @info) - - @ssl.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("ssl" => @ssl) - - provider_class.flush - end - - it "should write the modules in sorted order" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"}) - - @mpm.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("mpm" => @mpm) - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("ssl" => @ssl) - - provider_class.flush - end - - it "should write the records back once" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - - @ssl.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("ssl" => @ssl) - - provider_class.flush - end - - it "should only modify the line containing APACHE2_OPTS" do - @filetype.expects(:read).at_least_once.returns(%Q{# Comment\nAPACHE2_OPTS=""\n# Another comment}) - @filetype.expects(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment}) - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - provider_class.flush - end - - it "should restore any arbitrary arguments" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-Y -D MPM -X"}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"}) - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - provider_class.flush - end - - it "should backup the file once if changes were made" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - - @ssl.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("ssl" => @ssl) - - @filetype.unstub(:backup) - @filetype.expects(:backup) - provider_class.flush - end - - it "should not write the file or run backups if no changes were made" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"}) - @filetype.expects(:write).never - - @info.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("info" => @info) - - @ssl.stubs(:should).with(:ensure).returns(:present) - provider_class.prefetch("ssl" => @ssl) - - @filetype.unstub(:backup) - @filetype.expects(:backup).never - provider_class.flush - end - end -end From 198aa99e8e5925cd1bdf9bfd832f0e923e4e8a2b Mon Sep 17 00:00:00 2001 From: "Angel L. Mateo" Date: Thu, 3 Apr 2014 13:09:37 +0200 Subject: [PATCH 0271/2267] Add parameters to configure negotiation module --- README.md | 23 ++++++ manifests/mod/negotiation.pp | 11 ++- spec/acceptance/mod_negotiation_spec.rb | 80 ++++++++++++++++++++ spec/classes/mod/negotiation_spec.rb | 59 +++++++++++++++ spec/fixtures/files/negotiation.conf | 4 + spec/fixtures/templates/negotiation.conf.erb | 4 + templates/mod/negotiation.conf.erb | 4 +- 7 files changed, 182 insertions(+), 3 deletions(-) create mode 100644 spec/acceptance/mod_negotiation_spec.rb create mode 100644 spec/classes/mod/negotiation_spec.rb create mode 100644 spec/fixtures/files/negotiation.conf create mode 100644 spec/fixtures/templates/negotiation.conf.erb diff --git a/README.md b/README.md index 385130df31..7f4ff7ed8e 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ * [Class: apache::mod::ssl](#class-apachemodssl) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Class: apache::mod::fcgid](#class-apachemodfcgid) + * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -641,6 +642,28 @@ It is also possible to set the FcgidWrapper per directory per vhost. You must en See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information. +####Class: `apache::mod::negotiation` + +Installs and configures mod_negotiation. If there are not provided any +parameter, default apache mod_negotiation configuration is done. + +```puppet + class { '::apache::mod::negotiation': + force_language_priority => 'Prefer', + language_priority => [ 'es', 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo' ], + } +``` + +**Parameters within `apache::mod::negotiation`:** + +#####`force_language_priority` + +A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallback`. + +#####`language_priority` + +An array of languages to set the `LanguagePriority` option of the module. + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index eff685b15c..af36b5bd82 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -1,4 +1,13 @@ -class apache::mod::negotiation { +class apache::mod::negotiation ( + $force_language_priority = 'Prefer Fallback', + $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', + 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', + 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', + 'zh-TW' ], +) { + validate_string($force_language_priority) + validate_array($language_priority) + ::apache::mod { 'negotiation': } # Template uses no variables file { 'negotiation.conf': diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb new file mode 100644 index 0000000000..33dcdd982d --- /dev/null +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -0,0 +1,80 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::negotiation class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + vhost_dir = '/etc/apache2/sites-enabled' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + vhost_dir = '/etc/httpd/conf.d' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + vhost_dir = '/usr/local/etc/apache22/Vhosts' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + end + + context "default negotiation config" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': } + class { '::apache::mod::negotiation': } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$mod_dir}/negotiation.conf") do + it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end + + context "with alternative force_language_priority" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': } + class { '::apache::mod::negotiation': + force_language_priority => 'Prefer', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$mod_dir}/negotiation.conf") do + it { should contain "ForceLanguagePriority Prefer" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end + + context "with alternative language_priority" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': } + class { '::apache::mod::negotiation': + language_priority => [ 'en', 'es' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$mod_dir}/negotiation.conf") do + it { should contain "LanguagePriority en es" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end +end diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb new file mode 100644 index 0000000000..a5d4ba92d2 --- /dev/null +++ b/spec/classes/mod/negotiation_spec.rb @@ -0,0 +1,59 @@ +require 'spec_helper' + +describe 'apache::mod::negotiation', :type => :class do + describe "OS independent tests" do + + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + context "default params" do + let :pre_condition do + 'class {"::apache": }' + end + it { should contain_class("apache") } + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback +', + } ) + end + end + + context 'with force_language_priority parameter' do + let :pre_condition do + 'class {"::apache": default_mods => ["negotiation"]}' + end + let :params do + { :force_language_priority => 'Prefer' } + end + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => /^ForceLanguagePriority Prefer$/, + } ) + end + end + + context 'with language_priority parameter' do + let :pre_condition do + 'class {"::apache": default_mods => ["negotiation"]}' + end + let :params do + { :language_priority => [ 'en', 'es' ] } + end + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => /^LanguagePriority en es$/, + } ) + end + end + end +end diff --git a/spec/fixtures/files/negotiation.conf b/spec/fixtures/files/negotiation.conf new file mode 100644 index 0000000000..c0bb8b9fd2 --- /dev/null +++ b/spec/fixtures/files/negotiation.conf @@ -0,0 +1,4 @@ +# This is a file only for spec testing + +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback diff --git a/spec/fixtures/templates/negotiation.conf.erb b/spec/fixtures/templates/negotiation.conf.erb new file mode 100644 index 0000000000..5575022463 --- /dev/null +++ b/spec/fixtures/templates/negotiation.conf.erb @@ -0,0 +1,4 @@ +# This is a template only for spec testing + +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback diff --git a/templates/mod/negotiation.conf.erb b/templates/mod/negotiation.conf.erb index 50921019bc..55b2ab5299 100644 --- a/templates/mod/negotiation.conf.erb +++ b/templates/mod/negotiation.conf.erb @@ -1,2 +1,2 @@ -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW -ForceLanguagePriority Prefer Fallback +LanguagePriority <%= @language_priority.join(' ') %> +ForceLanguagePriority <%= @force_language_priority %> From a306c0c77f39c55661bf0f8048845f3b5c64e322 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Jun 2014 14:22:28 -0400 Subject: [PATCH 0272/2267] Add test case for graceful failure on OSX. --- spec/classes/apache_spec.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6e0b705333..429ab805b0 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -540,4 +540,18 @@ it { should contain_apache__vhost('default-ssl').with_ensure('present') } end end + context 'with unsupported osfamily' do + let :facts do + { :osfamily => 'Darwin', + :operatingsystemrelease => '13.1.0', + :concat_basedir => '/dne', + } + end + + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Unsupported osfamily/) + end + end end From 9f19e32a89b0dc4a1ac0d7355b8db3bbf92fff70 Mon Sep 17 00:00:00 2001 From: "Angel L. Mateo" Date: Thu, 12 Jun 2014 08:28:14 +0200 Subject: [PATCH 0273/2267] * force_language_priority can be now an array and language_priority a string * coerce parameters to an array --- manifests/mod/negotiation.pp | 8 ++++++-- templates/mod/negotiation.conf.erb | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index af36b5bd82..0bdbfdc3cc 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -5,8 +5,12 @@ 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ], ) { - validate_string($force_language_priority) - validate_array($language_priority) + if !is_array($force_language_priority) and !is_string($force_language_priority) { + fail('force_languague_priority must be a string or array of strings') + } + if !is_array($language_priority) and !is_string($language_priority) { + fail('force_languague_priority must be a string or array of strings') + } ::apache::mod { 'negotiation': } # Template uses no variables diff --git a/templates/mod/negotiation.conf.erb b/templates/mod/negotiation.conf.erb index 55b2ab5299..2fb4700d68 100644 --- a/templates/mod/negotiation.conf.erb +++ b/templates/mod/negotiation.conf.erb @@ -1,2 +1,2 @@ -LanguagePriority <%= @language_priority.join(' ') %> -ForceLanguagePriority <%= @force_language_priority %> +LanguagePriority <%= Array(@language_priority).join(' ') %> +ForceLanguagePriority <%= Array(@force_language_priority).join(' ') %> From 2d58357042e7681ae169d01e1a403cc805627037 Mon Sep 17 00:00:00 2001 From: Yoann Laissus Date: Sun, 15 Jun 2014 11:13:40 +0200 Subject: [PATCH 0274/2267] Add the Satisfy parameter to the directory fragment. --- README.md | 14 ++++++ spec/acceptance/vhost_spec.rb | 78 ++++++++++++++++++++++++++++++++ spec/defines/vhost_spec.rb | 10 ++++ templates/vhost/_directories.erb | 3 ++ 4 files changed, 105 insertions(+) diff --git a/README.md b/README.md index 385130df31..d66092b390 100644 --- a/README.md +++ b/README.md @@ -1413,6 +1413,20 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum } ``` +######`satisfy` + +Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', + } + ], + } + ######`sethandler` Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index c43d3f9e9e..38f40f7917 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -297,6 +297,84 @@ class { 'apache': } shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout.should match(/Scoreboard: /) end end + + describe 'Satisfy and Auth directive' do + it 'should configure a vhost with Satisfy and Auth directive' do + pp = <<-EOS + class { 'apache': } + host { 'files.example.net': ip => '127.0.0.1', } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { + path => '/var/www/files/foo', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => "valid-user", + }, + { + path => '/var/www/files/bar', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + { + path => '/var/www/files/baz', + allow => 'from 10.10.10.10', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + ], + } + file { '/var/www/files/foo': + ensure => directory, + } + file { '/var/www/files/bar': + ensure => directory, + } + file { '/var/www/files/baz': + ensure => directory, + } + file { '/var/www/files/foo/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/bar/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/baz/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/htpasswd': + ensure => file, + content => "login:IZ7jMcLSx0oQk", # "password" as password + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { should be_enabled } + it { should be_running } + end + + it 'should answer to files.example.net' do + shell("/usr/bin/curl -sSf files.example.net:80/foo/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/baz/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: $22$ The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html").stdout.should eq("Hello World\n") + end + end end case fact('lsbdistcodename') diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4037b3011c..90a779854b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -717,6 +717,11 @@ 'order' => 'deny,yned', 'passenger_enabled' => 'onf', 'sethandler' => 'None', + 'auth_type' => 'Basic', + 'auth_name' => 'Basic Auth', + 'auth_user_file' => '/opt/app/htpasswd', + 'auth_require' => 'valid-user', + 'satisfy' => 'Any', }, :match => [ /^ $/, @@ -728,6 +733,11 @@ /^ Order deny,yned$/, /^ SetHandler None$/, /^ PassengerEnabled onf$/, + /^ AuthType Basic$/, + /^ AuthName "Basic Auth"$/, + /^ AuthUserFile \/opt\/app\/htpasswd$/, + /^ Require valid-user$/, + /^ Satisfy Any$/, /^ <\/Directory>$/, ], }, diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index f4307c7618..ea2db8bdcb 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -63,6 +63,9 @@ <%- else -%> Allow from all <%- end -%> + <%- if directory['satisfy'] and directory['satisfy'] != '' -%> + Satisfy <%= directory['satisfy'] %> + <%- end -%> <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> From 4f65ef399fabb8640fd4ed5c8ac647e7022b44ff Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 25 Jun 2014 08:09:10 -0700 Subject: [PATCH 0275/2267] Add configuration file for modulesync https://github.com/puppetlabs/modulesync --- .sync.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .sync.yml diff --git a/.sync.yml b/.sync.yml new file mode 100644 index 0000000000..4ecd6afd0e --- /dev/null +++ b/.sync.yml @@ -0,0 +1,20 @@ +--- +.travis.yml: + excludes: + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 3.2.0" + env_matrix: + - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - PUPPET_GEM_VERSION="~> 3.0" + - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" +spec/spec_helper.rb: + unmanaged: true From 8bd6b6ce8e5f224ee2ab0739446ff1aa2ead048b Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 25 Jun 2014 17:23:09 -0700 Subject: [PATCH 0276/2267] Sync files --- .gitignore | 13 ++++---- .travis.yml | 30 +++++++++---------- Gemfile | 13 +++----- spec/acceptance/nodesets/centos-59-x64.yml | 1 - spec/acceptance/nodesets/centos-64-x64-pe.yml | 1 - spec/acceptance/nodesets/centos-65-x64.yml | 5 ++-- .../nodesets/ubuntu-server-10044-x64.yml | 3 +- .../nodesets/ubuntu-server-12042-x64.yml | 3 +- spec/spec.opts | 6 ++-- 9 files changed, 33 insertions(+), 42 deletions(-) diff --git a/.gitignore b/.gitignore index f751a15d6e..b5b7a00d67 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,7 @@ -.pkg +pkg/ Gemfile.lock -vendor -spec/fixtures -.rspec_system -.bundle -.vagrant -.*sw* +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ diff --git a/.travis.yml b/.travis.yml index 1d00b8eb04..15db85135e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ --- branches: only: - - master + - master language: ruby bundler_args: --without development script: "bundle exec rake spec SPEC_OPTS='--format documentation'" @@ -11,22 +11,22 @@ rvm: - 2.0.0 env: matrix: - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - PUPPET_GEM_VERSION="~> 3.0" - - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" + - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - PUPPET_GEM_VERSION="~> 3.0" + - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" matrix: fast_finish: true exclude: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.2.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 3.2.0" notifications: email: false diff --git a/Gemfile b/Gemfile index fc45295a10..9074f1e75b 100644 --- a/Gemfile +++ b/Gemfile @@ -1,20 +1,15 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'rake', '10.1.1', :require => false - gem 'rspec-puppet', '>=1.0.0', :require => false + gem 'rake', :require => false + gem 'rspec-puppet', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'serverspec', :require => false gem 'puppet-lint', :require => false gem 'beaker', :require => false gem 'beaker-rspec', :require => false - gem 'rspec', '~> 2.11', :require => false -end - -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion, :require => false -else - gem 'facter', :require => false + gem 'pry', :require => false + gem 'simplecov', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml index cde1fe5a85..2ad90b86aa 100644 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ b/spec/acceptance/nodesets/centos-59-x64.yml @@ -7,5 +7,4 @@ HOSTS: box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml index e408d1be77..7d9242f1b9 100644 --- a/spec/acceptance/nodesets/centos-64-x64-pe.yml +++ b/spec/acceptance/nodesets/centos-64-x64-pe.yml @@ -9,5 +9,4 @@ HOSTS: box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug type: pe diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml index ac76349736..4e2cb809e8 100644 --- a/spec/acceptance/nodesets/centos-65-x64.yml +++ b/spec/acceptance/nodesets/centos-65-x64.yml @@ -3,9 +3,8 @@ HOSTS: roles: - master platform: el-6-x86_64 - box : centos-65-x64-virtualbox-nocm + box : centos-65-x64-vbox436-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml index c1b8bdf8fa..5ca1514e40 100644 --- a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +++ b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml @@ -7,5 +7,4 @@ HOSTS: box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml index f7df2ccce1..d065b304f8 100644 --- a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +++ b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml @@ -7,5 +7,4 @@ HOSTS: box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss diff --git a/spec/spec.opts b/spec/spec.opts index de653df4b3..91cd6427ed 100644 --- a/spec/spec.opts +++ b/spec/spec.opts @@ -1,4 +1,6 @@ ---format s +--format +s --colour ---loadby mtime +--loadby +mtime --backtrace From 4849904d57d46c2a57d34e3e508fbdf12ab65175 Mon Sep 17 00:00:00 2001 From: Yoann Laissus Date: Sun, 1 Jun 2014 15:08:02 +0200 Subject: [PATCH 0277/2267] Keep the default loadfile for authz_svn on Debian. Fix acceptance tests due to the new naming. --- manifests/mod/dav_svn.pp | 5 ++++- spec/acceptance/mod_dav_svn_spec.rb | 17 ++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 0fd667bc3f..977e477012 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -7,7 +7,10 @@ if $authz_svn_enabled { ::apache::mod { 'authz_svn': - loadfile_name => 'dav_svn_authz_svn.load', + loadfile_name => $::osfamily ? { + 'Debian' => undef, + default => 'dav_svn_authz_svn.load', + }, require => Apache::Mod['dav_svn'], } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index ff90d331f3..5125ada0b2 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -3,14 +3,17 @@ describe 'apache::mod::dav_svn class' do case fact('osfamily') when 'Debian' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + authz_svn_load_file = 'authz_svn.load' when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + authz_svn_load_file = 'dav_svn_authz_svn.load' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache22/Modules' + service_name = 'apache22' + authz_svn_load_file = 'dav_svn_authz_svn.load' end context "default dav_svn config" do @@ -48,7 +51,7 @@ class { 'apache::mod::dav_svn': it { is_expected.to be_running } end - describe file("#{mod_dir}/dav_svn_authz_svn.load") do + describe file("#{mod_dir}/#{authz_svn_load_file}") do it { is_expected.to contain "LoadModule authz_svn_module" } end end From a7858b17439b2db73326fbf80e5ba3b9c30f8f6e Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 27 Jun 2014 10:08:58 -0700 Subject: [PATCH 0278/2267] Update .sync.yml to support new .travis.yml configs --- .sync.yml | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/.sync.yml b/.sync.yml index 4ecd6afd0e..51a4c60a4b 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,20 +1,9 @@ --- .travis.yml: - excludes: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.2.0" - env_matrix: - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - PUPPET_GEM_VERSION="~> 3.0" - - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" + extras: + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" spec/spec_helper.rb: unmanaged: true From 59f152fecebe4d29efc6cf98137b7cee534918e9 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 27 Jun 2014 10:52:03 -0700 Subject: [PATCH 0279/2267] Synchronize .travis.yml --- .travis.yml | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index 15db85135e..22dcca7081 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,32 +1,21 @@ --- -branches: - only: - - master language: ruby bundler_args: --without development script: "bundle exec rake spec SPEC_OPTS='--format documentation'" -rvm: - - 1.8.7 - - 1.9.3 - - 2.0.0 -env: - matrix: - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - PUPPET_GEM_VERSION="~> 3.0" - - PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" matrix: fast_finish: true - exclude: - - rvm: 1.9.3 + include: + - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.9.3 + - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.2.0" + env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" notifications: email: false From e8ebe477edfca1deb7ac8f246836d213a34da972 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 27 Jun 2014 11:21:17 -0700 Subject: [PATCH 0280/2267] Fix tests for fastcgi The fastcgi server define wasn't including apache::mod::fastcgi, but this is idempotent and required, since it declares a dependency on Apache::Mod['fastcgi']. I also cleaned up some linting things and put the notify on the service class instead of the service resource (as is the newer pattern). --- manifests/fastcgi/server.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index f62cb04530..4937d4e0f7 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -2,22 +2,23 @@ $host = '127.0.0.1:9000', $timeout = 15, $flush = false, - $faux_path = "/var/www/$name.fcgi", - $alias = "/$name.fcgi", + $faux_path = "/var/www/${name}.fcgi", + $alias = "/${name}.fcgi", $file_type = 'application/x-httpd-php' ) { + include apache::mod::fastcgi - Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server["$title"] + Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] - file { "fastcgi-pool-$name.conf": + file { "fastcgi-pool-${name}.conf": ensure => present, - path => "${::apache::confd_dir}/fastcgi-pool-$name.conf", + path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', content => template('apache/fastcgi/server.erb'), require => Exec["mkdir ${::apache::confd_dir}"], before => File[$::apache::confd_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } } From a56edb2b0a6bf66c72366939cfe6ba613a94e2dd Mon Sep 17 00:00:00 2001 From: Juan Treminio Date: Fri, 27 Jun 2014 22:38:20 -0500 Subject: [PATCH 0281/2267] Adds @ to faux_path template variable --- templates/fastcgi/server.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb index c16eae8cfd..74530c449e 100644 --- a/templates/fastcgi/server.erb +++ b/templates/fastcgi/server.erb @@ -1,3 +1,3 @@ FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %> -Alias <%= @alias %> <%= faux_path %> +Alias <%= @alias %> <%= @faux_path %> Action <%= @file_type %> <%= @alias %> From 807db14fc1d294ebcd4f3f835a725149b0d6850a Mon Sep 17 00:00:00 2001 From: Juan Treminio Date: Sat, 28 Jun 2014 01:17:33 -0500 Subject: [PATCH 0282/2267] Changes $alias to $fcgi_alias to preent Puppet complaining about using that name --- manifests/fastcgi/server.pp | 2 +- templates/fastcgi/server.erb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index 4937d4e0f7..afc7c8860f 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -3,7 +3,7 @@ $timeout = 15, $flush = false, $faux_path = "/var/www/${name}.fcgi", - $alias = "/${name}.fcgi", + $fcgi_alias = "/${name}.fcgi", $file_type = 'application/x-httpd-php' ) { include apache::mod::fastcgi diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb index c16eae8cfd..5920e784cb 100644 --- a/templates/fastcgi/server.erb +++ b/templates/fastcgi/server.erb @@ -1,3 +1,3 @@ FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %> -Alias <%= @alias %> <%= faux_path %> -Action <%= @file_type %> <%= @alias %> +Alias <%= @fcgi_alias %> <%= faux_path %> +Action <%= @file_type %> <%= @fcgi_alias %> From 576f4b75916ede41d1bcf594a47c9521987cf067 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 30 Jun 2014 10:57:41 -0700 Subject: [PATCH 0283/2267] Update Gemfile for .travis.yml defaults --- Gemfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Gemfile b/Gemfile index 9074f1e75b..e960f7c4b7 100644 --- a/Gemfile +++ b/Gemfile @@ -12,6 +12,12 @@ group :development, :test do gem 'simplecov', :require => false end +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false +end + if puppetversion = ENV['PUPPET_GEM_VERSION'] gem 'puppet', puppetversion, :require => false else From 240aca0a831a1ad394683c97641238af2ee350e9 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Mon, 30 Jun 2014 11:18:38 -0700 Subject: [PATCH 0284/2267] Update tests for strict variable testing --- spec/classes/mod/negotiation_spec.rb | 2 ++ spec/classes/mod/php_spec.rb | 2 ++ spec/classes/mod/worker_spec.rb | 2 ++ spec/defines/fastcgi_server_spec.rb | 10 ++++++++++ 4 files changed, 16 insertions(+) diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index a5d4ba92d2..f4a8d64e00 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -6,6 +6,8 @@ let :facts do { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :lsbdistcodename => 'squeeze', :operatingsystemrelease => '6', :concat_basedir => '/dne', } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 7b4ef3e822..0252cd5055 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -141,7 +141,9 @@ let :facts do { :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', :concat_basedir => '/dne', } end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 4b83e31850..07b27e3dae 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -117,7 +117,9 @@ let :facts do { :osfamily => 'RedHat', + :operatingsystem => 'CentOS', :operatingsystemrelease => '6', + :id => 'root', :concat_basedir => '/dne', } end diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 89e9b2041f..68cd208cfc 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -12,7 +12,9 @@ let :default_facts do { :osfamily => 'RedHat', + :operatingsystem => 'CentOS', :operatingsystemrelease => '6', + :id => 'root', :concat_basedir => '/dne', } end @@ -28,7 +30,10 @@ let :default_facts do { :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :id => 'root', :concat_basedir => '/dne', } end @@ -44,7 +49,9 @@ let :default_facts do { :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :id => 'root', :concat_basedir => '/dne', } end @@ -61,7 +68,10 @@ let :facts do { :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :id => 'root', :concat_basedir => '/dne', } end From 2dbb1ec540e71fb2f920891d213d88774faf5c14 Mon Sep 17 00:00:00 2001 From: Jesse Cotton Date: Wed, 2 Jul 2014 02:38:37 +0000 Subject: [PATCH 0285/2267] Add param to ctrl purging of vhost dir --- README.md | 4 ++++ manifests/init.pp | 12 ++++++++++-- spec/acceptance/apache_parameters_spec.rb | 22 +++++++++++++++++----- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index e9f1388196..d6bef12d09 100644 --- a/README.md +++ b/README.md @@ -374,6 +374,10 @@ Changes the name of the file containing Apache ports configuration. Default is ` Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module. +#####`purge_vhost_configs` + +If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` + #####`sendfile` Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'. diff --git a/manifests/init.pp b/manifests/init.pp index 9f77d5b4e7..2c63fd7437 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,6 +28,7 @@ $service_enable = true, $service_ensure = 'running', $purge_configs = true, + $purge_vhost_dir = undef, $purge_vdir = false, $serveradmin = 'root@localhost', $sendfile = 'On', @@ -126,6 +127,13 @@ $purge_confd = $purge_configs } + # Set purge vhostd appropriately + if $purge_vhost_dir == undef { + $purge_vhostd = $purge_confd + } else { + $purge_vhostd = $purge_vhost_dir + } + Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin', } @@ -183,7 +191,7 @@ file { $vhost_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -198,7 +206,7 @@ file { $vhost_enable_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 54b4242251..5c26703ac9 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -79,18 +79,24 @@ class { 'apache': it 'applies cleanly' do pp = <<-EOS class { 'apache': - purge_configs => false, - purge_vdir => false, + purge_configs => false, + purge_vdir => false, + purge_vhost_dir => false, + vhost_dir => "#{confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") + shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") apply_manifest(pp, :catch_failures => true) end - # Ensure the file didn't disappear. + # Ensure the files didn't disappear. describe file("#{$confd_dir}/test.conf") do it { is_expected.to be_file } end + describe file("#{$confd_dir}.vhosts/test.conf") do + it { is_expected.to be_file } + end end if fact('osfamily') != 'Debian' @@ -98,11 +104,14 @@ class { 'apache': it 'applies cleanly' do pp = <<-EOS class { 'apache': - purge_configs => true, - purge_vdir => true, + purge_configs => true, + purge_vdir => true, + purge_vhost_dir => true, + vhost_dir => "#{confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") + shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") apply_manifest(pp, :catch_failures => true) end @@ -110,6 +119,9 @@ class { 'apache': describe file("#{$confd_dir}/test.conf") do it { is_expected.not_to be_file } end + describe file("#{$confd_dir}.vhosts/test.conf") do + it { is_expected.not_to be_file } + end end end From bec6a5f91d9c4979575b87e76c56204e59598d46 Mon Sep 17 00:00:00 2001 From: Tim Bishop Date: Wed, 2 Jul 2014 23:39:52 +0100 Subject: [PATCH 0286/2267] Allow ssl_certs_dir to be unset. In some cases we don't want SSLCACertificatePath to be set at all. If we're using SSLCACertificateFile instead to verify clients we might want that to be the only CA used. Most other options in this template are optional, so I don't see why this one can't be too. --- templates/vhost/_ssl.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 03c78ef427..174f0a1891 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,9 @@ <% if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <% end -%> +<% if @ssl_certs_dir -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" +<% end -%> <% if @ssl_ca -%> SSLCACertificateFile "<%= @ssl_ca %>" <% end -%> From adc096dd2fc8a4ec70de721fae753dacbb6fd316 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 3 Jul 2014 09:53:31 -0700 Subject: [PATCH 0287/2267] Add validate and lint tasks to travis script --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 22dcca7081..86222c2813 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ --- language: ruby bundler_args: --without development -script: "bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true include: From e94f504e25444aa26a080132c8edf371512f3f4e Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 3 Jul 2014 11:33:19 -0700 Subject: [PATCH 0288/2267] Disable 'Only variable string' lint check in .sync.yml mod.pp#79 needs to quote this variable to work. --- .sync.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.sync.yml b/.sync.yml index 51a4c60a4b..96d3c2bdb6 100644 --- a/.sync.yml +++ b/.sync.yml @@ -5,5 +5,8 @@ env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" +Rakefile: + extra_disabled_lint_checks: + - 'disable_only_variable_string' spec/spec_helper.rb: unmanaged: true From 292d2c28d7417a8f735a7bdf947ab73cce898372 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 3 Jul 2014 11:45:03 -0700 Subject: [PATCH 0289/2267] Fix failing lint tests Disabled checking for only variables in strings and fixed trailing spaces. --- Rakefile | 1 + manifests/mod/dav_svn.pp | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Rakefile b/Rakefile index 5868545f20..e1f7f013cd 100644 --- a/Rakefile +++ b/Rakefile @@ -7,4 +7,5 @@ PuppetLint.configuration.send('disable_class_inherits_from_params_class') PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.send('disable_only_variable_string') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 0fd667bc3f..98166c7fcd 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -3,8 +3,8 @@ ) { Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] include ::apache::mod::dav - ::apache::mod { 'dav_svn': } - + ::apache::mod { 'dav_svn': } + if $authz_svn_enabled { ::apache::mod { 'authz_svn': loadfile_name => 'dav_svn_authz_svn.load', From e496d8511d16e3d46e981a4780ee495a6e8f7769 Mon Sep 17 00:00:00 2001 From: Jesse Cotton Date: Wed, 2 Jul 2014 03:44:25 +0000 Subject: [PATCH 0290/2267] Add deflate params types and notes --- README.md | 23 +++++++++++++++++++++++ manifests/mod/deflate.pp | 16 ++++++++++++++-- spec/classes/mod/deflate_spec.rb | 17 ++++++++++++----- templates/mod/deflate.conf.erb | 13 ++++++------- 4 files changed, 55 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index e9f1388196..24c688e899 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Class: apache::mod::negotiation](#class-apachemodnegotiation) + * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -670,6 +671,28 @@ A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallb An array of languages to set the `LanguagePriority` option of the module. +####Class: `apache::mod::deflate` + +Installs and configures mod_deflate. If no parameters are provided, a default configuration is applied. + +```puppet + class { '::apache::mod::deflate': + types => [ 'text/html', 'text/css' ], + notes => { + 'Input' => 'instream', + 'Ratio' => 'ratio', + }, + } +``` + +#####`types` + +An array of mime types that will be deflated. + +#####`notes` + +A hash where the key represents the type and the value represents the note name. + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 9b597d9466..561cbadbf9 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -1,6 +1,18 @@ -class apache::mod::deflate { +class apache::mod::deflate ( + $types = [ + 'text/html text/plain text/xml', + 'text/css', + 'application/x-javascript application/javascript application/ecmascript', + 'application/rss+xml' + ], + $notes = { + 'Input' => 'instream', + 'Output' => 'outstream', + 'Ratio' => 'ratio' + } +) { ::apache::mod { 'deflate': } - # Template uses no variables + file { 'deflate.conf': ensure => file, path => "${::apache::mod_dir}/deflate.conf", diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 227c97a829..164dbfa2ea 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -6,13 +6,10 @@ def general_deflate_specs it do is_expected.to contain_file("deflate.conf").with_content( - "AddOutputFilterByType DEFLATE text/html text/plain text/xml\n"\ "AddOutputFilterByType DEFLATE text/css\n"\ - "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript\n"\ - "AddOutputFilterByType DEFLATE application/rss+xml\n"\ + "AddOutputFilterByType DEFLATE text/html\n"\ "\n"\ "DeflateFilterNote Input instream\n"\ - "DeflateFilterNote Output outstream\n"\ "DeflateFilterNote Ratio ratio\n" ) end @@ -20,7 +17,17 @@ def general_deflate_specs describe 'apache::mod::deflate', :type => :class do let :pre_condition do - 'include apache' + 'class { "apache": + default_mods => false, + } + class { "apache::mod::deflate": + types => [ "text/html", "text/css" ], + notes => { + "Input" => "instream", + "Ratio" => "ratio", + } + } + ' end context "On a Debian OS with default params" do diff --git a/templates/mod/deflate.conf.erb b/templates/mod/deflate.conf.erb index a3cdf0552e..ede8b2e768 100644 --- a/templates/mod/deflate.conf.erb +++ b/templates/mod/deflate.conf.erb @@ -1,8 +1,7 @@ -AddOutputFilterByType DEFLATE text/html text/plain text/xml -AddOutputFilterByType DEFLATE text/css -AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript -AddOutputFilterByType DEFLATE application/rss+xml +<%- @types.sort.each do |type| -%> +AddOutputFilterByType DEFLATE <%= type %> +<%- end -%> -DeflateFilterNote Input instream -DeflateFilterNote Output outstream -DeflateFilterNote Ratio ratio +<%- @notes.sort.each do |type,note| -%> +DeflateFilterNote <%= type %> <%=note %> +<%- end -%> From 306682ad913052bfca5f11eaee79035fed908a44 Mon Sep 17 00:00:00 2001 From: Jesse Cotton Date: Thu, 3 Jul 2014 22:39:23 +0000 Subject: [PATCH 0291/2267] Remove deprecated purge_vdir; Rename variables --- manifests/init.pp | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 2c63fd7437..f6aa7ea3a9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,7 +29,6 @@ $service_ensure = 'running', $purge_configs = true, $purge_vhost_dir = undef, - $purge_vdir = false, $serveradmin = 'root@localhost', $sendfile = 'On', $error_documents = false, @@ -119,19 +118,11 @@ service_ensure => $service_ensure, } - # Deprecated backwards-compatibility - if $purge_vdir { - warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') - $purge_confd = $purge_vdir - } else { - $purge_confd = $purge_configs - } - # Set purge vhostd appropriately if $purge_vhost_dir == undef { - $purge_vhostd = $purge_confd + $_purge_vhost_dir = $purge_configs } else { - $purge_vhostd = $purge_vhost_dir + $_purge_vhost_dir = $purge_vhost_dir } Exec { @@ -145,7 +136,7 @@ file { $confd_dir: ensure => directory, recurse => true, - purge => $purge_confd, + purge => $purge_configs, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -191,7 +182,7 @@ file { $vhost_dir: ensure => directory, recurse => true, - purge => $purge_vhostd, + purge => $_purge_vhost_dir, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -206,7 +197,7 @@ file { $vhost_enable_dir: ensure => directory, recurse => true, - purge => $purge_vhostd, + purge => $_purge_vhost_dir, notify => Class['Apache::Service'], require => Package['httpd'], } From b62bb06ae59933f2552e8e231db1829fb778e8cb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 8 Jul 2014 15:36:17 -0400 Subject: [PATCH 0292/2267] Mark tests depending on passenger as pending on RHEL7. --- spec/acceptance/mod_passenger_spec.rb | 176 +++++++++++++------------- spec/acceptance/vhost_spec.rb | 44 ++++--- 2 files changed, 113 insertions(+), 107 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 085904975c..a51fc9cd51 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -130,108 +130,110 @@ class { 'apache::mod::passenger': } # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') - context "default passenger config" do - it 'succeeds in puppeting passenger' do - pp = <<-EOS - /* EPEL and passenger repositories */ - class { 'epel': } - exec { 'passenger.repo GPG key': - command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - } - file { 'passenger.repo GPG key': - ensure => file, - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => Exec['passenger.repo GPG key'], - } - epel::rpm_gpg_key { 'passenger.stealthymonkeys.com': - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => [ - Class['epel'], - File['passenger.repo GPG key'], - ] - } - $releasever_string = $operatingsystem ? { - 'Scientific' => '6', - default => '$releasever', - } - yumrepo { 'passenger': - baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" , - descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger", - enabled => 1, - gpgcheck => 1, - gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors', - require => [ - Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'], - ], - } - /* apache and mod_passenger */ - class { 'apache': + if fact('operatingsystem') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + pending('test passenger - RHEL7 packages don\'t exist') + else + context "default passenger config" do + it 'succeeds in puppeting passenger' do + pp = <<-EOS + /* EPEL and passenger repositories */ + class { 'epel': } + exec { 'passenger.repo GPG key': + command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', + creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', + } + file { 'passenger.repo GPG key': + ensure => file, + path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', + require => Exec['passenger.repo GPG key'], + } + epel::rpm_gpg_key { 'passenger.stealthymonkeys.com': + path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', require => [ Class['epel'], - ], - } - class { 'apache::mod::passenger': - require => [ - Yumrepo['passenger'] - ], - } - #{pp_rackapp} - EOS - apply_manifest(pp, :catch_failures => true) - end + File['passenger.repo GPG key'], + ] + } + $releasever_string = $operatingsystem ? { + 'Scientific' => '6', + default => '$releasever', + } + yumrepo { 'passenger': + baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" , + descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger", + enabled => 1, + gpgcheck => 1, + gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', + mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors', + require => [ + Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'], + ], + } + /* apache and mod_passenger */ + class { 'apache': + require => [ + Class['epel'], + ], + } + class { 'apache::mod::passenger': + require => [ + Yumrepo['passenger'] + ], + } + #{pp_rackapp} + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service(service_name) do - it { should be_enabled } - it { should be_running } - end + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end - describe file(conf_file) do - it { should contain "PassengerRoot #{passenger_root}" } - it { should contain "PassengerRuby #{passenger_ruby}" } - it { should contain "PassengerTempDir #{passenger_tempdir}" } - end + describe file(conf_file) do + it { should contain "PassengerRoot #{passenger_root}" } + it { should contain "PassengerRuby #{passenger_ruby}" } + it { should contain "PassengerTempDir #{passenger_tempdir}" } + end - describe file(load_file) do - it { should contain "LoadModule passenger_module #{passenger_module_path}" } - end + describe file(load_file) do + it { should contain "LoadModule passenger_module #{passenger_module_path}" } + end - it 'should output status via passenger-memory-stats' do - shell("/usr/bin/passenger-memory-stats") do |r| - r.stdout.should =~ /Apache processes/ - r.stdout.should =~ /Nginx processes/ - r.stdout.should =~ /Passenger processes/ - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + it 'should output status via passenger-memory-stats' do + shell("/usr/bin/passenger-memory-stats") do |r| + r.stdout.should =~ /Apache processes/ + r.stdout.should =~ /Nginx processes/ + r.stdout.should =~ /Passenger processes/ + r.stdout.should =~ /### Processes: [0-9]+/ + r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ - r.exit_code.should == 0 + r.exit_code.should == 0 + end end - end - it 'should output status via passenger-status' do - shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| - # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ + it 'should output status via passenger-status' do + shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| + # spacing may vary + r.stdout.should =~ /[\-]+ General information [\-]+/ + r.stdout.should =~ /max[ ]+= [0-9]+/ + r.stdout.should =~ /count[ ]+= [0-9]+/ + r.stdout.should =~ /active[ ]+= [0-9]+/ + r.stdout.should =~ /inactive[ ]+= [0-9]+/ + r.stdout.should =~ /Waiting on global queue: [0-9]+/ - r.exit_code.should == 0 + r.exit_code.should == 0 + end end - end - it 'should answer to passenger.example.com' do - shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello world<\/b>$/ - r.exit_code.should == 0 + it 'should answer to passenger.example.com' do + shell("/usr/bin/curl passenger.example.com:80") do |r| + r.stdout.should =~ /^hello world<\/b>$/ + r.exit_code.should == 0 + end end end end - end - end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index c99e7d5246..63309da521 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -814,29 +814,33 @@ class { 'apache': } # Passenger isn't even in EPEL on el-5 if default['platform'] !~ /^el-5/ - describe 'rack_base_uris' do - if fact('osfamily') == 'RedHat' - it 'adds epel' do - pp = "class { 'epel': }" - apply_manifest(pp, :catch_failures => true) + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + pending('Since we don\'t have passenger on RHEL7 rack_base_uris tests will fail') + else + describe 'rack_base_uris' do + if fact('osfamily') == 'RedHat' + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end end - end - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'RackBaseURI /test' } + describe file("#{$vhost_dir}/25-test.server.conf") do + it { should be_file } + it { should contain 'RackBaseURI /test' } + end end end end From 28d2371f370e8a9a17bee019b6248d501bf71d57 Mon Sep 17 00:00:00 2001 From: GeneBean Date: Tue, 8 Jul 2014 23:19:06 -0400 Subject: [PATCH 0293/2267] Added the ability to customize mod_info's settings. Updated README.md with new settings info. Updated tests for apache::mod::info --- README.md | 50 ++++++++++++++- manifests/mod/info.pp | 5 +- spec/classes/mod/info_spec.rb | 116 ++++++++++++++++++++-------------- templates/mod/info.conf.erb | 15 ++++- 4 files changed, 133 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index d6bef12d09..8176b1db06 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) @@ -465,7 +466,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `fcgid` * `headers` * `include` -* `info` +* `info`* * `itk` * `ldap` * `mime` @@ -502,6 +503,53 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install and the module will not work without the template. Any module without a template will install the package but drop no files. +####Class: `apache::mod::info` + +Installs and manages mod_info which provides a comprehensive overview of the server configuration. + +Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). + +These are the default settings: + +```puppet + $allow_from = ['127.0.0.1','::1'], + $apache_version = $::apache::apache_version, + $restrict_access = true, +``` + +To set the addresses that are allowed to access /server-info add the following: + +```puppet + class {'apache::mod::info': + allow_from => [ + '10.10.36', + '10.10.38', + '127.0.0.1', + ], + } +``` + +To disable the access restrictions add the following: + +```puppet + class {'apache::mod::info': + restrict_access => false, + } +``` + +It is not recommended to leave this set to false though it can be very useful for testing. For this reason, you can insert this setting in your normal code to temporarily disable the restrictions like so: + +```puppet + class {'apache::mod::info': + restrict_access => false, # false disables the block below + allow_from => [ + '10.10.36', + '10.10.38', + '127.0.0.1', + ], + } +``` + ####Class: `apache::mod::pagespeed` Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth. diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 18f9ea1dfe..2c3d56ed88 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -1,6 +1,7 @@ class apache::mod::info ( - $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, + $allow_from = ['127.0.0.1','::1'], + $apache_version = $::apache::apache_version, + $restrict_access = true, ){ apache::mod { 'info': } # Template uses diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 3415dec67e..20ed127dcb 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -1,27 +1,73 @@ -require 'spec_helper' - # This function is called inside the OS specific contexts def general_info_specs - it { is_expected.to contain_apache__mod("info") } + it { is_expected.to contain_apache__mod('info') } - it do - is_expected.to contain_file("info.conf").with_content( - "\n"\ - " SetHandler server-info\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from 127.0.0.1 ::1\n"\ - "\n" - ) + context 'passing no parameters' do + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 127.0.0.1\n"\ + " Allow from ::1\n"\ + "\n" + ) + } + end + context 'passing restrict_access => false' do + let :params do { + :restrict_access => false + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } + end + context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do + let :params do + {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']} + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 10.10.1.2\n"\ + " Allow from 192.168.1.2\n"\ + " Allow from 127.0.0.1\n"\ + "\n" + ) + } + end + context 'passing both restrict_access and allow_from' do + let :params do + { + :restrict_access => false, + :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1'] + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } end end describe 'apache::mod::info', :type => :class do let :pre_condition do - 'include apache' + "class { 'apache': default_mods => false, }" end - context "On a Debian OS with default params" do + context 'On a Debian OS' do let :facts do { :osfamily => 'Debian', @@ -38,17 +84,17 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { is_expected.to contain_file("info.conf").with({ + it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', :path => '/etc/apache2/mods-available/info.conf', } ) } - it { is_expected.to contain_file("info.conf symlink").with({ + it { is_expected.to contain_file('info.conf symlink').with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/info.conf', } ) } end - context "on a RedHat OS with default params" do + context 'on a RedHat OS' do let :facts do { :osfamily => 'RedHat', @@ -64,10 +110,13 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { is_expected.to contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } + it { is_expected.to contain_file('info.conf').with({ + :ensure => 'file', + :path => '/etc/httpd/conf.d/info.conf', + } ) } end - context "On a FreeBSD OS with default params" do + context 'on a FreeBSD OS' do let :facts do { :osfamily => 'FreeBSD', @@ -83,37 +132,10 @@ def general_info_specs # Load the more generic tests for this context general_info_specs() - it { is_expected.to contain_file("info.conf").with({ + it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', :path => '/usr/local/etc/apache22/Modules/info.conf', } ) } end - context "with $allow_from => ['10.10.10.10','11.11.11.11']" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let :params do - { :allow_from => ['10.10.10.10','11.11.11.11'] } - end - it do - is_expected.to contain_file("info.conf").with_content( - "\n"\ - " SetHandler server-info\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from 10.10.10.10 11.11.11.11\n"\ - "\n" - ) - end - end end diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb index d5288fb8c9..1a025b7a6e 100644 --- a/templates/mod/info.conf.erb +++ b/templates/mod/info.conf.erb @@ -1,10 +1,19 @@ SetHandler server-info - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if @restrict_access -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> - <%- else -%> + <%- else -%> Order deny,allow Deny from all - Allow from <%= Array(@allow_from).join(" ") %> + <%- if @allow_from and ! @allow_from.empty? -%> + <%- @allow_from.each do |allowed| -%> + Allow from <%= allowed %> + <%- end -%> + <%- else -%> + Allow from 127.0.0.1 + Allow from ::1 <%- end -%> + <%- end -%> +<%- end -%> From eab15fba55e88f572462ada6c655e8744cdf2c32 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Tue, 15 Jul 2014 11:45:52 -0400 Subject: [PATCH 0294/2267] Prepare a 1.1.1 release. --- CHANGELOG.md | 6 +++ Modulefile | 12 ----- metadata.json | 142 +++++++++++++++++++++++++++----------------------- 3 files changed, 84 insertions(+), 76 deletions(-) delete mode 100644 Modulefile diff --git a/CHANGELOG.md b/CHANGELOG.md index c77316a488..b598fdd2ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +##2014-07-15 - Supported Release 1.1.1 +###Summary + +This release merely updates metadata.json so the module can be uninstalled and +upgraded via the puppet module command. + ## 2014-04-14 Supported Release 1.1.0 ###Summary diff --git a/Modulefile b/Modulefile deleted file mode 100644 index 49a712bcdd..0000000000 --- a/Modulefile +++ /dev/null @@ -1,12 +0,0 @@ -name 'puppetlabs-apache' -version '1.1.0' -source 'git://github.com/puppetlabs/puppetlabs-apache.git' -author 'puppetlabs' -license 'Apache 2.0' -summary 'Puppet module for Apache' -description 'Module for Apache configuration' -project_page 'https://github.com/puppetlabs/puppetlabs-apache' - -## Add dependencies, if any: -dependency 'puppetlabs/stdlib', '>= 2.4.0' -dependency 'puppetlabs/concat', '>= 1.0.0' diff --git a/metadata.json b/metadata.json index 15317ff18e..f225f70e90 100644 --- a/metadata.json +++ b/metadata.json @@ -1,66 +1,80 @@ { - "name": "puppetlabs-apache", - "version": "1.1.0", - "source": "https://github.com/puppetlabs/puppetlabs-apache", - "author": "Puppet Labs", - "license": "Apache-2.0", - "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "summary": "Puppet module for Apache", - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "5", - "6", - "7" - - ] - }, - { - "operatingsystem": "OracleLinux", - "operatingsystemrelease": [ - "5", - "6", - "7" - - ] - }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "5", - "6", - "7" - - ] - }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "10.04", - "12.04", - "14.04" - ] - } - ], - "requirements": [ - { "name": "pe", "version_requirement": ">= 3.2.0 < 3.4.0" }, - { "name": "puppet", "version_requirement": "3.x" } - ], - "dependencies": [] + "name": "puppetlabs-apache", + "version": "1.1.1", + "author": "puppetlabs", + "summary": "Puppet module for Apache", + "license": "Apache 2.0", + "source": "git://github.com/puppetlabs/puppetlabs-apache.git", + "project_page": "https://github.com/puppetlabs/puppetlabs-apache", + "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "10.04", + "12.04", + "14.04" + ] + } + ], + "requirements": [ + { + "name": "pe", + "version_requirement": ">= 3.2.0 < 3.4.0" + }, + { + "name": "puppet", + "version_requirement": "3.x" + } + ], + "description": "Module for Apache configuration", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 2.4.0" + }, + { + "name": "puppetlabs/concat", + "version_requirement": ">= 1.0.0" + } + ] } From cd8abecc459a5669959a808f14dd64107148b030 Mon Sep 17 00:00:00 2001 From: Mathew Winstone Date: Tue, 15 Jul 2014 12:35:21 -0400 Subject: [PATCH 0295/2267] Removed stray quotation --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d6bef12d09..1833b397fc 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,7 @@ To set up a virtual host with a wildcard alias for the subdomain mapped to a sam apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', - virtual_docroot' => '/var/www/%-2+', + virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } From 232965c6628f9eebae84222b5d5664537df52589 Mon Sep 17 00:00:00 2001 From: Jim Stallings <“jestallin@gmail.com”> Date: Tue, 22 Jul 2014 20:54:54 -0400 Subject: [PATCH 0296/2267] Add authn_core mod to ubuntu trusty defaults --- manifests/default_mods.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index f665d7383e..03696f3d7c 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -24,6 +24,9 @@ case $::osfamily { 'debian': { include ::apache::mod::reqtimeout + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mod { 'authn_core': } + } } 'redhat': { include ::apache::mod::actions From dfaae9a00cb70bb536bdd889ac3c4011f36e0c61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 29 Jul 2014 16:59:15 +0200 Subject: [PATCH 0297/2267] introduce flag to manage the docroot manage_docroot defaults to `true` to retain backwards compatibility. This flag is useful if the docroot is created by other, conflicting means such as vcsrepo. --- README.md | 4 ++++ manifests/vhost.pp | 3 ++- spec/defines/vhost_spec.rb | 9 +++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 09669e9cea..1bcf660509 100644 --- a/README.md +++ b/README.md @@ -827,6 +827,10 @@ Sets individual user access to the docroot directory. Defaults to 'root'. Sets access permissions of the docroot directory. Defaults to 'undef'. +#####`manage_docroot` + +Whether to manage to docroot directory at all. Defaults to 'true'. + #####`error_log` Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 55ff8007d0..d4b554b4c7 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -77,6 +77,7 @@ # define apache::vhost( $docroot, + $manage_docroot = true, $virtual_docroot = false, $port = undef, $ip = undef, @@ -261,7 +262,7 @@ # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources - if ! defined(File[$docroot]) { + if ! defined(File[$docroot]) and $manage_docroot { file { $docroot: ensure => directory, owner => $docroot_owner, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index c30e54e8f5..2beb8c987d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1166,6 +1166,15 @@ end end + describe 'when docroot is *not* managed' do + let :params do default_params.merge({ + :manage_docroot=> false, + }) end + it 'should not contain docroot ' do + is_expected.not_to contain_file(params[:docroot]) + end + end + describe 'when wsgi_daemon_process and wsgi_daemon_process_options are specified' do let :params do default_params.merge({ :wsgi_daemon_process => 'example.org', From 1db1e476d002af303596b933d25129579bcd9156 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Tue, 29 Jul 2014 18:28:31 -0400 Subject: [PATCH 0298/2267] vhost: Create the $logroot only when necessary. Currently, there is no way to specify default `$logroot` directory permissions. It will always take the one from default. Admitting we specify `apache::default_vhost: false`, this will ensure `default_vhost_ensure` is set to absent. Then it will call `apache::vhost { 'default'` with `ensure = absent`. The problem is that the file resource that defines `$logroot` is surrounded only by an `if !defined()`, so since when default pass it is not defined - yet, it is true, it then enters and create the `$logroot` with default permissions. Even if I specify `apache::default_vhost: false` and specify the `$logroot_mode` of my custom `apache::vhost`, it will never make it in, since it as already be defined. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index d4b554b4c7..36b94338c6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -273,7 +273,7 @@ } # Same as above, but for logroot - if ! defined(File[$logroot]) { + if ! defined(File[$logroot]) and $ensure == 'present' { file { $logroot: ensure => directory, mode => $logroot_mode, From 63a1a822dee6e01c36b25026835cb799663efda8 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 29 Jul 2014 15:55:42 -0700 Subject: [PATCH 0299/2267] Fix strict variables --- spec/classes/mod/negotiation_spec.rb | 2 ++ spec/classes/mod/php_spec.rb | 2 ++ spec/classes/mod/worker_spec.rb | 1 + spec/defines/fastcgi_server_spec.rb | 4 ++++ 4 files changed, 9 insertions(+) diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index f4a8d64e00..814660e1a1 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -10,6 +10,8 @@ :lsbdistcodename => 'squeeze', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 0252cd5055..76fd692267 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -145,6 +145,8 @@ :operatingsystemrelease => '6', :lsbdistcodename => 'squeeze', :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end context 'with content param' do diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 07b27e3dae..c2ede28a2b 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -121,6 +121,7 @@ :operatingsystemrelease => '6', :id => 'root', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 68cd208cfc..794659e62b 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -16,6 +16,7 @@ :operatingsystemrelease => '6', :id => 'root', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :facts do default_facts end @@ -35,6 +36,7 @@ :lsbdistcodename => 'squeeze', :id => 'root', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :facts do default_facts end @@ -53,6 +55,7 @@ :operatingsystemrelease => '9', :id => 'root', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end let :facts do default_facts end @@ -73,6 +76,7 @@ :lsbdistcodename => 'squeeze', :id => 'root', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end describe ".conf content" do From d6d120a4c92f343962bf1993b0163a650c671f04 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 5 Aug 2014 13:10:21 -0400 Subject: [PATCH 0300/2267] Update spec tests and README for fcgi_server Fixes #781 --- README.md | 12 ++++++------ spec/defines/fastcgi_server_spec.rb | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 46bde67cf2..26b92e2b79 100644 --- a/README.md +++ b/README.md @@ -1715,12 +1715,12 @@ Ex: ```puppet apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => false, - faux_path => '/var/www/php.fcgi', - alias => '/php.fcgi', - file_type => 'application/x-httpd-php' + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' } ``` diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 794659e62b..4a8762c868 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -82,12 +82,12 @@ describe ".conf content" do let :params do { - :host => '127.0.0.1:9001', - :timeout => 30, - :flush => true, - :faux_path => '/var/www/php-www.fcgi', - :alias => '/php-www.fcgi', - :file_type => 'application/x-httpd-php' + :host => '127.0.0.1:9001', + :timeout => 30, + :flush => true, + :faux_path => '/var/www/php-www.fcgi', + :fcgi_alias => '/php-www.fcgi', + :file_type => 'application/x-httpd-php' } end let :expected do From 2093c1e763ffa0760bbe92cb7ba912979062daae Mon Sep 17 00:00:00 2001 From: Juan Treminio Date: Wed, 6 Aug 2014 15:04:43 -0500 Subject: [PATCH 0301/2267] Set $ssl_mutex to default for Debian $apache_version > 2.4 --- manifests/mod/ssl.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index dd178150c9..0159148517 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -12,7 +12,7 @@ case $::osfamily { 'debian': { - if versioncmp($apache_version, '2.4') >= 0 and $::operatingsystem == 'Ubuntu' { + if versioncmp($apache_version, '2.4') >= 0 { $ssl_mutex = 'default' } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' From fcb4a09e38d8a7aaba7eefc90ce031d5cb9bc84d Mon Sep 17 00:00:00 2001 From: corvus_ch Date: Tue, 5 Aug 2014 08:33:15 +0200 Subject: [PATCH 0302/2267] Support itk with mod php --- manifests/mod/php.pp | 11 ++++++--- spec/classes/mod/php_spec.rb | 45 +++++++++++++++++++++++++++--------- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index a94bfe50bd..ad0ff48a0e 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -7,8 +7,14 @@ $template = 'apache/mod/php5.conf.erb', $source = undef, ) { - if ! defined(Class['apache::mod::prefork']) { - fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') + if defined(Class['apache::mod::prefork']) { + Class['::apache::mod::prefork']->File['php5.conf'] + } + elsif defined(Class['apache::mod::itk']) { + Class['::apache::mod::itk']->File['php5.conf'] + } + else { + fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']') } validate_array($extensions) @@ -46,7 +52,6 @@ content => $manage_content, source => $source, require => [ - Class['::apache::mod::prefork'], Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 76fd692267..c61cdf6f53 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -19,19 +19,24 @@ 'class { "apache": mpm_module => prefork, }' end it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::prefork") } it { is_expected.to contain_apache__mod('php5') } it { is_expected.to contain_package("libapache2-mod-php5") } it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" ) } end - context 'with mpm_module => worker' do + context "with mpm_module => itk" do let :pre_condition do - 'class { "apache": mpm_module => worker, }' - end - it 'should raise an error' do - expect { subject }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + 'class { "apache": mpm_module => itk, }' end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::itk") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("libapache2-mod-php5") } + it { is_expected.to contain_file("php5.load").with( + :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" + ) } end end describe "on a RedHat OS" do @@ -99,12 +104,21 @@ 'class { "apache": mpm_module => prefork, }' end it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::prefork") } it { is_expected.to contain_apache__mod('php5') } it { is_expected.to contain_package("php") } it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module modules/libphp5.so\n" ) } end + context "with mpm_module => itk" do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end + it 'should raise an error' do + expect { expect(subject).to contain_class("apache::mod::itk") }.to raise_error Puppet::Error, /Unsupported osfamily RedHat/ + end + end end describe "on a FreeBSD OS" do let :facts do @@ -127,14 +141,15 @@ it { is_expected.to contain_package("lang/php5") } it { is_expected.to contain_file('php5.load') } end - # FIXME: not sure about the following context - context 'with mpm_module => worker' do + context "with mpm_module => itk" do let :pre_condition do - 'class { "apache": mpm_module => worker, }' - end - it 'should raise an error' do - expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + 'class { "apache": mpm_module => itk, }' end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_file('php5.load') } end end describe "OS independent tests" do @@ -224,5 +239,13 @@ :source => 'some-path' ) } end + context 'with mpm_module => worker' do + let :pre_condition do + 'class { "apache": mpm_module => worker, }' + end + it 'should raise an error' do + expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork' or mpm_module => 'itk'/ + end + end end end From 990ffef724926297f5f4a5a690812de1067a22f9 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Wed, 6 Aug 2014 13:25:39 +0200 Subject: [PATCH 0303/2267] Add a timeouts parameter to apache::mod::reqtimeout --- README.md | 19 +++++ manifests/mod/reqtimeout.pp | 4 +- spec/classes/mod/reqtimeout_spec.rb | 112 ++++++++++++++++++++++++++++ templates/mod/reqtimeout.conf.erb | 5 +- 4 files changed, 137 insertions(+), 3 deletions(-) create mode 100644 spec/classes/mod/reqtimeout_spec.rb diff --git a/README.md b/README.md index 26b92e2b79..06d428ce27 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) + * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -745,6 +746,24 @@ An array of mime types that will be deflated. A hash where the key represents the type and the value represents the note name. + +####Class: `apache::mod::reqtimeout` + +Installs and configures mod_reqtimeout. Defaults to recommended apache +mod_reqtimeout configuration. + +```puppet + class { '::apache::mod::reqtimeout': + timeouts => ['header=20-40,MinRate=500', 'body=20,MinRate=500'], + } +``` + +#####`timeouts` + +A string or an array that sets the `RequestReadTimeout` option. Defaults to +`['header=20-40,MinRate=500', 'body=20,MinRate=500']`. + + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp index 80b3018306..62088873bb 100644 --- a/manifests/mod/reqtimeout.pp +++ b/manifests/mod/reqtimeout.pp @@ -1,4 +1,6 @@ -class apache::mod::reqtimeout { +class apache::mod::reqtimeout ( + $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500'] +){ ::apache::mod { 'reqtimeout': } # Template uses no variables file { 'reqtimeout.conf': diff --git a/spec/classes/mod/reqtimeout_spec.rb b/spec/classes/mod/reqtimeout_spec.rb new file mode 100644 index 0000000000..07c09b0940 --- /dev/null +++ b/spec/classes/mod/reqtimeout_spec.rb @@ -0,0 +1,112 @@ +require 'spec_helper' + +describe 'apache::mod::reqtimeout', :type => :class do + let :pre_condition do + 'class { "apache": + default_mods => false, + }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Redhat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end +end diff --git a/templates/mod/reqtimeout.conf.erb b/templates/mod/reqtimeout.conf.erb index 9a18800da5..6ffc5ffe25 100644 --- a/templates/mod/reqtimeout.conf.erb +++ b/templates/mod/reqtimeout.conf.erb @@ -1,2 +1,3 @@ -RequestReadTimeout header=20-40,minrate=500 -RequestReadTimeout body=10,minrate=500 +<% Array(@timeouts).each do |timeout| -%> +RequestReadTimeout <%= timeout %> +<%- end -%> From 231832ebb3590a0263b525ecfe3051d8f32cfe13 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Wed, 6 Aug 2014 12:43:33 +0200 Subject: [PATCH 0304/2267] Allow to set ProxyPassReverse attributes on a vhost This commit allows you to add an array or a string as a proxy_pass['reverse_url'] parameter. Useful when used with mod_balancer. --- README.md | 4 ++++ spec/defines/vhost_spec.rb | 27 +++++++++++++++++++++++++++ templates/vhost/_proxy.erb | 6 ++++++ 3 files changed, 37 insertions(+) diff --git a/README.md b/README.md index 26b92e2b79..550d468eda 100644 --- a/README.md +++ b/README.md @@ -991,10 +991,14 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/l', 'url' => 'http://backend-xy', + 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, ], } ``` +`reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. + #####`rack_base_uris` Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2beb8c987d..ea7047935c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -389,6 +389,33 @@ ], :notmatch => [/ProxyPass .+!$/], }, + { + :title => 'should accept reverse_urls string', + :attr => 'proxy_pass', + :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => 'http://127.0.0.1:8080' }, + :match => [ + /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, + /^ $/, + /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, + /^ <\/Location>$/, + + ], + :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], + }, + { + :title => 'should accept reverse_urls array', + :attr => 'proxy_pass', + :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => ['http://127.0.0.1:8080', 'http://127.0.0.1:8081'] }, + :match => [ + /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, + /^ $/, + /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, + /^ ProxyPassReverse http:\/\/127.0.0.1:8081$/, + /^ <\/Location>$/, + + ], + :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], + }, { :title => 'should accept proxy_pass array of hash', :attr => 'proxy_pass', diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index a1d2e52923..8802bc16ba 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -9,7 +9,13 @@ <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> > + <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= reverse_url %> + <%- end -%> + <%- end -%> <% end %> <% if @proxy_dest -%> From fa8bf120e787b71b3586d1198cff8408c41bd105 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 7 Aug 2014 16:38:26 -0400 Subject: [PATCH 0305/2267] Add a validate_string check for custom_fragment. --- manifests/vhost.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 36b94338c6..2d1d3d2615 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -242,6 +242,10 @@ validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') } + if $custom_fragment { + validate_string($custom_fragment) + } + if $ssl and $ensure == 'present' { include ::apache::mod::ssl # Required for the AddType lines. From fbc2916e02cc76886ea1b93fc7f598a6cec9a0c0 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 7 Aug 2014 18:03:16 -0400 Subject: [PATCH 0306/2267] Removed extra whitespace Fixed missing -%> --- templates/vhost.conf.erb | 4 ++-- templates/vhost/_proxy.erb | 6 +++--- templates/vhost/_rewrite.erb | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 64024cfef3..95ad3ce7df 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -27,9 +27,9 @@ <%= scope.function_template(['apache/vhost/_directories.erb']) -%> ## Load additional static includes -<% Array(@additional_includes).each do |include| %> +<% Array(@additional_includes).each do |include| -%> Include "<%= include %>" -<% end %> +<% end -%> ## Logging <% if @error_log -%> diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index a1d2e52923..2c6972a805 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -3,7 +3,7 @@ ## Proxy rules ProxyRequests Off <%- end -%> -<% if @proxy_preserve_host %> +<% if @proxy_preserve_host -%> ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> @@ -11,11 +11,11 @@ > ProxyPassReverse <%= proxy['url'] %> -<% end %> +<% end -%> <% if @proxy_dest -%> <%- Array(@no_proxy_uris).each do |uri| -%> ProxyPass <%= uri %> ! -<% end %> +<% end -%> ProxyPass / <%= @proxy_dest %>/ ProxyPassReverse <%= @proxy_dest %>/ diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index af8b45001e..c995868d75 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -27,7 +27,7 @@ <%- end -%> <%- end -%> <%- end -%> -<%# reverse compatibility %> +<%# reverse compatibility -%> <% if @rewrite_rule and !@rewrites -%> ## Rewrite rules RewriteEngine On From 935ee100ebe0b7c1b302669a9f74a25919f18455 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 31 Jul 2014 11:27:49 +0200 Subject: [PATCH 0307/2267] fix for #802: when !manage_docroot, don't require it in #802 we introduced manage_docroot, however, I overlooked a place in the code were we `require` it. This patch moves the priority_real, and filename evaluation above, so we can simply use a `before`. Perhaps we should cluster all variable transformation right below the validation code? --- manifests/vhost.pp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 2d1d3d2615..522560d9a9 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -264,6 +264,18 @@ include ::apache::mod::suexec } + # Configure the defaultness of a vhost + if $priority { + $priority_real = $priority + } elsif $default_vhost { + $priority_real = '10' + } else { + $priority_real = '25' + } + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources if ! defined(File[$docroot]) and $manage_docroot { @@ -273,6 +285,7 @@ group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], + before => File["${priority_real}-${filename}.conf"], } } @@ -404,15 +417,6 @@ } } - # Configure the defaultness of a vhost - if $priority { - $priority_real = $priority - } elsif $default_vhost { - $priority_real = '10' - } else { - $priority_real = '25' - } - # Check if mod_headers is required to process $headers/$request_headers if $headers or $request_headers { if ! defined(Class['apache::mod::headers']) { @@ -420,9 +424,6 @@ } } - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') - ## Create a default directory list if none defined if $directories { if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { @@ -542,7 +543,6 @@ mode => '0644', require => [ Package['httpd'], - File[$docroot], File[$logroot], ], notify => Service['httpd'], From c180f2e6039e8164b2bd31745da151b77bf7789e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 8 Aug 2014 10:34:51 -0400 Subject: [PATCH 0308/2267] MODULES-913 Documentation update The configuration is not propagated properly if you start your path with ~, update the documentation to remove that claim and add the *match providers. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4a4d89aa9..3d2ac35d1b 100644 --- a/README.md +++ b/README.md @@ -1287,7 +1287,7 @@ Each hash passed to `directories` must contain `path` as one of the keys. You m *Note:* At least one directory should match the `docroot` parameter. Once you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block will be created that matches the `docroot` parameter. -The `provider` key can be set to 'directory', 'files', or 'location'. If the path starts with a [~](https://httpd.apache.org/docs/current/mod/core.html#files), HTTPD will interpret this as the equivalent of DirectoryMatch, FilesMatch, or LocationMatch. +The `provider` key can be set to 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. ```puppet apache::vhost { 'files.example.net': From d0852758bb9ca39494eafd383b2b6a78990b5c08 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Fri, 8 Aug 2014 11:35:10 -0700 Subject: [PATCH 0309/2267] Call install_* methods only once in spec_helper_acceptance --- spec/spec_helper_acceptance.rb | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 370de46c0d..976a605595 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -3,16 +3,19 @@ unless ENV['RS_PROVISION'] == 'no' + foss_opts = { :version => '3.6.2', + :facter_version => '2.1.0', + :hiera_version => '1.3.4', + :default_action => 'gem_install' } + + if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end + hosts.each do |host| if host['platform'] =~ /debian/ on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' end - if host.is_pe? - install_pe - else - install_puppet - on host, "mkdir -p #{host['distmoduledir']}" - end + + on host, "mkdir -p #{host['distmoduledir']}" end end From 05370c247250cba765ed03dc5eee0a1cbda75522 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Fri, 8 Aug 2014 13:17:14 -0700 Subject: [PATCH 0310/2267] Don't support acceptance testing against apache on windows or osx --- spec/spec_helper_acceptance.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 976a605595..8af5252456 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -3,10 +3,9 @@ unless ENV['RS_PROVISION'] == 'no' - foss_opts = { :version => '3.6.2', - :facter_version => '2.1.0', - :hiera_version => '1.3.4', - :default_action => 'gem_install' } + # This will install the latest available package on el and deb based + # systems fail on windows and osx, and install via gem on other *nixes + foss_opts = { :default_action => 'gem_install' } if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end From 4736f50933d140d543fcbd13330105e1c51f45b6 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Mon, 11 Aug 2014 14:39:21 +0200 Subject: [PATCH 0311/2267] Call @proxy_set insteat of proxy_set in inline_template This commit removes the following depreciation message: Variable access via 'proxy_set' is deprecated. Use '@proxy_set' instead. --- manifests/balancer.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 173aaec2dd..b836897c46 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -71,7 +71,7 @@ ensure => present, target => $target, order => '19', - content => inline_template("<% proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= proxy_set[key] %>\n<% end %>"), + content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": From 15a668717e4df363cc539ab20d9a8e19f5a954c2 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 13 Aug 2014 19:43:19 -0400 Subject: [PATCH 0312/2267] Fix dependency loop in vhost Also fix missing backslash from test for rewrites. --- manifests/vhost.pp | 6 ++---- spec/acceptance/vhost_spec.rb | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 522560d9a9..cc9d837e70 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -295,6 +295,7 @@ ensure => directory, mode => $logroot_mode, require => Package['httpd'], + before => File["${priority_real}-${filename}.conf"], } } @@ -541,10 +542,7 @@ owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => [ - Package['httpd'], - File[$logroot], - ], + require => Package['httpd'], notify => Service['httpd'], } if $::osfamily == 'Debian' { diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index f8e26f7e22..9ecf347751 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -997,7 +997,7 @@ class { 'apache': } comment => 'Permalink Rewrites', rewrite_base => '/', }, - { rewrite_rule => [ '^index\.php$ - [L]' ] }, + { rewrite_rule => [ '^index\\.php$ - [L]' ] }, { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], } From 503be6d4e26788f215c0938dbca81df792f31ba6 Mon Sep 17 00:00:00 2001 From: Steven Merrill Date: Wed, 13 Aug 2014 16:32:44 -0400 Subject: [PATCH 0313/2267] Allow other manifests to define ::apache::mod{ 'ssl': }. This will allow Apache from the httpd24 SCL on RHELish systems to include the proper mod_ssl package while still letting ssl ::apache::vhost defines work as expected. Add package_name param to ::apache::mod::ssl. Add a test for the package_name parameter. Update the package_name parameter test. --- manifests/mod/ssl.pp | 5 ++++- spec/classes/mod/ssl_spec.rb | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 0159148517..ff0e929272 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -3,6 +3,7 @@ $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $apache_version = $::apache::apache_version, + $package_name = undef, ) { $session_cache = $::osfamily ? { 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', @@ -31,7 +32,9 @@ } } - ::apache::mod { 'ssl': } + ::apache::mod { 'ssl': + package => $package_name, + } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'socache_shmcb': } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index fb6ba4eb57..93f04e3ca5 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -34,6 +34,15 @@ it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } it { is_expected.to contain_package('mod_ssl') } + context 'with a custom package_name parameter' do + let :params do + { :package_name => 'httpd24-mod_ssl' } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_package('httpd24-mod_ssl') } + it { is_expected.not_to contain_package('mod_ssl') } + end end context 'on a Debian OS' do From e15c1b76a480996b6805918da0269feea3e62d09 Mon Sep 17 00:00:00 2001 From: Steven Merrill Date: Wed, 13 Aug 2014 17:56:18 -0400 Subject: [PATCH 0314/2267] Allow overriding the detected $apache_name. This will mainly be useful for supporting Red Hat Software Collections, where 'httpd24-httpd' installs Apache 2.4 alongside Apache 2.2 in the base repository. The $service_name parameter already allows customization of the service to use, but not the package. Document the ::apache::apache_name parameter. Add a test for the apache_name param. --- README.md | 4 ++++ manifests/init.pp | 3 ++- spec/classes/apache_spec.rb | 12 ++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d2ac35d1b..eaf36b14ab 100644 --- a/README.md +++ b/README.md @@ -425,6 +425,10 @@ Controls how TRACE requests per RFC 2616 are handled. More information about [Tr Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, and '/usr/local/etc/apache22/Vhosts' on FreeBSD. +#####`apache_name` + +The name of the Apache package to install. This is automatically detected in `::apache::params`. You may need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. + ####Class: `apache::default_mods` Installs default Apache modules based on what OS you are running. diff --git a/manifests/init.pp b/manifests/init.pp index f6aa7ea3a9..709c507da9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,6 +13,7 @@ # Sample Usage: # class apache ( + $apache_name = $::apache::params::apache_name, $service_name = $::apache::params::service_name, $default_mods = true, $default_vhost = true, @@ -83,7 +84,7 @@ if $::osfamily != 'FreeBSD' { package { 'httpd': ensure => $package_ensure, - name => $::apache::params::apache_name, + name => $apache_name, notify => Class['Apache::Service'], } } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 73411110f0..c647226329 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -541,6 +541,18 @@ :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end + context 'with a custom apache_name parameter' do + let :params do { + :apache_name => 'httpd24-httpd' + } + end + it { is_expected.to contain_package("httpd").with( + 'notify' => 'Class[Apache::Service]', + 'ensure' => 'installed', + 'name' => 'httpd24-httpd' + ) + } + end context 'default vhost defaults' do it { is_expected.to contain_apache__vhost('default').with_ensure('present') } it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } From 80be736246422b2e4d8da571e9777fd0f783f10f Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 27 Jun 2014 12:41:19 +0200 Subject: [PATCH 0315/2267] Add regex validation to wsgi_pass_authorization --- manifests/vhost.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cc9d837e70..31f61d6e84 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -201,6 +201,12 @@ "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } + if $wsgi_pass_authorization { + validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', + "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. + Allowed values are 'on' and 'off'.") + } + # Deprecated backwards-compatibility if $rewrite_base { warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') From bd890c22ba2d8ee1b929052056ca310d2d26bdc0 Mon Sep 17 00:00:00 2001 From: Steven Merrill Date: Sat, 16 Aug 2014 22:50:37 -0400 Subject: [PATCH 0316/2267] Add apache::conf_dir, use it instead of params. This is another change needed to make the httpd24 Software Collection work on RHELish boxes. Fix mod_systemd on RHEL/CentOS 6. Puppet < 3.0 does not have unless. Try another fix for Puppet 2.7 / Facter 1.7. Add README and tests for ::apache::conf_dir. --- README.md | 4 ++++ manifests/default_mods.pp | 5 ++++- manifests/init.pp | 5 +++-- manifests/mod.pp | 2 +- manifests/mod/mime_magic.pp | 2 +- spec/classes/apache_spec.rb | 12 ++++++++++++ 6 files changed, 25 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index eaf36b14ab..e6828afed8 100644 --- a/README.md +++ b/README.md @@ -227,6 +227,10 @@ You may establish a default vhost in this class, the `vhost` class, or both. You Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. +#####`conf_dir` + +Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. + #####`confd_dir` Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 03696f3d7c..80cca7046c 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -11,7 +11,10 @@ ::apache::mod { 'log_config': } if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it - ::apache::mod { 'systemd': } + # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. + if !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) { + ::apache::mod { 'systemd': } + } ::apache::mod { 'unixd': } } } diff --git a/manifests/init.pp b/manifests/init.pp index 709c507da9..1c9c758618 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,6 +36,7 @@ $timeout = '120', $httpd_dir = $::apache::params::httpd_dir, $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, $confd_dir = $::apache::params::confd_dir, $vhost_dir = $::apache::params::vhost_dir, $vhost_enable_dir = $::apache::params::vhost_enable_dir, @@ -219,7 +220,7 @@ content => template('apache/ports_header.erb') } - if $::apache::params::conf_dir and $::apache::params::conf_file { + if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { $docroot = '/var/www' @@ -276,7 +277,7 @@ # - $server_tokens # - $server_signature # - $trace_enable - file { "${::apache::params::conf_dir}/${::apache::params::conf_file}": + file { "${::apache::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), notify => Class['Apache::Service'], diff --git a/manifests/mod.pp b/manifests/mod.pp index aa5ea3f3bd..2795578ec8 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -64,7 +64,7 @@ $package_before = $::osfamily ? { 'freebsd' => [ File[$_loadfile_name], - File["${::apache::params::conf_dir}/${::apache::params::conf_file}"] + File["${::apache::conf_dir}/${::apache::params::conf_file}"] ], default => File[$_loadfile_name], } diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index 9de8bc4bc6..c276268e4d 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -1,5 +1,5 @@ class apache::mod::mime_magic ( - $magic_file = "${::apache::params::conf_dir}/magic" + $magic_file = "${::apache::conf_dir}/magic" ) { apache::mod { 'mime_magic': } # Template uses $magic_file diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index c647226329..198f1138bf 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -310,6 +310,18 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } end + describe "Alternate conf directory" do + let :params do + { :conf_dir => '/opt/rh/root/etc/httpd/conf' } + end + + it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( + 'ensure' => 'file', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + end + describe "Alternate conf.d directory" do let :params do { :confd_dir => '/etc/httpd/special_conf.d' } From f1d64a0a0b71af0102d10da69e333aa9ac5a15f5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 11 Aug 2014 20:02:47 -0400 Subject: [PATCH 0317/2267] Convert apache::vhost to use concat fragments. Lint failures fixed: - class_parameter_defaults check removed in puppet-lint 1.0 - alignment for tests/vhost.pp - need to add relative --- .puppet-lint.rc | 1 - README.md | 14 + Rakefile | 2 +- manifests/vhost.pp | 707 +++++--- metadata.json | 2 +- spec/defines/vhost_spec.rb | 1887 +++++----------------- templates/vhost/_access_log.erb | 5 + templates/vhost/_additional_includes.erb | 5 + templates/vhost/_directories.erb | 2 + templates/vhost/_docroot.erb | 7 + templates/vhost/_fallbackresource.erb | 4 + templates/vhost/_file_footer.erb | 1 + templates/vhost/_file_header.erb | 10 + templates/vhost/_itk.erb | 1 + templates/vhost/_logging.erb | 10 + templates/vhost/_php_admin.erb | 12 +- templates/vhost/_redirect.erb | 9 +- templates/vhost/_rewrite.erb | 12 +- templates/vhost/_serveralias.erb | 4 +- templates/vhost/_serversignature.erb | 1 + templates/vhost/_setenv.erb | 8 +- templates/vhost/_ssl.erb | 48 +- templates/vhost/_suphp.erb | 12 +- tests/vhost.pp | 38 +- 24 files changed, 1018 insertions(+), 1784 deletions(-) create mode 100644 templates/vhost/_access_log.erb create mode 100644 templates/vhost/_additional_includes.erb create mode 100644 templates/vhost/_docroot.erb create mode 100644 templates/vhost/_fallbackresource.erb create mode 100644 templates/vhost/_file_footer.erb create mode 100644 templates/vhost/_file_header.erb create mode 100644 templates/vhost/_logging.erb create mode 100644 templates/vhost/_serversignature.erb diff --git a/.puppet-lint.rc b/.puppet-lint.rc index df733ca811..ef187bbdaa 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,5 +1,4 @@ --no-single_quote_string_with_variables-check --no-80chars-check --no-class_inherits_from_params_class-check ---no-class_parameter_defaults-check --no-documentation-check diff --git a/README.md b/README.md index eaf36b14ab..df2c70d5a3 100644 --- a/README.md +++ b/README.md @@ -774,6 +774,20 @@ The Apache module allows a lot of flexibility in the setup and configuration of The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can simply add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. + +```puppet + apache::vhost { "example.com": + docroot => '/var/www/html', + priority => '25', + } + concat::fragment { "example.com-my_custom_fragment": + target => '25-example.com.conf', + order => 11, + content => '# my custom comment', + } +``` + If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. ```puppet diff --git a/Rakefile b/Rakefile index e1f7f013cd..01c85eb991 100644 --- a/Rakefile +++ b/Rakefile @@ -2,9 +2,9 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cc9d837e70..95289ac40c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,177 +1,101 @@ -# Definition: apache::vhost -# -# This class installs Apache Virtual Hosts -# -# Parameters: -# - The $port to configure the host on -# - The $docroot provides the DocumentRoot variable -# - The $virtual_docroot provides VirtualDocumentationRoot variable -# - The $serveradmin will specify an email address for Apache that it will -# display when it renders one of it's error pages -# - The $ssl option is set true or false to enable SSL for this Virtual Host -# - The $priority of the site -# - The $servername is the primary name of the virtual host -# - The $serveraliases of the site -# - The $ip to configure the host on, defaulting to * -# - The $options for the given vhost -# - The $override for the given vhost (list of AllowOverride arguments) -# - The $vhost_name for name based virtualhosting, defaulting to * -# - The $logroot specifies the location of the virtual hosts logfiles, default -# to /var/log// -# - The $log_level specifies the verbosity of the error log for this vhost. Not -# set by default for the vhost, instead the global server configuration default -# of 'warn' is used. -# - The $access_log specifies if *_access.log directives should be configured. -# - The $ensure specifies if vhost file is present or absent. -# - The $headers is a list of Header statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header -# - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader -# - $aliases is a list of Alias hashes for mod_alias as per http://httpd.apache.org/docs/current/mod/mod_alias.html -# each statement is a hash in the form of { alias => '/alias', path => '/real/path/to/directory' } -# - $directories is a lost of hashes for creating statements as per http://httpd.apache.org/docs/2.2/mod/core.html#directory -# each statement is a hash in the form of { path => '/path/to/directory', => } -# see README.md for list of supported directives. -# -# Actions: -# - Install Apache Virtual Hosts -# -# Requires: -# - The apache class -# -# Sample Usage: -# -# # Simple vhost definition: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# } -# -# # Multiple Mod Rewrites: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# rewrites => [ -# { -# comment => 'force www domain', -# rewrite_cond => ['%{HTTP_HOST} ^([a-z.]+)?example.com$ [NC]', '%{HTTP_HOST} !^www. [NC]'], -# rewrite_rule => ['.? http://www.%1example.com%{REQUEST_URI} [R=301,L]'] -# }, -# { -# comment => 'prevent image hotlinking', -# rewrite_cond => ['%{HTTP_REFERER} !^$', '%{HTTP_REFERER} !^http://(www.)?example.com/ [NC]'], -# rewrite_rule => ['.(gif|jpg|png)$ - [F]'] -# }, -# ] -# } -# -# # SSL vhost with non-SSL rewrite: -# apache::vhost { 'site.name.fqdn': -# port => '443', -# ssl => true, -# docroot => '/path/to/docroot', -# } -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/other_docroot', -# custom_fragment => template("${module_name}/my_fragment.erb"), -# } -# +# See README.md for usage information define apache::vhost( - $docroot, - $manage_docroot = true, - $virtual_docroot = false, - $port = undef, - $ip = undef, - $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - $serveradmin = undef, - $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - $ssl_options = undef, - $ssl_proxyengine = false, - $priority = undef, - $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - $logroot_mode = undef, - $log_level = undef, - $access_log = true, - $access_log_file = undef, - $access_log_pipe = undef, - $access_log_syslog = undef, - $access_log_format = undef, - $access_log_env_var = undef, - $aliases = undef, - $directories = undef, - $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - $error_documents = [], - $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_pass = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_admin_flags = [], - $php_admin_values = [], - $no_proxy_uris = [], - $proxy_preserve_host = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $rack_base_uris = undef, - $headers = undef, - $request_headers = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $setenv = [], - $setenvif = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $additional_includes = [], - $apache_version = $::apache::apache_version, - $suexec_user_group = undef, - ) { + $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + $serveradmin = undef, + $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + $ssl_options = undef, + $ssl_proxyengine = false, + $priority = undef, + $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + $logroot_mode = undef, + $log_level = undef, + $access_log = true, + $access_log_file = undef, + $access_log_pipe = undef, + $access_log_syslog = undef, + $access_log_format = undef, + $access_log_env_var = undef, + $aliases = undef, + $directories = undef, + $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + $error_documents = [], + $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_pass = undef, + $suphp_addhandler = $::apache::params::suphp_addhandler, + $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_admin_flags = [], + $php_admin_values = [], + $no_proxy_uris = [], + $proxy_preserve_host = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $rack_base_uris = undef, + $headers = undef, + $request_headers = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $apache_version = $::apache::apache_version, + $suexec_user_group = undef, +) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -285,7 +209,7 @@ group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], - before => File["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}-${filename}.conf"], } } @@ -454,91 +378,9 @@ $_directories = [ merge($_directory, $_directory_version) ] } - # Template uses: - # - $nvh_addr_port - # - $servername - # - $serveradmin - # - $docroot - # - $virtual_docroot - # - $options - # - $override - # - $logroot - # - $name - # - $aliases - # - $_directories - # - $log_level - # - $access_log - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - # - $error_log - # - $error_log_destination - # - $error_documents - # - $fallbackresource - # - $custom_fragment - # - $additional_includes - # block fragment: - # - $block - # directories fragment: - # - $passenger_enabled - # - $php_admin_flags - # - $php_admin_values - # - $directories (a list of key-value hashes is expected) - # fastcgi fragment: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # proxy fragment: - # - $proxy_dest - # - $no_proxy_uris - # - $proxy_preserve_host (true to set ProxyPreserveHost to on and false to off - # rack fragment: - # - $rack_base_uris - # redirect fragment: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # header fragment - # - $headers - # requestheader fragment: - # - $request_headers - # rewrite fragment: - # - $rewrites - # scriptalias fragment: - # - $scriptalias - # - $scriptaliases - # - $ssl - # serveralias fragment: - # - $serveraliases - # setenv fragment: - # - $setenv - # - $setenvif - # ssl fragment: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl - # - $ssl_crl_path - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # suphp fragment: - # - $suphp_addhandler - # - $suphp_engine - # - $suphp_configpath - # wsgi fragment: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_import_script - # - $wsgi_process_group - # - $wsgi_script_aliases - file { "${priority_real}-${filename}.conf": + concat { "${priority_real}-${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - content => template('apache/vhost.conf.erb'), owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -558,8 +400,357 @@ owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => File["${priority_real}-${filename}.conf"], + require => Concat["${priority_real}-${filename}.conf"], notify => Service['httpd'], } } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => "${priority_real}-${filename}.conf", + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + concat::fragment { "${name}-docroot": + target => "${priority_real}-${filename}.conf", + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => "${priority_real}-${filename}.conf", + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => "${priority_real}-${filename}.conf", + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => "${priority_real}-${filename}.conf", + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => "${priority_real}-${filename}.conf", + order => 50, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => "${priority_real}-${filename}.conf", + order => 60, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => "${priority_real}-${filename}.conf", + order => 70, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => "${priority_real}-${filename}.conf", + order => 80, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + if $access_log { + concat::fragment { "${name}-access_log": + target => "${priority_real}-${filename}.conf", + order => 90, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => "${priority_real}-${filename}.conf", + order => 100, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => "${priority_real}-${filename}.conf", + order => 110, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => "${priority_real}-${filename}.conf", + order => 120, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass { + concat::fragment { "${name}-proxy": + target => "${priority_real}-${filename}.conf", + order => 130, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => "${priority_real}-${filename}.conf", + order => 140, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp) { + concat::fragment { "${name}-redirect": + target => "${priority_real}-${filename}.conf", + order => 150, + content => template('apache/vhost/_redirect.erb'), + } + } + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => "${priority_real}-${filename}.conf", + order => 160, + content => template('apache/vhost/_rewrite.erb'), + } + } + + # Template uses: + # - $scriptaliases + # - $scriptalias + if $scriptaliases and ! empty($scriptaliases) { + concat::fragment { "${name}-scriptalias": + target => "${priority_real}-${filename}.conf", + order => 170, + content => template('apache/vhost/_scriptalias.erb'), + } + } + + # Template uses: + # - $serveraliases + if $serveraliases and ! empty($serveraliases) { + concat::fragment { "${name}-serveralias": + target => "${priority_real}-${filename}.conf", + order => 180, + content => template('apache/vhost/_serveralias.erb'), + } + } + + # Template uses: + # - $setenv + # - $setenvif + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => "${priority_real}-${filename}.conf", + order => 190, + content => template('apache/vhost/_setenv.erb'), + } + } + + # Template uses: + # - $ssl + # - $ssl_cert + # - $ssl_key + # - $ssl_chain + # - $ssl_certs_dir + # - $ssl_ca + # - $ssl_crl_path + # - $ssl_crl + # - $ssl_proxyengine + # - $ssl_protocol + # - $ssl_cipher + # - $ssl_honorcipherorder + # - $ssl_verify_client + # - $ssl_verify_depth + # - $ssl_options + if $ssl { + concat::fragment { "${name}-ssl": + target => "${priority_real}-${filename}.conf", + order => 200, + content => template('apache/vhost/_ssl.erb'), + } + } + + # Template uses: + # - $suphp_engine + # - $suphp_addhandler + # - $suphp_configpath + if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => "${priority_real}-${filename}.conf", + order => 210, + content => template('apache/vhost/_suphp.erb'), + } + } + + # Template uses: + # - $php_admin_values + # - $php_admin_flags + if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => "${priority_real}-${filename}.conf", + order => 220, + content => template('apache/vhost/_php_admin.erb'), + } + } + + # Template uses: + # - $headers + if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => "${priority_real}-${filename}.conf", + order => 230, + content => template('apache/vhost/_header.erb'), + } + } + + # Template uses: + # - $request_headers + if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => "${priority_real}-${filename}.conf", + order => 240, + content => template('apache/vhost/_requestheader.erb'), + } + } + + # Template uses: + # - $wsgi_application_group + # - $wsgi_daemon_process + # - $wsgi_daemon_process_options + # - $wsgi_import_script + # - $wsgi_import_script_options + # - $wsgi_process_group + # - $wsgi_script_aliases + # - $wsgi_pass_authorization + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => "${priority_real}-${filename}.conf", + order => 250, + content => template('apache/vhost/_wsgi.erb'), + } + } + + # Template uses: + # - $custom_fragment + if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => "${priority_real}-${filename}.conf", + order => 260, + content => template('apache/vhost/_custom_fragment.erb'), + } + } + + # Template uses: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir + # - $apache_version + if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => "${priority_real}-${filename}.conf", + order => 270, + content => template('apache/vhost/_fastcgi.erb'), + } + } + + # Template uses: + # - $suexec_user_group + if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => "${priority_real}-${filename}.conf", + order => 280, + content => template('apache/vhost/_suexec.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-file_footer": + target => "${priority_real}-${filename}.conf", + order => 999, + content => template('apache/vhost/_file_footer.erb'), + } } diff --git a/metadata.json b/metadata.json index f225f70e90..fba59e7c39 100644 --- a/metadata.json +++ b/metadata.json @@ -74,7 +74,7 @@ }, { "name": "puppetlabs/concat", - "version_requirement": ">= 1.0.0" + "version_requirement": ">= 1.1.0" } ] } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index e47765bf75..bc131a1c55 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -2,7 +2,7 @@ describe 'apache::vhost', :type => :define do let :pre_condition do - 'class { "apache": default_vhost => false, }' + 'class { "apache": default_vhost => false, default_mods => false, }' end let :title do 'rspec.example.com' @@ -100,1496 +100,481 @@ it { is_expected.to contain_apache__listen(params[:port]) } it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content" do - [ - { - :title => 'should contain docroot', - :attr => 'docroot', - :value => '/not/default', - :match => [/^ DocumentRoot "\/not\/default"$/,/ /], - }, - { - :title => 'should set a port', - :attr => 'port', - :value => '8080', - :match => [/^$/], - }, - { - :title => 'should set an ip', - :attr => 'ip', - :value => '10.0.0.1', - :match => [/^$/], - }, - { - :title => 'should set a serveradmin', - :attr => 'serveradmin', - :value => 'test@test.com', - :match => [/^ ServerAdmin test@test.com$/], - }, - { - :title => 'should enable ssl', - :attr => 'ssl', - :value => true, - :match => [/^ SSLEngine on$/], - }, - { - :title => 'should set a servername', - :attr => 'servername', - :value => 'param.test', - :match => [/^ ServerName param.test$/], - }, - { - :title => 'should accept server aliases', - :attr => 'serveraliases', - :value => ['one.com','two.com'], - :match => [ - /^ ServerAlias one\.com$/, - /^ ServerAlias two\.com$/ - ], - }, - { - :title => 'should accept setenv', - :attr => 'setenv', - :value => ['TEST1 one','TEST2 two'], - :match => [ - /^ SetEnv TEST1 one$/, - /^ SetEnv TEST2 two$/ - ], - }, - { - :title => 'should accept setenvif', - :attr => 'setenvif', - ## These are bugged in rspec-puppet; the $1 is droped - #:value => ['Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - #:match => [' SetEnvIf Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - :value => ['Host "^test\.com$" VHOST_ACCESS=test'], - :match => [/^ SetEnvIf Host "\^test\\.com\$" VHOST_ACCESS=test$/], - }, - { - :title => 'should accept options', - :attr => 'options', - :value => ['Fake','Options'], - :match => [/^ Options Fake Options$/], - }, - { - :title => 'should accept overrides', - :attr => 'override', - :value => ['Fake', 'Override'], - :match => [/^ AllowOverride Fake Override$/], - }, - { - :title => 'should accept logroot', - :attr => 'logroot', - :value => '/fake/log', - :match => [/CustomLog "\/fake\/log\//,/ErrorLog "\/fake\/log\//], - }, - { - :title => 'should accept log_level', - :attr => 'log_level', - :value => 'info', - :match => [/LogLevel info/], - }, - { - :title => 'should accept pipe destination for access log', - :attr => 'access_log_pipe', - :value => '| /bin/fake/logging', - :match => [/CustomLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept pipe destination for error log', - :attr => 'error_log_pipe', - :value => '| /bin/fake/logging', - :match => [/ErrorLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept syslog destination for access log', - :attr => 'access_log_syslog', - :value => 'syslog:local1', - :match => [/CustomLog "syslog:local1" combined$/], - }, - { - :title => 'should accept syslog destination for error log', - :attr => 'error_log_syslog', - :value => 'syslog', - :match => [/ErrorLog "syslog"$/], - }, - { - :title => 'should accept custom format for access logs', - :attr => 'access_log_format', - :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', - :match => [/CustomLog "\/var\/log\/.+_access\.log" "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], - }, - { - :title => 'should contain access logs', - :attr => 'access_log', - :value => true, - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should not contain access logs', - :attr => 'access_log', - :value => false, - :notmatch => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should contain error logs', - :attr => 'error_log', - :value => true, - :match => [/ErrorLog.+$/], - }, - { - :title => 'should not contain error logs', - :attr => 'error_log', - :value => false, - :notmatch => [/ErrorLog.+$/], - }, - { - :title => 'should set ErrorDocument 503', - :attr => 'error_documents', - :value => [ { 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}], - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407', - :attr => 'error_documents', - :value => [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ], - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should set ErrorDocument 503 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => [{ 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}] }, - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => - [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ]}, - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should accept a scriptalias', - :attr => 'scriptalias', - :value => '/usr/scripts', - :match => [ - /^ ScriptAlias \/cgi-bin "\/usr\/scripts"$/, - ], - }, - { - :title => 'should accept a single scriptaliases', - :attr => 'scriptaliases', - :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, - :match => [ - /^ ScriptAlias \/blah\/ "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2', 'path' => '/usr/scripts' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2 "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases with and without trailing slashes', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts2/' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2\/ "\/usr\/scripts2\/"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept a ScriptAliasMatch directive', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' } ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/ - ], - }, - { - :title => 'should accept multiple ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - ], - }, - { - :title => 'should accept mixed ScriptAlias and ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - { 'alias' => '/git', 'path' => '/var/www/gitweb/index.cgi' }, - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'alias' => '/trac', 'path' => '/etc/apache2/trac.fcgi' }, - ], - :match => [ - /^ ScriptAliasMatch "$\?x$\^\/git\/$\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx$\)\|git-$upload\|receive$-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - /^ ScriptAlias \/git "\/var\/www\/gitweb\/index\.cgi"$/, - /^ ScriptAliasMatch \^\/cgi-bin$\.\*$ "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAlias \/trac "\/etc\/apache2\/trac.fcgi"$/, - ], - }, - { - :title => 'should accept proxy destinations', - :attr => 'proxy_dest', - :value => 'http://fake.com', - :match => [ - /^ ProxyPass \/ http:\/\/fake.com\/$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept proxy_pass hash', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a' }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/a$/, - /^ <\/Location>$/, - - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept reverse_urls string', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => 'http://127.0.0.1:8080' }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, - /^ <\/Location>$/, - - ], - :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], - }, - { - :title => 'should accept reverse_urls array', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a', 'reverse_urls' => ['http://127.0.0.1:8080', 'http://127.0.0.1:8081'] }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ $/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8080$/, - /^ ProxyPassReverse http:\/\/127.0.0.1:8081$/, - /^ <\/Location>$/, - - ], - :notmatch => [/^ ProxyPassReverse http:\/\/fake.com\/a$/], - }, - { - :title => 'should accept proxy_pass array of hash', - :attr => 'proxy_pass', - :value => [ - { 'path' => '/path-a/', 'url' => 'http://fake.com/a/' }, - { 'path' => '/path-b', 'url' => 'http://fake.com/b' }, - ], - :match => [ - /^ ProxyPass \/path-a\/ http:\/\/fake.com\/a\/$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/a\/$/, - /^ <\/Location>$/, - /^ ProxyPass \/path-b http:\/\/fake.com\/b$/, - /^ $/, - /^ ProxyPassReverse http:\/\/fake.com\/b$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should enable rack', - :attr => 'rack_base_uris', - :value => ['/rack1','/rack2'], - :match => [ - /^ RackBaseURI \/rack1$/, - /^ RackBaseURI \/rack2$/, - ], - }, - { - :title => 'should accept headers', - :attr => 'headers', - :value => ['add something', 'merge something_else'], - :match => [ - /^ Header add something$/, - /^ Header merge something_else$/, - ], - }, - { - :title => 'should accept request headers', - :attr => 'request_headers', - :value => ['append something', 'unset something_else'], - :match => [ - /^ RequestHeader append something$/, - /^ RequestHeader unset something_else$/, - ], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrite_rule', - :value => 'not a real rule', - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrites', - :value => [{'rewrite_rule' => ['not a real rule']}], - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite comment', - :attr => 'rewrites', - :value => [{'comment' => 'rewrite comment', 'rewrite_rule' => ['not a real rule']}], - :match => [/^ #rewrite comment/], - }, - { - :title => 'should accept rewrite conditions', - :attr => 'rewrites', - :value => [{'comment' => 'redirect IE', 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^MSIE'], 'rewrite_rule' => ['^index\.html$ welcome.html'],}], - :match => [ - /^ #redirect IE$/, - /^ RewriteCond %{HTTP_USER_AGENT} \^MSIE$/, - /^ RewriteRule \^index\\\.html\$ welcome.html$/, - ], - }, - { - :title => 'should accept multiple rewrites', - :attr => 'rewrites', - :value => [ - {'rewrite_rule' => ['not a real rule']}, - {'rewrite_rule' => ['not a real rule two']}, - ], - :match => [ - /^ RewriteRule not a real rule$/, - /^ RewriteRule not a real rule two$/, - ], - }, - { - :title => 'should block scm', - :attr => 'block', - :value => 'scm', - :match => [/^ $/], - }, - { - :title => 'should accept a custom fragment', - :attr => 'custom_fragment', - :value => " Some custom fragment line\n That spans multiple lines", - :match => [ - /^ Some custom fragment line$/, - /^ That spans multiple lines$/, - /^<\/VirtualHost>$/, - ], - }, - { - :title => 'should accept an array of alias hashes', - :attr => 'aliases', - :value => [ { 'alias' => '/', 'path' => '/var/www'} ], - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept an alias hash', - :attr => 'aliases', - :value => { 'alias' => '/', 'path' => '/var/www'}, - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept multiple aliases', - :attr => 'aliases', - :value => [ - { 'alias' => '/', 'path' => '/var/www'}, - { 'alias' => '/cgi-bin', 'path' => '/var/www/cgi-bin'}, - { 'alias' => '/css', 'path' => '/opt/someapp/css'}, - ], - :match => [ - /^ Alias \/ "\/var\/www"$/, - /^ Alias \/cgi-bin "\/var\/www\/cgi-bin"$/, - /^ Alias \/css "\/opt\/someapp\/css"$/, - ], - }, - { - :title => 'should accept an aliasmatch hash', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - #:match => [/^ AliasMatch \^\/image\/$\.\*$\.gif \/files\/gifs\/\$1\.gif$/], - }, - { - :title => 'should accept a array of alias and aliasmatch hashes mixed', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => [ - # { 'alias' => '/css', 'path' => '/files/css' }, - # { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - # { 'aliasmatch' => '^/image/(.*).jpg', 'path' => '/files/jpgs/$1.jpg' }, - # { 'alias' => '/image', 'path' => '/files/images' }, - #], - #:match => [ - # /^ Alias \/css \/files\/css$/, - # /^ AliasMatch \^\/image\/$.\*$\.gif \/files\/gifs\/\$1\.gif$/, - # /^ AliasMatch \^\/image\/$.\*$\.jpg \/files\/jpgs\/\$1\.jpg$/, - # /^ Alias \/image \/files\/images$/ - #], - }, - { - :title => 'should accept multiple additional includes', - :attr => 'additional_includes', - :value => [ - '/tmp/proxy_group_a', - '/tmp/proxy_group_b', - '/tmp/proxy_group_c', - ], - :match => [ - /^ Include "\/tmp\/proxy_group_a"$/, - /^ Include "\/tmp\/proxy_group_b"$/, - /^ Include "\/tmp\/proxy_group_c"$/, - ], - }, - { - :title => 'should accept a suPHP_Engine', - :attr => 'suphp_engine', - :value => 'on', - :match => [/^ suPHP_Engine on$/], - }, - { - :title => 'should accept a php_admin_flags', - :attr => 'php_admin_flags', - :value => { 'engine' => 'on' }, - :match => [/^ php_admin_flag engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_flags in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_flags' => { 'php_engine' => 'on' } - }, - :match => [/^ php_admin_flag php_engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_values in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_values' => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' } - }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept a wsgi script alias', - :attr => 'wsgi_script_aliases', - :value => { '/' => '/var/www/myapp.wsgi'}, - :match => [/^ WSGIScriptAlias \/ "\/var\/www\/myapp.wsgi"$/], - }, - { - :title => 'should accept multiple wsgi aliases', - :attr => 'wsgi_script_aliases', - :value => { - '/wiki' => '/usr/local/wsgi/scripts/mywiki.wsgi', - '/blog' => '/usr/local/wsgi/scripts/myblog.wsgi', - '/' => '/usr/local/wsgi/scripts/myapp.wsgi', - }, - :match => [ - /^ WSGIScriptAlias \/wiki "\/usr\/local\/wsgi\/scripts\/mywiki.wsgi"$/, - /^ WSGIScriptAlias \/blog "\/usr\/local\/wsgi\/scripts\/myblog.wsgi"$/, - /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, - ], - }, - { - :title => 'should accept a wsgi application group', - :attr => 'wsgi_application_group', - :value => '%{GLOBAL}', - :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], - }, - { - :title => 'should set wsgi pass authorization', - :attr => 'wsgi_pass_authorization', - :value => 'On', - :match => [/^ WSGIPassAuthorization On$/], - }, - { - :title => 'should set wsgi pass authorization false', - :attr => 'wsgi_pass_authorization', - :value => 'Off', - :match => [/^ WSGIPassAuthorization Off$/], - }, - { - :title => 'should contain environment variables', - :attr => 'access_log_env_var', - :value => 'admin', - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] - }, - { - :title => 'should contain virtual_docroot', - :attr => 'virtual_docroot', - :value => '/not/default', - :match => [ - /^ VirtualDocumentRoot "\/not\/default"$/, - ], - }, - { - :title => 'should accept multiple directories', - :attr => 'directories', - :value => [ - { 'path' => '/opt/app' }, - { 'path' => '/var/www' }, - { 'path' => '/rspec/docroot'} - ], - :match => [ - /^ $/, - /^ $/, - /^ $/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache below 2.4 (Default Version). All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version < 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' '], - :match => [ - /^ $/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow' => 'from rspec.org', - 'allow_override' => 'Lol', - 'deny' => 'from google.com', - 'options' => '-MultiViews', - 'order' => 'deny,yned', - 'passenger_enabled' => 'onf', - 'sethandler' => 'None', - 'auth_type' => 'Basic', - 'auth_name' => 'Basic Auth', - 'auth_user_file' => '/opt/app/htpasswd', - 'auth_require' => 'valid-user', - 'satisfy' => 'Any', + context 'set everything!' do + let :params do + { + 'docroot' => '/var/www/foo', + 'manage_docroot' => false, + 'virtual_docroot' => true, + 'port' => '8080', + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'add_listen' => false, + 'docroot_owner' => 'user', + 'docroot_group' => 'wheel', + 'docroot_mode' => '0664', + 'serveradmin' => 'foo@localhost', + 'ssl' => true, + 'ssl_cert' => '/ssl/cert', + 'ssl_key' => '/ssl/key', + 'ssl_chain' => '/ssl/chain', + 'ssl_crl_path' => '/ssl/crl', + 'ssl_crl' => 'foo.crl', + 'ssl_certs_dir' => '/ssl/certs', + 'ssl_protocol' => 'SSLv2', + 'ssl_cipher' => 'HIGH', + 'ssl_honorcipherorder' => 'Off', + 'ssl_verify_client' => 'optional', + 'ssl_verify_depth' => '3', + 'ssl_options' => '+ExportCertData', + 'ssl_proxyengine' => true, + 'priority' => '30', + 'default_vhost' => true, + 'servername' => 'example.com', + 'serveraliases' => ['test-example.com'], + 'options' => ['MultiView'], + 'override' => ['All'], + 'directoryindex' => 'index.html', + 'vhost_name' => 'test', + 'logroot' => '/var/www/logs', + 'logroot_mode' => '0600', + 'log_level' => 'crit', + 'access_log' => false, + 'access_log_file' => 'httpd_access_log', + 'access_log_pipe' => '', + 'access_log_syslog' => true, + 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', + 'access_log_env_var' => '', + 'aliases' => '/image', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, - :match => [ - /^ $/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ Allow from rspec.org$/, - /^ AllowOverride Lol$/, - /^ Deny from google.com$/, - /^ Options -MultiViews$/, - /^ Order deny,yned$/, - /^ SetHandler None$/, - /^ PassengerEnabled onf$/, - /^ AuthType Basic$/, - /^ AuthName "Basic Auth"$/, - /^ AuthUserFile \/opt\/app\/htpasswd$/, - /^ Require valid-user$/, - /^ Satisfy Any$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ + 'error_log' => false, + 'error_log_file' => 'httpd_error_log', + 'error_log_pipe' => '', + 'error_log_syslog' => true, + 'error_documents' => 'true', + 'fallbackresource' => '/index.php', + 'scriptalias' => '/usr/lib/cgi-bin', + 'scriptaliases' => [ { - 'path' => '/opt/app1', - 'allow' => 'from rspec.org', - 'allow_override' => ['AuthConfig','Indexes'], - 'deny' => 'from google.com', - 'options' => ['-MultiViews','+MultiViews'], - 'order' => ['deny','yned'], - 'passenger_enabled' => 'onf', + 'alias' => '/myscript', + 'path' => '/usr/share/myscript', }, { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, + 'aliasmatch' => '^/foo(.*)', + 'path' => '/usr/share/fooscripts$1', }, ], - :match => [ - /^ $/, - /^ Allow from rspec.org$/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Deny from google.com$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Order deny,yned$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ $/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with rewrites array', - :attr => 'directories', - :value => [ + 'proxy_dest' => '/', + 'proxy_pass' => [ { - 'path' => '/opt/app3', - 'rewrites' => [ - { - 'comment' => 'Permalink Rewrites', - 'rewrite_base' => '/', - 'rewrite_rule' => [ '^index\.php$ - [L]' ], - }, - { - 'rewrite_cond' => [ - '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - 'rewrite_rule' => [ '. /index.php [L]' ], - } - ] + 'path' => '/a', + 'url' => 'http://backend-a/' } ], - :match => [ - /^ $/, - /^ #Permalink Rewrites$/, - /^ RewriteEngine On$/, - /^ RewriteBase \/$/, - /^ RewriteRule \^index\\.php\$ - \[L\]$/, - /^ RewriteCond %{REQUEST_FILENAME} !-f$/, - /^ RewriteCond %{REQUEST_FILENAME} !-d$/, - /^ RewriteRule . \/index.php \[L\]$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/FilesMatch>$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => '2.2', - }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache equals or above 2.4. All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version >= 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' '], - :match => [ - /^ $/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow_override' => 'Lol', - 'options' => '-MultiViews', - 'require' => 'something denied', - 'passenger_enabled' => 'onf', - }, - :match => [ - /^ $/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ AllowOverride Lol$/, - /^ Options -MultiViews$/, - /^ Require something denied$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ + 'suphp_addhandler' => 'foo', + 'suphp_engine' => 'on', + 'suphp_configpath' => '/var/www/html', + 'php_admin_flags' => ['foo', 'bar'], + 'php_admin_values' => ['true', 'false'], + 'no_proxy_uris' => '/foo', + 'proxy_preserve_host' => true, + 'redirect_source' => '/bar', + 'redirect_dest' => '/', + 'redirect_status' => 'temp', + 'redirectmatch_status' => ['404'], + 'redirectmatch_regexp' => ['\.git$'], + 'rack_base_uris' => ['/rackapp1'], + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'request_headers' => ['append MirrorID "mirror 12"'], + 'rewrites' => [ { - 'path' => '/opt/app1', - 'allow_override' => ['AuthConfig','Indexes'], - 'options' => ['-MultiViews','+MultiViews'], - 'require' => ['host','example.org'], - 'passenger_enabled' => 'onf', - }, - { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, - }, - ], - :match => [ - /^ $/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Require host example.org$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ $/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with rewrites array', - :attr => 'directories', - :value => [ - { - 'path' => '/opt/app3', - 'rewrites' => [ - { - 'comment' => 'Permalink Rewrites', - 'rewrite_base' => '/', - 'rewrite_rule' => [ '^index\.php$ - [L]' ], - }, - { - 'rewrite_cond' => [ - '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - 'rewrite_rule' => [ '. /index.php [L]' ], - } - ] + 'rewrite_rule' => ['^index\.html$ welcome.html'] } ], - :match => [ - /^ $/, - /^ #Permalink Rewrites$/, - /^ RewriteEngine On$/, - /^ RewriteBase \/$/, - /^ RewriteRule \^index\\.php\$ - \[L\]$/, - /^ RewriteCond %{REQUEST_FILENAME} !-f$/, - /^ RewriteCond %{REQUEST_FILENAME} !-d$/, - /^ RewriteRule . \/index.php \[L\]$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', + 'rewrite_base' => '/', + 'rewrite_rule' => '^index\.html$ welcome.html', + 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'setenv' => ['FOO=/bin/true'], + 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', + 'block' => 'scm', + 'wsgi_application_group' => '%{GLOBAL}', + 'wsgi_daemon_process' => 'wsgi', + 'wsgi_daemon_process_options' => { + 'processes' => '2', + 'threads' => '15', + 'display-name' => '%{GROUP}', }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', + 'wsgi_process_group' => 'wsgi', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ $/, - /^ Require all granted$/, - /^ <\/FilesMatch>$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => '2.4', - }) end - - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'wsgi_pass_authorization' => 'On', + 'custom_fragment' => '#custom string', + 'itk' => { + 'user' => 'someuser', + 'group' => 'somegroup' + }, + 'action' => 'foo', + 'fastcgi_server' => 'localhost', + 'fastcgi_socket' => '/tmp/fastcgi.socket', + 'fastcgi_dir' => '/tmp', + 'additional_includes' => '/custom/path/includes', + 'apache_version' => '2.4', + 'suexec_user_group' => 'root root', + } end - end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content with SSL" do - [ - { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_cert', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateKeyFile', - :attr => 'ssl_key', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateKeyFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateChainFile', - :attr => 'ssl_chain', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateChainFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificatePath', - :attr => 'ssl_certs_dir', - :value => '/path/to/certs', - :match => [/^ SSLCACertificatePath "\/path\/to\/certs"$/], - }, + let :facts do { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_ca', - :value => '/path/to/ca.pem', - :match => [/^ SSLCACertificateFile "\/path\/to\/ca\.pem"$/], - }, - { - :title => 'should accept setting SSLRevocationPath', - :attr => 'ssl_crl_path', - :value => '/path/to/crl', - :match => [/^ SSLCARevocationPath "\/path\/to\/crl"$/], - }, - { - :title => 'should accept setting SSLRevocationFile', - :attr => 'ssl_crl', - :value => '/path/to/crl.pem', - :match => [/^ SSLCARevocationFile "\/path\/to\/crl\.pem"$/], - }, - { - :title => 'should accept setting SSLProxyEngine', - :attr => 'ssl_proxyengine', - :value => true, - :match => [/^ SSLProxyEngine On$/], - }, - { - :title => 'should accept setting SSLProtocol', - :attr => 'ssl_protocol', - :value => 'all -SSLv2', - :match => [/^ SSLProtocol all -SSLv2$/], - }, - { - :title => 'should accept setting SSLCipherSuite', - :attr => 'ssl_cipher', - :value => 'RC4-SHA:HIGH:!ADH:!SSLv2', - :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], - }, - { - :title => 'should accept setting SSLHonorCipherOrder', - :attr => 'ssl_honorcipherorder', - :value => 'On', - :match => [/^ SSLHonorCipherOrder On$/], - }, - { - :title => 'should accept setting SSLVerifyClient', - :attr => 'ssl_verify_client', - :value => 'optional', - :match => [/^ SSLVerifyClient optional$/], - }, - { - :title => 'should accept setting SSLVerifyDepth', - :attr => 'ssl_verify_depth', - :value => '1', - :match => [/^ SSLVerifyDepth 1$/], - }, - { - :title => 'should accept setting SSLOptions with a string', - :attr => 'ssl_options', - :value => '+ExportCertData', - :match => [/^ SSLOptions \+ExportCertData$/], - }, + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + } + end + + it { is_expected.to compile } + it { is_expected.to_not contain_file('/var/www/foo') } + it { is_expected.to contain_class('apache::mod::ssl') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::vhost_alias') } + it { is_expected.to contain_class('apache::mod::wsgi') } + it { is_expected.to contain_class('apache::mod::suexec') } + it { is_expected.to contain_file('/var/www/logs') } + it { is_expected.to contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::proxy_http') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ + 'owner' => 'root', + 'mode' => '0644', + 'require' => 'Package[httpd]', + 'notify' => 'Service[httpd]', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + context 'not everything can be set together...' do + let :params do + { + 'access_log_pipe' => '/dev/null', + 'error_log_pipe' => '/dev/null', + 'docroot' => '/var/www/foo', + 'ensure' => 'absent', + 'manage_docroot' => true, + 'logroot' => '/tmp/logroot', + } + end + let :facts do { - :title => 'should accept setting SSLOptions with an array', - :attr => 'ssl_options', - :value => ['+StrictRequire','+ExportCertData'], - :match => [/^ SSLOptions \+StrictRequire \+ExportCertData/], - }, + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + } + end + + it { is_expected.to compile } + it { is_expected.to_not contain_class('apache::mod::ssl') } + it { is_expected.to_not contain_class('apache::mod::mime') } + it { is_expected.to_not contain_class('apache::mod::vhost_alias') } + it { is_expected.to_not contain_class('apache::mod::wsgi') } + it { is_expected.to_not contain_class('apache::mod::suexec') } + it { is_expected.to_not contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to_not contain_class('apache::mod::proxy') } + it { is_expected.to_not contain_class('apache::mod::proxy_http') } + it { is_expected.to_not contain_class('apache::mod::passenger') } + it { is_expected.to_not contain_class('apache::mod::headers') } + it { is_expected.to contain_file('/var/www/foo') } + it { is_expected.to_not contain_file('/tmp/logroot') } + it { is_expected.to contain_concat('25-rspec.example.com.conf').with({ + 'ensure' => 'absent', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + end + describe 'validation' do + context 'bad ensure' do + let :params do { - :title => 'should accept setting SSLOptions with a string in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => '+ExportCertData'}, - :match => [/^ SSLOptions \+ExportCertData$/], - }, + 'docroot' => '/rspec/docroot', + 'ensure' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suphp_engine' do + let :params do { - :title => 'should accept setting SSLOptions with an array in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => ['-StdEnvVars','+ExportCertData']}, - :match => [/^ SSLOptions -StdEnvVars \+ExportCertData/], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]} with SSL" do - let :params do - default_params.merge( { - param[:attr].to_sym => param[:value], - :ssl => true, - } ) - end - it { is_expected.to contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - is_expected.to contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - is_expected.not_to contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'docroot' => '/rspec/docroot', + 'suphp_engine' => 'bogus', + } end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } end - - context 'attribute resources' do - describe 'when access_log_file and access_log_pipe are specified' do - let :params do default_params.merge({ - :access_log_file => 'fake.log', - :access_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'access_log_file' and 'access_log_pipe' cannot be defined at the same time/) - end + context 'bad ip_based' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ip_based' => 'bogus', + } end - describe 'when error_log_file and error_log_pipe are specified' do - let :params do default_params.merge({ - :error_log_file => 'fake.log', - :error_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad access_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log' => 'bogus', + } end - describe 'when logroot and logroot_mode are specified' do - let :params do default_params.merge({ - :logroot => '/rspec/logroot', - :logroot_mode => '0755', - }) end - it 'should set logroot mode' do - should contain_file(params[:logroot]).with({ - :ensure => :directory, - :mode => '0755', - }) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad error_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log' => 'bogus', + } end - describe 'when docroot owner and mode is specified' do - let :params do default_params.merge({ - :docroot_owner => 'testuser', - :docroot_group => 'testgroup', - :docroot_mode => '0750', - }) end - it 'should set vhost ownership and permissions' do - is_expected.to contain_file(params[:docroot]).with({ - :ensure => :directory, - :owner => 'testuser', - :group => 'testgroup', - :mode => '0750', - }) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad_ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => 'bogus', + } end - - describe 'when docroot is *not* managed' do - let :params do default_params.merge({ - :manage_docroot=> false, - }) end - it 'should not contain docroot ' do - is_expected.not_to contain_file(params[:docroot]) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad default_vhost' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'default_vhost' => 'bogus', + } end - - describe 'when wsgi_daemon_process and wsgi_daemon_process_options are specified' do - let :params do default_params.merge({ - :wsgi_daemon_process => 'example.org', - :wsgi_daemon_process_options => { 'processes' => '2', 'threads' => '15' }, - }) end - it 'should set wsgi_daemon_process_options' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ WSGIDaemonProcess example.org processes=2 threads=15$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl_proxyengine' => 'bogus', + } end - - describe 'when wsgi_import_script and wsgi_import_script_options are specified' do - let :params do default_params.merge({ - :wsgi_import_script => '/var/www/demo.wsgi', - :wsgi_import_script_options => { 'application-group' => '%{GLOBAL}', 'process-group' => 'wsgi' }, - }) end - it 'should set wsgi_import_script_options' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ WSGIImportScript \/var\/www\/demo.wsgi application-group=%{GLOBAL} process-group=wsgi$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => 'bogus', + } end - - describe 'when rewrites are specified' do - let :params do default_params.merge({ - :rewrites => [ - { - 'comment' => 'test rewrites', - 'rewrite_base' => '/mytestpath/', - 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - 'rewrite_rule' => ['^index\.html$ welcome.html', '^index\.cgi$ index.php'], - } - ] - }) end - it 'should set RewriteConds and RewriteRules' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ #test rewrites$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteBase \/mytestpath\/$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.html\$ welcome.html$/ - ) - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.cgi\$ index.php$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites 2' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => ['bogus'], + } end - - describe 'when rewrite_rule and rewrite_cond are specified' do - let :params do default_params.merge({ - :rewrite_cond => '%{HTTPS} off', - :rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', - }) end - it 'should set RewriteCond' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTPS\} off$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suexec_user_group' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suexec_user_group' => 'bogus', + } end - - describe 'when action is specified specified' do - let :params do default_params.merge({ - :action => 'php-fastcgi', - }) end - it 'should set Action' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ Action php-fastcgi \/cgi-bin virtual$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_alias' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp_configpath is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_configpath => '/etc/php5/apache2', - }) end - it 'should set suphp_configpath' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_ConfigPath "\/etc\/php5\/apache2"$/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_daemon_process_options' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process_options' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp_addhandler is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_addhandler => 'x-httpd-php', - }) end - it 'should set suphp_addhandler' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_AddHandler x-httpd-php/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_import_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_alias' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp { user & group } is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :directories => { 'path' => '/srv/www', - 'suphp' => { 'user' => 'myappuser', 'group' => 'myappgroup' }, - } - }) end - it 'should set suphp_UserGroup' do - is_expected.to contain_file("25-#{title}.conf").with_content( - /^ suPHP_UserGroup myappuser myappgroup/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad itk' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'itk' => 'bogus', + } end - - describe 'priority/default settings' do - describe 'when neither priority/default is specified' do - let :params do default_params end - it { is_expected.to contain_file("25-#{title}.conf").with_path( - /25-#{title}.conf/ - ) } - end - describe 'when both priority/default_vhost is specified' do - let :params do - default_params.merge({ - :priority => 15, - :default_vhost => true, - }) - end - it { is_expected.to contain_file("15-#{title}.conf").with_path( - /15-#{title}.conf/ - ) } - end - describe 'when only priority is specified' do - let :params do - default_params.merge({ :priority => 14, }) - end - it { is_expected.to contain_file("14-#{title}.conf").with_path( - /14-#{title}.conf/ - ) } - end - describe 'when only default is specified' do - let :params do - default_params.merge({ :default_vhost => true, }) - end - it { is_expected.to contain_file("10-#{title}.conf").with_path( - /10-#{title}.conf/ - ) } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad log_level' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } end - - describe 'fcgid directory options' do - describe 'No fcgiwrapper' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www' }, - }) - end - - it { is_expected.not_to contain_file("25-#{title}.conf").with_content(%r{FcgidWrapper}) } - end - - describe 'Only a command' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www', - 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper' }, - } - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper $}) } - end - - describe 'All parameters' do - let :params do - default_params.merge({ - :directories => { 'path' => '/srv/www', - 'fcgiwrapper' => { 'command' => '/usr/local/bin/fcgiwrapper', 'suffix' => '.php', 'virtual' => 'virtual' }, - } - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content(%r{^ FcgidWrapper /usr/local/bin/fcgiwrapper .php virtual$}) } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'access_log_file and access_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'bogus', + 'access_log_pipe' => 'bogus', + } end - - describe 'various ip/port combos' do - describe 'when ip_based is true' do - let :params do default_params.merge({ :ip_based => true }) end - it 'should not specify a NameVirtualHost' do - is_expected.to contain_apache__listen(params[:port]) - is_expected.not_to contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when ip_based is default' do - let :params do default_params end - it 'should specify a NameVirtualHost' do - is_expected.to contain_apache__listen(params[:port]) - is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when an ip is set' do - let :params do default_params.merge({ :ip => '10.0.0.1' }) end - it 'should specify a NameVirtualHost for the ip' do - is_expected.not_to contain_apache__listen(params[:port]) - is_expected.to contain_apache__listen("10.0.0.1:#{params[:port]}") - is_expected.to contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") - end - end - - describe 'an ip_based vhost without a port' do - let :params do - { - :docroot => '/fake', - :ip => '10.0.0.1', - :ip_based => true, - } - end - it 'should specify a NameVirtualHost for the ip' do - is_expected.not_to contain_apache__listen(params[:ip]) - is_expected.not_to contain_apache__namevirtualhost(params[:ip]) - is_expected.to contain_file("25-#{title}.conf").with_content %r{} - end - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'error_log_file and error_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log_file' => 'bogus', + 'error_log_pipe' => 'bogus', + } end - - describe 'when suexec_user_group is specified' do - let :params do - default_params.merge({ - :suexec_user_group => 'nobody nogroup', - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad fallbackresource' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'fallbackresource' => 'bogus', + } end - - describe 'redirect rules' do - describe 'without lockstep arrays' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - :redirect_status => [ - 'permanent', - '', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'redirect match rules' do - let :params do - default_params.merge({ - :redirectmatch_status => [ - '404', - ], - :redirectmatch_regexp => [ - '/\.git(/.*|$)', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } - end - describe 'without a status' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'with a single status and dest' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => 'http://10.0.0.10/test', - :redirect_status => 'permanent', - }) - end - - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } - end - - describe 'with a directoryindex specified' do - let :params do - default_params.merge({ - :directoryindex => 'index.php' - }) - end - it { is_expected.to contain_file("25-#{title}.conf").with_content %r{DirectoryIndex index.php} } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad custom_fragment' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'custom_fragment' => true, + } end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } end end end diff --git a/templates/vhost/_access_log.erb b/templates/vhost/_access_log.erb new file mode 100644 index 0000000000..1ec47ff710 --- /dev/null +++ b/templates/vhost/_access_log.erb @@ -0,0 +1,5 @@ +<% if @access_log and @_access_log_env_var -%> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> +<% elsif @access_log -%> + CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> +<% end -%> diff --git a/templates/vhost/_additional_includes.erb b/templates/vhost/_additional_includes.erb new file mode 100644 index 0000000000..d4d5f91342 --- /dev/null +++ b/templates/vhost/_additional_includes.erb @@ -0,0 +1,5 @@ +<% Array(@additional_includes).each do |include| -%> + + ## Load additional static includes + Include "<%= include %>" +<% end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index accd724489..9ead456128 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,4 +1,6 @@ <% if @_directories and ! @_directories.empty? -%> + + ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> diff --git a/templates/vhost/_docroot.erb b/templates/vhost/_docroot.erb new file mode 100644 index 0000000000..6039fa63cf --- /dev/null +++ b/templates/vhost/_docroot.erb @@ -0,0 +1,7 @@ + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot "<%= @virtual_docroot %>" +<% else -%> + DocumentRoot "<%= @docroot %>" +<% end -%> diff --git a/templates/vhost/_fallbackresource.erb b/templates/vhost/_fallbackresource.erb new file mode 100644 index 0000000000..f1e4c35dc4 --- /dev/null +++ b/templates/vhost/_fallbackresource.erb @@ -0,0 +1,4 @@ +<% if @fallbackresource -%> + + FallbackResource <%= @fallbackresource %> +<% end -%> diff --git a/templates/vhost/_file_footer.erb b/templates/vhost/_file_footer.erb new file mode 100644 index 0000000000..84035efa47 --- /dev/null +++ b/templates/vhost/_file_footer.erb @@ -0,0 +1 @@ + diff --git a/templates/vhost/_file_header.erb b/templates/vhost/_file_header.erb new file mode 100644 index 0000000000..e6f2f95e76 --- /dev/null +++ b/templates/vhost/_file_header.erb @@ -0,0 +1,10 @@ +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +> + ServerName <%= @servername %> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%> diff --git a/templates/vhost/_itk.erb b/templates/vhost/_itk.erb index 2971c7a7d0..803a73db7f 100644 --- a/templates/vhost/_itk.erb +++ b/templates/vhost/_itk.erb @@ -1,4 +1,5 @@ <% if @itk and ! @itk.empty? -%> + ## ITK statement <%- if @itk["user"] and @itk["group"] -%> diff --git a/templates/vhost/_logging.erb b/templates/vhost/_logging.erb new file mode 100644 index 0000000000..35a924d29b --- /dev/null +++ b/templates/vhost/_logging.erb @@ -0,0 +1,10 @@ +<% if @error_log or @log_level -%> + + ## Logging +<% end -%> +<% if @error_log -%> + ErrorLog "<%= @error_log_destination %>" +<% end -%> +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%> diff --git a/templates/vhost/_php_admin.erb b/templates/vhost/_php_admin.erb index 59536cbc99..b79b818df9 100644 --- a/templates/vhost/_php_admin.erb +++ b/templates/vhost/_php_admin.erb @@ -1,12 +1,12 @@ <% if @php_admin_values and not @php_admin_values.empty? -%> -<% @php_admin_values.each do |key,value| -%> + <%- @php_admin_values.each do |key,value| -%> php_admin_value <%= key %> <%= value %> -<% end -%> + <%- end -%> <% end -%> <% if @php_admin_flags and not @php_admin_flags.empty? -%> -<% @php_admin_flags.each do |key,flag| -%> -<%# normalize flag -%> -<% if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + <%- @php_admin_flags.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> php_admin_flag <%= key %> <%= flag %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb index e865bd9afa..819d6e7694 100644 --- a/templates/vhost/_redirect.erb +++ b/templates/vhost/_redirect.erb @@ -4,21 +4,20 @@ <% @redirect_status_a = Array(@redirect_status) -%> ## Redirect rules -<% @redirect_source_a.each_with_index do |source, i| -%> + <%- @redirect_source_a.each_with_index do |source, i| -%> <% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> <% @redirect_status_a[i] ||= @redirect_status_a[0] -%> Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> + <%- end -%> <% end -%> -<% end -%> - <%- if @redirectmatch_status and @redirectmatch_regexp -%> <% @redirectmatch_status_a = Array(@redirectmatch_status) -%> <% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> ## RedirectMatch rules -<% @redirectmatch_status_a.each_with_index do |status, i| -%> + <%- @redirectmatch_status_a.each_with_index do |status, i| -%> <% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> <% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index c995868d75..46dd95691c 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -31,13 +31,13 @@ <% if @rewrite_rule and !@rewrites -%> ## Rewrite rules RewriteEngine On -<% if @rewrite_base -%> + <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> -<% end -%> -<% if @rewrite_cond -%> -<% Array(@rewrite_cond).each do |cond| -%> + <%- end -%> + <%- if @rewrite_cond -%> + <%- Array(@rewrite_cond).each do |cond| -%> RewriteCond <%= cond %> -<% end -%> -<% end -%> + <%- end -%> + <%- end -%> RewriteRule <%= @rewrite_rule %> <%- end -%> diff --git a/templates/vhost/_serveralias.erb b/templates/vhost/_serveralias.erb index 278b6ddc53..e08a55e328 100644 --- a/templates/vhost/_serveralias.erb +++ b/templates/vhost/_serveralias.erb @@ -1,7 +1,7 @@ <% if @serveraliases and ! @serveraliases.empty? -%> ## Server aliases -<% Array(@serveraliases).each do |serveralias| -%> + <%- Array(@serveraliases).each do |serveralias| -%> ServerAlias <%= serveralias %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_serversignature.erb b/templates/vhost/_serversignature.erb new file mode 100644 index 0000000000..ff13aaf452 --- /dev/null +++ b/templates/vhost/_serversignature.erb @@ -0,0 +1 @@ + ServerSignature Off diff --git a/templates/vhost/_setenv.erb b/templates/vhost/_setenv.erb index d5f9ea8450..ce1fa955ef 100644 --- a/templates/vhost/_setenv.erb +++ b/templates/vhost/_setenv.erb @@ -1,12 +1,12 @@ <% if @setenv and ! @setenv.empty? -%> ## SetEnv/SetEnvIf for environment variables -<% Array(@setenv).each do |envvar| -%> + <%- Array(@setenv).each do |envvar| -%> SetEnv <%= envvar %> -<% end -%> + <%- end -%> <% end -%> <% if @setenvif and ! @setenvif.empty? -%> -<% Array(@setenvif).each do |envifvar| -%> + <%- Array(@setenvif).each do |envifvar| -%> SetEnvIf <%= envifvar %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 174f0a1891..55289ae7e9 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -4,40 +4,40 @@ SSLEngine on SSLCertificateFile "<%= @ssl_cert %>" SSLCertificateKeyFile "<%= @ssl_key %>" -<% if @ssl_chain -%> + <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" -<% end -%> -<% if @ssl_certs_dir -%> + <%- end -%> + <%- if @ssl_certs_dir -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" -<% end -%> -<% if @ssl_ca -%> + <%- end -%> + <%- if @ssl_ca -%> SSLCACertificateFile "<%= @ssl_ca %>" -<% end -%> -<% if @ssl_crl_path -%> + <%- end -%> + <%- if @ssl_crl_path -%> SSLCARevocationPath "<%= @ssl_crl_path %>" -<% end -%> -<% if @ssl_crl -%> + <%- end -%> + <%- if @ssl_crl -%> SSLCARevocationFile "<%= @ssl_crl %>" -<% end -%> -<% if @ssl_proxyengine -%> + <%- end -%> + <%- if @ssl_proxyengine -%> SSLProxyEngine On -<% end -%> -<% if @ssl_protocol -%> + <%- end -%> + <%- if @ssl_protocol -%> SSLProtocol <%= @ssl_protocol %> -<% end -%> -<% if @ssl_cipher -%> + <%- end -%> + <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %> -<% end -%> -<% if @ssl_honorcipherorder -%> + <%- end -%> + <%- if @ssl_honorcipherorder -%> SSLHonorCipherOrder <%= @ssl_honorcipherorder %> -<% end -%> -<% if @ssl_verify_client -%> + <%- end -%> + <%- if @ssl_verify_client -%> SSLVerifyClient <%= @ssl_verify_client %> -<% end -%> -<% if @ssl_verify_depth -%> + <%- end -%> + <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> -<% end -%> -<% if @ssl_options -%> + <%- end -%> + <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> -<% end -%> + <%- end -%> <% end -%> diff --git a/templates/vhost/_suphp.erb b/templates/vhost/_suphp.erb index 9389581805..e394b6f94a 100644 --- a/templates/vhost/_suphp.erb +++ b/templates/vhost/_suphp.erb @@ -1,11 +1,11 @@ <% if @suphp_engine == 'on' -%> -<% if @suphp_addhandler -%> + <%- if @suphp_addhandler -%> suPHP_AddHandler <%= @suphp_addhandler %> -<% end -%> -<% if @suphp_engine -%> + <%- end -%> + <%- if @suphp_engine -%> suPHP_Engine <%= @suphp_engine %> -<% end -%> -<% if @suphp_configpath -%> + <%- end -%> + <%- if @suphp_configpath -%> suPHP_ConfigPath "<%= @suphp_configpath %>" -<% end -%> + <%- end -%> <% end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index a6c61360a7..4ffb782990 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -143,14 +143,14 @@ # Vhost to redirect non-ssl to ssl apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrites => [ + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrites => [ { - comment => 'redirect non-SSL traffic to SSL site', - rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + comment => 'redirect non-SSL traffic to SSL site', + rewrite_cond => ['%{HTTPS} off'], + rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], } ] } @@ -215,18 +215,18 @@ # Vhost with SSLProtocol,SSLCipherSuite, SSLHonorCipherOrder apache::vhost { 'securedomain.com': - priority => '10', - vhost_name => 'www.securedomain.com', - port => '443', - docroot => '/var/www/secure', - ssl => true, - ssl_cert => '/etc/ssl/securedomain.cert', - ssl_key => '/etc/ssl/securedomain.key', - ssl_chain => '/etc/ssl/securedomain.crt', - ssl_protocol => '-ALL +SSLv3 +TLSv1', - ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', - ssl_honorcipherorder => 'On', - add_listen => false, + priority => '10', + vhost_name => 'www.securedomain.com', + port => '443', + docroot => '/var/www/secure', + ssl => true, + ssl_cert => '/etc/ssl/securedomain.cert', + ssl_key => '/etc/ssl/securedomain.key', + ssl_chain => '/etc/ssl/securedomain.crt', + ssl_protocol => '-ALL +SSLv3 +TLSv1', + ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', + ssl_honorcipherorder => 'On', + add_listen => false, } # Vhost with access log environment variables writing control From cd5bc5b858412cf8fef616992d10e17ca95273ac Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 21 Aug 2014 13:17:33 -0400 Subject: [PATCH 0318/2267] Add --relative flag --- .puppet-lint.rc | 1 + 1 file changed, 1 insertion(+) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index ef187bbdaa..0b3cfad25d 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,3 +1,4 @@ +--relative --no-single_quote_string_with_variables-check --no-80chars-check --no-class_inherits_from_params_class-check From 4740e84763a8d336c6db13c59cd2a94f0ff461ca Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 21 Aug 2014 15:07:51 -0400 Subject: [PATCH 0319/2267] Add missing kernel fact --- spec/classes/mod/deflate_spec.rb | 3 +++ spec/classes/mod/negotiation_spec.rb | 1 + spec/classes/mod/passenger_spec.rb | 4 ++++ spec/classes/mod/php_spec.rb | 1 + spec/classes/mod/worker_spec.rb | 1 + spec/defines/fastcgi_server_spec.rb | 4 ++++ 6 files changed, 14 insertions(+) diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 164dbfa2ea..c61010f28a 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -35,6 +35,7 @@ class { "apache::mod::deflate": { :id => 'root', :lsbdistcodename => 'squeeze', + :kernel => 'Linux', :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', @@ -60,6 +61,7 @@ class { "apache::mod::deflate": let :facts do { :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => '6', @@ -78,6 +80,7 @@ class { "apache::mod::deflate": let :facts do { :id => 'root', + :kernel => 'FreeBSD', :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index 814660e1a1..d01442cb9a 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -7,6 +7,7 @@ { :osfamily => 'Debian', :operatingsystem => 'Debian', + :kernel => 'Linux', :lsbdistcodename => 'squeeze', :operatingsystemrelease => '6', :concat_basedir => '/dne', diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 7fc1e3a63f..23154014a4 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -9,6 +9,7 @@ { :osfamily => 'Debian', :operatingsystemrelease => '6', + :kernel => 'Linux', :concat_basedir => '/dne', :lsbdistcodename => 'squeeze', :operatingsystem => 'Debian', @@ -123,6 +124,7 @@ { :osfamily => 'Debian', :operatingsystemrelease => '12.04', + :kernel => 'Linux', :operatingsystem => 'Ubuntu', :lsbdistrelease => '12.04', :concat_basedir => '/dne', @@ -142,6 +144,7 @@ :osfamily => 'Debian', :operatingsystemrelease => '14.04', :operatingsystem => 'Ubuntu', + :kernel => 'Linux', :lsbdistrelease => '14.04', :concat_basedir => '/dne', :id => 'root', @@ -160,6 +163,7 @@ :osfamily => 'Debian', :operatingsystemrelease => '7.3', :operatingsystem => 'Debian', + :kernel => 'Linux', :lsbdistcodename => 'wheezy', :concat_basedir => '/dne', :id => 'root', diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index c61cdf6f53..cf61318797 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -158,6 +158,7 @@ :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :kernel => 'Linux', :lsbdistcodename => 'squeeze', :concat_basedir => '/dne', :id => 'root', diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index c2ede28a2b..5902c2c7ea 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -119,6 +119,7 @@ :osfamily => 'RedHat', :operatingsystem => 'CentOS', :operatingsystemrelease => '6', + :kernel => 'Linux', :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 4a8762c868..1dc8fd444a 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -14,6 +14,7 @@ :osfamily => 'RedHat', :operatingsystem => 'CentOS', :operatingsystemrelease => '6', + :kernel => 'Linux', :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', @@ -34,6 +35,7 @@ :operatingsystem => 'Debian', :operatingsystemrelease => '6', :lsbdistcodename => 'squeeze', + :kernel => 'Linux', :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', @@ -53,6 +55,7 @@ :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :kernel => 'FreeBSD', :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', @@ -74,6 +77,7 @@ :operatingsystem => 'Debian', :operatingsystemrelease => '6', :lsbdistcodename => 'squeeze', + :kernel => 'Linux', :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', From 9a39347d655cd6a9dcd1e2dd4165c3312eebc181 Mon Sep 17 00:00:00 2001 From: Emanuele 'Tex' Tessore Date: Mon, 7 Jul 2014 17:35:32 +0200 Subject: [PATCH 0320/2267] fixed type bug --- manifests/vhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0c7f03cd49..0dff1b91c8 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -300,8 +300,8 @@ if $ip and defined(Apache::Listen[$port]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } - if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { $listen_addr_port: } + if ! defined(Apache::Listen["$listen_addr_port"]) and $listen_addr_port and $ensure == 'present' { + ::apache::listen { "$listen_addr_port": } } } if ! $ip_based { From 118e7479b63387b68f1d92a509f968cff501ab0b Mon Sep 17 00:00:00 2001 From: Emanuele Tessore Date: Fri, 8 Aug 2014 09:34:02 +0200 Subject: [PATCH 0321/2267] make puppetlint happy with ${variable} syntax --- manifests/vhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0dff1b91c8..7dd6d5f44b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -300,8 +300,8 @@ if $ip and defined(Apache::Listen[$port]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } - if ! defined(Apache::Listen["$listen_addr_port"]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { "$listen_addr_port": } + if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { + ::apache::listen { "${listen_addr_port}": } } } if ! $ip_based { From 3f4630cb29f3c96a7cfc25efa3f06e7a9ae44032 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 26 Aug 2014 15:26:41 -0400 Subject: [PATCH 0322/2267] Apparently missed one of these in the conversion Use Concat instead of File. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7dd6d5f44b..1755c2979c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -225,7 +225,7 @@ ensure => directory, mode => $logroot_mode, require => Package['httpd'], - before => File["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}-${filename}.conf"], } } From 1b4e9429aa89168389a9a0b5d4491ed5cc7ec0e8 Mon Sep 17 00:00:00 2001 From: Riley Shott Date: Thu, 31 Jul 2014 17:19:10 -0700 Subject: [PATCH 0323/2267] Allow for better $logroot management This commit now allows you to set the directory permissions on the default $logroot directory by exposing $logroot_mode in init.pp. It also adds a $logroot_ensure parameter to apache::vhost that can toggle the creation of a vhost's logroot resource. --- README.md | 11 ++++++++++- manifests/init.pp | 3 +++ manifests/params.pp | 3 +++ manifests/vhost.pp | 9 +++++++-- spec/defines/vhost_spec.rb | 23 +++++++++++++++++++++-- 5 files changed, 44 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4c01d27ff5..dd6be895d3 100644 --- a/README.md +++ b/README.md @@ -342,7 +342,7 @@ Changes the directory where Apache log files for the virtual host are placed. De #####`logroot_mode` -Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored +Overrides the mode the default logroot directory is set to ($::apache::logroot). Defaults to undef. Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. #####`manage_group` @@ -972,6 +972,15 @@ Usage will typically look like: Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. +#####`$logroot_ensure` + +Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'. + +#####`logroot_mode` + +Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored +in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. + #####`log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. diff --git a/manifests/init.pp b/manifests/init.pp index 1c9c758618..f35fafbaa1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -53,6 +53,7 @@ $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $apache::params::max_keepalive_requests, $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, @@ -321,6 +322,7 @@ access_log_file => $access_log_file, priority => '15', ip => $ip, + logroot_mode => $logroot_mode, } $ssl_access_log_file = $::osfamily ? { 'freebsd' => $access_log_file, @@ -336,6 +338,7 @@ access_log_file => $ssl_access_log_file, priority => '15', ip => $ip, + logroot_mode => $logroot_mode, } } } diff --git a/manifests/params.pp b/manifests/params.pp index d272afb319..d5d1265a6b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -45,6 +45,7 @@ $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/httpd' + $logroot_mode = undef $lib_path = 'modules' $mpm_module = 'prefork' $dev_packages = 'httpd-devel' @@ -109,6 +110,7 @@ $conf_file = 'apache2.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/apache2' + $logroot_mode = undef $lib_path = '/usr/lib/apache2/modules' $mpm_module = 'worker' $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] @@ -209,6 +211,7 @@ $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/apache22' + $logroot_mode = undef $lib_path = '/usr/local/libexec/apache22' $mpm_module = 'prefork' $dev_packages = undef diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 1755c2979c..b9c8406a62 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -35,6 +35,7 @@ $directoryindex = '', $vhost_name = '*', $logroot = $::apache::logroot, + $logroot_ensure = 'directory', $logroot_mode = undef, $log_level = undef, $access_log = true, @@ -154,6 +155,10 @@ if $itk { validate_hash($itk) } + + validate_re($logroot_ensure, '^(directory|absent)$', + "${logroot_ensure} is not supported for logroot_ensure. + Allowed values are 'directory' and 'absent'.") if $log_level { validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', @@ -220,9 +225,9 @@ } # Same as above, but for logroot - if ! defined(File[$logroot]) and $ensure == 'present' { + if ! defined(File[$logroot]) { file { $logroot: - ensure => directory, + ensure => $logroot_ensure, mode => $logroot_mode, require => Package['httpd'], before => Concat["${priority_real}-${filename}.conf"], diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index bc131a1c55..c5e1fe05ef 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -137,6 +137,7 @@ 'directoryindex' => 'index.html', 'vhost_name' => 'test', 'logroot' => '/var/www/logs', + 'logroot_ensure' => 'directory', 'logroot_mode' => '0600', 'log_level' => 'crit', 'access_log' => false, @@ -252,7 +253,11 @@ it { is_expected.to contain_class('apache::mod::vhost_alias') } it { is_expected.to contain_class('apache::mod::wsgi') } it { is_expected.to contain_class('apache::mod::suexec') } - it { is_expected.to contain_file('/var/www/logs') } + it { is_expected.to contain_file('/var/www/logs').with({ + 'ensure' => 'directory', + 'mode' => '0600', + }) + } it { is_expected.to contain_class('apache::mod::rewrite') } it { is_expected.to contain_class('apache::mod::alias') } it { is_expected.to contain_class('apache::mod::proxy') } @@ -308,6 +313,7 @@ 'ensure' => 'absent', 'manage_docroot' => true, 'logroot' => '/tmp/logroot', + 'logroot_ensure' => 'absent', } end let :facts do @@ -336,7 +342,10 @@ it { is_expected.to_not contain_class('apache::mod::passenger') } it { is_expected.to_not contain_class('apache::mod::headers') } it { is_expected.to contain_file('/var/www/foo') } - it { is_expected.to_not contain_file('/tmp/logroot') } + it { is_expected.to contain_file('/tmp/logroot').with({ + 'ensure' => 'absent', + }) + } it { is_expected.to contain_concat('25-rspec.example.com.conf').with({ 'ensure' => 'absent', }) @@ -524,6 +533,16 @@ let :facts do default_facts end it { expect { is_expected.to compile }.to raise_error } end + context 'bad logroot_ensure' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end context 'bad log_level' do let :params do { From 4ece06161f8b6d114640f97c42db5f1cfb43a222 Mon Sep 17 00:00:00 2001 From: ThatGraemeGuy Date: Wed, 27 Aug 2014 14:29:14 +0200 Subject: [PATCH 0324/2267] Added missing syntax highlight to 1st apache::mod::php example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4c01d27ff5..99cb9f0ba0 100644 --- a/README.md +++ b/README.md @@ -616,7 +616,7 @@ Full documentation for mod_pagespeed is available from [Google](http://modpagesp Installs and configures mod_php. The defaults are OS-dependant. Overriding the package name: -``` +```puppet class {'::apache::mod::php': package_name => "php54-php", path => "${::apache::params::lib_path}/libphp54-php5.so", From 4a8b692b0381261cc7dec2f4551fc73a2a409d11 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Tue, 26 Aug 2014 14:21:00 +0200 Subject: [PATCH 0325/2267] Allow multiple balancermembers with the same url Currently you can't set multiple balancermembers with the same url even if they are bind to different balancers. This commit fixes that unwanted behaviour. --- manifests/balancermember.pp | 2 +- spec/defines/balancermember_spec.rb | 36 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 spec/defines/balancermember_spec.rb diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index 121e2c5533..459081a716 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -45,7 +45,7 @@ $options = [], ) { - concat::fragment { "BalancerMember ${url}": + concat::fragment { "BalancerMember ${name}": ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), diff --git a/spec/defines/balancermember_spec.rb b/spec/defines/balancermember_spec.rb new file mode 100644 index 0000000000..b7293b390e --- /dev/null +++ b/spec/defines/balancermember_spec.rb @@ -0,0 +1,36 @@ +require 'spec_helper' + +describe 'apache::balancermember', :type => :define do + let :pre_condition do + 'include apache + apache::balancer {"balancer":} + apache::balancer {"balancer-external":} + apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} + ' + end + let :title do + 'http://127.0.0.1:8080/' + end + let :params do + { + :options => [], + :url => 'http://127.0.0.1:8080/', + :balancer_cluster => 'balancer-internal' + } + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + } + end + describe "allows multiple balancermembers with the same url" do + it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') } + end +end From d2ad8ec2fc5a638d96862d30ccc80eed225487b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Mon, 30 Jun 2014 13:44:57 +0200 Subject: [PATCH 0326/2267] function to munge booleans to httpd's On/Off this function tries to recognize booleans of any kind and convert (normalize) them httpd's accepted On/Off. Failing that, it will simply return the string it was passed. As such it can be used, for instance for: $server_signature = true $server_signature = false $server_signature = 'mail' --- lib/puppet/parser/functions/bool2httpd.rb | 30 +++++++++++ .../parser/functions/bool2httpd_spec.rb | 54 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 lib/puppet/parser/functions/bool2httpd.rb create mode 100644 spec/unit/puppet/parser/functions/bool2httpd_spec.rb diff --git a/lib/puppet/parser/functions/bool2httpd.rb b/lib/puppet/parser/functions/bool2httpd.rb new file mode 100644 index 0000000000..5fb79f6f58 --- /dev/null +++ b/lib/puppet/parser/functions/bool2httpd.rb @@ -0,0 +1,30 @@ +Puppet::Parser::Functions::newfunction(:bool2httpd, :type => :rvalue, :doc => <<-EOS +Transform a supposed boolean to On or Off. Pass all other values through. +Given a nil value (undef), bool2httpd will return 'Off' + +Example: + + $trace_enable = false + $server_signature = 'mail' + + bool2httpd($trace_enable) + # => 'Off' + bool2httpd($server_signature) + # => 'mail' + bool2httpd(undef) + # => 'Off' + +EOS +) do |args| + raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1 + + arg = args[0] + + if arg.nil? or arg == false or arg =~ /false/i or arg == :undef + return 'Off' + elsif arg == true or arg =~ /true/i + return 'On' + end + + return arg.to_s +end diff --git a/spec/unit/puppet/parser/functions/bool2httpd_spec.rb b/spec/unit/puppet/parser/functions/bool2httpd_spec.rb new file mode 100644 index 0000000000..b0bcbb6220 --- /dev/null +++ b/spec/unit/puppet/parser/functions/bool2httpd_spec.rb @@ -0,0 +1,54 @@ +#! /usr/bin/env ruby -S rspec +require 'spec_helper' + +describe "the bool2httpd function" do + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it "should exist" do + expect(Puppet::Parser::Functions.function("bool2httpd")).to eq("function_bool2httpd") + end + + it "should raise a ParseError if there is less than 1 arguments" do + expect { scope.function_bool2httpd([]) }.to( raise_error(Puppet::ParseError)) + end + + it "should convert true to 'On'" do + result = scope.function_bool2httpd([true]) + expect(result).to(eq('On')) + end + + it "should convert true to a string" do + result = scope.function_bool2httpd([true]) + expect(result.class).to(eq(String)) + end + + it "should convert false to 'Off'" do + result = scope.function_bool2httpd([false]) + expect(result).to(eq('Off')) + end + + it "should convert false to a string" do + result = scope.function_bool2httpd([false]) + expect(result.class).to(eq(String)) + end + + it "should accept (and return) any string" do + result = scope.function_bool2httpd(["mail"]) + expect(result).to(eq('mail')) + end + + it "should accept a nil value (and return Off)" do + result = scope.function_bool2httpd([nil]) + expect(result).to(eq('Off')) + end + + it "should accept an undef value (and return 'Off')" do + result = scope.function_bool2httpd([:undef]) + expect(result).to(eq('Off')) + end + + it "should return a default value on non-matches" do + result = scope.function_bool2httpd(['foo']) + expect(result).to(eq('foo')) + end +end From e550ec293be9f329f793c22b97731035994c37eb Mon Sep 17 00:00:00 2001 From: Geoff Williams Date: Fri, 29 Aug 2014 12:48:00 +1000 Subject: [PATCH 0327/2267] force class definition checks to use absolute scope --- manifests/mod/php.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index ad0ff48a0e..c1f76065a6 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -7,10 +7,10 @@ $template = 'apache/mod/php5.conf.erb', $source = undef, ) { - if defined(Class['apache::mod::prefork']) { + if defined(Class['::apache::mod::prefork']) { Class['::apache::mod::prefork']->File['php5.conf'] } - elsif defined(Class['apache::mod::itk']) { + elsif defined(Class['::apache::mod::itk']) { Class['::apache::mod::itk']->File['php5.conf'] } else { From 873d829e6663d9a6b92635320d0070156a1fc304 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 4 Sep 2014 11:21:13 +0530 Subject: [PATCH 0328/2267] Ensure that mod packages are installed before conf Currently, there is no strict ordering that ensures that the conf file is only created after a mods packages are installed. This means that it is possible for the .conf file to be created before package installation. In the case of libapache2-mod-wsgi (3.4-4ubuntu2.1.14.04.1), this lead to a package install failure on Ubuntu Trusty dpkg: error processing package libapache2-mod-wsgi (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: libapache2-mod-wsgi Sub-process /usr/bin/dpkg returned an error code (1) The order is ensured by this patch by assuming that the mod.conf file is named: "${mod}.conf" (the same assumption made by the related symlink) and placing a conditional dependency on all packages indicated being required for the installation of the module. --- manifests/mod.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/mod.pp b/manifests/mod.pp index 2795578ec8..b937e8f050 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -68,6 +68,8 @@ ], default => File[$_loadfile_name], } + # if there are any packages, they should be installed before the associated conf file + Package[$_package] -> File<| title == "${mod}.conf" |> # $_package may be an array package { $_package: ensure => $package_ensure, From f4ecfa2b9ab94f37dfd663f10e4bc02a242c1d3f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 2 Sep 2014 16:45:37 -0400 Subject: [PATCH 0329/2267] Add defined type for handling custom configs Initially I was looking to handle custom configs by creating a temporary file, validating that file, and creating a file under apache's `$confd_dir` only if that validation passed. Ubuntu caused issues for me though, and apachectl was unable to validate config files under non-default paths. Thus, I ended up with a file resource and two execs, to remove the config if invalid, and notify the httpd service if valid. There were some bugs with existing acceptance tests, so fixed those too. --- README.md | 41 +++++++ manifests/custom_config.pp | 60 ++++++++++ spec/acceptance/apache_parameters_spec.rb | 10 +- spec/acceptance/custom_config_spec.rb | 38 ++++++ spec/acceptance/version.rb | 5 +- spec/defines/custom_config_spec.rb | 137 ++++++++++++++++++++++ 6 files changed, 284 insertions(+), 7 deletions(-) create mode 100644 manifests/custom_config.pp create mode 100644 spec/acceptance/custom_config_spec.rb create mode 100644 spec/defines/custom_config_spec.rb diff --git a/README.md b/README.md index df2c70d5a3..6632e0992e 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ 4. [Usage - The classes and defined types available for configuration](#usage) * [Classes and Defined Types](#classes-and-defined-types) * [Class: apache](#class-apache) + * [Defined Type: apache::custom_config](#defined-type-apachecustom_config) * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) @@ -429,6 +430,46 @@ Changes the location of the configuration directory your virtual host configurat The name of the Apache package to install. This is automatically detected in `::apache::params`. You may need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. +####Defined Type: `apache::custom_config` + +Allows you to create custom configs for Apache. The configuration files will only be added to the Apache confd dir if the file is valid. An error will be raised during the puppet run if the file is invalid and `$verify_config` is `true`. + +```puppet + apache::custom_config { 'test': + content => '# Test', + } +``` + +**Parameters within `apache::custom_config`:** + +#####`ensure` + +Specify whether the configuration file is present or absent. Defaults to 'present'. Valid values are 'present' and 'absent'. + +#####`confdir` + +The directory to place the configuration file in. Defaults to `$::apache::confd_dir`. + +#####`content` + +The content of the configuration file. Only one of `$content` and `$source` can be specified. + +#####`priority` + +The priority of the configuration file, used for ordering. Defaults to '25'. + +#####`source` + +The source of the configuration file. Only one of `$content` and `$source` can be specified. + +#####`verify_command` + +The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` will only be used if `$verify_config` is `true`. If the `$verify_command` fails the configuration file will be deleted, the Apache service will not be notified, and an error will be raised during the puppet run. + +#####`verify_config` + +Boolean to specify whether the configuration file should be validated before the Apache service is notified. Defaults to `true`. + ####Class: `apache::default_mods` Installs default Apache modules based on what OS you are running. diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp new file mode 100644 index 0000000000..543ace94e5 --- /dev/null +++ b/manifests/custom_config.pp @@ -0,0 +1,60 @@ +# See README.md for usage information +define apache::custom_config ( + $ensure = 'present', + $confdir = $::apache::confd_dir, + $content = undef, + $priority = '25', + $source = undef, + $verify_command = '/usr/sbin/apachectl -t', + $verify_config = true, +) { + + if $content and $source { + fail('Only one of $content and $source can be specified.') + } + + if $ensure == 'present' and ! $content and ! $source { + fail('One of $content and $source must be specified.') + } + + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. + Allowed values are 'present' and 'absent'.") + + validate_bool($verify_config) + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + + if ! $verify_config or $ensure == 'absent' { + $notifies = Service['httpd'] + } else { + $notifies = undef + } + + file { "apache_${name}": + ensure => $ensure, + path => "${confdir}/${priority}-${filename}.conf", + content => $content, + source => $source, + require => Package['httpd'], + notify => $notifies, + } + + if $ensure == 'present' and $verify_config { + exec { "service notify for ${name}": + command => $verify_command, + subscribe => File["apache_${name}"], + refreshonly => true, + notify => Service['httpd'], + before => Exec["remove ${name} if invalid"], + } + + exec { "remove ${name} if invalid": + command => "/bin/rm ${confdir}/${priority}-${filename}.conf", + unless => $verify_command, + subscribe => File["apache_${name}"], + refreshonly => true, + } + } +} diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 983bbb1676..3a21ab0eb2 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -11,7 +11,7 @@ end if fact('osfamily') == 'FreeBSD' - describe file("#{confd_dir}/no-accf.conf.erb") do + describe file("#{$confd_dir}/no-accf.conf.erb") do it { is_expected.not_to be_file } end end @@ -80,9 +80,8 @@ class { 'apache': pp = <<-EOS class { 'apache': purge_configs => false, - purge_vdir => false, purge_vhost_dir => false, - vhost_dir => "#{confd_dir}.vhosts" + vhost_dir => "#{$confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") @@ -105,9 +104,8 @@ class { 'apache': pp = <<-EOS class { 'apache': purge_configs => true, - purge_vdir => true, purge_vhost_dir => true, - vhost_dir => "#{confd_dir}.vhosts" + vhost_dir => "#{$confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") @@ -202,7 +200,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end - describe file("#{$confd_dir}/mime.conf") do + describe file("#{$mod_dir}/mime.conf") do it { is_expected.to be_file } it { is_expected.to contain 'AddLanguage eo .eo' } end diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb new file mode 100644 index 0000000000..fce6bb306f --- /dev/null +++ b/spec/acceptance/custom_config_spec.rb @@ -0,0 +1,38 @@ +require 'spec_helper_acceptance' +require_relative './version.rb' + +describe 'apache::custom_config define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + context 'invalid config' do + it 'should not add the config' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'acceptance_test': + content => 'INVALID', + } + EOS + + apply_manifest(pp, :expect_failures => true) + end + + describe file("#{$confd_dir}/25-acceptance_test.conf") do + it { is_expected.not_to be_file } + end + end + + context 'valid config' do + it 'should add the config' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'acceptance_test': + content => '# just a comment', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$confd_dir}/25-acceptance_test.conf") do + it { is_expected.to contain '# just a comment' } + end + end +end diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 27498354b4..b88412b42f 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -5,6 +5,7 @@ case _osfamily when 'RedHat' $confd_dir = '/etc/httpd/conf.d' + $mod_dir = '/etc/httpd/conf.d' $conf_file = '/etc/httpd/conf/httpd.conf' $ports_file = '/etc/httpd/conf/ports.conf' $vhost_dir = '/etc/httpd/conf.d' @@ -22,7 +23,8 @@ $apache_version = '2.2' end when 'Debian' - $confd_dir = '/etc/apache2/mods-available' + $confd_dir = '/etc/apache2/conf.d' + $mod_dir = '/etc/apache2/mods-available' $conf_file = '/etc/apache2/apache2.conf' $ports_file = '/etc/apache2/ports.conf' $vhost = '/etc/apache2/sites-available/15-default.conf' @@ -41,6 +43,7 @@ end when 'FreeBSD' $confd_dir = '/usr/local/etc/apache22/Includes' + $mod_dir = '/usr/local/etc/apache22/Modules' $conf_file = '/usr/local/etc/apache22/httpd.conf' $ports_file = '/usr/local/etc/apache22/Includes/ports.conf' $vhost = '/usr/local/etc/apache22/Vhosts/15-default.conf' diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb new file mode 100644 index 0000000000..187b8a7b56 --- /dev/null +++ b/spec/defines/custom_config_spec.rb @@ -0,0 +1,137 @@ +require 'spec_helper' + +describe 'apache::custom_config', :type => :define do + let :pre_condition do + 'class { "apache": }' + end + let :title do + 'rspec' + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context 'defaults with content' do + let :params do + { + 'content' => '# Test', + } + end + it { is_expected.to contain_exec("service notify for rspec").with({ + 'refreshonly' => 'true', + 'subscribe' => 'File[apache_rspec]', + 'command' => '/usr/sbin/apachectl -t', + 'notify' => 'Service[httpd]', + 'before' => 'Exec[remove rspec if invalid]', + }) + } + it { is_expected.to contain_exec("remove rspec if invalid").with({ + 'unless' => '/usr/sbin/apachectl -t', + 'subscribe' => 'File[apache_rspec]', + 'refreshonly' => 'true', + }) + } + it { is_expected.to contain_file("apache_rspec").with({ + 'ensure' => 'present', + 'content' => '# Test', + 'require' => 'Package[httpd]', + }) + } + end + context 'set everything with source' do + let :params do + { + 'confdir' => '/dne', + 'priority' => '30', + 'source' => 'puppet:///modules/apache/test', + 'verify_command' => '/bin/true', + } + end + it { is_expected.to contain_exec("service notify for rspec").with({ + 'command' => '/bin/true', + }) + } + it { is_expected.to contain_exec("remove rspec if invalid").with({ + 'command' => '/bin/rm /dne/30-rspec.conf', + 'unless' => '/bin/true', + }) + } + it { is_expected.to contain_file("apache_rspec").with({ + 'path' => '/dne/30-rspec.conf', + 'ensure' => 'present', + 'source' => 'puppet:///modules/apache/test', + 'require' => 'Package[httpd]', + }) + } + end + context 'verify_config => false' do + let :params do + { + 'content' => '# test', + 'verify_config' => false, + } + end + it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('remove rspec if invalid') } + it { is_expected.to contain_file('apache_rspec').with({ + 'notify' => 'Service[httpd]' + }) + } + end + context 'ensure => absent' do + let :params do + { + 'ensure' => 'absent' + } + end + it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('remove rspec if invalid') } + it { is_expected.to contain_file('apache_rspec').with({ + 'ensure' => 'absent', + }) + } + end + describe 'validation' do + context 'both content and source' do + let :params do + { + 'content' => 'foo', + 'source' => 'bar', + } + end + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Only one of \$content and \$source can be specified\./) + end + end + context 'neither content nor source' do + it do + expect { + should compile + }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./) + end + end + context 'bad ensure' do + let :params do + { + 'content' => 'foo', + 'ensure' => 'foo', + } + end + it do + expect { + should compile + }.to raise_error(Puppet::Error, /is not supported for ensure/) + end + end + end +end From c24e2fae07c2af07ae72cf24d3ece07c7d739792 Mon Sep 17 00:00:00 2001 From: Pi3r Date: Sun, 7 Sep 2014 22:05:19 +0200 Subject: [PATCH 0330/2267] Clean-up hash lookup and avoid local undef var --- manifests/mod.pp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 2795578ec8..776a6c59f2 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -18,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -48,11 +47,10 @@ # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] } else { $_package = undef } From b1c2ce0ca59ace35fa476aa913dc03440ce55f55 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Tue, 9 Sep 2014 17:18:16 +0200 Subject: [PATCH 0331/2267] Fix formatting of sethandler description The code example in the `satisfy` section didn't close the code block. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 28ba28b6bb..9f6b95aca3 100644 --- a/README.md +++ b/README.md @@ -1629,6 +1629,7 @@ Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.a } ], } +``` ######`sethandler` From ba8f8159c2416467e1464f85f3ce235143439de6 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 9 Sep 2014 11:09:11 -0700 Subject: [PATCH 0332/2267] (FM-1876) Remove trailing whitespace from manifests/vhost.pp This commit allows apache's lint tests to pass --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b9c8406a62..730ed05856 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -155,7 +155,7 @@ if $itk { validate_hash($itk) } - + validate_re($logroot_ensure, '^(directory|absent)$', "${logroot_ensure} is not supported for logroot_ensure. Allowed values are 'directory' and 'absent'.") From a529a407e62e61ae641d2f283721b2911925eccf Mon Sep 17 00:00:00 2001 From: Victor Passapera Date: Tue, 9 Sep 2014 11:28:38 -0700 Subject: [PATCH 0333/2267] Update vhost.pp Getting duplicate declaration errors for logroots managed from puppet and *not* apache even though it tries to create it if not defined. --- manifests/vhost.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 730ed05856..0f5c6182be 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -35,6 +35,7 @@ $directoryindex = '', $vhost_name = '*', $logroot = $::apache::logroot, + $manage_logroot = true, $logroot_ensure = 'directory', $logroot_mode = undef, $log_level = undef, @@ -225,7 +226,7 @@ } # Same as above, but for logroot - if ! defined(File[$logroot]) { + if ! defined(File[$logroot]) and $manage_logroot { file { $logroot: ensure => $logroot_ensure, mode => $logroot_mode, From 7a98903b42ff1f12656a24e229fc37958608f0c1 Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Wed, 10 Sep 2014 10:33:29 -0700 Subject: [PATCH 0334/2267] Fix issue with puppet_module_install, removed and using updated method from beaker core copy_module_to --- spec/spec_helper_acceptance.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 370de46c0d..0ae9335f69 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -28,8 +28,8 @@ # Configure all nodes in nodeset c.before :suite do # Install module and dependencies - puppet_module_install(:source => proj_root, :module_name => 'apache') hosts.each do |host| + copy_module_to(host, :source => proj_root, :module_name => 'apache') # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } From 9a9877fc82f5f758fcf102ea48939e509f819ede Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 13 Sep 2014 14:19:22 +0200 Subject: [PATCH 0335/2267] Fix typo in mod::pagespeed memache_servers --- README.md | 2 +- manifests/mod/pagespeed.pp | 2 +- templates/mod/pagespeed.conf.erb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 98cebb9a97..8993048ae3 100644 --- a/README.md +++ b/README.md @@ -498,7 +498,7 @@ These are the defaults: filter_xhtml => false, cache_path => '/var/cache/mod_pagespeed/', log_dir => '/var/log/pagespeed', - memache_servers => [], + memcache_servers => [], rewrite_level => 'CoreFilters', disable_filters => [], enable_filters => [], diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index d58f99fe2e..065957ebbd 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -3,7 +3,7 @@ $filter_xhtml = false, $cache_path = '/var/cache/mod_pagespeed/', $log_dir = '/var/log/pagespeed', - $memache_servers = [], + $memcache_servers = [], $rewrite_level = 'CoreFilters', $disable_filters = [], $enable_filters = [], diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index 3bbf7f29b4..fbdfa303dc 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -8,7 +8,7 @@ AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml ModPagespeedFileCachePath "<%= @cache_path %>" ModPagespeedLogDir "<%= @log_dir %>" -<% @memache_servers.each do |server| -%> +<% @memcache_servers.each do |server| -%> ModPagespeedMemcachedServers <%= server -%> <% end -%> From aa4d07a8b6294c192a98a197ac6d9356b92c9a23 Mon Sep 17 00:00:00 2001 From: olivierHa Date: Mon, 15 Sep 2014 09:03:06 +0200 Subject: [PATCH 0336/2267] Fix correct type for php_admin and sort hash --- manifests/vhost.pp | 4 ++-- templates/vhost/_php_admin.erb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 730ed05856..0d90d55851 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -59,8 +59,8 @@ $suphp_addhandler = $::apache::params::suphp_addhandler, $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, - $php_admin_flags = [], - $php_admin_values = [], + $php_admin_flags = {}, + $php_admin_values = {}, $no_proxy_uris = [], $proxy_preserve_host = false, $redirect_source = '/', diff --git a/templates/vhost/_php_admin.erb b/templates/vhost/_php_admin.erb index b79b818df9..c0c8dd60a7 100644 --- a/templates/vhost/_php_admin.erb +++ b/templates/vhost/_php_admin.erb @@ -1,10 +1,10 @@ <% if @php_admin_values and not @php_admin_values.empty? -%> - <%- @php_admin_values.each do |key,value| -%> + <%- @php_admin_values.sort.each do |key,value| -%> php_admin_value <%= key %> <%= value %> <%- end -%> <% end -%> <% if @php_admin_flags and not @php_admin_flags.empty? -%> - <%- @php_admin_flags.each do |key,flag| -%> + <%- @php_admin_flags.sort.each do |key,flag| -%> <%-# normalize flag -%> <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> php_admin_flag <%= key %> <%= flag %> From 2b3a9f030ff77824a30b20a642ea97379fdf4d95 Mon Sep 17 00:00:00 2001 From: Matthias Baur Date: Fri, 5 Sep 2014 18:48:24 +0200 Subject: [PATCH 0337/2267] Fix some Puppet Lint errors --- manifests/init.pp | 2 +- manifests/mod.pp | 2 +- manifests/mod/cgid.pp | 2 +- manifests/mod/dav_fs.pp | 2 +- manifests/mod/ssl.pp | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f35fafbaa1..7fcd533e55 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -225,7 +225,7 @@ case $::osfamily { 'debian': { $docroot = '/var/www' - $pidfile = '${APACHE_PID_FILE}' + $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/usr/lib/cgi-bin' diff --git a/manifests/mod.pp b/manifests/mod.pp index 2795578ec8..1d38d3c4f7 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -76,7 +76,7 @@ } } - file { "${_loadfile_name}": + file { $_loadfile_name: ensure => file, path => "${mod_dir}/${_loadfile_name}", owner => 'root', diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 5c89251a1c..2a0c178e01 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -4,7 +4,7 @@ # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file $cgisock_path = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/cgisock', + 'debian' => "\${APACHE_RUN_DIR}/cgisock", 'freebsd' => 'cgisock', default => undef, } diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index 482f316171..0cb663f5c5 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -1,6 +1,6 @@ class apache::mod::dav_fs { $dav_lock = $::osfamily ? { - 'debian' => '${APACHE_LOCK_DIR}/DAVLock', + 'debian' => "\${APACHE_LOCK_DIR}/DAVLock", 'freebsd' => '/usr/local/var/DavLock', default => '/var/lib/dav/lockdb', } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index ff0e929272..7e115fb661 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -6,7 +6,7 @@ $package_name = undef, ) { $session_cache = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', + 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", 'redhat' => '/var/cache/mod_ssl/scache(512000)', 'freebsd' => '/var/run/ssl_scache(512000)', } @@ -18,7 +18,7 @@ } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' } else { - $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex' + $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" } } 'redhat': { From 0d39322210794f9164b1f07821632cab2adec6d9 Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Tue, 16 Sep 2014 15:38:52 -0700 Subject: [PATCH 0338/2267] MODULES-1294 Fix issue with auth_require not taking precedence over default of require all granted, added checks for require and auth_require before adding the default --- templates/vhost/_directories.erb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index efa26ce4e9..b39d636f70 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -37,7 +37,11 @@ <%- if @apache_version == '2.4' -%> <%- if directory['require'] and directory['require'] != '' -%> Require <%= Array(directory['require']).join(' ') %> - <%- else -%> + <%- end -%> + <%- if directory['auth_require'] -%> + Require <%= directory['auth_require'] %> + <%- end -%> + <%- if !(directory['require'] and directory['require'] != '') && !(directory['auth_require']) -%> Require all granted <%- end -%> <%- else -%> @@ -127,9 +131,6 @@ <%- if directory['auth_group_file'] -%> AuthGroupFile <%= directory['auth_group_file'] %> <%- end -%> - <%- if directory['auth_require'] -%> - Require <%= directory['auth_require'] %> - <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> <%- end -%> From 1dc3451fa772ba7b5cfe027a2a04fe1c6086f41b Mon Sep 17 00:00:00 2001 From: Mike Dorman Date: Thu, 18 Sep 2014 17:14:25 -0600 Subject: [PATCH 0339/2267] Changing $port to interpolated string "${port}" to fix "Cannot use Fixnum where String is expected" errors under Puppet 3.7.x --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0d90d55851..762aa28fbf 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -302,7 +302,7 @@ } } if $add_listen { - if $ip and defined(Apache::Listen[$port]) { + if $ip and defined(Apache::Listen["${port}"]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { From d84e426649542d537e999f5bc5d2aba47fac06e0 Mon Sep 17 00:00:00 2001 From: chris Date: Fri, 19 Sep 2014 11:29:20 +0200 Subject: [PATCH 0340/2267] Fix missing newline after ModPagespeed filter and memcached servers directives --- templates/mod/pagespeed.conf.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index b5c68d52e0..a1b6f117a4 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -9,21 +9,21 @@ ModPagespeedFileCachePath "<%= @cache_path %>" ModPagespeedLogDir "<%= @log_dir %>" <% @memcache_servers.each do |server| -%> -ModPagespeedMemcachedServers <%= server -%> +ModPagespeedMemcachedServers <%= server %> <% end -%> ModPagespeedRewriteLevel <%= @rewrite_level -%> <% @disable_filters.each do |filter| -%> -ModPagespeedDisableFilters <%= filter -%> +ModPagespeedDisableFilters <%= filter %> <% end -%> <% @enable_filters.each do |filter| -%> -ModPagespeedEnableFilters <%= filter -%> +ModPagespeedEnableFilters <%= filter %> <% end -%> <% @forbid_filters.each do |filter| -%> -ModPagespeedForbidFilters <%= filter -%> +ModPagespeedForbidFilters <%= filter %> <% end -%> ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %> From 9bd66e088e5bfeb1c0b690ae4b2500bf3dd0b5e6 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Mon, 22 Sep 2014 13:50:26 -0700 Subject: [PATCH 0341/2267] (FM-1907) Fix mod_negotation system tests Previously we were including the base apache class and then including the 'apache::mod::negotiation' class. However the apache class includes 'apache::mod::negoatiation' by default. Telling apache not to use its default mods fixes this error. There was also a reference to '$mod_dir' when finding the negotiation.conf instead of just 'mod_dir'. s/puppet code/ruby code/g fixed the issue. :) --- spec/acceptance/mod_negotiation_spec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 33dcdd982d..25e4acbeae 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -19,13 +19,13 @@ context "default negotiation config" do it 'succeeds in puppeting negotiation' do pp= <<-EOS - class { '::apache': } + class { '::apache': default_mods => false } class { '::apache::mod::negotiation': } EOS apply_manifest(pp, :catch_failures => true) end - describe file("#{$mod_dir}/negotiation.conf") do + describe file("#{mod_dir}/negotiation.conf") do it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW ForceLanguagePriority Prefer Fallback" } end @@ -39,7 +39,7 @@ class { '::apache::mod::negotiation': } context "with alternative force_language_priority" do it 'succeeds in puppeting negotiation' do pp= <<-EOS - class { '::apache': } + class { '::apache': default_mods => false } class { '::apache::mod::negotiation': force_language_priority => 'Prefer', } @@ -47,7 +47,7 @@ class { '::apache::mod::negotiation': apply_manifest(pp, :catch_failures => true) end - describe file("#{$mod_dir}/negotiation.conf") do + describe file("#{mod_dir}/negotiation.conf") do it { should contain "ForceLanguagePriority Prefer" } end @@ -60,7 +60,7 @@ class { '::apache::mod::negotiation': context "with alternative language_priority" do it 'succeeds in puppeting negotiation' do pp= <<-EOS - class { '::apache': } + class { '::apache': default_mods => false } class { '::apache::mod::negotiation': language_priority => [ 'en', 'es' ], } @@ -68,7 +68,7 @@ class { '::apache::mod::negotiation': apply_manifest(pp, :catch_failures => true) end - describe file("#{$mod_dir}/negotiation.conf") do + describe file("#{mod_dir}/negotiation.conf") do it { should contain "LanguagePriority en es" } end From 57f83d96ed110768f273474a8769b360b086c54d Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Mon, 22 Sep 2014 15:58:37 -0700 Subject: [PATCH 0342/2267] (FM-1908) fixup mod_php tests Previously we were testing that the source attribute for apache::mod::php overrode the content and template attributes. This began failing with the removal of files/spec file (it was the target used by the source attribute in testing. These are the kinds of tests that are slated for removal with the test refactor, best course is to remove them now. --- spec/acceptance/mod_php_spec.rb | 38 --------------------------------- 1 file changed, 38 deletions(-) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 8ce732b984..a0efe7fb86 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -132,42 +132,4 @@ class {'apache::mod::php': end end - context "provide source has priority over content" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class {'apache': - mpm_module => 'prefork', - } - class {'apache::mod::php': - content => '# somecontent', - source => 'puppet:///modules/apache/spec', - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{mod_dir}/php5.conf") do - it { should contain "# This is a file only for spec testing" } - end - end - - context "provide source has priority over template" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class {'apache': - mpm_module => 'prefork', - } - class {'apache::mod::php': - template => 'apache/mod/php5.conf.erb', - source => 'puppet:///modules/apache/spec', - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{mod_dir}/php5.conf") do - it { should contain "# This is a file only for spec testing" } - end - end - end From a53b9edb1f2478fe76133cbe7e190f3537ced30a Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Mon, 22 Sep 2014 17:50:08 -0700 Subject: [PATCH 0343/2267] (FM-1911) Fixup passenger system test Previously we were running a command via sudo, which requires a TTY. The testing framework does not allocate a TTY by default, passing the `:pty => true` option corrects this. --- spec/acceptance/mod_passenger_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 54b6a77313..2fcb6a8f75 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -262,7 +262,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/bin/passenger-memory-stats") do |r| + shell("sudo /usr/bin/passenger-memory-stats", :pty => true) do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) From 2f48954a34dcd8b0686ff8020d5071e57ba5e0a1 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 23 Sep 2014 10:58:30 -0700 Subject: [PATCH 0344/2267] (FM-1913) fix passenger tests on EL derivatives Previously we were excluding by "operatingsystem" == "RedHat" which doesn't account for RedHat derivatives like Centos. This changes the tests to check against "osfamily" instead. --- spec/acceptance/mod_passenger_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 54b6a77313..e3e4203f96 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -191,7 +191,7 @@ class { 'apache::mod::passenger': } # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') - if fact('operatingsystem') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' pending('test passenger - RHEL7 packages don\'t exist') else context "default passenger config" do From ae374ccea4a44e404975b74c12b18cdcbb18b6d2 Mon Sep 17 00:00:00 2001 From: Wolfgang Schreiner Date: Thu, 25 Sep 2014 14:40:22 +0200 Subject: [PATCH 0345/2267] Update default_mods.pp This should cover the case that on a Amazon AWS Image that is based on RHEL6/CentOS6 but the Apache in version 2.4 should be used, to avoid to load the non existing systemd Apache module. --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 80cca7046c..7e8381f031 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -12,7 +12,7 @@ if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) { + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From 8d09ecd81ce1001d9461570716d20898fe336f4a Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Tue, 16 Sep 2014 10:17:33 -0400 Subject: [PATCH 0346/2267] (#MODULES-1332) set osfamily default for wsgi_socket_prefix Add an osfamily based default class parameter value for the wsgi_socket_prefix parameter of apache::mod::wsgi. The default value on RedHat osfamily platforms is '/var/run/wsgi'. On other platforms, use the Apache default. --- manifests/mod/wsgi.pp | 2 +- manifests/params.pp | 7 +++++++ spec/classes/mod/wsgi_spec.rb | 15 ++++++++++++--- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 244a3458b4..2a47bb68e3 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -1,5 +1,5 @@ class apache::mod::wsgi ( - $wsgi_socket_prefix = undef, + $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, $wsgi_python_path = undef, $wsgi_python_home = undef, ){ diff --git a/manifests/params.pp b/manifests/params.pp index d5d1265a6b..07bbf530f6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -93,6 +93,11 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + if $::osfamily == "RedHat" { + $wsgi_socket_prefix = '/var/run/wsgi' + } else { + $wsgi_socket_prefix = undef + } } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -194,6 +199,7 @@ } } } + $wsgi_socket_prefix = undef } elsif $::osfamily == 'FreeBSD' { $user = 'www' $group = 'www' @@ -255,6 +261,7 @@ $fastcgi_lib_path = undef # TODO: revisit $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' + $wsgi_socket_prefix = undef } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 5945e3bebf..3875d3fd09 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -18,7 +18,10 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => nil + ) + } it { is_expected.to contain_package("libapache2-mod-wsgi") } end context "on a RedHat OS" do @@ -34,7 +37,10 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => '/var/run/wsgi' + ) + } it { is_expected.to contain_package("mod_wsgi") } describe "with custom WSGISocketPrefix" do @@ -63,7 +69,10 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('wsgi') } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => nil + ) + } it { is_expected.to contain_package("www/mod_wsgi") } end end From 1c40da0835095344be0379182c901165f5332aa9 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 26 Sep 2014 15:24:06 -0400 Subject: [PATCH 0347/2267] MODULES-1348 - apache::vhost concat ordering Need to set `order => 'numeric'` for the concat resource in apache::vhost so that the fragments get concatenated in the correct order. --- manifests/vhost.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 762aa28fbf..7fcfd3df16 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -395,6 +395,7 @@ owner => 'root', group => $::apache::params::root_group, mode => '0644', + order => 'numeric', require => Package['httpd'], notify => Service['httpd'], } From cf9d120a37a562f1206e6e08f4adf4b5d27fca6d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 26 Sep 2014 16:20:18 -0400 Subject: [PATCH 0348/2267] Revert "Remove deprecated purge_vdir; Rename variables" --- manifests/init.pp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 7fcd533e55..ed0fb099b2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -30,6 +30,7 @@ $service_ensure = 'running', $purge_configs = true, $purge_vhost_dir = undef, + $purge_vdir = false, $serveradmin = 'root@localhost', $sendfile = 'On', $error_documents = false, @@ -121,11 +122,19 @@ service_ensure => $service_ensure, } + # Deprecated backwards-compatibility + if $purge_vdir { + warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') + $purge_confd = $purge_vdir + } else { + $purge_confd = $purge_configs + } + # Set purge vhostd appropriately if $purge_vhost_dir == undef { - $_purge_vhost_dir = $purge_configs + $purge_vhostd = $purge_confd } else { - $_purge_vhost_dir = $purge_vhost_dir + $purge_vhostd = $purge_vhost_dir } Exec { @@ -139,7 +148,7 @@ file { $confd_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_confd, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -185,7 +194,7 @@ file { $vhost_dir: ensure => directory, recurse => true, - purge => $_purge_vhost_dir, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -200,7 +209,7 @@ file { $vhost_enable_dir: ensure => directory, recurse => true, - purge => $_purge_vhost_dir, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } From 7a8776877d3578f16d3ff538d94738cbc3e52bfc Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 26 Sep 2014 18:26:22 -0400 Subject: [PATCH 0349/2267] Revert "Fix duplicate declarations when puppet manages logroot for vhosts" --- manifests/vhost.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7ef2ee8a23..762aa28fbf 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -35,7 +35,6 @@ $directoryindex = '', $vhost_name = '*', $logroot = $::apache::logroot, - $manage_logroot = true, $logroot_ensure = 'directory', $logroot_mode = undef, $log_level = undef, @@ -226,7 +225,7 @@ } # Same as above, but for logroot - if ! defined(File[$logroot]) and $manage_logroot { + if ! defined(File[$logroot]) { file { $logroot: ensure => $logroot_ensure, mode => $logroot_mode, From bf724e47aaf38021ac9814cc342757e9c99016a3 Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Fri, 26 Sep 2014 16:01:18 -0700 Subject: [PATCH 0350/2267] Update to include auth_required for versions other than 2.4 but keeping at the top of the section --- templates/vhost/_directories.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index ef620bbdc4..2ef916eca2 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -47,6 +47,9 @@ Require all granted <%- end -%> <%- else -%> + <%- if directory['auth_require'] -%> + Require <%= directory['auth_require'] %> + <%- end -%> <%- if directory['order'] and directory['order'] != '' -%> Order <%= Array(directory['order']).join(',') %> <%- else -%> From acc798056b11f5312f77e5c18255ba35c9a544d6 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Thu, 25 Sep 2014 16:25:06 +0100 Subject: [PATCH 0351/2267] Add support to set SSLCARevocationCheck on Apache 2.4 Apache 2.4 needs an additional SSLCARevocationCheck directive to enable checking of a CRL, e.g. for a Puppet master vhost. See https://github.com/puppetlabs/puppet/commit/b02af7e05d9b9a3bc23474933d8d7f6cd6191158 for more background --- README.md | 8 +++ manifests/init.pp | 99 +++++++++++++++--------------- manifests/vhost.pp | 3 + spec/acceptance/apache_ssl_spec.rb | 29 ++++++--- templates/vhost/_ssl.erb | 3 + 5 files changed, 85 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index 92edc74646..2d6e8ce235 100644 --- a/README.md +++ b/README.md @@ -276,6 +276,10 @@ The default certificate revocation list to use, which is automatically set to 'u The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +#####`default_ssl_crl_check` + +Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default will work out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value will be ignored on older versions. + #####`default_ssl_key` The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. @@ -1776,6 +1780,10 @@ Specifies the certificate revocation list to use. Defaults to 'undef'. (This def Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +#####`ssl_crl_check` + +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default will work out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value will be ignored on older versions. + #####`ssl_key` Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) diff --git a/manifests/init.pp b/manifests/init.pp index ed0fb099b2..74e3d6a055 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,56 +13,57 @@ # Sample Usage: # class apache ( - $apache_name = $::apache::params::apache_name, - $service_name = $::apache::params::service_name, - $default_mods = true, - $default_vhost = true, - $default_confd_files = true, - $default_ssl_vhost = false, - $default_ssl_cert = $::apache::params::default_ssl_cert, - $default_ssl_key = $::apache::params::default_ssl_key, - $default_ssl_chain = undef, - $default_ssl_ca = undef, - $default_ssl_crl_path = undef, - $default_ssl_crl = undef, - $ip = undef, - $service_enable = true, - $service_ensure = 'running', - $purge_configs = true, - $purge_vhost_dir = undef, - $purge_vdir = false, - $serveradmin = 'root@localhost', - $sendfile = 'On', - $error_documents = false, - $timeout = '120', - $httpd_dir = $::apache::params::httpd_dir, - $server_root = $::apache::params::server_root, - $conf_dir = $::apache::params::conf_dir, - $confd_dir = $::apache::params::confd_dir, - $vhost_dir = $::apache::params::vhost_dir, - $vhost_enable_dir = $::apache::params::vhost_enable_dir, - $mod_dir = $::apache::params::mod_dir, - $mod_enable_dir = $::apache::params::mod_enable_dir, - $mpm_module = $::apache::params::mpm_module, - $conf_template = $::apache::params::conf_template, - $servername = $::apache::params::servername, - $manage_user = true, - $manage_group = true, - $user = $::apache::params::user, - $group = $::apache::params::group, - $keepalive = $::apache::params::keepalive, - $keepalive_timeout = $::apache::params::keepalive_timeout, + $apache_name = $::apache::params::apache_name, + $service_name = $::apache::params::service_name, + $default_mods = true, + $default_vhost = true, + $default_confd_files = true, + $default_ssl_vhost = false, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $default_ssl_crl_check = undef, + $ip = undef, + $service_enable = true, + $service_ensure = 'running', + $purge_configs = true, + $purge_vhost_dir = undef, + $purge_vdir = false, + $serveradmin = 'root@localhost', + $sendfile = 'On', + $error_documents = false, + $timeout = '120', + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, + $confd_dir = $::apache::params::confd_dir, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, + $manage_user = true, + $manage_group = true, + $user = $::apache::params::user, + $group = $::apache::params::group, + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $apache::params::max_keepalive_requests, - $logroot = $::apache::params::logroot, - $logroot_mode = $::apache::params::logroot_mode, - $log_level = $::apache::params::log_level, - $log_formats = {}, - $ports_file = $::apache::params::ports_file, - $apache_version = $::apache::version::default, - $server_tokens = 'OS', - $server_signature = 'On', - $trace_enable = 'On', - $package_ensure = 'installed', + $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, + $log_level = $::apache::params::log_level, + $log_formats = {}, + $ports_file = $::apache::params::ports_file, + $apache_version = $::apache::version::default, + $server_tokens = 'OS', + $server_signature = 'On', + $trace_enable = 'On', + $package_ensure = 'installed', ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7fcfd3df16..1586f34a3e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -18,6 +18,7 @@ $ssl_ca = $::apache::default_ssl_ca, $ssl_crl_path = $::apache::default_ssl_crl_path, $ssl_crl = $::apache::default_ssl_crl, + $ssl_crl_check = $::apache::default_ssl_crl_check, $ssl_certs_dir = $::apache::params::ssl_certs_dir, $ssl_protocol = undef, $ssl_cipher = undef, @@ -651,6 +652,7 @@ # - $ssl_ca # - $ssl_crl_path # - $ssl_crl + # - $ssl_crl_check # - $ssl_proxyengine # - $ssl_protocol # - $ssl_cipher @@ -658,6 +660,7 @@ # - $ssl_verify_client # - $ssl_verify_depth # - $ssl_options + # - $apache_version if $ssl { concat::fragment { "${name}-ssl": target => "${priority_real}-${filename}.conf", diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 3cfe593481..f8023fa240 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -1,4 +1,5 @@ require 'spec_helper_acceptance' +require_relative './version.rb' case fact('osfamily') when 'RedHat' @@ -13,14 +14,15 @@ it 'runs without error' do pp = <<-EOS class { 'apache': - service_ensure => stopped, - default_ssl_vhost => true, - default_ssl_cert => '/tmp/ssl_cert', - default_ssl_key => '/tmp/ssl_key', - default_ssl_chain => '/tmp/ssl_chain', - default_ssl_ca => '/tmp/ssl_ca', - default_ssl_crl_path => '/tmp/ssl_crl_path', - default_ssl_crl => '/tmp/ssl_crl', + service_ensure => stopped, + default_ssl_vhost => true, + default_ssl_cert => '/tmp/ssl_cert', + default_ssl_key => '/tmp/ssl_key', + default_ssl_chain => '/tmp/ssl_chain', + default_ssl_ca => '/tmp/ssl_ca', + default_ssl_crl_path => '/tmp/ssl_crl_path', + default_ssl_crl => '/tmp/ssl_crl', + default_ssl_crl_check => 'chain', } EOS apply_manifest(pp, :catch_failures => true) @@ -34,6 +36,11 @@ class { 'apache': it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end end end @@ -53,6 +60,7 @@ class { 'apache': ssl_ca => '/tmp/ssl_ca', ssl_crl_path => '/tmp/ssl_crl_path', ssl_crl => '/tmp/ssl_crl', + ssl_crl_check => 'chain', ssl_certs_dir => '/tmp', ssl_protocol => 'test', ssl_cipher => 'test', @@ -81,6 +89,11 @@ class { 'apache': it { is_expected.to contain 'SSLVerifyClient test' } it { is_expected.to contain 'SSLVerifyDepth test' } it { is_expected.to contain 'SSLOptions test test1' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end end end diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 55289ae7e9..70213f48c1 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -19,6 +19,9 @@ <%- if @ssl_crl -%> SSLCARevocationFile "<%= @ssl_crl %>" <%- end -%> + <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLCARevocationCheck "<%= @ssl_crl_check %>" + <%- end -%> <%- if @ssl_proxyengine -%> SSLProxyEngine On <%- end -%> From de15de31eaecf460148e82223158f7fb4dd98865 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 13:26:18 -0500 Subject: [PATCH 0352/2267] 1.2.0 prep --- CHANGELOG.md | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 4 +-- 2 files changed, 70 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b598fdd2ac..dad6c4b5ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,71 @@ +##2014-09-30 - Supported Release 1.2.0 +###Summary + +This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. + +####Features +- Convert apache::vhost to use concat for easier extensions +- Test improvements +- Added apache::custom_config defined type to allow validation of configs before they are created +- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. +- Added logroot_mode and logroot_ensure to apache::vhost +- Improved SCL support + - added apache::conf_dir + - allow overriding of apache_name + - allow overriding of the mod_ssl package name +- Add support for reverse_urls/ProxyPassReverse in apache::vhost +- Add apache::vhost::manage_docroot +- Add apache::purge_vhost_dir parameter +- Add satisfy directive in apache::vhost::directories +- Add apache::fastcgi::server defined type +- Add apache::vhost::proxy_preserve_host +- Add apache::vhost::wsgi_pass_authorization +- Add support for rewrites in the apache::vhost::directories parameter +- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet +- Improvements to apache::mod* + - Add restrict_access parameter to apache::mod::info + - Add force_language_priority and language_priority parameters to apache::mod::negotiation + - Add threadlimit parameter to mod::worker + - Add content, template, and source parameters to apache::mod::php + - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn + - Add loadfile_name parameter to apache::mod + - Add apache::mod::deflate class + - Add types and notes parameters to apache::mod::deflate + - Add options parameter to apache::mod::fcgid + +####Bugfixes +- Set osfamily defaults for wsgi_socket_prefix +- Support multiple balancermembers with the same url +- Validate apache::vhost::wsgi_pass_authorization +- Validate apache::vhost::custom_fragment +- Add support for itk with mod_php +- Allow apache::vhost::ssl_certs_dir to not be set +- Improved passenger support for Debian +- Improved 2.4 support without mod_access_compat +- Support for more than one 'Allow from'-directive in _directories.erb +- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4 +- Fix missing newline in ModPagespeed filter and memcached servers directive +- Use interpolated strings instead of numbers where required by future parser +- Make auth_require take precedence over default with apache 2.4 +- Lint fixes +- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array +- Correct typo in mod::pagespeed +- spec_helper fixes +- Install mod packages before dealing with the configuration +- Use absolute scope to check class definition in apache::mod::php +- Fix dependency loop in apache::vhost +- Properly scope variables in the inline template in apache::balancer +- Documentation clarification, typos, and formatting +- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4 +- Strict variables fixes +- Add authn_core mode to Ubuntu trusty defaults +- Keep default loadfile for authz_svn on Debian +- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support + +####Known Bugs +* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. +* SLES is unsupported. + ##2014-07-15 - Supported Release 1.1.1 ###Summary diff --git a/metadata.json b/metadata.json index fba59e7c39..e8ae293d96 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.1.1", + "version": "1.2.0", "author": "puppetlabs", "summary": "Puppet module for Apache", "license": "Apache 2.0", @@ -59,7 +59,7 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 3.4.0" + "version_requirement": "3.x" }, { "name": "puppet", From bb6ef28ebad84948151c0d8852555e23ad12f0fd Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:03:20 -0500 Subject: [PATCH 0353/2267] Updates to mod::fcgid test don't work on RHEL5 --- spec/acceptance/mod_fcgid_spec.rb | 97 +++++++++++++++---------------- 1 file changed, 46 insertions(+), 51 deletions(-) diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 8e94fa08fa..2511b46ce6 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,62 +1,57 @@ require 'spec_helper_acceptance' describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('osfamily') - when 'Debian' - # Not implemented - when 'RedHat' - context "default fcgid config" do - it 'succeeds in puppeting fcgid' do - pp = <<-EOS - class { 'epel': } # mod_fcgid lives in epel - class { 'apache': } - class { 'apache::mod::php': } # For /usr/bin/php-cgi - class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', + context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do + it 'succeeds in puppeting fcgid' do + pp = <<-EOS + class { 'epel': } # mod_fcgid lives in epel + class { 'apache': } + class { 'apache::mod::php': } # For /usr/bin/php-cgi + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + }, + } + apache::vhost { 'fcgid.example.com': + port => '80', + docroot => '/var/www/fcgid', + directories => { + path => '/var/www/fcgid', + options => '+ExecCGI', + addhandlers => { + handler => 'fcgid-script', + extensions => '.php', }, - } - apache::vhost { 'fcgid.example.com': - port => '80', - docroot => '/var/www/fcgid', - directories => { - path => '/var/www/fcgid', - options => '+ExecCGI', - addhandlers => { - handler => 'fcgid-script', - extensions => '.php', - }, - fcgiwrapper => { - command => '/usr/bin/php-cgi', - suffix => '.php', - } - }, - } - file { '/var/www/fcgid/index.php': - ensure => file, - owner => 'root', - group => 'root', - content => "\\n", - } - EOS - apply_manifest(pp, :catch_failures => true) - end + fcgiwrapper => { + command => '/usr/bin/php-cgi', + suffix => '.php', + } + }, + } + file { '/var/www/fcgid/index.php': + ensure => file, + owner => 'root', + group => 'root', + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service('httpd') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('httpd') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'should answer to fcgid.example.com' do - shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| - expect(r.stdout).to match(/^Hello world$/) - expect(r.exit_code).to eq(0) - end + it 'should answer to fcgid.example.com' do + shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| + expect(r.stdout).to match(/^Hello world$/) + expect(r.exit_code).to eq(0) end + end - it 'should run a php-cgi process' do - shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) - end + it 'should run a php-cgi process' do + shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) end end end From 0f2a0b33dd5399219fd37ffdde8bde335c7da246 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:25:21 -0500 Subject: [PATCH 0354/2267] Fix custom_config check for ubuntu precise. --- manifests/custom_config.pp | 2 +- manifests/params.pp | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 543ace94e5..cadc2354db 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -5,7 +5,7 @@ $content = undef, $priority = '25', $source = undef, - $verify_command = '/usr/sbin/apachectl -t', + $verify_command = $::apache::params::verify_command, $verify_config = true, ) { diff --git a/manifests/params.pp b/manifests/params.pp index 07bbf530f6..6c37f14ef1 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,6 +28,11 @@ # The default error log level $log_level = 'warn' + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + $verify_command = '/usr/sbin/apache2ctl -t' + } else { + $verify_command = '/usr/sbin/apachectl -t' + } if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' From 0bdb75754ec8c914ff7d83e1965faf2713dedea8 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 7 Sep 2012 15:06:25 +1200 Subject: [PATCH 0355/2267] changed from depreciated apache::dev to apache::mod::dev --- tests/dev.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dev.pp b/tests/dev.pp index 805ad7e373..6c4f95571d 100644 --- a/tests/dev.pp +++ b/tests/dev.pp @@ -1 +1 @@ -include apache::dev +include apache::mod::dev From e8f7566d2788436ed1b73504e1951277b5ed2b5b Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Thu, 20 Sep 2012 13:41:50 +1200 Subject: [PATCH 0356/2267] Created the apache::mod::shib class to install the mod_shib Shibboleth module for Apache2 http://shibboleth.net/ --- manifests/mod/shib.pp | 58 +++++++++++++++++++++++++++++++++++++++++++ manifests/params.pp | 7 ++++-- 2 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/shib.pp diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp new file mode 100644 index 0000000000..3580abf345 --- /dev/null +++ b/manifests/mod/shib.pp @@ -0,0 +1,58 @@ +class apache::mod::shib( + $shib_admin = $apache::serveradmin, + $shib_hostname = $fqdn, + $logoLocation = "/shibboleth-sp/logo.jpg", + $styleSheet = "/shibboleth-sp/main.css", + $shib_conf_dir = '/etc/shibboleth', + $shib_conf_file = 'shibboleth2.xml', + $handlerSSL = 'true' +){ + + $shib_conf = "${shib_conf_dir}/${shib_conf_file}" + $mod_shib = 'shib2' + + apache::mod {$mod_shib: } + + file{$shib_conf_dir: + ensure => directory, + require => Apache::Mod[$mod_shib] + } + + file{$shib_conf: + ensure => file, + replace => false, + require => [Apache::Mod[$mod_shib],File[$shib_conf_dir]], + } + + augeas{"shib_SPconfig_errors": + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set Errors/#attribute/supportContact ${shib_admin}", + "set Errors/#attribute/logoLocation ${logoLocation}", + "set Errors/#attribute/styleSheet ${styleSheet}", + ], + notify => Service['httpd'], + } + + augeas{"shib_SPconfig_hostname": + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set #attribute/entityID https://${shib_hostname}/shibboleth", + "set Sessions/#attribute/handlerURL https://${shib_hostname}/Shibboleth.sso", + ], + notify => Service['httpd'], + } + + augeas{"shib_SPconfig_handlerSSL": + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => ["set Sessions/#attribute/handlerSSL ${handlerSSL}",], + notify => Service['httpd'], + } + +} \ No newline at end of file diff --git a/manifests/params.pp b/manifests/params.pp index 07bbf530f6..fc9a86e320 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -60,6 +60,7 @@ $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef + # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide $mod_packages = { 'auth_kerb' => 'mod_auth_kerb', 'authnz_ldap' => 'mod_authz_ldap', @@ -81,6 +82,7 @@ 'suphp' => 'mod_suphp', 'xsendfile' => 'mod_xsendfile', 'nss' => 'mod_nss', + 'shib2' => 'shibboleth', } $mod_libs = { 'php5' => 'libphp5.so', @@ -141,6 +143,7 @@ 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', + 'shib2' => 'libapache2-mod-shib2', } $mod_libs = { 'php5' => 'libphp5.so', @@ -238,7 +241,6 @@ # NOTE: 'php' needs to enable APACHE option in make config # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config # NOTE: not sure where the shibboleth should come from - # NOTE: don't know where the shibboleth module should come from 'auth_kerb' => 'www/mod_auth_kerb2', 'fcgid' => 'www/mod_fcgid', 'passenger' => 'www/rubygem-passenger', @@ -249,7 +251,8 @@ 'wsgi' => 'www/mod_wsgi', 'dav_svn' => 'devel/subversion', 'xsendfile' => 'www/mod_xsendfile', - 'rpaf' => 'www/mod_rpaf2' + 'rpaf' => 'www/mod_rpaf2', + 'shib2' => 'security/shibboleth2-sp', } $mod_libs = { 'php5' => 'libphp5.so', From f5523e7e03409f1abe712056cdffc0ad7cc2d54c Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 21 Sep 2012 14:20:26 +1200 Subject: [PATCH 0357/2267] define a shibboleth sso resource --- manifests/mod/shib/sso.pp | 57 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 manifests/mod/shib/sso.pp diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp new file mode 100644 index 0000000000..0d89b25449 --- /dev/null +++ b/manifests/mod/shib/sso.pp @@ -0,0 +1,57 @@ +define apache::mod::shib::sso( + $discoveryURL = undef, + $idpURL = undef, + $discoveryProtocol = "SAMLDS" +){ + + require apache::mod::shib + + info("The shibboleth configuration file is ${apache::mod::shib::shib_conf}") + + if $discoveryURL and $idpURL { + err("apache::mod::shib::sso must have one of discoveryURL or idpURL set, not both.") + } elsif !$discoveryURL and !$idpURL { + err("apache::mod::shib::sso must have one of discoveryURL or idpURL set, not neither.") + } else { + + if $idpURL { + $entityID_aug = "set SSO/#attribute/entityID ${idpURL}" + } else { + $entityID_aug = "rm SSO/#attribute/entityID" + } + + info("The entityID augaes change is ${entityID_aug}") + + augeas{"shib_SPconfig_sso_entityID": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", + changes => [$entityID_aug,], + notify => Service['httpd'], + } + + if $discoveryURL { + $discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}" + } else { + $discoveryURL_aug = "rm SSO/#attribute/discoveryURL" + } + + info("The discoveryURL augeas change is ${discoveryURL_aug}") + + augeas{"shib_SPconfig_sso_discoveryURL": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", + changes => [$discoveryURL_aug,], + notify => Service['httpd'], + } + + augeas{"shib_SPconfig_sso_discoveryProtocol": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", + changes => ["set SSO/#attribute/discoveryProtocol ${discoveryProtocol}",], + notify => Service['httpd'], + } + } +} \ No newline at end of file From bfc2c7c2b245f6884958de6337138c49471253d9 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 21 Sep 2012 16:50:34 +1200 Subject: [PATCH 0358/2267] Stubbing out metadata for shib --- manifests/mod/shib/metadata.pp | 14 ++++++++++++++ manifests/mod/shib/sso.pp | 12 +++--------- 2 files changed, 17 insertions(+), 9 deletions(-) create mode 100644 manifests/mod/shib/metadata.pp diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp new file mode 100644 index 0000000000..005bf1e8f1 --- /dev/null +++ b/manifests/mod/shib/metadata.pp @@ -0,0 +1,14 @@ +define apache::mod::shib::metadata( + $provider_uri, + $cert_uri, + $backing_file_dir = $apache::mod::shib::shib_conf_dir, + $backing_file_name = inline_template("<%= provider_uri.split('/').last %>") +){ + + require apache::mod::shib + + $backing_file = "${backing_file_dir}/${backing_file_name}" + + + +} \ No newline at end of file diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp index 0d89b25449..3960441dbd 100644 --- a/manifests/mod/shib/sso.pp +++ b/manifests/mod/shib/sso.pp @@ -6,8 +6,6 @@ require apache::mod::shib - info("The shibboleth configuration file is ${apache::mod::shib::shib_conf}") - if $discoveryURL and $idpURL { err("apache::mod::shib::sso must have one of discoveryURL or idpURL set, not both.") } elsif !$discoveryURL and !$idpURL { @@ -20,9 +18,7 @@ $entityID_aug = "rm SSO/#attribute/entityID" } - info("The entityID augaes change is ${entityID_aug}") - - augeas{"shib_SPconfig_sso_entityID": + augeas{"shib_sso_${name}_entityID": lens => 'Xml.lns', incl => $apache::mod::shib::shib_conf, context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", @@ -36,9 +32,7 @@ $discoveryURL_aug = "rm SSO/#attribute/discoveryURL" } - info("The discoveryURL augeas change is ${discoveryURL_aug}") - - augeas{"shib_SPconfig_sso_discoveryURL": + augeas{"shib_sso_${name}_discoveryURL": lens => 'Xml.lns', incl => $apache::mod::shib::shib_conf, context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", @@ -46,7 +40,7 @@ notify => Service['httpd'], } - augeas{"shib_SPconfig_sso_discoveryProtocol": + augeas{"shib_sso_${name}_discoveryProtocol": lens => 'Xml.lns', incl => $apache::mod::shib::shib_conf, context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", From 4bb15767419b5b6e218d0bd938d29c1bcc88ad68 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Mon, 24 Sep 2012 16:30:27 +1200 Subject: [PATCH 0359/2267] Download metadata and metadata certificate from provider. --- manifests/mod/shib/metadata.pp | 50 ++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp index 005bf1e8f1..015f428cc4 100644 --- a/manifests/mod/shib/metadata.pp +++ b/manifests/mod/shib/metadata.pp @@ -1,14 +1,60 @@ +# Currently this can only create a _single_ metadata provider +# it will need to be modified to permit multiple metadata providers define apache::mod::shib::metadata( $provider_uri, $cert_uri, - $backing_file_dir = $apache::mod::shib::shib_conf_dir, - $backing_file_name = inline_template("<%= provider_uri.split('/').last %>") + $backing_file_dir = $apache::mod::shib::shib_conf_dir, + $backing_file_name = inline_template("<%= provider_uri.split('/').last %>"), + $cert_dir = $apache::mod::shib::shib_conf_dir, + $cert_file_name = inline_template("<%= cert_uri.split('/').last %>"), + $provider_type = 'XML', + $provider_reload_interval = "7200", + $metadata_filter_max_validity_interval = "2419200" ){ require apache::mod::shib $backing_file = "${backing_file_dir}/${backing_file_name}" + $cert_file = "${cert_dir}/${cert_file_name}" + # Get the Metadata signing certificate + exec{'get_${name}_metadata_cert': + path => ['/usr/bin'], + command => "wget ${cert_uri} -O ${cert_file}", + creates => $cert_file, + notify => Service['httpd'], + } + # This puts the MetadataProvider entry in the 'right' place + augeas{"shib_${name}_create_metadata_provider": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "ins MetadataProvider after Errors", + ], + onlyif => 'match MetadataProvider/#attribute/uri size == 0', + notify => Service['httpd'], + require => Exec['get_${name}_metadata_cert'], + } + + # This will update the attributes and child nodes if they change + augeas{"shib_${name}_metadata_provider": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set MetadataProvider/#attribute/type ${provider_type}", + "set MetadataProvider/#attribute/uri ${provider_uri}", + "set MetadataProvider/#attribute/backingFilePath ${backing_file}", + "set MetadataProvider/#attribute/reloadInterva ${provider_reload_interval}", + "set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil", + "set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval ${metadata_filter_max_validity_interval}", + "set MetadataProvider/MetadataFilter[2]/#attribute/type Signature", + "set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}", + ], + notify => Service['httpd'], + require => [Exec['get_${name}_metadata_cert'],Augeas["shib_${name}_create_metadata_provider"]], + } } \ No newline at end of file From 8046a2682ae933ec2c0a7922a3d8fe07d4681e97 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Tue, 25 Sep 2012 16:23:47 +1200 Subject: [PATCH 0360/2267] Create a resource for downloading attribute map files --- manifests/mod/shib/attribute_map.pp | 32 +++++++++++++++++++++++++++++ manifests/mod/shib/metadata.pp | 6 +++--- manifests/mod/shib/sso.pp | 28 ++++++++----------------- 3 files changed, 44 insertions(+), 22 deletions(-) create mode 100644 manifests/mod/shib/attribute_map.pp diff --git a/manifests/mod/shib/attribute_map.pp b/manifests/mod/shib/attribute_map.pp new file mode 100644 index 0000000000..d9ad90cc54 --- /dev/null +++ b/manifests/mod/shib/attribute_map.pp @@ -0,0 +1,32 @@ +define apache::mod::shib::attribute_map( + $attribute_map_uri, + $attribute_map_dir = $apache::mod::shib::shib_conf_dir, + $attribute_map_name = inline_template("<%= attribute_map_uri.split('/').last %>"), + $max_age = '21' +){ + + require apache::mod::shib + + $attribute_map = "${attribute_map_dir}/${attribute_map_name}" + + # Download the attribute map, refresh after $max_age days + exec{"get_${name}_attribute_map": + path => ['/usr/bin'], + command => "wget ${attribute_map_uri} -O ${attribute_map}", + unless => "test `find ${attribute_map} -mtime +${max_age}`", + notify => Service['httpd'], + } + + # Make sure the shibboleth config is pointing at the attribute map + augeas{"shib_${name}_attribute_map": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set AttributeExtractor/#attribute/path ${attribute_map_name}", + ], + notify => Service['httpd'], + require => Exec["get_${name}_attribute_map"], + } + +} \ No newline at end of file diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp index 015f428cc4..875bef16e1 100644 --- a/manifests/mod/shib/metadata.pp +++ b/manifests/mod/shib/metadata.pp @@ -18,7 +18,7 @@ $cert_file = "${cert_dir}/${cert_file_name}" # Get the Metadata signing certificate - exec{'get_${name}_metadata_cert': + exec{"get_${name}_metadata_cert": path => ['/usr/bin'], command => "wget ${cert_uri} -O ${cert_file}", creates => $cert_file, @@ -35,7 +35,7 @@ ], onlyif => 'match MetadataProvider/#attribute/uri size == 0', notify => Service['httpd'], - require => Exec['get_${name}_metadata_cert'], + require => Exec["get_${name}_metadata_cert"], } # This will update the attributes and child nodes if they change @@ -54,7 +54,7 @@ "set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}", ], notify => Service['httpd'], - require => [Exec['get_${name}_metadata_cert'],Augeas["shib_${name}_create_metadata_provider"]], + require => [Exec["get_${name}_metadata_cert"],Augeas["shib_${name}_create_metadata_provider"]], } } \ No newline at end of file diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp index 3960441dbd..816a1a0f8d 100644 --- a/manifests/mod/shib/sso.pp +++ b/manifests/mod/shib/sso.pp @@ -1,7 +1,8 @@ define apache::mod::shib::sso( $discoveryURL = undef, $idpURL = undef, - $discoveryProtocol = "SAMLDS" + $discoveryProtocol = "SAMLDS", + $ECP_support = false ){ require apache::mod::shib @@ -18,33 +19,22 @@ $entityID_aug = "rm SSO/#attribute/entityID" } - augeas{"shib_sso_${name}_entityID": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", - changes => [$entityID_aug,], - notify => Service['httpd'], - } - if $discoveryURL { $discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}" } else { $discoveryURL_aug = "rm SSO/#attribute/discoveryURL" } - augeas{"shib_sso_${name}_discoveryURL": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", - changes => [$discoveryURL_aug,], - notify => Service['httpd'], - } - - augeas{"shib_sso_${name}_discoveryProtocol": + augeas{"shib_sso_${name}_attributes": lens => 'Xml.lns', incl => $apache::mod::shib::shib_conf, context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", - changes => ["set SSO/#attribute/discoveryProtocol ${discoveryProtocol}",], + changes => [ + $entityID_aug, + $discoveryURL_aug, + "set SSO/#attribute/discoveryProtocol ${discoveryProtocol}", + "set SSO/#attribute/ECP ${ECP_support}", + ], notify => Service['httpd'], } } From 4f6899539c612ea1588dbccf33947828fa556566 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Thu, 27 Sep 2012 11:04:32 +1200 Subject: [PATCH 0361/2267] Define the back end certifiate as a resource because there will only be one. --- manifests/mod/shib.pp | 2 ++ manifests/mod/shib/backend_cert.pp | 14 ++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 manifests/mod/shib/backend_cert.pp diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index 3580abf345..8f52e8577f 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -5,6 +5,8 @@ $styleSheet = "/shibboleth-sp/main.css", $shib_conf_dir = '/etc/shibboleth', $shib_conf_file = 'shibboleth2.xml', + $shib_sp_cert = 'sp-cert.pem', + $shib_bin_dir = '/usr/sbin', $handlerSSL = 'true' ){ diff --git a/manifests/mod/shib/backend_cert.pp b/manifests/mod/shib/backend_cert.pp new file mode 100644 index 0000000000..02d3ceee46 --- /dev/null +++ b/manifests/mod/shib/backend_cert.pp @@ -0,0 +1,14 @@ +class apache::mod::shib::backend_cert( + $sp_hostname = $fqdn +){ + + require apache::mod::shib + + $sp_cert = "${apache::mod::shib::shib_conf_dir}/${apache::mod::shib::shib_sp_cert}" + + exec{"shib_keygen_${sp_hostname}": + path => [$apache::mod::shib::shib_bin_dir,'/usr/bin','/bin'], + command => "shib-keygen -h ${sp_hostname} -e https://${sp_hostname}/shibbloeth", + unless => "openssl x509 -noout -in ${sp_cert} -issuer|grep ${sp_hostname}", + } +} \ No newline at end of file From 92f8b487fb881cec61b334a584d90a75dc35056c Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Thu, 27 Sep 2012 16:51:09 +1200 Subject: [PATCH 0362/2267] Documentation (and a few tweaks to make code match docs) --- README.md | 2 + README.mod_shib.md | 201 +++++++++++++++++++++++++++++ manifests/mod/shib/backend_cert.pp | 2 +- 3 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 README.mod_shib.md diff --git a/README.md b/README.md index 2d6e8ce235..d5e388f57b 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,8 @@ A slightly more complicated example, changes the docroot owner/group from the de docroot_group => 'third', } ``` +For details on using the Shibboleth module (a.k.a. `mod_shib`) see [the Shibboleth README](README.mod_shib.md) + To set up a virtual host with SSL and default SSL certificates diff --git a/README.mod_shib.md b/README.mod_shib.md new file mode 100644 index 0000000000..58a7d7c3b4 --- /dev/null +++ b/README.mod_shib.md @@ -0,0 +1,201 @@ +# Shibboleth module for Apache + +The module `apache::mod::shib` configures the Apache Shibboleth Service Provider (SP) module in a manner consistent and compatible with the usage of the Puppetlabs Apache Module. Once this module is installed and configured it should just be a matter of specifying `authType shibboleth` in an Apache Virtual Host declaration. + +## Shibboleth + +Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source. + +Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected on-line resources in a privacy-preserving manner. + +* http://shibboleth.net/ + +# Example Usage + +The following is an example installation: + +``` +# Set up Apache +class{'apache': } +class{'apache::mod::shib': } + +# Set up the Shibboleth Single Sign On (sso) module +apache::mod::shib::sso{'Federation_Directory': + discoveryURL => 'https://example.federation.org/ds/DS', +} + +apache::mod::shib::metadata{'Federation_metadata': + provider_uri => 'https://example.federation.org/metadata/fed-metadata-signed.xml', + cert_uri => 'http://example.federation.org/metadata/fed-metadata-cert.pem', +} + +apache::mod::shib::attribute_map{'Federation_attribute_map': + attribute_map_uri => 'https://example.federation.org/download/attribute-map.xml', +} + +include apache::mod::shib::backend_cert +``` +# Example Usage Breakdown + +The following sections describe the sequence given in the Example Usage + +## Apache and Shibboleth + +``` +# Set up Apache +class{'apache': } +class{'apache::mod::shib': } +``` + +Setting up the `apache` class from the PuppetLabs Apache Module is a requirement, no extra configuration is required. It is recommended that the `serveradmin` parameter is set. + +This is followed by installing the Shibboleth module (`mod_shib`) for Apache. This provides the absolute minimum installation which could then be configured further with parameters. + +## Configure Single Sign On with a Discovery Service + +``` +# Set up the Shibboleth Single Sign On (SSO) module +apache::mod::shib::sso{'Federation_Directory': + discoveryURL => 'https://example.federation.org/ds/DS', +} +``` + +This snippet sets up a Single Sign On (SSO) service that uses a Directory Service to handle multiple federated Identity Providers (IDp). + +*Note:* The URL is an example only, the Federation should provide the correct URL to use for its directory service. + +*Note:* Alternatively if only a single IDp is to be used, use the `idpURL` parameter instead. The `idpURL` and `discoveryURL` parameters are mutually exclusive, the SSO can only use one or the other. + +## Federation Metadata and Certificate + +``` +apache::mod::shib::metadata{'Federation_metadata': + provider_uri => 'https://example.federation.org/metadata/fed-metadata-signed.xml', + cert_uri => 'http://example.federation.org/metadata/fed-metadata-cert.pem', +} +``` + +Currently `apache::mod::shib::metadata` only supports a single metadata provider, but it is possible to configure Shibboleth to use multiple metadata in a co-federated environment, hence this has been defined as a resource to permit multiple declarations. This requires two URIs, one to obtain the Federation metadata XML file, and another to obtain the Federation metadata signing certificate. + +# Updating the Attribute map + +``` +apache::mod::shib::attribute_map{'Federation_attribute_map': + attribute_map_uri => 'https://example.federation.org/download/attribute-map.xml', +} +``` + +This is optional, and will allow `mod_shib` to use a customised attribute map downloaded from the provided URI. By default this is updated every 21 days. The parameter `max_age` can be used to set the number of days between updates. + +# Create the Back-end x509 Certificate + +``` +include apache::mod::shib::backend_cert +``` + +This creates a self signed back-end x509 certificate and key with which this Service Provider can be registered with a Federation. This method currently just runs the `shib-keygen` command with the values supplied in the `apache::mod::shib` configuration. This certificate will be regenerated on a new deployment unless it has been saved or backed up. It is recommended that a specified certificate is deployed by Puppet from a private file server, or using a suitable x509 certificate management Puppet Module. Maintaining the back-end certificate is important as this is how a Service Provider identifies itself to other Shibboleth services. + +The following snippet uploads a certificate, and uses parameters to configure Shibboleth to use it: + +```puppet +class{'apache': + servername => 'example.com' +} + +file{'/etc/shibboleth/example.com.crt': + ensure => 'file' + source => 'puppet:///private/example.com.crt' +} + +class{'apache::mod::shib': + shib_sp_cert => 'example.com.crt' +} +``` + +# Classes and Resources + +The `apache::mod::shib` module provides the following classes and resource definitions: + +## Class: `apache::mod::shib` + +### Parameters for `apache::mod::shib` + +* `shib_admin` Sets the Shibboleth administrator's email address, defaults to `apache::serveradmin` +* `shib_hostname` Sets the host name to be used in the Shibboleth configuration, defaults to `fqdn` +* `logoLocation` Sets the location relative to the web root of the 'logo' to be used on error pages, defaults to `/shibboleth-sp/logo.jpg` +* `styleSheet` = Sets the location relative to the web root of the CSS style sheet to be used on error pages, defaults to `/shibboleth-sp/main.css` +* `shib_conf_dir` Sets the directory where the Shibboleth configuration is stored, defaults to `/etc/shibboleth` +* `shib_conf_file` Sets the name of the Shibboleth configuration file, defaults to `shibboleth2.xml` +* `shib_sp_cert` Sets the name of the Shibboleth Service Provider back end certificate, defaults to `sp-cert.pem` +* `shib_bin_dir` Sets the location of the Shibboleth tools (esp. shib-keygen), defaults to `/usr/sbin` +* `handlerSSL` Sets the `handlerSSL` attribute in to `true` or `false`, defaults to `true` + +## Resource: `apache::mod::shib::attribute_map` + +### Parameters for `apache::mod::shib::attribute_map` + +* `attribute_map_uri` Sets the URI for downloading the Attribute map from. There is no default, and this parameter is required. +* `attribute_map_dir` Sets the directory into which the attribute map is downloaded, defaults to `apache::mod::shib::shib_conf_dir` +* `attribute_map_name` Sets the file name for the Attribute map file, by default this is extracted from the `attribute_map_uri` +* `max_age` Sets the maximum age in days for the Attribute map before downloading and replacing it, defaults to `21` days + +## Class: `apache::mod::shib::backend_cert` + +### Parameters for `apache::mod::shib::backend_cert` + +* `sp_hostname` Set's the hostname used to sign the back-end certifcated, defaults to `apache::mod::shib::shib_hostname` + +## Resource: `apache::mod::shib::metadata` + +### Parameters for `apache::mod::shib::metadata` + +* `provider_uri` Sets URI for the metadata provider, there is no default and this parameter is required. +* `cert_uri` Sets the URI for the metadata signing certificate, there is no default and this parameter is required. +* `backing_file_dir` Sets the directory into which the metadata is downloaded into, defaults to `apache::mod::shib::shib_conf_dir` +* `backing_file_name` Sets the name of the metadata backing file, by default this is derived from the `provider_uir` +* `cert_dir` Sets the directory into which the certificate is downloaded into +* `cert_file_name` Sets the name of the certificate file, by default this is derived from the `cert_uri` +* `provider_type` Sets the metadata provider type, defaults to 'XML' +* `provider_reload_interval` Set's the metadata reload interval in seconds, defaults to "7200" +* `metadata_filter_max_validity_interval` Sets the maximum interval for reloading the metadata_filter, defaults to "2419200" seconds + +## Resource: `apache::mod::shib::sso` + +### Prameters for `apache::mod::shib::sso` +* `discoveryURL` The URL of the discovery service, is undefined by default +* `idpURL` The URL of a single IDp, is undefined by default +* `discoveryProtocol` Sets the discovery protocol for the discovery service provided in the `discoveryURL`, defaults to "SAMLDS", +* `ecp_support` Sets support for non-web based ECP logins, by default this is `false` + +**Note:** Either one of `discoveryURL` or `idpURL` is required, but not both. + +# Registration + +Manual resgistration of the Service Provider is still required. By default, the file `/etc/shibboleth/sp-key.pem` contains the public key of the back-end certificate used for secure comminucation within the Shibboleth Federation. + +# Attribution + +The `apache::mod::shib` Puppet module was created Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. + +* https://github.com/puppetlabs/puppetlabs-apache +* https://github.com/nesi/puppetlabs-apache +* http://www.nesi.org.nz// +* https://tuakiri.ac.nz/confluence/display/Tuakiri/Home + +# Copyright and License + +Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc + +Puppet Labs can be contacted at: info@puppetlabs.com + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/manifests/mod/shib/backend_cert.pp b/manifests/mod/shib/backend_cert.pp index 02d3ceee46..b1078b2dfe 100644 --- a/manifests/mod/shib/backend_cert.pp +++ b/manifests/mod/shib/backend_cert.pp @@ -1,5 +1,5 @@ class apache::mod::shib::backend_cert( - $sp_hostname = $fqdn + $sp_hostname = $apache::mod::shib::shib_hostname ){ require apache::mod::shib From 207d3160e4fc180b40469615c8e081965dde15db Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 28 Sep 2012 10:24:45 +1200 Subject: [PATCH 0363/2267] Update and expand spec tests, including code fixes to match expected behaviour. --- README.mod_shib.md | 2 +- manifests/mod/shib.pp | 136 +++++++++------ manifests/mod/shib/attribute_map.pp | 50 +++--- manifests/mod/shib/backend_cert.pp | 22 ++- manifests/mod/shib/metadata.pp | 98 ++++++----- manifests/mod/shib/sso.pp | 66 ++++---- spec/classes/mod/shib/backend_cert_spec.rb | 64 +++++++ spec/classes/mod/shib_spec.rb | 116 +++++++++++++ spec/defines/mod/shib/attribute_map_spec.rb | 112 ++++++++++++ spec/defines/mod/shib/metadata_spec.rb | 178 ++++++++++++++++++++ spec/defines/mod/shib/sso_spec.rb | 152 +++++++++++++++++ 11 files changed, 822 insertions(+), 174 deletions(-) create mode 100644 spec/classes/mod/shib/backend_cert_spec.rb create mode 100644 spec/classes/mod/shib_spec.rb create mode 100644 spec/defines/mod/shib/attribute_map_spec.rb create mode 100644 spec/defines/mod/shib/metadata_spec.rb create mode 100644 spec/defines/mod/shib/sso_spec.rb diff --git a/README.mod_shib.md b/README.mod_shib.md index 58a7d7c3b4..db95f5af67 100644 --- a/README.mod_shib.md +++ b/README.mod_shib.md @@ -171,7 +171,7 @@ The `apache::mod::shib` module provides the following classes and resource defin # Registration -Manual resgistration of the Service Provider is still required. By default, the file `/etc/shibboleth/sp-key.pem` contains the public key of the back-end certificate used for secure comminucation within the Shibboleth Federation. +Manual resgistration of the Service Provider is still required. By default, the file `/etc/shibboleth/sp-cert.pem` contains the public key of the back-end certificate used for secure comminucation within the Shibboleth Federation. # Attribution diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index 8f52e8577f..f95996867f 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -1,60 +1,86 @@ class apache::mod::shib( - $shib_admin = $apache::serveradmin, - $shib_hostname = $fqdn, - $logoLocation = "/shibboleth-sp/logo.jpg", - $styleSheet = "/shibboleth-sp/main.css", - $shib_conf_dir = '/etc/shibboleth', - $shib_conf_file = 'shibboleth2.xml', - $shib_sp_cert = 'sp-cert.pem', - $shib_bin_dir = '/usr/sbin', - $handlerSSL = 'true' + $shib_admin = $apache::serveradmin, + $shib_hostname = $::fqdn, + $logoLocation = '/shibboleth-sp/logo.jpg', + $styleSheet = '/shibboleth-sp/main.css', + $shib_conf_dir = '/etc/shibboleth', + $shib_conf_file = 'shibboleth2.xml', + $shib_sp_cert = 'sp-cert.pem', + $shib_bin_dir = '/usr/sbin', + $handlerSSL = true, + $consistent_address = true ){ - $shib_conf = "${shib_conf_dir}/${shib_conf_file}" - $mod_shib = 'shib2' - - apache::mod {$mod_shib: } - - file{$shib_conf_dir: - ensure => directory, - require => Apache::Mod[$mod_shib] - } - - file{$shib_conf: - ensure => file, - replace => false, - require => [Apache::Mod[$mod_shib],File[$shib_conf_dir]], - } - - augeas{"shib_SPconfig_errors": - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set Errors/#attribute/supportContact ${shib_admin}", - "set Errors/#attribute/logoLocation ${logoLocation}", - "set Errors/#attribute/styleSheet ${styleSheet}", - ], - notify => Service['httpd'], - } - - augeas{"shib_SPconfig_hostname": - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set #attribute/entityID https://${shib_hostname}/shibboleth", - "set Sessions/#attribute/handlerURL https://${shib_hostname}/Shibboleth.sso", - ], - notify => Service['httpd'], - } - - augeas{"shib_SPconfig_handlerSSL": - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => ["set Sessions/#attribute/handlerSSL ${handlerSSL}",], - notify => Service['httpd'], - } + $shib_conf = "${shib_conf_dir}/${shib_conf_file}" + $mod_shib = 'shib2' + + apache::mod {$mod_shib: + id => 'mod_shib', + } + + # by requiring the Apache::Mod, this should wait for the package + # to create the directory and not need to manage it + file{$shib_conf_dir: + ensure => 'directory', + require => Apache::Mod[$mod_shib] + } + + # by requiring the Apache::Mod, this will just define the file + # created when installing the package. + file{$shib_conf: + ensure => 'file', + replace => false, + require => [Apache::Mod[$mod_shib],File[$shib_conf_dir]], + } + + # augeas should auto-require the file $shib_conf + augeas{'shib_SPconfig_errors': + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set Errors/#attribute/supportContact ${shib_admin}", + "set Errors/#attribute/logoLocation ${logoLocation}", + "set Errors/#attribute/styleSheet ${styleSheet}", + ], + notify => Service['httpd','shibd'], + } + + augeas{'shib_SPconfig_consistent_address': + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set Sessions/#attribute/consistentAddress ${consistent_address}", + ], + notify => Service['httpd','shibd'], + } + + augeas{'shib_SPconfig_hostname': + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set #attribute/entityID https://${shib_hostname}/shibboleth", + "set Sessions/#attribute/handlerURL https://${shib_hostname}/Shibboleth.sso", + ], + notify => Service['httpd','shibd'], + } + + augeas{'shib_SPconfig_handlerSSL': + lens => 'Xml.lns', + incl => $shib_conf, + context => "/files${shib_conf}/SPConfig/ApplicationDefaults", + changes => ["set Sessions/#attribute/handlerSSL ${handlerSSL}",], + notify => Service['httpd','shibd'], + } + + service{'shibd': + ensure => 'running', + enable => true, + hasrestart => true, + hasstatus => true, + require => Apache::Mod[$mod_shib], + } } \ No newline at end of file diff --git a/manifests/mod/shib/attribute_map.pp b/manifests/mod/shib/attribute_map.pp index d9ad90cc54..e330f9939c 100644 --- a/manifests/mod/shib/attribute_map.pp +++ b/manifests/mod/shib/attribute_map.pp @@ -1,32 +1,32 @@ +# parameter setup allows an attribute_map to bedownloaded with one name +# and saved locally by another. define apache::mod::shib::attribute_map( - $attribute_map_uri, - $attribute_map_dir = $apache::mod::shib::shib_conf_dir, - $attribute_map_name = inline_template("<%= attribute_map_uri.split('/').last %>"), - $max_age = '21' + $attribute_map_uri, + $attribute_map_dir = $::apache::mod::shib::shib_conf_dir, + $attribute_map_name = inline_template("<%= attribute_map_uri.split('/').last %>"), + $max_age = '21' ){ - require apache::mod::shib + $attribute_map = "${attribute_map_dir}/${attribute_map_name}" - $attribute_map = "${attribute_map_dir}/${attribute_map_name}" + # Download the attribute map, refresh after $max_age days + exec{"get_${name}_attribute_map": + path => ['/usr/bin'], + command => "wget ${attribute_map_uri} -O ${attribute_map}", + unless => "test `find ${attribute_map} -mtime +${max_age}`", + notify => Service['httpd','shibd'], + } - # Download the attribute map, refresh after $max_age days - exec{"get_${name}_attribute_map": - path => ['/usr/bin'], - command => "wget ${attribute_map_uri} -O ${attribute_map}", - unless => "test `find ${attribute_map} -mtime +${max_age}`", - notify => Service['httpd'], - } - - # Make sure the shibboleth config is pointing at the attribute map - augeas{"shib_${name}_attribute_map": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set AttributeExtractor/#attribute/path ${attribute_map_name}", - ], - notify => Service['httpd'], - require => Exec["get_${name}_attribute_map"], - } + # Make sure the shibboleth config is pointing at the attribute map + augeas{"shib_${name}_attribute_map": + lens => 'Xml.lns', + incl => $::apache::mod::shib::shib_conf, + context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set AttributeExtractor/#attribute/path ${attribute_map_name}", + ], + notify => Service['httpd','shibd'], + require => Exec["get_${name}_attribute_map"], + } } \ No newline at end of file diff --git a/manifests/mod/shib/backend_cert.pp b/manifests/mod/shib/backend_cert.pp index b1078b2dfe..4eefd58e9b 100644 --- a/manifests/mod/shib/backend_cert.pp +++ b/manifests/mod/shib/backend_cert.pp @@ -1,14 +1,18 @@ +# This generates a self signed x509 certificate used to secure connections +# with a Shibboleth Federation registry. If the key is ever lost or overwritten +# the certificate will have to be re-registered. +# Alternativly, the certificate could be deployed from the puppetmaster class apache::mod::shib::backend_cert( - $sp_hostname = $apache::mod::shib::shib_hostname -){ + $sp_hostname = $apache::mod::shib::shib_hostname +) { - require apache::mod::shib + require apache::mod::shib - $sp_cert = "${apache::mod::shib::shib_conf_dir}/${apache::mod::shib::shib_sp_cert}" + $sp_cert = "${::apache::mod::shib::shib_conf_dir}/${::apache::mod::shib::shib_sp_cert}" - exec{"shib_keygen_${sp_hostname}": - path => [$apache::mod::shib::shib_bin_dir,'/usr/bin','/bin'], - command => "shib-keygen -h ${sp_hostname} -e https://${sp_hostname}/shibbloeth", - unless => "openssl x509 -noout -in ${sp_cert} -issuer|grep ${sp_hostname}", - } + exec{"shib_keygen_${sp_hostname}": + path => [$::apache::mod::shib::shib_bin_dir,'/usr/bin','/bin'], + command => "shib-keygen -f -h ${sp_hostname} -e https://${sp_hostname}/shibbloeth", + unless => "openssl x509 -noout -in ${sp_cert} -issuer|grep ${sp_hostname}", + } } \ No newline at end of file diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp index 875bef16e1..a5ac386c4f 100644 --- a/manifests/mod/shib/metadata.pp +++ b/manifests/mod/shib/metadata.pp @@ -1,60 +1,58 @@ # Currently this can only create a _single_ metadata provider # it will need to be modified to permit multiple metadata providers define apache::mod::shib::metadata( - $provider_uri, - $cert_uri, - $backing_file_dir = $apache::mod::shib::shib_conf_dir, - $backing_file_name = inline_template("<%= provider_uri.split('/').last %>"), - $cert_dir = $apache::mod::shib::shib_conf_dir, - $cert_file_name = inline_template("<%= cert_uri.split('/').last %>"), - $provider_type = 'XML', - $provider_reload_interval = "7200", - $metadata_filter_max_validity_interval = "2419200" + $provider_uri, + $cert_uri, + $backing_file_dir = $::apache::mod::shib::shib_conf_dir, + $backing_file_name = inline_template("<%= provider_uri.split('/').last %>"), + $cert_dir = $::apache::mod::shib::shib_conf_dir, + $cert_file_name = inline_template("<%= cert_uri.split('/').last %>"), + $provider_type = 'XML', + $provider_reload_interval = '7200', + $metadata_filter_max_validity_interval = '2419200' ){ - require apache::mod::shib + $backing_file = "${backing_file_dir}/${backing_file_name}" + $cert_file = "${cert_dir}/${cert_file_name}" - $backing_file = "${backing_file_dir}/${backing_file_name}" - $cert_file = "${cert_dir}/${cert_file_name}" + # Get the Metadata signing certificate + exec{"get_${name}_metadata_cert": + path => ['/usr/bin'], + command => "wget ${cert_uri} -O ${cert_file}", + creates => $cert_file, + notify => Service['httpd','shibd'], + } - # Get the Metadata signing certificate - exec{"get_${name}_metadata_cert": - path => ['/usr/bin'], - command => "wget ${cert_uri} -O ${cert_file}", - creates => $cert_file, - notify => Service['httpd'], - } + # This puts the MetadataProvider entry in the 'right' place + augeas{"shib_${name}_create_metadata_provider": + lens => 'Xml.lns', + incl => $::apache::mod::shib::shib_conf, + context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + 'ins MetadataProvider after Errors', + ], + onlyif => 'match MetadataProvider/#attribute/uri size == 0', + notify => Service['httpd','shibd'], + require => Exec["get_${name}_metadata_cert"], + } - # This puts the MetadataProvider entry in the 'right' place - augeas{"shib_${name}_create_metadata_provider": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "ins MetadataProvider after Errors", - ], - onlyif => 'match MetadataProvider/#attribute/uri size == 0', - notify => Service['httpd'], - require => Exec["get_${name}_metadata_cert"], - } - - # This will update the attributes and child nodes if they change - augeas{"shib_${name}_metadata_provider": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set MetadataProvider/#attribute/type ${provider_type}", - "set MetadataProvider/#attribute/uri ${provider_uri}", - "set MetadataProvider/#attribute/backingFilePath ${backing_file}", - "set MetadataProvider/#attribute/reloadInterva ${provider_reload_interval}", - "set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil", - "set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval ${metadata_filter_max_validity_interval}", - "set MetadataProvider/MetadataFilter[2]/#attribute/type Signature", - "set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}", - ], - notify => Service['httpd'], - require => [Exec["get_${name}_metadata_cert"],Augeas["shib_${name}_create_metadata_provider"]], - } + # This will update the attributes and child nodes if they change + augeas{"shib_${name}_metadata_provider": + lens => 'Xml.lns', + incl => $::apache::mod::shib::shib_conf, + context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", + changes => [ + "set MetadataProvider/#attribute/type ${provider_type}", + "set MetadataProvider/#attribute/uri ${provider_uri}", + "set MetadataProvider/#attribute/backingFilePath ${backing_file}", + "set MetadataProvider/#attribute/reloadInterval ${provider_reload_interval}", + 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', + "set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval ${metadata_filter_max_validity_interval}", + 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', + "set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}", + ], + notify => Service['httpd','shibd'], + require => [Exec["get_${name}_metadata_cert"],Augeas["shib_${name}_create_metadata_provider"]], + } } \ No newline at end of file diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp index 816a1a0f8d..2f8a4a9672 100644 --- a/manifests/mod/shib/sso.pp +++ b/manifests/mod/shib/sso.pp @@ -1,41 +1,39 @@ define apache::mod::shib::sso( - $discoveryURL = undef, - $idpURL = undef, - $discoveryProtocol = "SAMLDS", - $ECP_support = false + $discoveryURL = undef, + $idpURL = undef, + $discoveryProtocol = 'SAMLDS', + $ecp_support = false ){ - require apache::mod::shib + if $discoveryURL and $idpURL { + err('apache::mod::shib::sso must have one of discoveryURL or idpURL set, not both.') + } elsif !$discoveryURL and !$idpURL { + err('apache::mod::shib::sso must have one of discoveryURL or idpURL set, not neither.') + } else { - if $discoveryURL and $idpURL { - err("apache::mod::shib::sso must have one of discoveryURL or idpURL set, not both.") - } elsif !$discoveryURL and !$idpURL { - err("apache::mod::shib::sso must have one of discoveryURL or idpURL set, not neither.") - } else { + if $idpURL { + $entityID_aug = "set SSO/#attribute/entityID ${idpURL}" + } else { + $entityID_aug = 'rm SSO/#attribute/entityID' + } - if $idpURL { - $entityID_aug = "set SSO/#attribute/entityID ${idpURL}" - } else { - $entityID_aug = "rm SSO/#attribute/entityID" - } + if $discoveryURL { + $discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}" + } else { + $discoveryURL_aug = 'rm SSO/#attribute/discoveryURL' + } - if $discoveryURL { - $discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}" - } else { - $discoveryURL_aug = "rm SSO/#attribute/discoveryURL" - } - - augeas{"shib_sso_${name}_attributes": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", - changes => [ - $entityID_aug, - $discoveryURL_aug, - "set SSO/#attribute/discoveryProtocol ${discoveryProtocol}", - "set SSO/#attribute/ECP ${ECP_support}", - ], - notify => Service['httpd'], - } - } + augeas{"shib_sso_${name}_attributes": + lens => 'Xml.lns', + incl => $apache::mod::shib::shib_conf, + context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", + changes => [ + $entityID_aug, + $discoveryURL_aug, + "set SSO/#attribute/discoveryProtocol ${discoveryProtocol}", + "set SSO/#attribute/ECP ${ecp_support}", + ], + notify => Service['httpd','shibd'], + } + } } \ No newline at end of file diff --git a/spec/classes/mod/shib/backend_cert_spec.rb b/spec/classes/mod/shib/backend_cert_spec.rb new file mode 100644 index 0000000000..92558da4fe --- /dev/null +++ b/spec/classes/mod/shib/backend_cert_spec.rb @@ -0,0 +1,64 @@ +describe 'apache::mod::shib::backend_cert', :type => :class do + let :pre_condition do + "include apache\ninclude apache::mod::shib" + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + } + end + describe 'with no parameters' do + it { should contain_class('apache::mod::shib') } + it { should contain_exec('shib_keygen_test.example.com').with( + 'path' => ['/usr/sbin','/usr/bin','/bin'], + 'command' => 'shib-keygen -f -h test.example.com -e https://test.example.com/shibbloeth', + 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.com' + ) } + end + describe 'when given a hostname' do + let(:params){ { :sp_hostname => 'test.example.org' } } + it { should contain_exec('shib_keygen_test.example.org').with( + 'command' => 'shib-keygen -f -h test.example.org -e https://test.example.org/shibbloeth', + 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.org' + ) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + } + end + describe 'with no parameters' do + it { should contain_class('apache::mod::shib') } + it { should contain_exec('shib_keygen_test.example.com').with( + 'path' => ['/usr/sbin','/usr/bin','/bin'], + 'command' => 'shib-keygen -f -h test.example.com -e https://test.example.com/shibbloeth', + 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.com' + ) } + end + describe 'when given a hostname' do + let(:params){ { :sp_hostname => 'test.example.org' } } + it { should contain_exec('shib_keygen_test.example.org').with( + 'command' => 'shib-keygen -f -h test.example.org -e https://test.example.org/shibbloeth', + 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.org' + ) } + end + end +end \ No newline at end of file diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb new file mode 100644 index 0000000000..9193072217 --- /dev/null +++ b/spec/classes/mod/shib_spec.rb @@ -0,0 +1,116 @@ +describe 'apache::mod::shib', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + } + end + describe 'with no parameters' do + it { should contain_apache__mod('shib2') } + it { should contain_file('/etc/shibboleth').with( + 'ensure' => 'directory', + 'require' => 'Apache::Mod[shib2]' + ) } + it { should contain_file('/etc/shibboleth/shibboleth2.xml').with( + 'ensure' => 'file', + 'replace' => false, + 'require' => ['Apache::Mod[shib2]','File[/etc/shibboleth]'] + ) } + it { should contain_augeas('shib_SPconfig_errors').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set Errors/#attribute/supportContact root@localhost', + 'set Errors/#attribute/logoLocation /shibboleth-sp/logo.jpg', + 'set Errors/#attribute/styleSheet /shibboleth-sp/main.css', + ], + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_SPconfig_hostname').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set #attribute/entityID https://test.example.com/shibboleth', + 'set Sessions/#attribute/handlerURL https://test.example.com/Shibboleth.sso', + ], + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_SPconfig_handlerSSL').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => ['set Sessions/#attribute/handlerSSL true',], + 'notify' => 'Service[httpd]' + ) } + # The apache module isn't set up for testing the changes augeas makes. + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + } + end + describe 'with no parameters' do + it { should contain_apache__mod('shib2') } + it { should contain_file('/etc/shibboleth').with( + 'ensure' => 'directory', + 'require' => 'Apache::Mod[shib2]' + ) } + it { should contain_file('/etc/shibboleth/shibboleth2.xml').with( + 'ensure' => 'file', + 'replace' => false, + 'require' => ['Apache::Mod[shib2]','File[/etc/shibboleth]'] + ) } + it { should contain_augeas('shib_SPconfig_errors').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set Errors/#attribute/supportContact root@localhost', + 'set Errors/#attribute/logoLocation /shibboleth-sp/logo.jpg', + 'set Errors/#attribute/styleSheet /shibboleth-sp/main.css', + ], + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_SPconfig_hostname').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set #attribute/entityID https://test.example.com/shibboleth', + 'set Sessions/#attribute/handlerURL https://test.example.com/Shibboleth.sso', + ], + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_SPconfig_handlerSSL').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => ['set Sessions/#attribute/handlerSSL true',], + 'notify' => 'Service[httpd]' + ) } + # The apache module isn't set up for testing the changes augeas makes. + end + end +end \ No newline at end of file diff --git a/spec/defines/mod/shib/attribute_map_spec.rb b/spec/defines/mod/shib/attribute_map_spec.rb new file mode 100644 index 0000000000..47c577ea17 --- /dev/null +++ b/spec/defines/mod/shib/attribute_map_spec.rb @@ -0,0 +1,112 @@ +describe 'apache::mod::shib::attribute_map', :type => :define do + let :pre_condition do + "include apache\ninclude apache::mod::shib" + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'map_name' } + describe 'with minimum parameters' do + let(:params){ { :attribute_map_uri => 'http://example.org/attribute_map.xml' } } + it { should contain_class("apache::mod::shib") } + it { should contain_exec("get_map_name_attribute_map").with( + 'path' => ['/usr/bin'], + 'command' => 'wget http://example.org/attribute_map.xml -O /etc/shibboleth/attribute_map.xml', + 'unless' => 'test `find /etc/shibboleth/attribute_map.xml -mtime +21`', + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas("shib_map_name_attribute_map").with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set AttributeExtractor/#attribute/path attribute_map.xml', + ], + 'notify' => 'Service[httpd]', + 'require' => 'Exec[get_map_name_attribute_map]' + ) } + end + describe 'with all parameters' do + let(:params){ { + :attribute_map_uri => 'http://bob.org/bobs_attribute_map.xml', + :attribute_map_dir => '/some/path/to', + :attribute_map_name => 'bob.xml', + :max_age => '5' + } } + it { should contain_exec("get_map_name_attribute_map").with( + 'command' => 'wget http://bob.org/bobs_attribute_map.xml -O /some/path/to/bob.xml', + 'unless' => 'test `find /some/path/to/bob.xml -mtime +5`' + ) } + it { should contain_augeas("shib_map_name_attribute_map").with( + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set AttributeExtractor/#attribute/path bob.xml', + ] + ) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'map_name' } + describe 'with minimum parameters' do + let(:params){ { :attribute_map_uri => 'http://example.org/attribute_map.xml' } } + it { should contain_class("apache::mod::shib") } + it { should contain_exec("get_map_name_attribute_map").with( + 'path' => ['/usr/bin'], + 'command' => 'wget http://example.org/attribute_map.xml -O /etc/shibboleth/attribute_map.xml', + 'unless' => 'test `find /etc/shibboleth/attribute_map.xml -mtime +21`', + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas("shib_map_name_attribute_map").with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set AttributeExtractor/#attribute/path attribute_map.xml', + ], + 'notify' => 'Service[httpd]', + 'require' => 'Exec[get_map_name_attribute_map]' + ) } + end + describe 'with all parameters' do + let(:params){ { + :attribute_map_uri => 'http://bob.org/bobs_attribute_map.xml', + :attribute_map_dir => '/some/path/to', + :attribute_map_name => 'bob.xml', + :max_age => '5' + } } + it { should contain_exec("get_map_name_attribute_map").with( + 'command' => 'wget http://bob.org/bobs_attribute_map.xml -O /some/path/to/bob.xml', + 'unless' => 'test `find /some/path/to/bob.xml -mtime +5`' + ) } + it { should contain_augeas("shib_map_name_attribute_map").with( + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set AttributeExtractor/#attribute/path bob.xml', + ] + ) } + end + end +end \ No newline at end of file diff --git a/spec/defines/mod/shib/metadata_spec.rb b/spec/defines/mod/shib/metadata_spec.rb new file mode 100644 index 0000000000..5bb4e78157 --- /dev/null +++ b/spec/defines/mod/shib/metadata_spec.rb @@ -0,0 +1,178 @@ +describe 'apache::mod::shib::metadata', :type => :define do + let :pre_condition do + "include apache\ninclude apache::mod::shib" + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'metadata_name' } + describe 'with minimum parameters' do + let(:params){ { + :provider_uri => 'http://example.org/provider', + :cert_uri => 'http://example.org/cert.crt' + } } + it { should contain_class('apache::mod::shib') } + it { should contain_exec('get_metadata_name_metadata_cert').with( + 'path' => ['/usr/bin'], + 'command' => 'wget http://example.org/cert.crt -O /etc/shibboleth/cert.crt', + 'creates' => '/etc/shibboleth/cert.crt', + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_metadata_name_create_metadata_provider').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'ins MetadataProvider after Errors', + ], + 'onlyif' => 'match MetadataProvider/#attribute/uri size == 0', + 'notify' => 'Service[httpd]', + 'require' => 'Exec[get_metadata_name_metadata_cert]' + ) } + it { should contain_augeas("shib_metadata_name_metadata_provider").with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set MetadataProvider/#attribute/type XML', + 'set MetadataProvider/#attribute/uri http://example.org/provider', + 'set MetadataProvider/#attribute/backingFilePath /etc/shibboleth/provider', + 'set MetadataProvider/#attribute/reloadInterval 7200', + 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', + 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 2419200', + 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', + 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /etc/shibboleth/cert.crt', + ], + 'notify' => 'Service[httpd]', + 'require' => ['Exec[get_metadata_name_metadata_cert]','Augeas[shib_metadata_name_create_metadata_provider]'] + ) } + end + describe 'with all parameters' do + let(:params){ { + :provider_uri => 'http://example.org/provider', + :cert_uri => 'http://example.org/cert.crt', + :backing_file_dir => '/path/to', + :backing_file_name => 'bob.xml', + :cert_dir => '/path/to/certs', + :cert_file_name => 'bobs_cert.crt', + :provider_type => 'JSON', + :provider_reload_interval => '1000', + :metadata_filter_max_validity_interval => '100000' + } } + it { should contain_exec('get_metadata_name_metadata_cert').with( + 'command' => 'wget http://example.org/cert.crt -O /path/to/certs/bobs_cert.crt', + 'creates' => '/path/to/certs/bobs_cert.crt' + ) } + it { should contain_augeas("shib_metadata_name_metadata_provider").with( + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set MetadataProvider/#attribute/type JSON', + 'set MetadataProvider/#attribute/uri http://example.org/provider', + 'set MetadataProvider/#attribute/backingFilePath /path/to/bob.xml', + 'set MetadataProvider/#attribute/reloadInterval 1000', + 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', + 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 100000', + 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', + 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /path/to/certs/bobs_cert.crt' + ] + ) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'metadata_name' } + describe 'with minimum parameters' do + let(:params){ { + :provider_uri => 'http://example.org/provider', + :cert_uri => 'http://example.org/cert.crt' + } } + it { should contain_class('apache::mod::shib') } + it { should contain_exec('get_metadata_name_metadata_cert').with( + 'path' => ['/usr/bin'], + 'command' => 'wget http://example.org/cert.crt -O /etc/shibboleth/cert.crt', + 'creates' => '/etc/shibboleth/cert.crt', + 'notify' => 'Service[httpd]' + ) } + it { should contain_augeas('shib_metadata_name_create_metadata_provider').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'ins MetadataProvider after Errors', + ], + 'onlyif' => 'match MetadataProvider/#attribute/uri size == 0', + 'notify' => 'Service[httpd]', + 'require' => 'Exec[get_metadata_name_metadata_cert]' + ) } + it { should contain_augeas("shib_metadata_name_metadata_provider").with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set MetadataProvider/#attribute/type XML', + 'set MetadataProvider/#attribute/uri http://example.org/provider', + 'set MetadataProvider/#attribute/backingFilePath /etc/shibboleth/provider', + 'set MetadataProvider/#attribute/reloadInterval 7200', + 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', + 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 2419200', + 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', + 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /etc/shibboleth/cert.crt', + ], + 'notify' => 'Service[httpd]', + 'require' => ['Exec[get_metadata_name_metadata_cert]','Augeas[shib_metadata_name_create_metadata_provider]'] + ) } + end + describe 'with all parameters' do + let(:params){ { + :provider_uri => 'http://example.org/provider', + :cert_uri => 'http://example.org/cert.crt', + :backing_file_dir => '/path/to', + :backing_file_name => 'bob.xml', + :cert_dir => '/path/to/certs', + :cert_file_name => 'bobs_cert.crt', + :provider_type => 'JSON', + :provider_reload_interval => '1000', + :metadata_filter_max_validity_interval => '100000' + } } + it { should contain_exec('get_metadata_name_metadata_cert').with( + 'command' => 'wget http://example.org/cert.crt -O /path/to/certs/bobs_cert.crt', + 'creates' => '/path/to/certs/bobs_cert.crt' + ) } + it { should contain_augeas("shib_metadata_name_metadata_provider").with( + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', + 'changes' => [ + 'set MetadataProvider/#attribute/type JSON', + 'set MetadataProvider/#attribute/uri http://example.org/provider', + 'set MetadataProvider/#attribute/backingFilePath /path/to/bob.xml', + 'set MetadataProvider/#attribute/reloadInterval 1000', + 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', + 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 100000', + 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', + 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /path/to/certs/bobs_cert.crt' + ] + ) } + end + end +end \ No newline at end of file diff --git a/spec/defines/mod/shib/sso_spec.rb b/spec/defines/mod/shib/sso_spec.rb new file mode 100644 index 0000000000..12dbd4729c --- /dev/null +++ b/spec/defines/mod/shib/sso_spec.rb @@ -0,0 +1,152 @@ +describe 'apache::mod::shib::sso', :type => :define do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'sso_name' } + describe 'with a Discovery Service' do + let(:params){ { :idpURL => 'http://example.org/IDP/' } } + it { should contain_class('apache::mod::shib') } + it { should contain_augeas('shib_sso_sso_name_attributes').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', + 'changes' => [ + 'set SSO/#attribute/entityID http://example.org/IDP/', + 'rm SSO/#attribute/discoveryURL', + 'set SSO/#attribute/discoveryProtocol SAMLDS', + 'set SSO/#attribute/ECP false' + ], + 'notify' => 'Service[httpd]' + ) } + end + describe 'with an Identity Provider' do + let(:params){ { :discoveryURL => 'http://example.org/DS/' } } + it { should contain_class('apache::mod::shib') } + it { should contain_augeas('shib_sso_sso_name_attributes').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', + 'changes' => [ + 'rm SSO/#attribute/entityID', + 'set SSO/#attribute/discoveryURL http://example.org/DS/', + 'set SSO/#attribute/discoveryProtocol SAMLDS', + 'set SSO/#attribute/ECP false' + ], + 'notify' => 'Service[httpd]' + ) } + end + describe 'when choosing a protocol and enabling ECP' do + let(:params){ { + :idpURL => 'http://example.org/IDP/', + :discoveryProtocol => 'PIDGEONS', + :ecp_support => true + } } + it { should contain_augeas('shib_sso_sso_name_attributes').with_changes( + [ + 'set SSO/#attribute/entityID http://example.org/IDP/', + 'rm SSO/#attribute/discoveryURL', + 'set SSO/#attribute/discoveryProtocol PIDGEONS', + 'set SSO/#attribute/ECP true' + ] + ) } + end + describe 'when both a Directory Service and an Identity Provider are given' do + let(:params){ { + :idpURL => 'http://example.org/IDP/', + :discoveryURL => 'http://example.org/DS/' + } } + # Can't test for error messages + it { should_not contain_augeas('shib_sso_sso_name_attributes') } + end + describe 'with no parameters' do + # Can't test for error messages + it { should_not contain_augeas('shib_sso_sso_name_attributes') } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:title){ 'sso_name' } + describe 'with a Discovery Service' do + let(:params){ { :idpURL => 'http://example.org/IDP/' } } + it { should contain_class('apache::mod::shib') } + it { should contain_augeas('shib_sso_sso_name_attributes').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', + 'changes' => [ + 'set SSO/#attribute/entityID http://example.org/IDP/', + 'rm SSO/#attribute/discoveryURL', + 'set SSO/#attribute/discoveryProtocol SAMLDS', + 'set SSO/#attribute/ECP false' + ], + 'notify' => 'Service[httpd]' + ) } + end + describe 'with an Identity Provider' do + let(:params){ { :discoveryURL => 'http://example.org/DS/' } } + it { should contain_class('apache::mod::shib') } + it { should contain_augeas('shib_sso_sso_name_attributes').with( + 'lens' => 'Xml.lns', + 'incl' => '/etc/shibboleth/shibboleth2.xml', + 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', + 'changes' => [ + 'rm SSO/#attribute/entityID', + 'set SSO/#attribute/discoveryURL http://example.org/DS/', + 'set SSO/#attribute/discoveryProtocol SAMLDS', + 'set SSO/#attribute/ECP false' + ], + 'notify' => 'Service[httpd]' + ) } + end + describe 'when choosing a protocol and enabling ECP' do + let(:params){ { + :idpURL => 'http://example.org/IDP/', + :discoveryProtocol => 'PIDGEONS', + :ecp_support => true + } } + it { should contain_augeas('shib_sso_sso_name_attributes').with_changes( + [ + 'set SSO/#attribute/entityID http://example.org/IDP/', + 'rm SSO/#attribute/discoveryURL', + 'set SSO/#attribute/discoveryProtocol PIDGEONS', + 'set SSO/#attribute/ECP true' + ] + ) } + end + describe 'when both a Directory Service and an Identity Provider are given' do + let(:params){ { + :idpURL => 'http://example.org/IDP/', + :discoveryURL => 'http://example.org/DS/' + } } + # Can't test for error messages + it { should_not contain_augeas('shib_sso_sso_name_attributes') } + end + describe 'with no parameters' do + # Can't test for error messages + it { should_not contain_augeas('shib_sso_sso_name_attributes') } + end + end +end \ No newline at end of file From 049fd54b57e8a4f28ceeea4888456eafe1509fa1 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Fri, 26 Sep 2014 11:50:25 +1200 Subject: [PATCH 0364/2267] Stripping out the shibboleth daemon config out into a separate module. --- manifests/mod/shib.pp | 85 +--------- manifests/mod/shib/attribute_map.pp | 32 ---- manifests/mod/shib/backend_cert.pp | 18 -- manifests/mod/shib/metadata.pp | 58 ------- manifests/mod/shib/sso.pp | 39 ----- spec/classes/mod/shib/backend_cert_spec.rb | 64 ------- spec/classes/mod/shib_spec.rb | 80 +-------- spec/defines/mod/shib/attribute_map_spec.rb | 112 ------------ spec/defines/mod/shib/metadata_spec.rb | 178 -------------------- spec/defines/mod/shib/sso_spec.rb | 152 ----------------- 10 files changed, 9 insertions(+), 809 deletions(-) delete mode 100644 manifests/mod/shib/attribute_map.pp delete mode 100644 manifests/mod/shib/backend_cert.pp delete mode 100644 manifests/mod/shib/metadata.pp delete mode 100644 manifests/mod/shib/sso.pp delete mode 100644 spec/classes/mod/shib/backend_cert_spec.rb delete mode 100644 spec/defines/mod/shib/attribute_map_spec.rb delete mode 100644 spec/defines/mod/shib/metadata_spec.rb delete mode 100644 spec/defines/mod/shib/sso_spec.rb diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index f95996867f..8ec4c6dd11 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -1,86 +1,15 @@ -class apache::mod::shib( - $shib_admin = $apache::serveradmin, - $shib_hostname = $::fqdn, - $logoLocation = '/shibboleth-sp/logo.jpg', - $styleSheet = '/shibboleth-sp/main.css', - $shib_conf_dir = '/etc/shibboleth', - $shib_conf_file = 'shibboleth2.xml', - $shib_sp_cert = 'sp-cert.pem', - $shib_bin_dir = '/usr/sbin', - $handlerSSL = true, - $consistent_address = true -){ +class apache::mod::shib ( + $suppress_warning = false, +) { + + if $::osfamily == 'RedHat' and ! $suppress_warning { + warning('RedHat distributions do not have Apache mod_shib in their default package repositories.') + } - $shib_conf = "${shib_conf_dir}/${shib_conf_file}" $mod_shib = 'shib2' apache::mod {$mod_shib: id => 'mod_shib', } - # by requiring the Apache::Mod, this should wait for the package - # to create the directory and not need to manage it - file{$shib_conf_dir: - ensure => 'directory', - require => Apache::Mod[$mod_shib] - } - - # by requiring the Apache::Mod, this will just define the file - # created when installing the package. - file{$shib_conf: - ensure => 'file', - replace => false, - require => [Apache::Mod[$mod_shib],File[$shib_conf_dir]], - } - - # augeas should auto-require the file $shib_conf - augeas{'shib_SPconfig_errors': - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set Errors/#attribute/supportContact ${shib_admin}", - "set Errors/#attribute/logoLocation ${logoLocation}", - "set Errors/#attribute/styleSheet ${styleSheet}", - ], - notify => Service['httpd','shibd'], - } - - augeas{'shib_SPconfig_consistent_address': - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set Sessions/#attribute/consistentAddress ${consistent_address}", - ], - notify => Service['httpd','shibd'], - } - - augeas{'shib_SPconfig_hostname': - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set #attribute/entityID https://${shib_hostname}/shibboleth", - "set Sessions/#attribute/handlerURL https://${shib_hostname}/Shibboleth.sso", - ], - notify => Service['httpd','shibd'], - } - - augeas{'shib_SPconfig_handlerSSL': - lens => 'Xml.lns', - incl => $shib_conf, - context => "/files${shib_conf}/SPConfig/ApplicationDefaults", - changes => ["set Sessions/#attribute/handlerSSL ${handlerSSL}",], - notify => Service['httpd','shibd'], - } - - service{'shibd': - ensure => 'running', - enable => true, - hasrestart => true, - hasstatus => true, - require => Apache::Mod[$mod_shib], - } - } \ No newline at end of file diff --git a/manifests/mod/shib/attribute_map.pp b/manifests/mod/shib/attribute_map.pp deleted file mode 100644 index e330f9939c..0000000000 --- a/manifests/mod/shib/attribute_map.pp +++ /dev/null @@ -1,32 +0,0 @@ -# parameter setup allows an attribute_map to bedownloaded with one name -# and saved locally by another. -define apache::mod::shib::attribute_map( - $attribute_map_uri, - $attribute_map_dir = $::apache::mod::shib::shib_conf_dir, - $attribute_map_name = inline_template("<%= attribute_map_uri.split('/').last %>"), - $max_age = '21' -){ - - $attribute_map = "${attribute_map_dir}/${attribute_map_name}" - - # Download the attribute map, refresh after $max_age days - exec{"get_${name}_attribute_map": - path => ['/usr/bin'], - command => "wget ${attribute_map_uri} -O ${attribute_map}", - unless => "test `find ${attribute_map} -mtime +${max_age}`", - notify => Service['httpd','shibd'], - } - - # Make sure the shibboleth config is pointing at the attribute map - augeas{"shib_${name}_attribute_map": - lens => 'Xml.lns', - incl => $::apache::mod::shib::shib_conf, - context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set AttributeExtractor/#attribute/path ${attribute_map_name}", - ], - notify => Service['httpd','shibd'], - require => Exec["get_${name}_attribute_map"], - } - -} \ No newline at end of file diff --git a/manifests/mod/shib/backend_cert.pp b/manifests/mod/shib/backend_cert.pp deleted file mode 100644 index 4eefd58e9b..0000000000 --- a/manifests/mod/shib/backend_cert.pp +++ /dev/null @@ -1,18 +0,0 @@ -# This generates a self signed x509 certificate used to secure connections -# with a Shibboleth Federation registry. If the key is ever lost or overwritten -# the certificate will have to be re-registered. -# Alternativly, the certificate could be deployed from the puppetmaster -class apache::mod::shib::backend_cert( - $sp_hostname = $apache::mod::shib::shib_hostname -) { - - require apache::mod::shib - - $sp_cert = "${::apache::mod::shib::shib_conf_dir}/${::apache::mod::shib::shib_sp_cert}" - - exec{"shib_keygen_${sp_hostname}": - path => [$::apache::mod::shib::shib_bin_dir,'/usr/bin','/bin'], - command => "shib-keygen -f -h ${sp_hostname} -e https://${sp_hostname}/shibbloeth", - unless => "openssl x509 -noout -in ${sp_cert} -issuer|grep ${sp_hostname}", - } -} \ No newline at end of file diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp deleted file mode 100644 index a5ac386c4f..0000000000 --- a/manifests/mod/shib/metadata.pp +++ /dev/null @@ -1,58 +0,0 @@ -# Currently this can only create a _single_ metadata provider -# it will need to be modified to permit multiple metadata providers -define apache::mod::shib::metadata( - $provider_uri, - $cert_uri, - $backing_file_dir = $::apache::mod::shib::shib_conf_dir, - $backing_file_name = inline_template("<%= provider_uri.split('/').last %>"), - $cert_dir = $::apache::mod::shib::shib_conf_dir, - $cert_file_name = inline_template("<%= cert_uri.split('/').last %>"), - $provider_type = 'XML', - $provider_reload_interval = '7200', - $metadata_filter_max_validity_interval = '2419200' -){ - - $backing_file = "${backing_file_dir}/${backing_file_name}" - $cert_file = "${cert_dir}/${cert_file_name}" - - # Get the Metadata signing certificate - exec{"get_${name}_metadata_cert": - path => ['/usr/bin'], - command => "wget ${cert_uri} -O ${cert_file}", - creates => $cert_file, - notify => Service['httpd','shibd'], - } - - # This puts the MetadataProvider entry in the 'right' place - augeas{"shib_${name}_create_metadata_provider": - lens => 'Xml.lns', - incl => $::apache::mod::shib::shib_conf, - context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - 'ins MetadataProvider after Errors', - ], - onlyif => 'match MetadataProvider/#attribute/uri size == 0', - notify => Service['httpd','shibd'], - require => Exec["get_${name}_metadata_cert"], - } - - # This will update the attributes and child nodes if they change - augeas{"shib_${name}_metadata_provider": - lens => 'Xml.lns', - incl => $::apache::mod::shib::shib_conf, - context => "/files${::apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults", - changes => [ - "set MetadataProvider/#attribute/type ${provider_type}", - "set MetadataProvider/#attribute/uri ${provider_uri}", - "set MetadataProvider/#attribute/backingFilePath ${backing_file}", - "set MetadataProvider/#attribute/reloadInterval ${provider_reload_interval}", - 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', - "set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval ${metadata_filter_max_validity_interval}", - 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', - "set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}", - ], - notify => Service['httpd','shibd'], - require => [Exec["get_${name}_metadata_cert"],Augeas["shib_${name}_create_metadata_provider"]], - } - -} \ No newline at end of file diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp deleted file mode 100644 index 2f8a4a9672..0000000000 --- a/manifests/mod/shib/sso.pp +++ /dev/null @@ -1,39 +0,0 @@ -define apache::mod::shib::sso( - $discoveryURL = undef, - $idpURL = undef, - $discoveryProtocol = 'SAMLDS', - $ecp_support = false -){ - - if $discoveryURL and $idpURL { - err('apache::mod::shib::sso must have one of discoveryURL or idpURL set, not both.') - } elsif !$discoveryURL and !$idpURL { - err('apache::mod::shib::sso must have one of discoveryURL or idpURL set, not neither.') - } else { - - if $idpURL { - $entityID_aug = "set SSO/#attribute/entityID ${idpURL}" - } else { - $entityID_aug = 'rm SSO/#attribute/entityID' - } - - if $discoveryURL { - $discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}" - } else { - $discoveryURL_aug = 'rm SSO/#attribute/discoveryURL' - } - - augeas{"shib_sso_${name}_attributes": - lens => 'Xml.lns', - incl => $apache::mod::shib::shib_conf, - context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions", - changes => [ - $entityID_aug, - $discoveryURL_aug, - "set SSO/#attribute/discoveryProtocol ${discoveryProtocol}", - "set SSO/#attribute/ECP ${ecp_support}", - ], - notify => Service['httpd','shibd'], - } - } -} \ No newline at end of file diff --git a/spec/classes/mod/shib/backend_cert_spec.rb b/spec/classes/mod/shib/backend_cert_spec.rb deleted file mode 100644 index 92558da4fe..0000000000 --- a/spec/classes/mod/shib/backend_cert_spec.rb +++ /dev/null @@ -1,64 +0,0 @@ -describe 'apache::mod::shib::backend_cert', :type => :class do - let :pre_condition do - "include apache\ninclude apache::mod::shib" - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :fqdn => 'test.example.com', - } - end - describe 'with no parameters' do - it { should contain_class('apache::mod::shib') } - it { should contain_exec('shib_keygen_test.example.com').with( - 'path' => ['/usr/sbin','/usr/bin','/bin'], - 'command' => 'shib-keygen -f -h test.example.com -e https://test.example.com/shibbloeth', - 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.com' - ) } - end - describe 'when given a hostname' do - let(:params){ { :sp_hostname => 'test.example.org' } } - it { should contain_exec('shib_keygen_test.example.org').with( - 'command' => 'shib-keygen -f -h test.example.org -e https://test.example.org/shibbloeth', - 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.org' - ) } - end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :fqdn => 'test.example.com', - } - end - describe 'with no parameters' do - it { should contain_class('apache::mod::shib') } - it { should contain_exec('shib_keygen_test.example.com').with( - 'path' => ['/usr/sbin','/usr/bin','/bin'], - 'command' => 'shib-keygen -f -h test.example.com -e https://test.example.com/shibbloeth', - 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.com' - ) } - end - describe 'when given a hostname' do - let(:params){ { :sp_hostname => 'test.example.org' } } - it { should contain_exec('shib_keygen_test.example.org').with( - 'command' => 'shib-keygen -f -h test.example.org -e https://test.example.org/shibbloeth', - 'unless' => 'openssl x509 -noout -in /etc/shibboleth/sp-cert.pem -issuer|grep test.example.org' - ) } - end - end -end \ No newline at end of file diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb index 9193072217..e515db96df 100644 --- a/spec/classes/mod/shib_spec.rb +++ b/spec/classes/mod/shib_spec.rb @@ -17,45 +17,7 @@ } end describe 'with no parameters' do - it { should contain_apache__mod('shib2') } - it { should contain_file('/etc/shibboleth').with( - 'ensure' => 'directory', - 'require' => 'Apache::Mod[shib2]' - ) } - it { should contain_file('/etc/shibboleth/shibboleth2.xml').with( - 'ensure' => 'file', - 'replace' => false, - 'require' => ['Apache::Mod[shib2]','File[/etc/shibboleth]'] - ) } - it { should contain_augeas('shib_SPconfig_errors').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set Errors/#attribute/supportContact root@localhost', - 'set Errors/#attribute/logoLocation /shibboleth-sp/logo.jpg', - 'set Errors/#attribute/styleSheet /shibboleth-sp/main.css', - ], - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_SPconfig_hostname').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set #attribute/entityID https://test.example.com/shibboleth', - 'set Sessions/#attribute/handlerURL https://test.example.com/Shibboleth.sso', - ], - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_SPconfig_handlerSSL').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => ['set Sessions/#attribute/handlerSSL true',], - 'notify' => 'Service[httpd]' - ) } - # The apache module isn't set up for testing the changes augeas makes. + it { should contain_apache__mod('shib2').with_id('mod_shib') } end end context "on a RedHat OS" do @@ -72,45 +34,7 @@ } end describe 'with no parameters' do - it { should contain_apache__mod('shib2') } - it { should contain_file('/etc/shibboleth').with( - 'ensure' => 'directory', - 'require' => 'Apache::Mod[shib2]' - ) } - it { should contain_file('/etc/shibboleth/shibboleth2.xml').with( - 'ensure' => 'file', - 'replace' => false, - 'require' => ['Apache::Mod[shib2]','File[/etc/shibboleth]'] - ) } - it { should contain_augeas('shib_SPconfig_errors').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set Errors/#attribute/supportContact root@localhost', - 'set Errors/#attribute/logoLocation /shibboleth-sp/logo.jpg', - 'set Errors/#attribute/styleSheet /shibboleth-sp/main.css', - ], - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_SPconfig_hostname').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set #attribute/entityID https://test.example.com/shibboleth', - 'set Sessions/#attribute/handlerURL https://test.example.com/Shibboleth.sso', - ], - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_SPconfig_handlerSSL').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => ['set Sessions/#attribute/handlerSSL true',], - 'notify' => 'Service[httpd]' - ) } - # The apache module isn't set up for testing the changes augeas makes. + it { should contain_apache__mod('shib2').with_id('mod_shib') } end end end \ No newline at end of file diff --git a/spec/defines/mod/shib/attribute_map_spec.rb b/spec/defines/mod/shib/attribute_map_spec.rb deleted file mode 100644 index 47c577ea17..0000000000 --- a/spec/defines/mod/shib/attribute_map_spec.rb +++ /dev/null @@ -1,112 +0,0 @@ -describe 'apache::mod::shib::attribute_map', :type => :define do - let :pre_condition do - "include apache\ninclude apache::mod::shib" - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'map_name' } - describe 'with minimum parameters' do - let(:params){ { :attribute_map_uri => 'http://example.org/attribute_map.xml' } } - it { should contain_class("apache::mod::shib") } - it { should contain_exec("get_map_name_attribute_map").with( - 'path' => ['/usr/bin'], - 'command' => 'wget http://example.org/attribute_map.xml -O /etc/shibboleth/attribute_map.xml', - 'unless' => 'test `find /etc/shibboleth/attribute_map.xml -mtime +21`', - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas("shib_map_name_attribute_map").with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set AttributeExtractor/#attribute/path attribute_map.xml', - ], - 'notify' => 'Service[httpd]', - 'require' => 'Exec[get_map_name_attribute_map]' - ) } - end - describe 'with all parameters' do - let(:params){ { - :attribute_map_uri => 'http://bob.org/bobs_attribute_map.xml', - :attribute_map_dir => '/some/path/to', - :attribute_map_name => 'bob.xml', - :max_age => '5' - } } - it { should contain_exec("get_map_name_attribute_map").with( - 'command' => 'wget http://bob.org/bobs_attribute_map.xml -O /some/path/to/bob.xml', - 'unless' => 'test `find /some/path/to/bob.xml -mtime +5`' - ) } - it { should contain_augeas("shib_map_name_attribute_map").with( - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set AttributeExtractor/#attribute/path bob.xml', - ] - ) } - end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'map_name' } - describe 'with minimum parameters' do - let(:params){ { :attribute_map_uri => 'http://example.org/attribute_map.xml' } } - it { should contain_class("apache::mod::shib") } - it { should contain_exec("get_map_name_attribute_map").with( - 'path' => ['/usr/bin'], - 'command' => 'wget http://example.org/attribute_map.xml -O /etc/shibboleth/attribute_map.xml', - 'unless' => 'test `find /etc/shibboleth/attribute_map.xml -mtime +21`', - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas("shib_map_name_attribute_map").with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set AttributeExtractor/#attribute/path attribute_map.xml', - ], - 'notify' => 'Service[httpd]', - 'require' => 'Exec[get_map_name_attribute_map]' - ) } - end - describe 'with all parameters' do - let(:params){ { - :attribute_map_uri => 'http://bob.org/bobs_attribute_map.xml', - :attribute_map_dir => '/some/path/to', - :attribute_map_name => 'bob.xml', - :max_age => '5' - } } - it { should contain_exec("get_map_name_attribute_map").with( - 'command' => 'wget http://bob.org/bobs_attribute_map.xml -O /some/path/to/bob.xml', - 'unless' => 'test `find /some/path/to/bob.xml -mtime +5`' - ) } - it { should contain_augeas("shib_map_name_attribute_map").with( - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set AttributeExtractor/#attribute/path bob.xml', - ] - ) } - end - end -end \ No newline at end of file diff --git a/spec/defines/mod/shib/metadata_spec.rb b/spec/defines/mod/shib/metadata_spec.rb deleted file mode 100644 index 5bb4e78157..0000000000 --- a/spec/defines/mod/shib/metadata_spec.rb +++ /dev/null @@ -1,178 +0,0 @@ -describe 'apache::mod::shib::metadata', :type => :define do - let :pre_condition do - "include apache\ninclude apache::mod::shib" - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'metadata_name' } - describe 'with minimum parameters' do - let(:params){ { - :provider_uri => 'http://example.org/provider', - :cert_uri => 'http://example.org/cert.crt' - } } - it { should contain_class('apache::mod::shib') } - it { should contain_exec('get_metadata_name_metadata_cert').with( - 'path' => ['/usr/bin'], - 'command' => 'wget http://example.org/cert.crt -O /etc/shibboleth/cert.crt', - 'creates' => '/etc/shibboleth/cert.crt', - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_metadata_name_create_metadata_provider').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'ins MetadataProvider after Errors', - ], - 'onlyif' => 'match MetadataProvider/#attribute/uri size == 0', - 'notify' => 'Service[httpd]', - 'require' => 'Exec[get_metadata_name_metadata_cert]' - ) } - it { should contain_augeas("shib_metadata_name_metadata_provider").with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set MetadataProvider/#attribute/type XML', - 'set MetadataProvider/#attribute/uri http://example.org/provider', - 'set MetadataProvider/#attribute/backingFilePath /etc/shibboleth/provider', - 'set MetadataProvider/#attribute/reloadInterval 7200', - 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', - 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 2419200', - 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', - 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /etc/shibboleth/cert.crt', - ], - 'notify' => 'Service[httpd]', - 'require' => ['Exec[get_metadata_name_metadata_cert]','Augeas[shib_metadata_name_create_metadata_provider]'] - ) } - end - describe 'with all parameters' do - let(:params){ { - :provider_uri => 'http://example.org/provider', - :cert_uri => 'http://example.org/cert.crt', - :backing_file_dir => '/path/to', - :backing_file_name => 'bob.xml', - :cert_dir => '/path/to/certs', - :cert_file_name => 'bobs_cert.crt', - :provider_type => 'JSON', - :provider_reload_interval => '1000', - :metadata_filter_max_validity_interval => '100000' - } } - it { should contain_exec('get_metadata_name_metadata_cert').with( - 'command' => 'wget http://example.org/cert.crt -O /path/to/certs/bobs_cert.crt', - 'creates' => '/path/to/certs/bobs_cert.crt' - ) } - it { should contain_augeas("shib_metadata_name_metadata_provider").with( - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set MetadataProvider/#attribute/type JSON', - 'set MetadataProvider/#attribute/uri http://example.org/provider', - 'set MetadataProvider/#attribute/backingFilePath /path/to/bob.xml', - 'set MetadataProvider/#attribute/reloadInterval 1000', - 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', - 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 100000', - 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', - 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /path/to/certs/bobs_cert.crt' - ] - ) } - end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'metadata_name' } - describe 'with minimum parameters' do - let(:params){ { - :provider_uri => 'http://example.org/provider', - :cert_uri => 'http://example.org/cert.crt' - } } - it { should contain_class('apache::mod::shib') } - it { should contain_exec('get_metadata_name_metadata_cert').with( - 'path' => ['/usr/bin'], - 'command' => 'wget http://example.org/cert.crt -O /etc/shibboleth/cert.crt', - 'creates' => '/etc/shibboleth/cert.crt', - 'notify' => 'Service[httpd]' - ) } - it { should contain_augeas('shib_metadata_name_create_metadata_provider').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'ins MetadataProvider after Errors', - ], - 'onlyif' => 'match MetadataProvider/#attribute/uri size == 0', - 'notify' => 'Service[httpd]', - 'require' => 'Exec[get_metadata_name_metadata_cert]' - ) } - it { should contain_augeas("shib_metadata_name_metadata_provider").with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set MetadataProvider/#attribute/type XML', - 'set MetadataProvider/#attribute/uri http://example.org/provider', - 'set MetadataProvider/#attribute/backingFilePath /etc/shibboleth/provider', - 'set MetadataProvider/#attribute/reloadInterval 7200', - 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', - 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 2419200', - 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', - 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /etc/shibboleth/cert.crt', - ], - 'notify' => 'Service[httpd]', - 'require' => ['Exec[get_metadata_name_metadata_cert]','Augeas[shib_metadata_name_create_metadata_provider]'] - ) } - end - describe 'with all parameters' do - let(:params){ { - :provider_uri => 'http://example.org/provider', - :cert_uri => 'http://example.org/cert.crt', - :backing_file_dir => '/path/to', - :backing_file_name => 'bob.xml', - :cert_dir => '/path/to/certs', - :cert_file_name => 'bobs_cert.crt', - :provider_type => 'JSON', - :provider_reload_interval => '1000', - :metadata_filter_max_validity_interval => '100000' - } } - it { should contain_exec('get_metadata_name_metadata_cert').with( - 'command' => 'wget http://example.org/cert.crt -O /path/to/certs/bobs_cert.crt', - 'creates' => '/path/to/certs/bobs_cert.crt' - ) } - it { should contain_augeas("shib_metadata_name_metadata_provider").with( - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults', - 'changes' => [ - 'set MetadataProvider/#attribute/type JSON', - 'set MetadataProvider/#attribute/uri http://example.org/provider', - 'set MetadataProvider/#attribute/backingFilePath /path/to/bob.xml', - 'set MetadataProvider/#attribute/reloadInterval 1000', - 'set MetadataProvider/MetadataFilter[1]/#attribute/type RequireValidUntil', - 'set MetadataProvider/MetadataFilter[1]/#attribute/maxValidityInterval 100000', - 'set MetadataProvider/MetadataFilter[2]/#attribute/type Signature', - 'set MetadataProvider/MetadataFilter[2]/#attribute/certificate /path/to/certs/bobs_cert.crt' - ] - ) } - end - end -end \ No newline at end of file diff --git a/spec/defines/mod/shib/sso_spec.rb b/spec/defines/mod/shib/sso_spec.rb deleted file mode 100644 index 12dbd4729c..0000000000 --- a/spec/defines/mod/shib/sso_spec.rb +++ /dev/null @@ -1,152 +0,0 @@ -describe 'apache::mod::shib::sso', :type => :define do - let :pre_condition do - 'include apache' - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'sso_name' } - describe 'with a Discovery Service' do - let(:params){ { :idpURL => 'http://example.org/IDP/' } } - it { should contain_class('apache::mod::shib') } - it { should contain_augeas('shib_sso_sso_name_attributes').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', - 'changes' => [ - 'set SSO/#attribute/entityID http://example.org/IDP/', - 'rm SSO/#attribute/discoveryURL', - 'set SSO/#attribute/discoveryProtocol SAMLDS', - 'set SSO/#attribute/ECP false' - ], - 'notify' => 'Service[httpd]' - ) } - end - describe 'with an Identity Provider' do - let(:params){ { :discoveryURL => 'http://example.org/DS/' } } - it { should contain_class('apache::mod::shib') } - it { should contain_augeas('shib_sso_sso_name_attributes').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', - 'changes' => [ - 'rm SSO/#attribute/entityID', - 'set SSO/#attribute/discoveryURL http://example.org/DS/', - 'set SSO/#attribute/discoveryProtocol SAMLDS', - 'set SSO/#attribute/ECP false' - ], - 'notify' => 'Service[httpd]' - ) } - end - describe 'when choosing a protocol and enabling ECP' do - let(:params){ { - :idpURL => 'http://example.org/IDP/', - :discoveryProtocol => 'PIDGEONS', - :ecp_support => true - } } - it { should contain_augeas('shib_sso_sso_name_attributes').with_changes( - [ - 'set SSO/#attribute/entityID http://example.org/IDP/', - 'rm SSO/#attribute/discoveryURL', - 'set SSO/#attribute/discoveryProtocol PIDGEONS', - 'set SSO/#attribute/ECP true' - ] - ) } - end - describe 'when both a Directory Service and an Identity Provider are given' do - let(:params){ { - :idpURL => 'http://example.org/IDP/', - :discoveryURL => 'http://example.org/DS/' - } } - # Can't test for error messages - it { should_not contain_augeas('shib_sso_sso_name_attributes') } - end - describe 'with no parameters' do - # Can't test for error messages - it { should_not contain_augeas('shib_sso_sso_name_attributes') } - end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let(:title){ 'sso_name' } - describe 'with a Discovery Service' do - let(:params){ { :idpURL => 'http://example.org/IDP/' } } - it { should contain_class('apache::mod::shib') } - it { should contain_augeas('shib_sso_sso_name_attributes').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', - 'changes' => [ - 'set SSO/#attribute/entityID http://example.org/IDP/', - 'rm SSO/#attribute/discoveryURL', - 'set SSO/#attribute/discoveryProtocol SAMLDS', - 'set SSO/#attribute/ECP false' - ], - 'notify' => 'Service[httpd]' - ) } - end - describe 'with an Identity Provider' do - let(:params){ { :discoveryURL => 'http://example.org/DS/' } } - it { should contain_class('apache::mod::shib') } - it { should contain_augeas('shib_sso_sso_name_attributes').with( - 'lens' => 'Xml.lns', - 'incl' => '/etc/shibboleth/shibboleth2.xml', - 'context' => '/files/etc/shibboleth/shibboleth2.xml/SPConfig/ApplicationDefaults/Sessions', - 'changes' => [ - 'rm SSO/#attribute/entityID', - 'set SSO/#attribute/discoveryURL http://example.org/DS/', - 'set SSO/#attribute/discoveryProtocol SAMLDS', - 'set SSO/#attribute/ECP false' - ], - 'notify' => 'Service[httpd]' - ) } - end - describe 'when choosing a protocol and enabling ECP' do - let(:params){ { - :idpURL => 'http://example.org/IDP/', - :discoveryProtocol => 'PIDGEONS', - :ecp_support => true - } } - it { should contain_augeas('shib_sso_sso_name_attributes').with_changes( - [ - 'set SSO/#attribute/entityID http://example.org/IDP/', - 'rm SSO/#attribute/discoveryURL', - 'set SSO/#attribute/discoveryProtocol PIDGEONS', - 'set SSO/#attribute/ECP true' - ] - ) } - end - describe 'when both a Directory Service and an Identity Provider are given' do - let(:params){ { - :idpURL => 'http://example.org/IDP/', - :discoveryURL => 'http://example.org/DS/' - } } - # Can't test for error messages - it { should_not contain_augeas('shib_sso_sso_name_attributes') } - end - describe 'with no parameters' do - # Can't test for error messages - it { should_not contain_augeas('shib_sso_sso_name_attributes') } - end - end -end \ No newline at end of file From 4c8b6ad77ad9cbc86c283f0909f954f078dbda7c Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Mon, 29 Sep 2014 14:15:51 +1300 Subject: [PATCH 0365/2267] AllowEncodedSlashes can have a server default set with the apache class, and overridden with an apache::vhost declaration --- README.md | 8 ++++++++ manifests/init.pp | 5 +++++ manifests/vhost.pp | 9 +++++++++ spec/classes/apache_spec.rb | 16 ++++++++++++++++ spec/defines/vhost_spec.rb | 1 + templates/httpd.conf.erb | 3 +++ templates/vhost.conf.erb | 3 +++ 7 files changed, 45 insertions(+) diff --git a/README.md b/README.md index d5e388f57b..8472cad871 100644 --- a/README.md +++ b/README.md @@ -226,6 +226,10 @@ You may establish a default vhost in this class, the `vhost` class, or both. You **Parameters within `apache`:** +#####`allow_encoded_slashes` + +This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. + #####`apache_version` Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. @@ -902,6 +906,10 @@ For `alias` and `aliasmatch` to work, each will need a corresponding context, su *Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias may have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +#####`allow_encoded_slashes` + +This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. + #####`block` Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. diff --git a/manifests/init.pp b/manifests/init.pp index 74e3d6a055..b5e9204570 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -63,6 +63,7 @@ $server_tokens = 'OS', $server_signature = 'On', $trace_enable = 'On', + $allow_encoded_slashes = undef, $package_ensure = 'installed', ) inherits ::apache::params { validate_bool($default_vhost) @@ -80,6 +81,10 @@ validate_re($mpm_module, $valid_mpms_re) } + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. # NOTE: the same strategy may be introduced for other OSes. For this, you # should delete the 'if' block below and modify all MPM modules' manifests diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 1586f34a3e..0f28d728d5 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -96,6 +96,7 @@ $fastcgi_dir = undef, $additional_includes = [], $apache_version = $::apache::apache_version, + $allow_encoded_slashes = undef, $suexec_user_group = undef, ) { # The base class must be included first because it is used by parameter defaults @@ -122,6 +123,8 @@ validate_hash($rewrites[0]) } + # Input validation begins + if $suexec_user_group { validate_re($suexec_user_group, '^\w+ \w+$', "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") @@ -182,6 +185,12 @@ validate_string($custom_fragment) } + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + # Input validation ends + if $ssl and $ensure == 'present' { include ::apache::mod::ssl # Required for the AddType lines. diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 198f1138bf..dc5d6b46a1 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -94,6 +94,14 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } end + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} } + end + # Assert that both load files and conf files are placed and symlinked for these mods [ 'alias', @@ -305,6 +313,14 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } end + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index c5e1fe05ef..5908a7ede9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -231,6 +231,7 @@ 'additional_includes' => '/custom/path/includes', 'apache_version' => '2.4', 'suexec_user_group' => 'root root', + 'allow_encoded_slashes' => 'nodecode' } end let :facts do diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index cac3aaf102..68d6b50ae2 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -35,6 +35,9 @@ HostnameLookups Off ErrorLog "<%= @logroot %>/<%= @error_log %>" LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> +<%- if @allow_encoded_slashes -%> +AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> #Listen 80 diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 95ad3ce7df..859a3ae7f4 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -22,6 +22,9 @@ <% if @fallbackresource -%> FallbackResource <%= @fallbackresource %> <% end -%> +<%- if @allow_encoded_slashes -%> + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> ## Directories, there should at least be a declaration for <%= @docroot %> <%= scope.function_template(['apache/vhost/_directories.erb']) -%> From 14f5b784454522d4e45b5f7c1992ae1e1a65896a Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 16:15:04 -0500 Subject: [PATCH 0366/2267] Fix dav_svn for debian 6 --- manifests/mod/dav_svn.pp | 25 ++++++++++++++----------- spec/acceptance/mod_dav_svn_spec.rb | 6 +++++- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index c46976e850..36af06fa41 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,17 +1,20 @@ class apache::mod::dav_svn ( $authz_svn_enabled = false, ) { - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] - include ::apache::mod::dav - ::apache::mod { 'dav_svn': } + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache::mod::dav + ::apache::mod { 'dav_svn': } - if $authz_svn_enabled { - ::apache::mod { 'authz_svn': - loadfile_name => $::osfamily ? { - 'Debian' => undef, - default => 'dav_svn_authz_svn.load', - }, - require => Apache::Mod['dav_svn'], - } + if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + $loadfile_name = undef + } else { + $loadfile_name = 'dav_svn_authz_svn.load' + } + + if $authz_svn_enabled { + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], } + } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 5125ada0b2..90e0db5636 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,11 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - authz_svn_load_file = 'authz_svn.load' + if fact('operatingsystemmajrelease') == '6' + authz_svn_load_file = 'dav_svn_authz_svn.load' + else + authz_svn_load_file = 'authz_svn.load' + end when 'RedHat' mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' From 318f5f6773a12faafca7a9d4f0d4d31a4afe3599 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Tue, 30 Sep 2014 10:06:17 +1300 Subject: [PATCH 0367/2267] Add the minimum required shibboleth declarations to directories hashes. Ignored if mod_shib not defined. --- manifests/vhost.pp | 4 ++++ templates/vhost/_directories.erb | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0f28d728d5..863ca6a127 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -248,6 +248,9 @@ # Is apache::mod::passenger enabled (or apache::mod['passenger']) $passenger_enabled = defined(Apache::Mod['passenger']) + # Is apache::mod::shib enabled (or apache::mod['shib2']) + $shibboleth_enabled = defined(Apache::Mod['shib2']) + # Define log file names if $access_log_file { $access_log_destination = "${logroot}/${access_log_file}" @@ -482,6 +485,7 @@ # - $docroot # - $apache_version # - $suphp_engine + # - $shibboleth_enabled if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": target => "${priority_real}-${filename}.conf", diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 2ef916eca2..e1ce20f573 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -195,6 +195,14 @@ <%- end -%> <%- end -%> <%- end -%> + <%- if @shibboleth_enabled -%> + <%- if directory['shib_require_setting'] and ! directory['shib_require_setting'].empty? -%> + ShibRequireSetting <%- directory['shib_require_setting'] -%> + <%- end -%> + <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> + ShibUseHeaders <%- directory['shib_use_headers'] -%> + <%- end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 776437cf64e0e203bbb2b1fa2742607731ab7f31 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Tue, 30 Sep 2014 12:12:02 +1300 Subject: [PATCH 0368/2267] Update documentation for mod_shib --- README.md | 29 ++++++- README.mod_shib.md | 201 --------------------------------------------- 2 files changed, 27 insertions(+), 203 deletions(-) delete mode 100644 README.mod_shib.md diff --git a/README.md b/README.md index 8472cad871..db2750eb8d 100644 --- a/README.md +++ b/README.md @@ -113,8 +113,6 @@ A slightly more complicated example, changes the docroot owner/group from the de docroot_group => 'third', } ``` -For details on using the Shibboleth module (a.k.a. `mod_shib`) see [the Shibboleth README](README.mod_shib.md) - To set up a virtual host with SSL and default SSL certificates @@ -550,6 +548,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rewrite` * `rpaf`* * `setenvif` +* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) * `status`* @@ -697,6 +696,12 @@ AddHandler php5-script .php AddType text/html .php', } ``` +####Class: `apache::mod::shib` + +Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). + +Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances. + ####Class: `apache::mod::ssl` Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: @@ -1706,6 +1711,26 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array } ``` +######`shib_request_setting` + +Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_require_setting => 'requiresession 1', + shib_use_headers => 'On', + }, + ], + } +``` + +######`shib_use_headers` + +When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + ######`ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. diff --git a/README.mod_shib.md b/README.mod_shib.md deleted file mode 100644 index db95f5af67..0000000000 --- a/README.mod_shib.md +++ /dev/null @@ -1,201 +0,0 @@ -# Shibboleth module for Apache - -The module `apache::mod::shib` configures the Apache Shibboleth Service Provider (SP) module in a manner consistent and compatible with the usage of the Puppetlabs Apache Module. Once this module is installed and configured it should just be a matter of specifying `authType shibboleth` in an Apache Virtual Host declaration. - -## Shibboleth - -Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source. - -Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected on-line resources in a privacy-preserving manner. - -* http://shibboleth.net/ - -# Example Usage - -The following is an example installation: - -``` -# Set up Apache -class{'apache': } -class{'apache::mod::shib': } - -# Set up the Shibboleth Single Sign On (sso) module -apache::mod::shib::sso{'Federation_Directory': - discoveryURL => 'https://example.federation.org/ds/DS', -} - -apache::mod::shib::metadata{'Federation_metadata': - provider_uri => 'https://example.federation.org/metadata/fed-metadata-signed.xml', - cert_uri => 'http://example.federation.org/metadata/fed-metadata-cert.pem', -} - -apache::mod::shib::attribute_map{'Federation_attribute_map': - attribute_map_uri => 'https://example.federation.org/download/attribute-map.xml', -} - -include apache::mod::shib::backend_cert -``` -# Example Usage Breakdown - -The following sections describe the sequence given in the Example Usage - -## Apache and Shibboleth - -``` -# Set up Apache -class{'apache': } -class{'apache::mod::shib': } -``` - -Setting up the `apache` class from the PuppetLabs Apache Module is a requirement, no extra configuration is required. It is recommended that the `serveradmin` parameter is set. - -This is followed by installing the Shibboleth module (`mod_shib`) for Apache. This provides the absolute minimum installation which could then be configured further with parameters. - -## Configure Single Sign On with a Discovery Service - -``` -# Set up the Shibboleth Single Sign On (SSO) module -apache::mod::shib::sso{'Federation_Directory': - discoveryURL => 'https://example.federation.org/ds/DS', -} -``` - -This snippet sets up a Single Sign On (SSO) service that uses a Directory Service to handle multiple federated Identity Providers (IDp). - -*Note:* The URL is an example only, the Federation should provide the correct URL to use for its directory service. - -*Note:* Alternatively if only a single IDp is to be used, use the `idpURL` parameter instead. The `idpURL` and `discoveryURL` parameters are mutually exclusive, the SSO can only use one or the other. - -## Federation Metadata and Certificate - -``` -apache::mod::shib::metadata{'Federation_metadata': - provider_uri => 'https://example.federation.org/metadata/fed-metadata-signed.xml', - cert_uri => 'http://example.federation.org/metadata/fed-metadata-cert.pem', -} -``` - -Currently `apache::mod::shib::metadata` only supports a single metadata provider, but it is possible to configure Shibboleth to use multiple metadata in a co-federated environment, hence this has been defined as a resource to permit multiple declarations. This requires two URIs, one to obtain the Federation metadata XML file, and another to obtain the Federation metadata signing certificate. - -# Updating the Attribute map - -``` -apache::mod::shib::attribute_map{'Federation_attribute_map': - attribute_map_uri => 'https://example.federation.org/download/attribute-map.xml', -} -``` - -This is optional, and will allow `mod_shib` to use a customised attribute map downloaded from the provided URI. By default this is updated every 21 days. The parameter `max_age` can be used to set the number of days between updates. - -# Create the Back-end x509 Certificate - -``` -include apache::mod::shib::backend_cert -``` - -This creates a self signed back-end x509 certificate and key with which this Service Provider can be registered with a Federation. This method currently just runs the `shib-keygen` command with the values supplied in the `apache::mod::shib` configuration. This certificate will be regenerated on a new deployment unless it has been saved or backed up. It is recommended that a specified certificate is deployed by Puppet from a private file server, or using a suitable x509 certificate management Puppet Module. Maintaining the back-end certificate is important as this is how a Service Provider identifies itself to other Shibboleth services. - -The following snippet uploads a certificate, and uses parameters to configure Shibboleth to use it: - -```puppet -class{'apache': - servername => 'example.com' -} - -file{'/etc/shibboleth/example.com.crt': - ensure => 'file' - source => 'puppet:///private/example.com.crt' -} - -class{'apache::mod::shib': - shib_sp_cert => 'example.com.crt' -} -``` - -# Classes and Resources - -The `apache::mod::shib` module provides the following classes and resource definitions: - -## Class: `apache::mod::shib` - -### Parameters for `apache::mod::shib` - -* `shib_admin` Sets the Shibboleth administrator's email address, defaults to `apache::serveradmin` -* `shib_hostname` Sets the host name to be used in the Shibboleth configuration, defaults to `fqdn` -* `logoLocation` Sets the location relative to the web root of the 'logo' to be used on error pages, defaults to `/shibboleth-sp/logo.jpg` -* `styleSheet` = Sets the location relative to the web root of the CSS style sheet to be used on error pages, defaults to `/shibboleth-sp/main.css` -* `shib_conf_dir` Sets the directory where the Shibboleth configuration is stored, defaults to `/etc/shibboleth` -* `shib_conf_file` Sets the name of the Shibboleth configuration file, defaults to `shibboleth2.xml` -* `shib_sp_cert` Sets the name of the Shibboleth Service Provider back end certificate, defaults to `sp-cert.pem` -* `shib_bin_dir` Sets the location of the Shibboleth tools (esp. shib-keygen), defaults to `/usr/sbin` -* `handlerSSL` Sets the `handlerSSL` attribute in to `true` or `false`, defaults to `true` - -## Resource: `apache::mod::shib::attribute_map` - -### Parameters for `apache::mod::shib::attribute_map` - -* `attribute_map_uri` Sets the URI for downloading the Attribute map from. There is no default, and this parameter is required. -* `attribute_map_dir` Sets the directory into which the attribute map is downloaded, defaults to `apache::mod::shib::shib_conf_dir` -* `attribute_map_name` Sets the file name for the Attribute map file, by default this is extracted from the `attribute_map_uri` -* `max_age` Sets the maximum age in days for the Attribute map before downloading and replacing it, defaults to `21` days - -## Class: `apache::mod::shib::backend_cert` - -### Parameters for `apache::mod::shib::backend_cert` - -* `sp_hostname` Set's the hostname used to sign the back-end certifcated, defaults to `apache::mod::shib::shib_hostname` - -## Resource: `apache::mod::shib::metadata` - -### Parameters for `apache::mod::shib::metadata` - -* `provider_uri` Sets URI for the metadata provider, there is no default and this parameter is required. -* `cert_uri` Sets the URI for the metadata signing certificate, there is no default and this parameter is required. -* `backing_file_dir` Sets the directory into which the metadata is downloaded into, defaults to `apache::mod::shib::shib_conf_dir` -* `backing_file_name` Sets the name of the metadata backing file, by default this is derived from the `provider_uir` -* `cert_dir` Sets the directory into which the certificate is downloaded into -* `cert_file_name` Sets the name of the certificate file, by default this is derived from the `cert_uri` -* `provider_type` Sets the metadata provider type, defaults to 'XML' -* `provider_reload_interval` Set's the metadata reload interval in seconds, defaults to "7200" -* `metadata_filter_max_validity_interval` Sets the maximum interval for reloading the metadata_filter, defaults to "2419200" seconds - -## Resource: `apache::mod::shib::sso` - -### Prameters for `apache::mod::shib::sso` -* `discoveryURL` The URL of the discovery service, is undefined by default -* `idpURL` The URL of a single IDp, is undefined by default -* `discoveryProtocol` Sets the discovery protocol for the discovery service provided in the `discoveryURL`, defaults to "SAMLDS", -* `ecp_support` Sets support for non-web based ECP logins, by default this is `false` - -**Note:** Either one of `discoveryURL` or `idpURL` is required, but not both. - -# Registration - -Manual resgistration of the Service Provider is still required. By default, the file `/etc/shibboleth/sp-cert.pem` contains the public key of the back-end certificate used for secure comminucation within the Shibboleth Federation. - -# Attribution - -The `apache::mod::shib` Puppet module was created Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. - -* https://github.com/puppetlabs/puppetlabs-apache -* https://github.com/nesi/puppetlabs-apache -* http://www.nesi.org.nz// -* https://tuakiri.ac.nz/confluence/display/Tuakiri/Home - -# Copyright and License - -Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc - -Puppet Labs can be contacted at: info@puppetlabs.com - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file From dc7e772761b86d3693265b49ddfcaefa324fe59e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 18:10:42 -0500 Subject: [PATCH 0369/2267] Fix vhost and mod_passenger tests on deb7 Also fix broken tests with strict variables. --- README.md | 2 ++ spec/acceptance/mod_passenger_spec.rb | 4 +-- spec/acceptance/vhost_spec.rb | 3 ++ spec/classes/mod/dav_svn_spec.rb | 47 ++++++++++++++------------- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 2d6e8ce235..2768b82ba2 100644 --- a/README.md +++ b/README.md @@ -1696,6 +1696,8 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array } ``` +***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. + ######`ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index d141322348..9a758a44ee 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -137,7 +137,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/sbin/passenger-memory-stats") do |r| + shell("/usr/sbin/passenger-memory-stats") do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) @@ -262,7 +262,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/bin/passenger-memory-stats", :pty => true) do |r| + shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9ecf347751..1441091e5d 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -987,6 +987,9 @@ class { 'apache': } pp = <<-EOS class { 'apache': } host { 'test.server': ip => '127.0.0.1' } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } apache::vhost { 'test.server': docroot => '/tmp', directories => [ diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 859174af77..95abef9948 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -7,14 +7,15 @@ context "on a Debian OS" do let :facts do { - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -24,13 +25,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -40,13 +42,14 @@ context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } From 9715ac06dd931416660fc53f92190dc52a87668c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Sep 2014 14:41:14 -0500 Subject: [PATCH 0370/2267] Need fcgid to load after unixd on RHEL7 --- manifests/mod/fcgid.pp | 10 ++++- spec/classes/mod/fcgid_spec.rb | 71 +++++++++++++++++++++++----------- 2 files changed, 58 insertions(+), 23 deletions(-) diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 70997768bc..70761e41d7 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,7 +1,15 @@ class apache::mod::fcgid( $options = {}, ) { - ::apache::mod { 'fcgid': } + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + $loadfile_name = 'unixd_fcgid.load' + } else { + $loadfile_name = undef + } + + ::apache::mod { 'fcgid': + loadfile_name => $loadfile_name + } # Template uses: # - $options diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index ab47a5a8e3..a342e58135 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -8,14 +8,15 @@ context "on a Debian OS" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -26,13 +27,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -66,16 +68,41 @@ end end + context "on RHEL7" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :operatingsystemmajrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + describe 'without parameters' do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) + } + it { is_expected.to contain_package("mod_fcgid") } + end + end + context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end From 5a929a058ab8fbe00dab9a38478c018f65654c81 Mon Sep 17 00:00:00 2001 From: Aaron Hicks Date: Wed, 1 Oct 2014 11:35:44 +1300 Subject: [PATCH 0371/2267] Actually insert those values into the template... and we need the line ending too. --- templates/vhost/_directories.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e1ce20f573..d8bba5e658 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -197,10 +197,10 @@ <%- end -%> <%- if @shibboleth_enabled -%> <%- if directory['shib_require_setting'] and ! directory['shib_require_setting'].empty? -%> - ShibRequireSetting <%- directory['shib_require_setting'] -%> + ShibRequireSetting <%= directory['shib_require_setting'] %> <%- end -%> <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> - ShibUseHeaders <%- directory['shib_use_headers'] -%> + ShibUseHeaders <%= directory['shib_use_headers'] %> <%- end -%> <%- end -%> <%- if directory['custom_fragment'] -%> From c78f99c0ec51c8d2d9df3a8232b8134e564c8e62 Mon Sep 17 00:00:00 2001 From: James Woodward Date: Thu, 2 Oct 2014 12:26:35 -0600 Subject: [PATCH 0372/2267] Resolves MODULES 1369 RedirectMatch rules do not work in Apache module The existing template creates a line of the format RedirectMatch permanent /(test) This can not work with apache as the URL is a mandatory part of the redirect. To resolve this the patch creates a new variable redirectmatch_dest which follows the same flow as the redirectmatch_status and redirectmatch_regexp variables. All three variables must be supplied and will generate a line of the format RedirectMatch permanent /(test) http://www.example.com --- README.md | 5 +++-- manifests/vhost.pp | 5 ++++- spec/defines/vhost_spec.rb | 1 + templates/vhost/_redirect.erb | 6 ++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index db2750eb8d..cb428bc216 100644 --- a/README.md +++ b/README.md @@ -1140,15 +1140,16 @@ Specifies the status to append to the redirect. Defaults to 'undef'. } ``` -#####`redirectmatch_regexp` & `redirectmatch_status` +#####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` -Determines which server status should be raised for a given regular expression. Entered as an array. Defaults to 'undef'. +Determines which server status should be raised for a given regular expression and where to forward teh user to. Entered as an arrays. Defaults to 'undef'. ```puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } ``` diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 863ca6a127..23360bf69a 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -69,6 +69,7 @@ $redirect_status = undef, $redirectmatch_status = undef, $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, $rack_base_uris = undef, $headers = undef, $request_headers = undef, @@ -601,9 +602,11 @@ # - $redirect_status_a # - $redirectmatch_status # - $redirectmatch_regexp + # - $redirectmatch_dest # - $redirectmatch_status_a # - $redirectmatch_regexp_a - if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp) { + # - $redirectmatch_dest + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}-${filename}.conf", order => 150, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 5908a7ede9..d3e49bb3bd 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -188,6 +188,7 @@ 'redirect_status' => 'temp', 'redirectmatch_status' => ['404'], 'redirectmatch_regexp' => ['\.git$'], + 'redirectmatch_dest' => ['http://www.example.com'], 'rack_base_uris' => ['/rackapp1'], 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', 'request_headers' => ['append MirrorID "mirror 12"'], diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb index 819d6e7694..69bbfd09de 100644 --- a/templates/vhost/_redirect.erb +++ b/templates/vhost/_redirect.erb @@ -10,14 +10,16 @@ Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> <%- end -%> <% end -%> -<%- if @redirectmatch_status and @redirectmatch_regexp -%> +<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%> <% @redirectmatch_status_a = Array(@redirectmatch_status) -%> <% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> ## RedirectMatch rules <%- @redirectmatch_status_a.each_with_index do |status, i| -%> <% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> <% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> - RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> <%- end -%> <% end -%> From e8810a17f46c7e6e4374272c5bb0dd1f2e0db96a Mon Sep 17 00:00:00 2001 From: James Woodward Date: Thu, 2 Oct 2014 12:42:10 -0600 Subject: [PATCH 0373/2267] Fixes two errors in the redirectmatch usage description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb428bc216..163e72ae2f 100644 --- a/README.md +++ b/README.md @@ -1142,7 +1142,7 @@ Specifies the status to append to the redirect. Defaults to 'undef'. #####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` -Determines which server status should be raised for a given regular expression and where to forward teh user to. Entered as an arrays. Defaults to 'undef'. +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. ```puppet apache::vhost { 'site.name.fdqn': From acee4c5670ff3c77c4b45a691e99c98820ac2e46 Mon Sep 17 00:00:00 2001 From: Dave Seff Date: Thu, 2 Oct 2014 15:27:06 -0400 Subject: [PATCH 0374/2267] ScriptAlias needs to come before Alias. Otherwise you end up getting this error on startup: The ScriptAlias directive in xxx at line xxx will probably never match because it overlaps an earlier Alias. --- templates/vhost.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 859a3ae7f4..5a9337134f 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -15,6 +15,7 @@ <% else -%> DocumentRoot "<%= @docroot %>" <% end -%> +<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> <%= scope.function_template(['apache/vhost/_aliases.erb']) -%> <%= scope.function_template(['apache/vhost/_itk.erb']) -%> @@ -54,7 +55,6 @@ <%= scope.function_template(['apache/vhost/_rack.erb']) -%> <%= scope.function_template(['apache/vhost/_redirect.erb']) -%> <%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> -<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> <%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> <%= scope.function_template(['apache/vhost/_setenv.erb']) -%> <%= scope.function_template(['apache/vhost/_ssl.erb']) -%> From 6ba3afe1f6888884fb70e594ded0b1be4c0a9b91 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 2 Oct 2014 12:51:11 -0700 Subject: [PATCH 0375/2267] Revert "ScriptAlias needs to come before Alias." --- templates/vhost.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb index 5a9337134f..859a3ae7f4 100644 --- a/templates/vhost.conf.erb +++ b/templates/vhost.conf.erb @@ -15,7 +15,6 @@ <% else -%> DocumentRoot "<%= @docroot %>" <% end -%> -<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> <%= scope.function_template(['apache/vhost/_aliases.erb']) -%> <%= scope.function_template(['apache/vhost/_itk.erb']) -%> @@ -55,6 +54,7 @@ <%= scope.function_template(['apache/vhost/_rack.erb']) -%> <%= scope.function_template(['apache/vhost/_redirect.erb']) -%> <%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> +<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> <%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> <%= scope.function_template(['apache/vhost/_setenv.erb']) -%> <%= scope.function_template(['apache/vhost/_ssl.erb']) -%> From 4aa884385b9b65c3afe83db71d4743e2e50d525f Mon Sep 17 00:00:00 2001 From: William Van Hevelingen Date: Thu, 2 Oct 2014 20:18:53 -0700 Subject: [PATCH 0376/2267] Remove deprecated concat::setup class This commit removes the deprecated concat::setup and bumps the dependency on concat to >= 1.1.1 to avoid an idempotency bug in v1.1.0 --- manifests/balancer.pp | 1 - metadata.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index b836897c46..a59b6762b8 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -42,7 +42,6 @@ $proxy_set = {}, $collect_exported = true, ) { - include concat::setup include ::apache::mod::proxy_balancer $target = "${::apache::params::confd_dir}/balancer_${name}.conf" diff --git a/metadata.json b/metadata.json index fba59e7c39..f84ff41b8a 100644 --- a/metadata.json +++ b/metadata.json @@ -74,7 +74,7 @@ }, { "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.0" + "version_requirement": ">= 1.1.1" } ] } From 998d06aee36a3ef4c47bc905b0ce881defad8b97 Mon Sep 17 00:00:00 2001 From: deltab Date: Tue, 7 Oct 2014 14:51:15 +0100 Subject: [PATCH 0377/2267] Fix broken link to Order directive docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 163e72ae2f..e500cb4f9e 100644 --- a/README.md +++ b/README.md @@ -1623,7 +1623,7 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ######`order` -Sets the order of processing Allow and Deny statements as per [Apache core documentation](httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': From 846adab58e5fa7371fe40915dc54e523cfb50359 Mon Sep 17 00:00:00 2001 From: Nick Howes Date: Fri, 10 Oct 2014 16:46:30 +0100 Subject: [PATCH 0378/2267] Fix Shib setting rules. ShibRequireSetting is not a real thing. I think it was a mixup between ShibRequireSession and ShibRequestSetting. I've replaced it with separate options for both. The latter is an array as you can set a variety of diffrent settings, while the latter is a simple On or Off value. Each item in the settings array should be the name and value of the setting, e.g. ['requireSession false', 'applicationId myresource'] --- templates/vhost/_directories.erb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index d8bba5e658..16a6e4facf 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -196,8 +196,13 @@ <%- end -%> <%- end -%> <%- if @shibboleth_enabled -%> - <%- if directory['shib_require_setting'] and ! directory['shib_require_setting'].empty? -%> - ShibRequireSetting <%= directory['shib_require_setting'] %> + <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> + ShibRequireSession <%= directory['shib_require_session'] %> + <%- end -%> + <%- if directory['shib_request_settings'] -%> + <%- Array(directory['shib_request_settings']).each do |setting| -%> + ShibRequestSetting <%= setting %> + <%- end -%> <%- end -%> <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> ShibUseHeaders <%= directory['shib_use_headers'] %> From da02e70480e13fbf277bc0a44e7e269186f1a25d Mon Sep 17 00:00:00 2001 From: Nick Howes Date: Fri, 10 Oct 2014 16:57:18 +0100 Subject: [PATCH 0379/2267] shib_request_settings now a hash intead of array. --- templates/vhost/_directories.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 16a6e4facf..e756875f29 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -199,9 +199,9 @@ <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> ShibRequireSession <%= directory['shib_require_session'] %> <%- end -%> - <%- if directory['shib_request_settings'] -%> - <%- Array(directory['shib_request_settings']).each do |setting| -%> - ShibRequestSetting <%= setting %> + <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%> + <%- directory['shib_request_settings'].each do |key,value| -%> + ShibRequestSetting <%= key %> <%= value %> <%- end -%> <%- end -%> <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> From e5d5f642966c3f1a6acb09802961bbcb76706b03 Mon Sep 17 00:00:00 2001 From: John Dewey Date: Mon, 13 Oct 2014 16:54:49 -0700 Subject: [PATCH 0380/2267] (#1423) Added the WSGIChunkedRequest directive to vhost This option is necessary[1] when running OpenStack's keystone on Apache. [1] https://review.openstack.org/#/c/34835/ --- README.md | 3 +++ manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 7 +++++-- spec/defines/vhost_spec.rb | 1 + templates/vhost/_wsgi.erb | 3 +++ 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e500cb4f9e..e880556524 100644 --- a/README.md +++ b/README.md @@ -1344,6 +1344,8 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). `wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache will set the defaults setting to 'Off'. +`wsgi_chunked_request` enables support for chunked requests. Defaults to 'undef'. + To set up a virtual host with WSGI ```puppet @@ -1358,6 +1360,7 @@ To set up a virtual host with WSGI }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', } ``` diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 23360bf69a..adfd0ac5f3 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -89,6 +89,7 @@ $wsgi_process_group = undef, $wsgi_script_aliases = undef, $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, $custom_fragment = undef, $itk = undef, $action = undef, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9ecf347751..5d1fbd0781 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1074,7 +1074,8 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_pass_authorization => 'On', + wsgi_pass_authorization => 'On', + wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -1094,7 +1095,8 @@ class { 'apache::mod::wsgi': } wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_pass_authorization => 'On', + wsgi_pass_authorization => 'On', + wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -1108,6 +1110,7 @@ class { 'apache::mod::wsgi': } it { is_expected.to contain 'WSGIProcessGroup nobody' } it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } it { is_expected.to contain 'WSGIPassAuthorization On' } + it { is_expected.to contain 'WSGIChunkedRequest On' } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index d3e49bb3bd..7141dc651f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -225,6 +225,7 @@ 'user' => 'someuser', 'group' => 'somegroup' }, + 'wsgi_chunked_request' => 'On', 'action' => 'foo', 'fastcgi_server' => 'localhost', 'fastcgi_socket' => '/tmp/fastcgi.socket', diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 473b223ab6..a0d4ded654 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -22,3 +22,6 @@ <% if @wsgi_pass_authorization -%> WSGIPassAuthorization <%= @wsgi_pass_authorization %> <% end -%> +<% if @wsgi_chunked_request -%> + WSGIChunkedRequest <%= @wsgi_chunked_request %> +<% end -%> From 5cdb25cdfa959330e77b2ef3ced0996750bf69ce Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Tue, 14 Oct 2014 14:55:59 -0700 Subject: [PATCH 0381/2267] DOCUMENT-112: Clarifying DirectoryMatch info Also a few light general copy edits. --- README.md | 227 ++++++++++++++++++++++++++---------------------------- 1 file changed, 110 insertions(+), 117 deletions(-) diff --git a/README.md b/README.md index e500cb4f9e..34cb9524ed 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ To install Apache with the default parameters class { 'apache': } ``` -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters +The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters ```puppet class { 'apache': @@ -86,7 +86,7 @@ The defaults are determined by your operating system (e.g. Debian systems have o ###Configure a virtual host -Declaring the `apache` class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. +Declaring the `apache` class creates a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. ```puppet class { 'apache': } @@ -101,7 +101,7 @@ To configure a very basic, name-based virtual host } ``` -*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else. +*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost is used. This is also true if you pass a higher priority and no names match anything else. A slightly more complicated example, changes the docroot owner/group from the default 'root' @@ -212,7 +212,7 @@ See a list of all [virtual host parameters](#defined-type-apachevhost). See an e ###Classes and Defined Types -This module modifies Apache configuration files and directories, and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. +This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information. @@ -220,13 +220,13 @@ It is possible to temporarily disable full Puppet management by setting the [`pu The apache module's primary class, `apache`, guides the basic setup of Apache on your system. -You may establish a default vhost in this class, the `vhost` class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. +You can establish a default vhost in this class, the `vhost` class, or both. You can add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. **Parameters within `apache`:** #####`allow_encoded_slashes` -This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. #####`apache_version` @@ -254,43 +254,43 @@ Generates default set of include-able Apache configuration files under `${apach Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. -Defaults to 'true', which will include the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). +Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). -If false, it will only include the mods required to make HTTPD work, and any other mods can be declared on their own. +If false, it only includes the mods required to make HTTPD work, and any other mods can be declared on their own. -If an array, the apache module will include the array of mods listed. +If an array, the apache module includes the array of mods listed. #####`default_ssl_ca` -The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate authority, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_cert` -The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_chain` -The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL chain, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl` -The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate revocation list to use, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl_path` -The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate revocation list path, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl_check` -Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default will work out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value will be ignored on older versions. +Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value is ignored on older versions. #####`default_ssl_key` -The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_vhost` -Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', will set up the following vhost: +Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets up the following vhost: ```puppet apache::vhost { 'default-ssl': @@ -315,7 +315,7 @@ Enables custom error documents. Defaults to 'false'. #####`httpd_dir` -Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but may have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. #####`keepalive` @@ -323,7 +323,7 @@ Enables persistent connections. #####`keepalive_timeout` -Sets the amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. +Sets the amount of time the server waits for subsequent requests on a persistent connection. Defaults to '15'. #####`max_keepalive_requests` @@ -356,11 +356,11 @@ in without being aware of the consequences; see http://httpd.apache.org/docs/2.4 #####`manage_group` -Setting this to 'false' will stop the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. +Setting this to 'false' stops the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. #####`manage_user` -Setting this to 'false' will stop the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. +Setting this to 'false' stops the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. #####`mod_dir` @@ -392,7 +392,7 @@ Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to #####`purge_vhost_configs` -If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` +If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by Puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` #####`sendfile` @@ -424,7 +424,7 @@ Determines whether the HTTPD service is enabled when the machine is booted. Defa #####`service_ensure` -Determines whether the service should be running. Valid values are true, false, 'running' or 'stopped' when Puppet should manage the service. Any other value will set ensure to false for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. +Determines whether the service should be running. Valid values are 'true', 'false', 'running', or 'stopped' when Puppet should manage the service. Any other value sets ensure to 'false' for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. #####`service_name` @@ -440,11 +440,11 @@ Changes the location of the configuration directory your virtual host configurat #####`apache_name` -The name of the Apache package to install. This is automatically detected in `::apache::params`. You may need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. +The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. ####Defined Type: `apache::custom_config` -Allows you to create custom configs for Apache. The configuration files will only be added to the Apache confd dir if the file is valid. An error will be raised during the puppet run if the file is invalid and `$verify_config` is `true`. +Allows you to create custom configs for Apache. The configuration files are only added to the Apache confd dir if the file is valid. An error is raised during the Puppet run if the file is invalid and `$verify_config` is `true`. ```puppet apache::custom_config { 'test': @@ -476,7 +476,7 @@ The source of the configuration file. Only one of `$content` and `$source` can b #####`verify_command` -The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` will only be used if `$verify_config` is `true`. If the `$verify_command` fails the configuration file will be deleted, the Apache service will not be notified, and an error will be raised during the puppet run. +The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` is only used if `$verify_config` is `true`. If the `$verify_command` fails, the configuration file is deleted, the Apache service is not notified, and an error is raised during the Puppet run. #####`verify_config` @@ -492,7 +492,7 @@ Installs default Apache modules based on what OS you are running. ####Defined Type: `apache::mod` -Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type will also install the required packages to enable the module, if any. +Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type also installs the required packages to enable the module, if any. ```puppet apache::mod { 'rewrite': } @@ -559,9 +559,9 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below) * `xsendfile` -Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention. +Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters do not require any configuration or attention. -The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install and the module will not work without the template. Any module without a template will install the package but drop no files. +The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. ####Class: `apache::mod::info` @@ -617,7 +617,7 @@ Installs and manages mod_pagespeed, which is a Google module that rewrites web p This module does *not* manage the software repositories needed to automatically install the mod-pagespeed-stable package. The module does however require that the package be installed, or be installable using the system's default package provider. You should ensure that this -pre-requisite is met or declaring `apache::mod::pagespeed` will cause the puppet run to fail. +pre-requisite is met or declaring `apache::mod::pagespeed` causes the Puppet run to fail. These are the defaults: @@ -698,7 +698,7 @@ AddType text/html .php', ``` ####Class: `apache::mod::shib` -Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). +Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances. @@ -804,7 +804,7 @@ Installs and configures mod_deflate. If no parameters are provided, a default co #####`types` -An array of mime types that will be deflated. +An array of mime types to be deflated. #####`notes` @@ -830,11 +830,11 @@ A string or an array that sets the `RequestReadTimeout` option. Defaults to ####Defined Type: `apache::vhost` -The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). -The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can simply add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. +The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. ```puppet apache::vhost { "example.com": @@ -860,7 +860,7 @@ If you have a series of specific configurations and do not want a base `::apache #####`access_log` -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' will choose none. Defaults to 'true'. +Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. #####`access_log_file` @@ -907,17 +907,17 @@ aliases => [ ], ``` -For `alias` and `aliasmatch` to work, each will need a corresponding context, such as '< Directory /path/to/directory>' or ''. The Alias and AliasMatch directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias` or `aliasmatch` parameters should come before the more general ones to avoid shadowing. +For `alias` and `aliasmatch` to work, each needs a corresponding context, such as '< Directory /path/to/directory>' or ''. The Alias and AliasMatch directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias` or `aliasmatch` parameters should come before the more general ones to avoid shadowing. -*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias may have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. #####`allow_encoded_slashes` -This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which will omit the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. #####`block` -Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. +Specifies the list of things Apache blocks access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. #####`custom_fragment` @@ -1006,7 +1006,7 @@ Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) #####`itk` -Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys may be: +Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: * user + group * `assignuseridexpr` @@ -1016,7 +1016,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys may be: * `limituidrange` (Linux 3.5.0 or newer) * `limitgidrange` (Linux 3.5.0 or newer) -Usage will typically look like: +Usage typically looks like: ```puppet apache::vhost { 'sample.example.net': @@ -1076,13 +1076,13 @@ Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.ne #####`port` -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host will only listen on the port set in this parameter. +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. #####`priority` Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. -If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match. +If nothing matches the priority, the first name-based vhost is used. Likewise, passing a higher priority causes the alphabetically first name-based vhost to be used if no other names match. *Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. @@ -1111,7 +1111,7 @@ apache::vhost { 'site.name.fdqn': #####`rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. #####`redirect_dest` @@ -1119,7 +1119,7 @@ Specifies the address to redirect to. Defaults to 'undef'. #####`redirect_source` -Specifies the source URIs that will redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length and the items will be order-dependent. +Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ```puppet apache::vhost { 'site.name.fdqn': @@ -1171,7 +1171,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. -For example, you can specify that anyone trying to access index.html will be served welcome.html +For example, you can specify that anyone trying to access index.html is served welcome.html ```puppet apache::vhost { 'site.name.fdqn': @@ -1180,7 +1180,7 @@ For example, you can specify that anyone trying to access index.html will be ser } ``` -The parameter allows rewrite conditions that, when true, will execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE +The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ```puppet apache::vhost { 'site.name.fdqn': @@ -1269,7 +1269,7 @@ The ScriptAlias and ScriptAliasMatch directives are created in the order specifi #####`serveradmin` -Specifies the email address Apache will display when it renders one of its error pages. Defaults to 'undef'. +Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'. #####`serveraliases` @@ -1314,7 +1314,7 @@ To set up a virtual host with suPHP #####`vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host but the vhost is assigned a port, then the vhost name will be 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name will be set to the title of the resource. Defaults to '*'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. #####`virtual_docroot` @@ -1338,11 +1338,11 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). `wsgi_daemon_process_options` is optional and defaults to 'undef'. -`wsgi_process_group` sets the group ID the virtual host will run under. Defaults to 'undef'. +`wsgi_process_group` sets the group ID the virtual host runs under. Defaults to 'undef'. `wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. -`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache will set the defaults setting to 'Off'. +`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache sets the defaults setting to 'Off'. To set up a virtual host with WSGI @@ -1365,21 +1365,11 @@ To set up a virtual host with WSGI The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. -Each hash passed to `directories` must contain `path` as one of the keys. You may also pass in `provider` which, if missing, defaults to 'directory'. (A full list of acceptable keys is below.) General usage will look something like +The `path` key sets the path for the directory, files, and location blocks, and it can be a regex for matching providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', => }, - { path => '/path/to/another/directory', => }, - ], - } -``` +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. -*Note:* At least one directory should match the `docroot` parameter. Once you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block will be created that matches the `docroot` parameter. - -The `provider` key can be set to 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. +General `directories` usage looks something like ```puppet apache::vhost { 'files.example.net': @@ -1393,16 +1383,18 @@ The `provider` key can be set to 'directory', 'files', 'location', 'directorymat } ``` -Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like +*Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. + +Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like ```puppet - apache::vhost { 'sample.example.net': + apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } ``` -Any handlers you do not set in these hashes will be considered 'undefined' within Puppet and will not be added to the virtual host, resulting in the module using their default values. Currently this is the list of supported handlers: +Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: ######`addhandlers` @@ -1421,7 +1413,7 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand ######`allow` -Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. +Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ```puppet apache::vhost { 'sample.example.net': @@ -1529,7 +1521,7 @@ Pass a string of custom configuration directives to be placed at the end of the ######`deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': @@ -1623,7 +1615,7 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ######`order` -Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': @@ -1636,57 +1628,58 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum } ``` -######`satisfy` +######`passenger_enabled` -Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', - } + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, ], } ``` -######`sethandler` +*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. -Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: +######`php_admin_value` and `php_admin_flag` + +`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). + + +######`satisfy` + +Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', } ], } ``` -######`passenger_enabled` +######`sethandler` -Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. +Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - passenger_enabled => 'on', - }, + { path => '/path/to/directory', + sethandler => 'None', + } ], } ``` -*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. - -######`php_admin_value` and `php_admin_flag` - -`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). - ######`rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. @@ -1752,7 +1745,7 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl ######`suphp` -A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and may only be passed within `directories`. +A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. ```puppet apache::vhost { 'secure.example.net': @@ -1770,7 +1763,7 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w ####SSL parameters for `apache::vhost` -All of the SSL parameters for `::vhost` will default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. +All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. #####`ssl` @@ -1788,13 +1781,13 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. -If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'all -SSLv2'. +If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2'. #####`ssl_cipher` Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'undef'. -If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. +If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. #####`ssl_honorcipherorder` @@ -1806,23 +1799,23 @@ Specifies the location of the SSL certification directory. Defaults to '/etc/ssl #####`ssl_chain` -Specifies the SSL chain. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl` -Specifies the certificate revocation list to use. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl_path` -Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default will work out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value will be ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. #####`ssl_key` -Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_verify_client` @@ -1905,7 +1898,7 @@ The hostname or IP address and TCP port number (1-65535) of the FastCGI server. #####`timeout` -The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request will be aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. +The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. #####`flush` @@ -1913,7 +1906,7 @@ Force a write to the client as data is received from the application. By default #####`faux_path` -`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename will be handled by this external FastCGI application. +`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. #####`alias` @@ -1921,11 +1914,11 @@ A unique alias. This is used internally to link the action with the FastCGI serv #####`file_type` -The MIME-type of the file's that will be processed by the FastCGI server. +The MIME-type of the file to be processed by the FastCGI server. ###Virtual Host Examples -The apache module allows you to set up pretty much any configuration of virtual host you might need. This section will address some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. +The apache module allows you to set up pretty much any configuration of virtual host you might need. This section addresses some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. Configure a vhost with a server administrator @@ -2019,14 +2012,14 @@ Configure a vhost to redirect non-SSL connections to SSL - - - -Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. +Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. ```puppet apache::listen { '80': } apache::listen { '81': } ``` -Then we will set up the IP-based vhosts +Then we set up the IP-based vhosts ```puppet apache::vhost { 'first.example.com': @@ -2043,7 +2036,7 @@ Then we will set up the IP-based vhosts - - - -Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL +Configure a mix of name-based and IP-based vhosts. First, we add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL ```puppet apache::vhost { 'The first IP-based vhost, non-ssl': @@ -2063,7 +2056,7 @@ Configure a mix of name-based and IP-based vhosts. First, we will add two IP-bas } ``` -Then, we will add two name-based vhosts listening on 10.0.0.20 +Then, we add two name-based vhosts listening on 10.0.0.20 ```puppet apache::vhost { 'second.example.com': @@ -2078,7 +2071,7 @@ Then, we will add two name-based vhosts listening on 10.0.0.20 } ``` -If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts. +If you want to add two name-based vhosts so that they answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it conflicts with the preceding IP-based vhosts. ```puppet apache::vhost { 'fourth.example.com': @@ -2105,7 +2098,7 @@ One `apache::balancer` defined resource should be defined for each Apache load b #####`name` -Sets the balancer cluster's title. This parameter will also set the title of the conf.d file. +Sets the balancer cluster's title. This parameter also sets the title of the conf.d file. #####`proxy_set` @@ -2119,17 +2112,17 @@ If you statically declare all of your backend servers, you should set this to 'f If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. -If you choose not to use exported resources, all balancer members will be configured in a single puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. +If you choose not to use exported resources, all balancer members will be configured in a single Puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. ####Defined Type: `apache::balancermember` -Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which will set up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. +Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which sets up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. **Parameters within `apache::balancermember`:** #####`name` -Sets the title of the resource. This name will also set the name of the concat fragment. +Sets the title of the resource. This name also sets the name of the concat fragment. #####`balancer_cluster` @@ -2239,11 +2232,11 @@ The `apache::mod::passenger` class is untested as the repository does not have p This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. -The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions may occur. +The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. ###SELinux and Custom Paths -If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you will need to manage the context for the files yourself. +If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the context for the files yourself. Something along the lines of: @@ -2270,7 +2263,7 @@ Something along the lines of: } ``` -You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources will reset the context to the values in the database if the resource isn't specifying the context. +You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context. ##Development From 2b7cf7f9db407ed8a19a453dbb427ced91a5e6bf Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Tue, 14 Oct 2014 16:02:56 -0700 Subject: [PATCH 0382/2267] DOCUMENT-112: Clarified path key values Edits to directory path key values. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 34cb9524ed..560545b98f 100644 --- a/README.md +++ b/README.md @@ -1365,7 +1365,7 @@ To set up a virtual host with WSGI The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. -The `path` key sets the path for the directory, files, and location blocks, and it can be a regex for matching providers. Each hash passed to `directories` **must** contain `path` as one of the keys. +The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. From 7fa34ca598f5a6b6221039645a0abd5535dd525c Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 15 Oct 2014 16:35:02 +0200 Subject: [PATCH 0383/2267] Fix misleading error message This optimization reduces debugging time when hitting it by approximately 10 minutes ;-) --- manifests/version.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index a8592d5e95..dc5288dca0 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -7,7 +7,7 @@ $osr_array = split($::operatingsystemrelease,'[\/\.]') $distrelease = $osr_array[0] if ! $distrelease { - fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") + fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") } case $::osfamily { From 52788078d749ad04675d00cc3ef456a305f8be51 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Wed, 15 Oct 2014 16:16:09 +0100 Subject: [PATCH 0384/2267] Add Passenger related parameters to vhost --- README.md | 20 ++++++++++++++++++++ manifests/vhost.pp | 21 +++++++++++++++++++++ spec/defines/vhost_spec.rb | 10 +++++++++- templates/vhost/_passenger.erb | 15 +++++++++++++++ 4 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 templates/vhost/_passenger.erb diff --git a/README.md b/README.md index 560545b98f..53d4ffea84 100644 --- a/README.md +++ b/README.md @@ -1070,6 +1070,26 @@ Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) f Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. +#####`passenger_app_root` + +Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. + +#####`passenger_ruby` + +Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. + +#####`passenger_min_instances` + +Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run. + +#####`passenger_start_timeout` + +Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup. + +#####`passenger_pre_start` + +Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. + #####`php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 23360bf69a..d871390239 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -99,6 +99,11 @@ $apache_version = $::apache::apache_version, $allow_encoded_slashes = undef, $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -210,6 +215,10 @@ include ::apache::mod::suexec } + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + include ::apache::mod::passenger + } + # Configure the defaultness of a vhost if $priority { $priority_real = $priority @@ -778,6 +787,18 @@ } } + # Template uses: + # - $passenger_app_root + # - $passenger_ruby + # - $passenger_min_instances + # - $passenger_start_timeout + # - $passenger_pre_start + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}-${filename}.conf", diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index d3e49bb3bd..ceca1d7065 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -232,7 +232,12 @@ 'additional_includes' => '/custom/path/includes', 'apache_version' => '2.4', 'suexec_user_group' => 'root root', - 'allow_encoded_slashes' => 'nodecode' + 'allow_encoded_slashes' => 'nodecode', + 'passenger_app_root' => '/usr/share/myapp', + 'passenger_ruby' => '/usr/bin/ruby1.9.1', + 'passenger_min_instances' => '1', + 'passenger_start_timeout' => '600', + 'passenger_pre_start' => 'http://localhost/myapp' } end let :facts do @@ -255,6 +260,7 @@ it { is_expected.to contain_class('apache::mod::vhost_alias') } it { is_expected.to contain_class('apache::mod::wsgi') } it { is_expected.to contain_class('apache::mod::suexec') } + it { is_expected.to contain_class('apache::mod::passenger') } it { is_expected.to contain_file('/var/www/logs').with({ 'ensure' => 'directory', 'mode' => '0600', @@ -304,6 +310,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end context 'not everything can be set together...' do @@ -336,6 +343,7 @@ it { is_expected.to_not contain_class('apache::mod::mime') } it { is_expected.to_not contain_class('apache::mod::vhost_alias') } it { is_expected.to_not contain_class('apache::mod::wsgi') } + it { is_expected.to_not contain_class('apache::mod::passenger') } it { is_expected.to_not contain_class('apache::mod::suexec') } it { is_expected.to_not contain_class('apache::mod::rewrite') } it { is_expected.to contain_class('apache::mod::alias') } diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb new file mode 100644 index 0000000000..df2a86d376 --- /dev/null +++ b/templates/vhost/_passenger.erb @@ -0,0 +1,15 @@ +<% if @passenger_app_root -%> + PassengerAppRoot <%= @passenger_app_root %> +<% end -%> +<% if @passenger_ruby -%> + PassengerRuby <%= @passenger_ruby %> +<% end -%> +<% if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> +<% end -%> +<% if @passenger_start_timeout -%> + PassengerStartTimeout <%= @passenger_start_timeout %> +<% end -%> +<% if @passenger_pre_start -%> + PassengerPreStart <%= @passenger_pre_start %> +<% end -%> From f8953f71c0bd838c72aa91be4fbabf7dae148da6 Mon Sep 17 00:00:00 2001 From: Tim Skirvin Date: Wed, 15 Oct 2014 13:38:02 -0500 Subject: [PATCH 0385/2267] Turning off SSLv3 by default, re: CVE-2014-3566 (POODLE SSL vuln.) --- README.md | 2 +- templates/mod/ssl.conf.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 560545b98f..edcef14d15 100644 --- a/README.md +++ b/README.md @@ -1781,7 +1781,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. -If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2'. +If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. #####`ssl_cipher` diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 24274050c2..35ec92afd9 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 + SSLProtocol all -SSLv2 -SSLv3 <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From a92b8fb4cb840526c8271fb23bee0df7fd3a0a99 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Wed, 15 Oct 2014 16:58:24 +0100 Subject: [PATCH 0386/2267] Add parameter for AddDefaultCharset virtual host directive --- README.md | 4 ++++ manifests/vhost.pp | 11 +++++++++++ spec/defines/vhost_spec.rb | 5 ++++- templates/vhost/_charsets.erb | 4 ++++ 4 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 templates/vhost/_charsets.erb diff --git a/README.md b/README.md index a0c84b9cca..fda2cd9904 100644 --- a/README.md +++ b/README.md @@ -882,6 +882,10 @@ Specifies the use of either a LogFormat nickname or a custom format string for t Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. +#####`add_default_charset` + +Sets [AddDefaultCharset](http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset), a default value for the media charset, which is added to text/plain and text/html responses. + #####`add_listen` Determines whether the vhost creates a Listen statement. The default value is 'true'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8e5e7a4e69..fd942fe5e1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -105,6 +105,7 @@ $passenger_min_instances = undef, $passenger_start_timeout = undef, $passenger_pre_start = undef, + $add_default_charset = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -800,6 +801,16 @@ content => template('apache/vhost/_passenger.erb'), } + # Template uses: + # - $add_default_charset + if $add_default_charset { + concat::fragment { "${name}-charsets": + target => "${priority_real}-${filename}.conf", + order => 300, + content => template('apache/vhost/_charsets.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}-${filename}.conf", diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index a65e48a863..3eac5ffb45 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -238,7 +238,8 @@ 'passenger_ruby' => '/usr/bin/ruby1.9.1', 'passenger_min_instances' => '1', 'passenger_start_timeout' => '600', - 'passenger_pre_start' => 'http://localhost/myapp' + 'passenger_pre_start' => 'http://localhost/myapp', + 'add_default_charset' => 'UTF-8', } end let :facts do @@ -312,6 +313,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } + it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end context 'not everything can be set together...' do @@ -390,6 +392,7 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end end diff --git a/templates/vhost/_charsets.erb b/templates/vhost/_charsets.erb new file mode 100644 index 0000000000..ef83def4b9 --- /dev/null +++ b/templates/vhost/_charsets.erb @@ -0,0 +1,4 @@ +<% if @add_default_charset -%> + + AddDefaultCharset <%= @add_default_charset %> +<% end -%> From 7897f372717114fe82010827b5ac551837e62a24 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Fri, 17 Oct 2014 04:00:27 +0200 Subject: [PATCH 0387/2267] Allow specifying all alias directives in `aliases` Controlling the order of the Alias, ScriptAlias, AliasMatch and ScriptAliasMatch directives is important to avoid directives shadowing each other. Having an `aliases` parameter for Alias and AliasMatch directives and a `scriptalias` parameter for ScriptAlias and ScriptAliasMatch directives means all Aliases appear before all ScriptAliases in the vhost configuration file, which means an Alias directive can shadow a ScriptAlias directive. This breaks things like the Nagios web interface. Instead, extend `aliases` and its template to support hashes with `scriptalias` and `scriptaliasmatch` keys so that all kinds of alias directives can be specified in a single list, making it easy to control their order. Contains updated documentation and spec and acceptance tests. The `scriptaliases` parameter still works as before but the documentation now contains a deprecation notice informing users to use `aliases` instead. --- README.md | 25 +++++++++++++++++++------ spec/acceptance/vhost_spec.rb | 6 +++++- templates/vhost/_aliases.erb | 4 ++++ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index edcef14d15..fcb3e29603 100644 --- a/README.md +++ b/README.md @@ -894,20 +894,31 @@ Specifies paths to additional static, vhost-specific Apache configuration files. #####`aliases` -Passes a list of hashes to the vhost to create Alias or AliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or ScriptAliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: ```puppet aliases => [ - { aliasmatch => '^/image/(.*)\.jpg$', - path => '/files/jpg.images/$1.jpg', + { aliasmatch => '^/image/(.*)\.jpg$', + path => '/files/jpg.images/$1.jpg', } - { alias => '/image', - path => '/ftp/pub/image', + { alias => '/image', + path => '/ftp/pub/image', + }, + { scriptaliasmatch => '^/cgi-bin(.*)', + path => '/usr/local/share/cgi-bin$1', + }, + { scriptalias => '/nagios/cgi-bin/', + path => '/usr/lib/nagios/cgi-bin/', + }, + { alias => '/nagios', + path => '/usr/share/nagios/html', }, ], ``` -For `alias` and `aliasmatch` to work, each needs a corresponding context, such as '< Directory /path/to/directory>' or ''. The Alias and AliasMatch directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias` or `aliasmatch` parameters should come before the more general ones to avoid shadowing. +For `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` to work, each needs a corresponding context, such as `` or ``. The directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters should come before the more general ones to avoid shadowing. + +*Note*: Using the `aliases` parameter is preferred over the `scriptaliases` parameter since here the order of the various alias directives among each other can be controlled precisely. Defining ScriptAliases using the `scriptaliases` parameter means *all* ScriptAlias directives will come after *all* Alias directives, which can lead to Alias directives shadowing ScriptAlias directives. This is often problematic, for example in case of Nagios. *Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. @@ -1242,6 +1253,8 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for exa #####`scriptaliases` +*Note*: This parameter is deprecated in favour of the `aliases` parameter. + Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: ```puppet diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9ecf347751..170e5cc959 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -768,7 +768,10 @@ class { 'apache': } host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', - aliases => [{ alias => '/image', path => '/ftp/pub/image' }], + aliases => [ + { alias => '/image' , path => '/ftp/pub/image' } , + { scriptalias => '/myscript' , path => '/usr/share/myscript' } + ], } EOS apply_manifest(pp, :catch_failures => true) @@ -777,6 +780,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'Alias /image "/ftp/pub/image"' } + it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end end diff --git a/templates/vhost/_aliases.erb b/templates/vhost/_aliases.erb index 5fdd76ba24..f9771bc728 100644 --- a/templates/vhost/_aliases.erb +++ b/templates/vhost/_aliases.erb @@ -6,6 +6,10 @@ Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%> + ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%> + ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>" <%- end -%> <%- end -%> <%- end -%> From 23f22ec8cb8b5ba14f5da2b9143ff1617ee96ea3 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 10:34:06 -0700 Subject: [PATCH 0388/2267] Remove OEL5 --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index e8ae293d96..9607d4997a 100644 --- a/metadata.json +++ b/metadata.json @@ -27,7 +27,6 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", "6", "7" ] From be3e526dff2ba67ee150a9e3a9602cc9b7609bbb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 14:38:54 -0700 Subject: [PATCH 0389/2267] Update loadfile name for Ubuntu 10.04 --- manifests/mod/dav_svn.pp | 2 +- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 36af06fa41..d13a7d886f 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 90e0db5636..28cd5705f8 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From e3ac319923819f0f176f48e43beecd8770c7bc1b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 21 Oct 2014 15:50:32 -0700 Subject: [PATCH 0390/2267] OEL7 packaging has some issues This makes mod_dav_svn and mod_fcgid unable to install. --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- spec/acceptance/mod_fcgid_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 28cd5705f8..189bb15c42 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::dav_svn class' do +describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 2511b46ce6..e99a7f299e 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do it 'succeeds in puppeting fcgid' do pp = <<-EOS From 0e93f27ba9b6850715ca7e5ef285ff8d132c2062 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:06:30 -0700 Subject: [PATCH 0391/2267] add php_flag, php_value to docs --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index ba805b8cbe..0c612b672a 100644 --- a/README.md +++ b/README.md @@ -1105,6 +1105,10 @@ Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/User Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. +#####`php_flags & values` + +Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'. + #####`php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. @@ -1684,6 +1688,10 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ``` *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. + +######`php_value` and `php_flag` + +`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). ######`php_admin_value` and `php_admin_flag` From 3e50baecdb8a2128907dea8374556f93d99c15d8 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:15:48 -0700 Subject: [PATCH 0392/2267] duplicate php_admin_{value,flag} for php_{value,flag} --- manifests/vhost.pp | 13 +++++++++++++ templates/vhost/_directories.erb | 11 +++++++++++ templates/vhost/_php.erb | 12 ++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 templates/vhost/_php.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e1..325345857f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -60,6 +60,8 @@ $suphp_addhandler = $::apache::params::suphp_addhandler, $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, $php_admin_flags = {}, $php_admin_values = {}, $no_proxy_uris = [], @@ -708,6 +710,17 @@ } } + # Template uses: + # - $php_values + # - $php_flags + if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { + concat::fragment { "${name}-php": + target => "${priority_real}-${filename}.conf", + order => 220, + content => template('apache/vhost/_php.erb'), + } + } + # Template uses: # - $php_admin_values # - $php_admin_flags diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e756875f29..c27cabb199 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -87,6 +87,17 @@ <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> + <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> + <%- directory['php_flags'].each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_values'] and ! directory['php_values'].empty? -%> + <%- directory['php_values'].each do |key,value| -%> + php_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> <%- directory['php_admin_flags'].each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> diff --git a/templates/vhost/_php.erb b/templates/vhost/_php.erb new file mode 100644 index 0000000000..369fdb7f92 --- /dev/null +++ b/templates/vhost/_php.erb @@ -0,0 +1,12 @@ +<% if @php_values and not @php_values.empty? -%> + <%- @php_values.sort.each do |key,value| -%> + php_value <%= key %> <%= value %> + <%- end -%> +<% end -%> +<% if @php_flags and not @php_flags.empty? -%> + <%- @php_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> \ No newline at end of file From adb90bf1c243f11f68c571cc2690517312f6ac98 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:22:06 -0700 Subject: [PATCH 0393/2267] add tests --- spec/acceptance/mod_php_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index a0efe7fb86..91eab0f1f7 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -53,7 +53,7 @@ class { 'apache::mod::php': } end end - context "custom extensions, php_admin_flag, and php_admin_value" do + context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do it 'succeeds in puppeting php' do pp= <<-EOS class { 'apache': @@ -65,6 +65,8 @@ class { 'apache::mod::php': apache::vhost { 'php.example.com': port => '80', docroot => '/var/www/php', + php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, + php_flags => { 'display_errors' => 'on', }, php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, php_admin_flags => { 'engine' => 'on', }, } @@ -83,6 +85,8 @@ class { 'apache::mod::php': end describe file("#{vhost_dir}/25-php.example.com.conf") do + it { is_expected.to contain " php_flag display_errors on" } + it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" } it { is_expected.to contain " php_admin_flag engine on" } it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } end From 6b0a8b25509905c1b5011c4aabed887143700800 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Wed, 22 Oct 2014 16:43:25 +0200 Subject: [PATCH 0394/2267] Add params to proxy_pass to provide ProxyPass key=value connection settings --- README.md | 3 ++- templates/vhost/_proxy.erb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba805b8cbe..28787297e1 100644 --- a/README.md +++ b/README.md @@ -1135,7 +1135,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, ], @@ -1143,6 +1143,7 @@ apache::vhost { 'site.name.fdqn': ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). #####`rack_base_uris` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 045c906911..0f21af2ec3 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,8 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From e02a4d5670c46a8a82eff8dcb32e852aa12bcd0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?= Date: Thu, 23 Oct 2014 11:12:42 +0200 Subject: [PATCH 0395/2267] Fix authnz_ldap package name on el7 --- manifests/params.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index d8922e9fde..90f805af81 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -68,7 +68,10 @@ # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide $mod_packages = { 'auth_kerb' => 'mod_auth_kerb', - 'authnz_ldap' => 'mod_authz_ldap', + 'authnz_ldap' => $::apache::version::distrelease ? { + '7' => 'mod_ldap', + default => 'mod_authz_ldap', + }, 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', 'pagespeed' => 'mod-pagespeed-stable', From 332c66c0adffff9583027337f15abf514db560fb Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Thu, 23 Oct 2014 13:16:44 +0200 Subject: [PATCH 0396/2267] cleanup condition --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 0f21af2ec3..190239de92 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,7 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> > <%- if proxy['reverse_urls'].nil? -%> From e49b77c68c5cbcb36072d220e3432a5f20b3f35f Mon Sep 17 00:00:00 2001 From: Ben Sandberg Date: Thu, 23 Oct 2014 14:06:21 -0700 Subject: [PATCH 0397/2267] passenger concat needs to be wrapped in a check --- manifests/vhost.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e1..0841dfff47 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -795,10 +795,12 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_passenger.erb'), + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } } # Template uses: From dd69adc9827fae3b7294a98c31cc45b44c8fc30b Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Fri, 24 Oct 2014 14:02:20 +0200 Subject: [PATCH 0398/2267] (MODULES-1457) apache::vhost: SSLCACertificatePath can't be unset The SSLCACertificatePath is always set. The check for @ssl_certs_dir only covers "undef". As there is a default value in ::apache::params for ssl_certs_dir it needs to be overriden with an empty string. Right now the _ssl.erb template outputs 'SSLCACertificatePath ""' for an empty string, which triggers a failing reload of httpd. This patch just adds a "&& @ssl_certs_dir != ''" to the condition. On a Puppet master passenger vhost it's probably security relevant setting, as it enables all system CA signed certificates access. Related patch: https://github.com/puppetlabs/puppetlabs-apache/pull/787 --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 70213f48c1..516992558f 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,7 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> - <%- if @ssl_certs_dir -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> <%- if @ssl_ca -%> From 95426e5f2bc43ae99205f0d10afbea3e82301b5e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:03:20 -0500 Subject: [PATCH 0399/2267] Updates to mod::fcgid test don't work on RHEL5 --- spec/acceptance/mod_fcgid_spec.rb | 97 +++++++++++++++---------------- 1 file changed, 46 insertions(+), 51 deletions(-) diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 8e94fa08fa..2511b46ce6 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,62 +1,57 @@ require 'spec_helper_acceptance' describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('osfamily') - when 'Debian' - # Not implemented - when 'RedHat' - context "default fcgid config" do - it 'succeeds in puppeting fcgid' do - pp = <<-EOS - class { 'epel': } # mod_fcgid lives in epel - class { 'apache': } - class { 'apache::mod::php': } # For /usr/bin/php-cgi - class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', + context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do + it 'succeeds in puppeting fcgid' do + pp = <<-EOS + class { 'epel': } # mod_fcgid lives in epel + class { 'apache': } + class { 'apache::mod::php': } # For /usr/bin/php-cgi + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + }, + } + apache::vhost { 'fcgid.example.com': + port => '80', + docroot => '/var/www/fcgid', + directories => { + path => '/var/www/fcgid', + options => '+ExecCGI', + addhandlers => { + handler => 'fcgid-script', + extensions => '.php', }, - } - apache::vhost { 'fcgid.example.com': - port => '80', - docroot => '/var/www/fcgid', - directories => { - path => '/var/www/fcgid', - options => '+ExecCGI', - addhandlers => { - handler => 'fcgid-script', - extensions => '.php', - }, - fcgiwrapper => { - command => '/usr/bin/php-cgi', - suffix => '.php', - } - }, - } - file { '/var/www/fcgid/index.php': - ensure => file, - owner => 'root', - group => 'root', - content => "\\n", - } - EOS - apply_manifest(pp, :catch_failures => true) - end + fcgiwrapper => { + command => '/usr/bin/php-cgi', + suffix => '.php', + } + }, + } + file { '/var/www/fcgid/index.php': + ensure => file, + owner => 'root', + group => 'root', + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service('httpd') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('httpd') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'should answer to fcgid.example.com' do - shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| - expect(r.stdout).to match(/^Hello world$/) - expect(r.exit_code).to eq(0) - end + it 'should answer to fcgid.example.com' do + shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| + expect(r.stdout).to match(/^Hello world$/) + expect(r.exit_code).to eq(0) end + end - it 'should run a php-cgi process' do - shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) - end + it 'should run a php-cgi process' do + shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) end end end From ccb07c6a613821756ab784e7204f43e89915ece0 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:25:21 -0500 Subject: [PATCH 0400/2267] Fix custom_config check for ubuntu precise. --- manifests/custom_config.pp | 2 +- manifests/params.pp | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 543ace94e5..cadc2354db 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -5,7 +5,7 @@ $content = undef, $priority = '25', $source = undef, - $verify_command = '/usr/sbin/apachectl -t', + $verify_command = $::apache::params::verify_command, $verify_config = true, ) { diff --git a/manifests/params.pp b/manifests/params.pp index fc9a86e320..d8922e9fde 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,6 +28,11 @@ # The default error log level $log_level = 'warn' + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + $verify_command = '/usr/sbin/apache2ctl -t' + } else { + $verify_command = '/usr/sbin/apachectl -t' + } if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' From bb849cdec4330dd68b3b85b072bf2cf72d87b6c5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 16:15:04 -0500 Subject: [PATCH 0401/2267] Fix dav_svn for debian 6 --- manifests/mod/dav_svn.pp | 25 ++++++++++++++----------- spec/acceptance/mod_dav_svn_spec.rb | 6 +++++- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index c46976e850..36af06fa41 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,17 +1,20 @@ class apache::mod::dav_svn ( $authz_svn_enabled = false, ) { - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] - include ::apache::mod::dav - ::apache::mod { 'dav_svn': } + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache::mod::dav + ::apache::mod { 'dav_svn': } - if $authz_svn_enabled { - ::apache::mod { 'authz_svn': - loadfile_name => $::osfamily ? { - 'Debian' => undef, - default => 'dav_svn_authz_svn.load', - }, - require => Apache::Mod['dav_svn'], - } + if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + $loadfile_name = undef + } else { + $loadfile_name = 'dav_svn_authz_svn.load' + } + + if $authz_svn_enabled { + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], } + } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 5125ada0b2..90e0db5636 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,11 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - authz_svn_load_file = 'authz_svn.load' + if fact('operatingsystemmajrelease') == '6' + authz_svn_load_file = 'dav_svn_authz_svn.load' + else + authz_svn_load_file = 'authz_svn.load' + end when 'RedHat' mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' From 4fe8892df667ee650b9980fb6d0af6203e2b5e20 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 18:10:42 -0500 Subject: [PATCH 0402/2267] Fix vhost and mod_passenger tests on deb7 Also fix broken tests with strict variables. --- README.md | 2 ++ spec/acceptance/mod_passenger_spec.rb | 4 +-- spec/acceptance/vhost_spec.rb | 3 ++ spec/classes/mod/dav_svn_spec.rb | 47 ++++++++++++++------------- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index ba805b8cbe..28c541d44c 100644 --- a/README.md +++ b/README.md @@ -1745,6 +1745,8 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array } ``` +***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. + ######`shib_request_setting` Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index d141322348..9a758a44ee 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -137,7 +137,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/sbin/passenger-memory-stats") do |r| + shell("/usr/sbin/passenger-memory-stats") do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) @@ -262,7 +262,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/bin/passenger-memory-stats", :pty => true) do |r| + shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 08c717fc9c..d45eaee9fa 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -991,6 +991,9 @@ class { 'apache': } pp = <<-EOS class { 'apache': } host { 'test.server': ip => '127.0.0.1' } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } apache::vhost { 'test.server': docroot => '/tmp', directories => [ diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 859174af77..95abef9948 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -7,14 +7,15 @@ context "on a Debian OS" do let :facts do { - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -24,13 +25,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -40,13 +42,14 @@ context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } From 1be599daf1aa1da5e591a506f7fb43f2e21ea36b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Sep 2014 14:41:14 -0500 Subject: [PATCH 0403/2267] Need fcgid to load after unixd on RHEL7 --- manifests/mod/fcgid.pp | 10 ++++- spec/classes/mod/fcgid_spec.rb | 71 +++++++++++++++++++++++----------- 2 files changed, 58 insertions(+), 23 deletions(-) diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 70997768bc..70761e41d7 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,7 +1,15 @@ class apache::mod::fcgid( $options = {}, ) { - ::apache::mod { 'fcgid': } + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + $loadfile_name = 'unixd_fcgid.load' + } else { + $loadfile_name = undef + } + + ::apache::mod { 'fcgid': + loadfile_name => $loadfile_name + } # Template uses: # - $options diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index ab47a5a8e3..a342e58135 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -8,14 +8,15 @@ context "on a Debian OS" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -26,13 +27,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -66,16 +68,41 @@ end end + context "on RHEL7" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :operatingsystemmajrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + describe 'without parameters' do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) + } + it { is_expected.to contain_package("mod_fcgid") } + end + end + context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end From 56f884f00e93298adf15058e1b7ad4475b448669 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 10:34:06 -0700 Subject: [PATCH 0404/2267] Remove OEL5 --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index f84ff41b8a..3063ccf649 100644 --- a/metadata.json +++ b/metadata.json @@ -27,7 +27,6 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", "6", "7" ] From 9d4bb7c9351fc88923983f67675b266726a45445 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 14:38:54 -0700 Subject: [PATCH 0405/2267] Update loadfile name for Ubuntu 10.04 --- manifests/mod/dav_svn.pp | 2 +- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 36af06fa41..d13a7d886f 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 90e0db5636..28cd5705f8 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From 1f9aaad9ff55451cf2b18bdfaaf25f9bce39c364 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 21 Oct 2014 15:50:32 -0700 Subject: [PATCH 0406/2267] OEL7 packaging has some issues This makes mod_dav_svn and mod_fcgid unable to install. --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- spec/acceptance/mod_fcgid_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 28cd5705f8..189bb15c42 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::dav_svn class' do +describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 2511b46ce6..e99a7f299e 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do it 'succeeds in puppeting fcgid' do pp = <<-EOS From 88c6a98a5cfd33a7ba75a15ad6b09621b71768a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:15:04 +0200 Subject: [PATCH 0407/2267] allow disabling default vhosts under 2.4 when disabling the default vhost(s) under 2.4, there's nothing to include in $sites-enabled/, which causes the following error: The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 46 of /etc/apache2/apache2.conf: No matches for the wildcard '*' in '/etc/apache2/sites-enabled', failing (use IncludeOptional if required) Action 'configtest' failed. The Apache error log may have more information. by using IncludeOptional (as recommended), we allow the use of httpd as simple web server, with single purpose configuration, without having to define a (default) vhost. --- templates/httpd.conf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 68d6b50ae2..e1075e38c9 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -70,7 +70,11 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> From 8f2df799b242321c750372c5baa6eb83222bfde5 Mon Sep 17 00:00:00 2001 From: Jeff Tickle Date: Thu, 16 Oct 2014 14:00:55 -0400 Subject: [PATCH 0408/2267] Added ssl_protocol parameter to apache::mod::ssl makes it easier to fix things like POODLE --- README.md | 1 + manifests/mod/ssl.pp | 1 + templates/mod/ssl.conf.erb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1418696bf2..a4ab395c91 100644 --- a/README.md +++ b/README.md @@ -710,6 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7e115fb661..293e9319cc 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 35ec92afd9..e92e37e7a9 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From 2799c4e405caff93571d05bd86bf062f3b795ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 28 Oct 2014 15:14:26 +0100 Subject: [PATCH 0409/2267] fix ssl_protocol docs to be in line with code --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a4ab395c91..02932ff34e 100644 --- a/README.md +++ b/README.md @@ -710,7 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], - ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` From 360239c8dc5fc3eded26d27cb2cc5fa932193874 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Fri, 6 Jun 2014 22:23:19 -0400 Subject: [PATCH 0410/2267] Support parameters along with proxy_pass --- README.md | 4 +++- templates/vhost/_proxy.erb | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1418696bf2..22c7f0fb9c 100644 --- a/README.md +++ b/README.md @@ -1127,7 +1127,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': @@ -1138,6 +1138,8 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => ['retry=0', 'timeout=5'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 190239de92..8477157956 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -8,7 +8,6 @@ <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> - > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 934f2d4884b945f53150e5e6d488f1256ad8dc77 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 14:27:27 -0400 Subject: [PATCH 0411/2267] Support keywords along with proxy_pass, use hash for params --- README.md | 4 +++- templates/vhost/_proxy.erb | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 22c7f0fb9c..d31ae362f5 100644 --- a/README.md +++ b/README.md @@ -1139,7 +1139,9 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => ['retry=0', 'timeout=5'] }, + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 8477157956..dd25e2c87a 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,13 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 4c54a52c17e346e0c487e293c7727cb131aaca06 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 17:22:40 -0400 Subject: [PATCH 0412/2267] Add some tests for ProxyPass parameters --- tests/vhost_proxypass.pp | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 tests/vhost_proxypass.pp diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp new file mode 100644 index 0000000000..968de41959 --- /dev/null +++ b/tests/vhost_proxypass.pp @@ -0,0 +1,60 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => "http://localhost:8080/first" + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => "http://localhost:8080/second", + 'params' => {'retry' => '0', 'timeout' => '5'} + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => "http://localhost:8080/third", + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => "http://localhost:8080/fourth", + 'params' => {'retry' => '0', 'timeout' => '5'}, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} \ No newline at end of file From 0edb041427f4b6019db48d776b351833558552d6 Mon Sep 17 00:00:00 2001 From: Tim Hartmann Date: Thu, 23 Oct 2014 15:50:15 -0400 Subject: [PATCH 0413/2267] Linting and adding some tests Adding tests --- spec/defines/vhost_spec.rb | 16 +++++++++--- tests/vhost_proxypass.pp | 50 +++++++++++++++++++++----------------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3eac5ffb45..84a95bf44d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -172,8 +172,13 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/' + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } } ], 'suphp_addhandler' => 'foo', @@ -296,7 +301,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-action') } it { is_expected.to contain_concat__fragment('rspec.example.com-block') } it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp index 968de41959..e911f85f9d 100644 --- a/tests/vhost_proxypass.pp +++ b/tests/vhost_proxypass.pp @@ -9,37 +9,40 @@ # Most basic vhost with proxy_pass apache::vhost { 'first.example.com': - port => 80, - docroot => '/var/www/first', - proxy_pass => [ + port => 80, + docroot => '/var/www/first', + proxy_pass => [ { - 'path' => '/first', - 'url' => "http://localhost:8080/first" + 'path' => '/first', + 'url' => 'http://localhost:8080/first' }, ], } # vhost with proxy_pass and parameters apache::vhost { 'second.example.com': - port => 80, - docroot => '/var/www/second', - proxy_pass => [ + port => 80, + docroot => '/var/www/second', + proxy_pass => [ { 'path' => '/second', - 'url' => "http://localhost:8080/second", - 'params' => {'retry' => '0', 'timeout' => '5'} + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } }, ], } # vhost with proxy_pass and keywords apache::vhost { 'third.example.com': - port => 80, - docroot => '/var/www/third', - proxy_pass => [ + port => 80, + docroot => '/var/www/third', + proxy_pass => [ { - 'path' => '/third', - 'url' => "http://localhost:8080/third", + 'path' => '/third', + 'url' => 'http://localhost:8080/third', 'keywords' => ['noquery', 'interpolate'] }, ], @@ -47,14 +50,17 @@ # vhost with proxy_pass, parameters and keywords apache::vhost { 'fourth.example.com': - port => 80, - docroot => '/var/www/fourth', - proxy_pass => [ + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ { - 'path' => '/fourth', - 'url' => "http://localhost:8080/fourth", - 'params' => {'retry' => '0', 'timeout' => '5'}, + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, 'keywords' => ['noquery', 'interpolate'] }, ], -} \ No newline at end of file +} From 040546da0e13f62a86be3a0a73b78299b63734ce Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 12:21:55 -0400 Subject: [PATCH 0414/2267] Satisfy doesn't work with apache 2.4 The ability to use the more complex Require* syntax for apache 2.4 will be added eventually, but Satisfy shouldn't be tested as that is deprecated in apache. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d45eaee9fa..966f85cf5e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -298,7 +298,7 @@ class { 'apache': } end end - describe 'Satisfy and Auth directive' do + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do it 'should configure a vhost with Satisfy and Auth directive' do pp = <<-EOS class { 'apache': } From c44e513dd69f459f81a49bfa0874a7ec556294ff Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 16:49:15 -0400 Subject: [PATCH 0415/2267] wsgi_chunked_request doesn't work on lucid --- spec/acceptance/vhost_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 966f85cf5e..483b74945c 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1082,7 +1082,6 @@ class { 'apache::mod::wsgi': } wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) From b85460162d319af89cf4ab17a64aec325c604d79 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 10:34:20 -0400 Subject: [PATCH 0416/2267] Update metadata Fix PE compatibility, update issues URL, and fix requirements to match output from PMT. --- metadata.json | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/metadata.json b/metadata.json index 3063ccf649..f2266960f4 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -58,7 +58,7 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 3.4.0" + "version_requirement": "3.x" }, { "name": "puppet", @@ -67,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.1" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] } From be2bfab1f98cd86d7048d84f6abea17206d59c30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:02:59 +0200 Subject: [PATCH 0417/2267] MODULES-1446: mod_version is now builtin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit while we are not loading it (by default), we should make it easier for people transitioning their configuration from 2.2 to 2.4 to find issues: thus adding a warning when someone tries to load mod_version. --- things i have learned during this pr: × @hunner: There is no '&&' in puppet; only 'and'* × add puppet to PATH, so vim can check syntax. thanks @mhaskel especially for the patience. *zuhl. --- README.md | 10 ++++++++++ manifests/default_mods.pp | 8 ++++---- manifests/mod/version.pp | 8 ++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 manifests/mod/version.pp diff --git a/README.md b/README.md index 02932ff34e..3b71c5baac 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -823,6 +824,15 @@ mod_reqtimeout configuration. } ``` +####Class: `apache::mod::reqtimeout` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + #####`timeouts` A string or an array that sets the `RequestReadTimeout` option. Defaults to diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f031..71759030b5 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -36,10 +36,11 @@ include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -51,7 +52,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } @@ -71,6 +71,7 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling @@ -93,7 +94,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp new file mode 100644 index 0000000000..c0e405686a --- /dev/null +++ b/manifests/mod/version.pp @@ -0,0 +1,8 @@ +class apache::mod::version { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +} From e20f70750d72dd61abf354b113ebc3c030f7521c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 15:37:22 -0400 Subject: [PATCH 0418/2267] Relying on missing fact Ubuntu 10.04 with PE3.3 is missing the operatingsystemmajrelease fact, so check either operatingsystemmajrelease or operatingsystemrelease. --- manifests/mod/dav_svn.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index d13a7d886f..6e70598d0a 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' From 61789fa9d8f84757c42cc9e8ed91154d834dd108 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 30 Oct 2014 15:45:37 +0100 Subject: [PATCH 0419/2267] Fixes indentation of versioncmp --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f031..fef78d6388 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -120,7 +120,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From 4002f9bffde12f67f60f839b3d23779f201ff84f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 30 Oct 2014 11:27:41 -0700 Subject: [PATCH 0420/2267] Update the test to match the fix from yesterday --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 189bb15c42..7e5afed520 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From e72fd7021cb63f90746e2cccc952d98f539526eb Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 5 Nov 2014 11:49:32 +0100 Subject: [PATCH 0421/2267] add sort to LogFormats to ensure consistency between runs --- templates/httpd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index e1075e38c9..54d24c8ae3 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -59,7 +59,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> From 3111c0dcd1920342cb2dcae3732573e91424e219 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= Date: Mon, 18 Aug 2014 18:38:26 +0200 Subject: [PATCH 0422/2267] Add support for specifying the docroot option for RHEL SCL httpd24 The pattern of defining these variables in the init.pp goes back into 2012. However, it's much better to use the params.pp pattern for this purpose, and it's also required to make this work with the RHEL's Software Collections. Without this patch, the Apache::Vhost['default'] is instantiated (regardless whether it's with ensure => absent or present) and bails out due to /var/www being missing on asystem which has never had RHEL6's regular httpd package installed. --- manifests/init.pp | 4 +--- manifests/params.pp | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b5e9204570..32966b86f7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', @@ -239,7 +240,6 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' @@ -247,7 +247,6 @@ $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' $error_documents_path = '/var/www/error' @@ -255,7 +254,6 @@ $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $error_documents_path = '/usr/local/www/apache22/error' diff --git a/manifests/params.pp b/manifests/params.pp index d8922e9fde..6b6f38891a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -100,6 +100,7 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { @@ -160,6 +161,7 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' # # Passenger-specific settings @@ -270,6 +272,7 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache22/data' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } From e4aadd546e8e9dff8027ef467776a3353729ce15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 15:43:19 +0200 Subject: [PATCH 0423/2267] add documentation for `docroot` (in init) and apparently strip a lot of trailing white-space. thanks lighttable let's see what this breaks... --- README.md | 146 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index a1846b5261..b98749b584 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -182,9 +182,9 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -253,7 +253,7 @@ Generates default set of include-able Apache configuration files under `${apach #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). @@ -310,6 +310,10 @@ SSL vhosts only respond to HTTPS queries. Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. @@ -375,9 +379,9 @@ Determines which MPM is loaded and configured for the HTTPD process. Valid value * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` +* `apache::mod::worker` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -566,7 +570,7 @@ The modules mentioned above, and other Apache modules that have templates, cause ####Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages mod_info which provides a comprehensive overview of the server configuration. Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). @@ -681,7 +685,7 @@ Overriding the default configuartion: } ``` -or +or ```puppet class {'::apache::mod::php': template => 'apache/php.conf.erb', @@ -719,7 +723,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -963,7 +967,9 @@ Sets the list of resources to look for when a client requests an index of the di #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -1142,7 +1148,7 @@ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/do ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, @@ -1220,7 +1226,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1281,7 +1287,7 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -1342,7 +1348,7 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1369,9 +1375,9 @@ To set up a virtual host with suPHP Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +#####`virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1407,8 +1413,8 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', @@ -1431,9 +1437,9 @@ General `directories` usage looks something like apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } @@ -1454,15 +1460,15 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` @@ -1474,10 +1480,10 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1489,10 +1495,10 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1559,7 +1565,7 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': - … + … custom_fragment => ' SetHandler balancer-manager @@ -1582,24 +1588,24 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1629,9 +1635,9 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1645,11 +1651,11 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` @@ -1661,9 +1667,9 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1676,9 +1682,9 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } @@ -1791,10 +1797,10 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1809,10 +1815,10 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1825,7 +1831,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1837,7 +1843,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. @@ -1899,7 +1905,7 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -2148,7 +2154,7 @@ If you want to add two name-based vhosts so that they answer on either 10.0.0.10 ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -2164,7 +2170,7 @@ Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mo #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. @@ -2242,7 +2248,7 @@ If you need to use ProxySet in the balancer config * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -2261,7 +2267,7 @@ If you need to use ProxySet in the balancer config * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types @@ -2280,7 +2286,7 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -2288,7 +2294,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. From 38d797025c5f76871ad844d6fa57a4aff7b2572e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 16:42:57 +0200 Subject: [PATCH 0424/2267] add spec test for (default) docroot directory , which is now a parameter to init.pp --- spec/classes/apache_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index dc5d6b46a1..c1ecf80cc3 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -23,6 +23,10 @@ it { is_expected.to contain_user("www-data") } it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -225,6 +229,10 @@ it { is_expected.to contain_user("apache") } it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -498,6 +506,10 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', From a65f3f74108d36604553dc400dce781000a4bf91 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 7 Nov 2014 11:37:33 -0800 Subject: [PATCH 0425/2267] Fix unit test failures with ruby 1.8.7 rspec with 1.8.7 seems to be having issues with trailing commas and unescaped '{' or '}' within the %r{} block. --- spec/classes/apache_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index c1ecf80cc3..fe61a9796b 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -24,7 +24,7 @@ it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( @@ -168,7 +168,7 @@ end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -230,7 +230,7 @@ it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www/html").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/httpd/conf.d").with( @@ -507,7 +507,7 @@ it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/usr/local/www/apache22/data").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( From d25883ac591f67bbfca3ec69d6637cc36998dcb4 Mon Sep 17 00:00:00 2001 From: Pi3r Date: Sun, 7 Sep 2014 22:05:19 +0200 Subject: [PATCH 0426/2267] Clean-up hash lookup and avoid local undef var --- manifests/mod.pp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 4ffde61b18..88cdcd6a5b 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -18,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -48,11 +47,10 @@ # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] } else { $_package = undef } From 304d66c3ae98066faa9aadfe762aa32eb993d628 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Wed, 22 Oct 2014 16:43:25 +0200 Subject: [PATCH 0427/2267] Add params to proxy_pass to provide ProxyPass key=value connection settings --- README.md | 3 ++- templates/vhost/_proxy.erb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 28c541d44c..1418696bf2 100644 --- a/README.md +++ b/README.md @@ -1135,7 +1135,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, ], @@ -1143,6 +1143,7 @@ apache::vhost { 'site.name.fdqn': ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). #####`rack_base_uris` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 045c906911..0f21af2ec3 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,8 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From b4e5213ad1014f0c6a65c90bfd52965385c28ed4 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Thu, 23 Oct 2014 13:16:44 +0200 Subject: [PATCH 0428/2267] cleanup condition --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 0f21af2ec3..190239de92 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,7 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> > <%- if proxy['reverse_urls'].nil? -%> From 7b9ad0dbc2570855962ada4e04f9f4f26005400e Mon Sep 17 00:00:00 2001 From: Ben Sandberg Date: Thu, 23 Oct 2014 14:06:21 -0700 Subject: [PATCH 0429/2267] passenger concat needs to be wrapped in a check --- manifests/vhost.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e1..0841dfff47 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -795,10 +795,12 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_passenger.erb'), + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } } # Template uses: From 760a3444814f34a902d838a9837e9f8c595f42c5 Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Fri, 24 Oct 2014 14:02:20 +0200 Subject: [PATCH 0430/2267] (MODULES-1457) apache::vhost: SSLCACertificatePath can't be unset The SSLCACertificatePath is always set. The check for @ssl_certs_dir only covers "undef". As there is a default value in ::apache::params for ssl_certs_dir it needs to be overriden with an empty string. Right now the _ssl.erb template outputs 'SSLCACertificatePath ""' for an empty string, which triggers a failing reload of httpd. This patch just adds a "&& @ssl_certs_dir != ''" to the condition. On a Puppet master passenger vhost it's probably security relevant setting, as it enables all system CA signed certificates access. Related patch: https://github.com/puppetlabs/puppetlabs-apache/pull/787 --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 70213f48c1..516992558f 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,7 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> - <%- if @ssl_certs_dir -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> <%- if @ssl_ca -%> From e440b809f1151f3baf7a8d6fbf9f62372cc385d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:15:04 +0200 Subject: [PATCH 0431/2267] allow disabling default vhosts under 2.4 when disabling the default vhost(s) under 2.4, there's nothing to include in $sites-enabled/, which causes the following error: The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 46 of /etc/apache2/apache2.conf: No matches for the wildcard '*' in '/etc/apache2/sites-enabled', failing (use IncludeOptional if required) Action 'configtest' failed. The Apache error log may have more information. by using IncludeOptional (as recommended), we allow the use of httpd as simple web server, with single purpose configuration, without having to define a (default) vhost. --- templates/httpd.conf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 68d6b50ae2..e1075e38c9 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -70,7 +70,11 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> From bd4ad7b2c80ae7f52f508a4bf732698a0238a5a6 Mon Sep 17 00:00:00 2001 From: Jeff Tickle Date: Thu, 16 Oct 2014 14:00:55 -0400 Subject: [PATCH 0432/2267] Added ssl_protocol parameter to apache::mod::ssl makes it easier to fix things like POODLE --- README.md | 1 + manifests/mod/ssl.pp | 1 + templates/mod/ssl.conf.erb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1418696bf2..a4ab395c91 100644 --- a/README.md +++ b/README.md @@ -710,6 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7e115fb661..293e9319cc 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 35ec92afd9..e92e37e7a9 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From 6cbc3d04506b75c2834a10f2755948804fde1d1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 28 Oct 2014 15:14:26 +0100 Subject: [PATCH 0433/2267] fix ssl_protocol docs to be in line with code --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a4ab395c91..02932ff34e 100644 --- a/README.md +++ b/README.md @@ -710,7 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], - ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` From f27d4f87302144426d85c8b92913a97d839d7dd4 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Fri, 6 Jun 2014 22:23:19 -0400 Subject: [PATCH 0434/2267] Support parameters along with proxy_pass --- README.md | 4 +++- templates/vhost/_proxy.erb | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02932ff34e..a2f2a4e569 100644 --- a/README.md +++ b/README.md @@ -1128,7 +1128,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': @@ -1139,6 +1139,8 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => ['retry=0', 'timeout=5'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 190239de92..8477157956 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -8,7 +8,6 @@ <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> - > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 63ed0d31e2b9adddf6bae57f984bf007fc404db8 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 14:27:27 -0400 Subject: [PATCH 0435/2267] Support keywords along with proxy_pass, use hash for params --- README.md | 4 +++- templates/vhost/_proxy.erb | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a2f2a4e569..0e24abfd8d 100644 --- a/README.md +++ b/README.md @@ -1140,7 +1140,9 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => ['retry=0', 'timeout=5'] }, + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 8477157956..dd25e2c87a 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,13 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 92c6c9a1d7e1ef45e8068e9e2ed627b80070a05a Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 17:22:40 -0400 Subject: [PATCH 0436/2267] Add some tests for ProxyPass parameters --- tests/vhost_proxypass.pp | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 tests/vhost_proxypass.pp diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp new file mode 100644 index 0000000000..968de41959 --- /dev/null +++ b/tests/vhost_proxypass.pp @@ -0,0 +1,60 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => "http://localhost:8080/first" + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => "http://localhost:8080/second", + 'params' => {'retry' => '0', 'timeout' => '5'} + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => "http://localhost:8080/third", + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => "http://localhost:8080/fourth", + 'params' => {'retry' => '0', 'timeout' => '5'}, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} \ No newline at end of file From b1b7689a7f0d15ab490873b4b68b754ae4f6e7c6 Mon Sep 17 00:00:00 2001 From: Tim Hartmann Date: Thu, 23 Oct 2014 15:50:15 -0400 Subject: [PATCH 0437/2267] Linting and adding some tests Adding tests --- spec/defines/vhost_spec.rb | 16 +++++++++--- tests/vhost_proxypass.pp | 50 +++++++++++++++++++++----------------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3eac5ffb45..84a95bf44d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -172,8 +172,13 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/' + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } } ], 'suphp_addhandler' => 'foo', @@ -296,7 +301,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-action') } it { is_expected.to contain_concat__fragment('rspec.example.com-block') } it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp index 968de41959..e911f85f9d 100644 --- a/tests/vhost_proxypass.pp +++ b/tests/vhost_proxypass.pp @@ -9,37 +9,40 @@ # Most basic vhost with proxy_pass apache::vhost { 'first.example.com': - port => 80, - docroot => '/var/www/first', - proxy_pass => [ + port => 80, + docroot => '/var/www/first', + proxy_pass => [ { - 'path' => '/first', - 'url' => "http://localhost:8080/first" + 'path' => '/first', + 'url' => 'http://localhost:8080/first' }, ], } # vhost with proxy_pass and parameters apache::vhost { 'second.example.com': - port => 80, - docroot => '/var/www/second', - proxy_pass => [ + port => 80, + docroot => '/var/www/second', + proxy_pass => [ { 'path' => '/second', - 'url' => "http://localhost:8080/second", - 'params' => {'retry' => '0', 'timeout' => '5'} + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } }, ], } # vhost with proxy_pass and keywords apache::vhost { 'third.example.com': - port => 80, - docroot => '/var/www/third', - proxy_pass => [ + port => 80, + docroot => '/var/www/third', + proxy_pass => [ { - 'path' => '/third', - 'url' => "http://localhost:8080/third", + 'path' => '/third', + 'url' => 'http://localhost:8080/third', 'keywords' => ['noquery', 'interpolate'] }, ], @@ -47,14 +50,17 @@ # vhost with proxy_pass, parameters and keywords apache::vhost { 'fourth.example.com': - port => 80, - docroot => '/var/www/fourth', - proxy_pass => [ + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ { - 'path' => '/fourth', - 'url' => "http://localhost:8080/fourth", - 'params' => {'retry' => '0', 'timeout' => '5'}, + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, 'keywords' => ['noquery', 'interpolate'] }, ], -} \ No newline at end of file +} From 379f7a5d7643f52e5ae37c24ea7bc3f3645ee8eb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 12:21:55 -0400 Subject: [PATCH 0438/2267] Satisfy doesn't work with apache 2.4 The ability to use the more complex Require* syntax for apache 2.4 will be added eventually, but Satisfy shouldn't be tested as that is deprecated in apache. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d45eaee9fa..966f85cf5e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -298,7 +298,7 @@ class { 'apache': } end end - describe 'Satisfy and Auth directive' do + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do it 'should configure a vhost with Satisfy and Auth directive' do pp = <<-EOS class { 'apache': } From dcd805152f5e666b3dfd486ddc65ae2f72e88bc8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 16:49:15 -0400 Subject: [PATCH 0439/2267] wsgi_chunked_request doesn't work on lucid --- spec/acceptance/vhost_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 966f85cf5e..483b74945c 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1082,7 +1082,6 @@ class { 'apache::mod::wsgi': } wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) From dda1b8020e5d523fe2d3dc4a43f90fac972ce7f7 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 10:34:20 -0400 Subject: [PATCH 0440/2267] Update metadata Fix PE compatibility, update issues URL, and fix requirements to match output from PMT. --- metadata.json | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/metadata.json b/metadata.json index 79344a839c..f6361a10e0 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -67,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.1" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] } From 1f531b342da4f92e34041e605615905afeb0d7ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:02:59 +0200 Subject: [PATCH 0441/2267] MODULES-1446: mod_version is now builtin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit while we are not loading it (by default), we should make it easier for people transitioning their configuration from 2.2 to 2.4 to find issues: thus adding a warning when someone tries to load mod_version. --- things i have learned during this pr: × @hunner: There is no '&&' in puppet; only 'and'* × add puppet to PATH, so vim can check syntax. thanks @mhaskel especially for the patience. *zuhl. --- README.md | 10 ++++++++++ manifests/default_mods.pp | 8 ++++---- manifests/mod/version.pp | 8 ++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 manifests/mod/version.pp diff --git a/README.md b/README.md index 0e24abfd8d..a1846b5261 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -823,6 +824,15 @@ mod_reqtimeout configuration. } ``` +####Class: `apache::mod::reqtimeout` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + #####`timeouts` A string or an array that sets the `RequestReadTimeout` option. Defaults to diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f031..71759030b5 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -36,10 +36,11 @@ include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -51,7 +52,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } @@ -71,6 +71,7 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling @@ -93,7 +94,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp new file mode 100644 index 0000000000..c0e405686a --- /dev/null +++ b/manifests/mod/version.pp @@ -0,0 +1,8 @@ +class apache::mod::version { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +} From 4e86abe59446aac4b1621ebc3f1d77fafc2a9762 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 15:37:22 -0400 Subject: [PATCH 0442/2267] Relying on missing fact Ubuntu 10.04 with PE3.3 is missing the operatingsystemmajrelease fact, so check either operatingsystemmajrelease or operatingsystemrelease. --- manifests/mod/dav_svn.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index d13a7d886f..6e70598d0a 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' From 6790eec742f07c2f9150e36d54e71936d03738b7 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 30 Oct 2014 15:45:37 +0100 Subject: [PATCH 0443/2267] Fixes indentation of versioncmp --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 71759030b5..09e360a49e 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -120,7 +120,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From 1823dc2fcdfcddeea127a7cc5be055247966c8f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 30 Oct 2014 11:27:41 -0700 Subject: [PATCH 0444/2267] Update the test to match the fix from yesterday --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 189bb15c42..7e5afed520 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From 692fabc5d5c7bb4626fe96b7db4020b25ea6e94b Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 5 Nov 2014 11:49:32 +0100 Subject: [PATCH 0445/2267] add sort to LogFormats to ensure consistency between runs --- templates/httpd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index e1075e38c9..54d24c8ae3 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -59,7 +59,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> From c5a9ec2a61343c007a542b405e264112982709f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= Date: Mon, 18 Aug 2014 18:38:26 +0200 Subject: [PATCH 0446/2267] Add support for specifying the docroot option for RHEL SCL httpd24 The pattern of defining these variables in the init.pp goes back into 2012. However, it's much better to use the params.pp pattern for this purpose, and it's also required to make this work with the RHEL's Software Collections. Without this patch, the Apache::Vhost['default'] is instantiated (regardless whether it's with ensure => absent or present) and bails out due to /var/www being missing on asystem which has never had RHEL6's regular httpd package installed. --- manifests/init.pp | 4 +--- manifests/params.pp | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b5e9204570..32966b86f7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', @@ -239,7 +240,6 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' @@ -247,7 +247,6 @@ $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' $error_documents_path = '/var/www/error' @@ -255,7 +254,6 @@ $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $error_documents_path = '/usr/local/www/apache22/error' diff --git a/manifests/params.pp b/manifests/params.pp index 90f805af81..6a221fd633 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -103,6 +103,7 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { @@ -163,6 +164,7 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' # # Passenger-specific settings @@ -273,6 +275,7 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache22/data' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } From 6330c899c394603d06a8e8cb2ea3ae3717946249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 15:43:19 +0200 Subject: [PATCH 0447/2267] add documentation for `docroot` (in init) and apparently strip a lot of trailing white-space. thanks lighttable let's see what this breaks... --- README.md | 146 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index a1846b5261..b98749b584 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -182,9 +182,9 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -253,7 +253,7 @@ Generates default set of include-able Apache configuration files under `${apach #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). @@ -310,6 +310,10 @@ SSL vhosts only respond to HTTPS queries. Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. @@ -375,9 +379,9 @@ Determines which MPM is loaded and configured for the HTTPD process. Valid value * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` +* `apache::mod::worker` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -566,7 +570,7 @@ The modules mentioned above, and other Apache modules that have templates, cause ####Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages mod_info which provides a comprehensive overview of the server configuration. Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). @@ -681,7 +685,7 @@ Overriding the default configuartion: } ``` -or +or ```puppet class {'::apache::mod::php': template => 'apache/php.conf.erb', @@ -719,7 +723,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -963,7 +967,9 @@ Sets the list of resources to look for when a client requests an index of the di #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -1142,7 +1148,7 @@ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/do ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, @@ -1220,7 +1226,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1281,7 +1287,7 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -1342,7 +1348,7 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1369,9 +1375,9 @@ To set up a virtual host with suPHP Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +#####`virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1407,8 +1413,8 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', @@ -1431,9 +1437,9 @@ General `directories` usage looks something like apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } @@ -1454,15 +1460,15 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` @@ -1474,10 +1480,10 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1489,10 +1495,10 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1559,7 +1565,7 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': - … + … custom_fragment => ' SetHandler balancer-manager @@ -1582,24 +1588,24 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1629,9 +1635,9 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1645,11 +1651,11 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` @@ -1661,9 +1667,9 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1676,9 +1682,9 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } @@ -1791,10 +1797,10 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1809,10 +1815,10 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1825,7 +1831,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1837,7 +1843,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. @@ -1899,7 +1905,7 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -2148,7 +2154,7 @@ If you want to add two name-based vhosts so that they answer on either 10.0.0.10 ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -2164,7 +2170,7 @@ Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mo #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. @@ -2242,7 +2248,7 @@ If you need to use ProxySet in the balancer config * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -2261,7 +2267,7 @@ If you need to use ProxySet in the balancer config * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types @@ -2280,7 +2286,7 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -2288,7 +2294,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. From 87be4908f1192800ab93672e0e978002e1703612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 16:42:57 +0200 Subject: [PATCH 0448/2267] add spec test for (default) docroot directory , which is now a parameter to init.pp --- spec/classes/apache_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index dc5d6b46a1..c1ecf80cc3 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -23,6 +23,10 @@ it { is_expected.to contain_user("www-data") } it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -225,6 +229,10 @@ it { is_expected.to contain_user("apache") } it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -498,6 +506,10 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', From d75e4d32423338f56bbeac2540fcf846860b329b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 7 Nov 2014 11:37:33 -0800 Subject: [PATCH 0449/2267] Fix unit test failures with ruby 1.8.7 rspec with 1.8.7 seems to be having issues with trailing commas and unescaped '{' or '}' within the %r{} block. --- spec/classes/apache_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index c1ecf80cc3..fe61a9796b 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -24,7 +24,7 @@ it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( @@ -168,7 +168,7 @@ end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -230,7 +230,7 @@ it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www/html").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/httpd/conf.d").with( @@ -507,7 +507,7 @@ it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/usr/local/www/apache22/data").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( From ef71aa9d05d275dbb46e8821b8d742b629dce56f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 10 Nov 2014 11:37:00 -0800 Subject: [PATCH 0450/2267] 1.2.0 prep --- CHANGELOG.md | 55 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dad6c4b5ed..c2ccb4c6c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,37 +6,69 @@ This release features many improvements and bugfixes, including several new defi ####Features - Convert apache::vhost to use concat for easier extensions - Test improvements +- Synchronize files with modulesync +- Strict variable and future parser support - Added apache::custom_config defined type to allow validation of configs before they are created - Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. -- Added logroot_mode and logroot_ensure to apache::vhost - Improved SCL support - - added apache::conf_dir - - allow overriding of apache_name - allow overriding of the mod_ssl package name - Add support for reverse_urls/ProxyPassReverse in apache::vhost -- Add apache::vhost::manage_docroot -- Add apache::purge_vhost_dir parameter - Add satisfy directive in apache::vhost::directories - Add apache::fastcgi::server defined type -- Add apache::vhost::proxy_preserve_host -- Add apache::vhost::wsgi_pass_authorization +- New parameters - apache + - allow_encoded_slashes + - apache_name + - conf_dir + - default_ssl_crl_check + - docroot + - logroot_mode + - purge_vhost_dir +- New parameters - apache::vhost + - add_default_charset + - allow_encoded_slashes + - logroot_ensure + - logroot_mode + - manage_docroot + - passenger_app_root + - passenger_min_instances + - passenger_pre_start + - passenger_ruby + - passenger_start_timeout + - proxy_preserve_host + - redirectmatch_dest + - ssl_crl_check + - wsgi_chunked_request + - wsgi_pass_authorization +- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter - Add support for rewrites in the apache::vhost::directories parameter - If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet +- Turn of SSLv3 by default - Improvements to apache::mod* - Add restrict_access parameter to apache::mod::info - Add force_language_priority and language_priority parameters to apache::mod::negotiation - - Add threadlimit parameter to mod::worker + - Add threadlimit parameter to apache::mod::worker - Add content, template, and source parameters to apache::mod::php - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn - Add loadfile_name parameter to apache::mod - Add apache::mod::deflate class - - Add types and notes parameters to apache::mod::deflate - Add options parameter to apache::mod::fcgid + - Add timeouts parameter to apache::mod::reqtimeout + - Add apache::mod::shib + - Add apache_version parameter to apache::mod::ldap + - Add magic_file parameter to apache::mod::mime_magic + - Add apache_version parameter to apache::mod::pagespeed + - Add passenger_default_ruby parameter to apache::mod::passenger + - Add content, template, and source parameters to apache::mod::php + - Add apache_version parameter to apache::mod::proxy + - Add loadfiles parameter to apache::mod::proxy_html + - Add ssl_protocol and package_name parameters to apache::mod::ssl + - Add apache_version parameter to apache::mod::status + - Add apache_version parameter to apache::mod::userdir + - Add apache::mod::version class ####Bugfixes - Set osfamily defaults for wsgi_socket_prefix - Support multiple balancermembers with the same url -- Validate apache::vhost::wsgi_pass_authorization - Validate apache::vhost::custom_fragment - Add support for itk with mod_php - Allow apache::vhost::ssl_certs_dir to not be set @@ -61,6 +93,9 @@ This release features many improvements and bugfixes, including several new defi - Add authn_core mode to Ubuntu trusty defaults - Keep default loadfile for authz_svn on Debian - Remove '.conf' from the site-include regexp for better Ubuntu/Debian support +- Load unixd before fcgid for EL7 +- Fix RedirectMatch rules +- Fix misleading error message in apache::version ####Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. From a51bfa87e3c1c2ea17aaf4d590ad26758a07c5de Mon Sep 17 00:00:00 2001 From: enekogb Date: Wed, 12 Nov 2014 09:47:35 +0100 Subject: [PATCH 0451/2267] Add $status_path parameter to change mod_status url --- README.md | 18 +++++++++++++++++- manifests/mod/status.pp | 7 +++++-- spec/classes/mod/status_spec.rb | 13 +++++++------ templates/mod/status.conf.erb | 2 +- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b98749b584..564e65536a 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) + * [Class: apache::mod::status](#class-apachemodstatus) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Class: apache::mod::negotiation](#class-apachemodnegotiation) @@ -556,7 +557,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) -* `status`* +* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below) * `suphp` * `userdir`* * `vhost_alias` @@ -721,6 +722,21 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +####Class: `apache::mod::status` + +Installs Apache mod_status and uses the status.conf.erb template. These are the defaults: + +```puppet + class { 'apache::mod::status': + allow_from = ['127.0.0.1','::1'], + extended_status = 'On', + status_path = '/server-status', +){ + + + } +``` + ####Class: `apache::mod::wsgi` Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index cfab5d58ea..9c61836960 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -9,7 +9,9 @@ # /server-status URL. Defaults to ['127.0.0.1', '::1']. # - $extended_status track and display extended status information. Valid # values are 'On' or 'Off'. Defaults to 'On'. -# +# - $status_path is the path assigned to the Location directive which +# defines the URL to access the server status. Defaults to '/server-status'. +# # Actions: # - Enable and configure Apache mod_status # @@ -27,11 +29,12 @@ $allow_from = ['127.0.0.1','::1'], $extended_status = 'On', $apache_version = $::apache::apache_version, + $status_path = '/server-status', ){ validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } - # Template uses $allow_from, $extended_status, $apache_version + # Template uses $allow_from, $extended_status, $apache_version, $status_path file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index adb60861ba..502562959c 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -1,10 +1,10 @@ require 'spec_helper' # Helper function for testing the contents of `status.conf` -def status_conf_spec(allow_from, extended_status) +def status_conf_spec(allow_from, extended_status, status_path) it do is_expected.to contain_file("status.conf").with_content( - "\n"\ + "\n"\ " SetHandler server-status\n"\ " Order deny,allow\n"\ " Deny from all\n"\ @@ -41,7 +41,7 @@ def status_conf_spec(allow_from, extended_status) it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") it { is_expected.to contain_file("status.conf").with({ :ensure => 'file', @@ -70,13 +70,13 @@ def status_conf_spec(allow_from, extended_status) it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } end - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off'" do + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do let :facts do { :osfamily => 'Debian', @@ -93,10 +93,11 @@ def status_conf_spec(allow_from, extended_status) { :allow_from => ['10.10.10.10','11.11.11.11'], :extended_status => 'Off', + :status_path => '/custom-status', } end - status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off") + status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status") end diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index 84f2e03430..f02ed156ff 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,4 +1,4 @@ - +> SetHandler server-status <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> From fdd960abe8e92420365e4c78ebd678f6b03f86f2 Mon Sep 17 00:00:00 2001 From: Antoine Cotten Date: Wed, 12 Nov 2014 16:34:15 +0100 Subject: [PATCH 0452/2267] 'allow_encoded_slashes' was omitted --- manifests/vhost.pp | 62 +++++++++++++--------- spec/defines/vhost_spec.rb | 1 + templates/vhost/_allow_encoded_slashes.erb | 4 ++ 3 files changed, 41 insertions(+), 26 deletions(-) create mode 100644 templates/vhost/_allow_encoded_slashes.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0841dfff47..50b3a1ec4a 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -491,6 +491,16 @@ content => template('apache/vhost/_fallbackresource.erb'), } } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => "${priority_real}-${filename}.conf", + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } # Template uses: # - $_directories @@ -501,7 +511,7 @@ if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": target => "${priority_real}-${filename}.conf", - order => 50, + order => 60, content => template('apache/vhost/_directories.erb'), } } @@ -511,7 +521,7 @@ if $additional_includes and ! empty($additional_includes) { concat::fragment { "${name}-additional_includes": target => "${priority_real}-${filename}.conf", - order => 60, + order => 70, content => template('apache/vhost/_additional_includes.erb'), } } @@ -524,7 +534,7 @@ if $error_log or $log_level { concat::fragment { "${name}-logging": target => "${priority_real}-${filename}.conf", - order => 70, + order => 80, content => template('apache/vhost/_logging.erb'), } } @@ -532,7 +542,7 @@ # Template uses no variables concat::fragment { "${name}-serversignature": target => "${priority_real}-${filename}.conf", - order => 80, + order => 90, content => template('apache/vhost/_serversignature.erb'), } @@ -545,7 +555,7 @@ if $access_log { concat::fragment { "${name}-access_log": target => "${priority_real}-${filename}.conf", - order => 90, + order => 100, content => template('apache/vhost/_access_log.erb'), } } @@ -555,7 +565,7 @@ if $action { concat::fragment { "${name}-action": target => "${priority_real}-${filename}.conf", - order => 100, + order => 110, content => template('apache/vhost/_action.erb'), } } @@ -566,7 +576,7 @@ if $block and ! empty($block) { concat::fragment { "${name}-block": target => "${priority_real}-${filename}.conf", - order => 110, + order => 120, content => template('apache/vhost/_block.erb'), } } @@ -576,7 +586,7 @@ if $error_documents and ! empty($error_documents) { concat::fragment { "${name}-error_document": target => "${priority_real}-${filename}.conf", - order => 120, + order => 130, content => template('apache/vhost/_error_document.erb'), } } @@ -589,7 +599,7 @@ if $proxy_dest or $proxy_pass { concat::fragment { "${name}-proxy": target => "${priority_real}-${filename}.conf", - order => 130, + order => 140, content => template('apache/vhost/_proxy.erb'), } } @@ -599,7 +609,7 @@ if $rack_base_uris { concat::fragment { "${name}-rack": target => "${priority_real}-${filename}.conf", - order => 140, + order => 150, content => template('apache/vhost/_rack.erb'), } } @@ -620,7 +630,7 @@ if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}-${filename}.conf", - order => 150, + order => 160, content => template('apache/vhost/_redirect.erb'), } } @@ -633,7 +643,7 @@ if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": target => "${priority_real}-${filename}.conf", - order => 160, + order => 170, content => template('apache/vhost/_rewrite.erb'), } } @@ -644,7 +654,7 @@ if $scriptaliases and ! empty($scriptaliases) { concat::fragment { "${name}-scriptalias": target => "${priority_real}-${filename}.conf", - order => 170, + order => 180, content => template('apache/vhost/_scriptalias.erb'), } } @@ -654,7 +664,7 @@ if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": target => "${priority_real}-${filename}.conf", - order => 180, + order => 190, content => template('apache/vhost/_serveralias.erb'), } } @@ -665,7 +675,7 @@ if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { concat::fragment { "${name}-setenv": target => "${priority_real}-${filename}.conf", - order => 190, + order => 200, content => template('apache/vhost/_setenv.erb'), } } @@ -691,7 +701,7 @@ if $ssl { concat::fragment { "${name}-ssl": target => "${priority_real}-${filename}.conf", - order => 200, + order => 210, content => template('apache/vhost/_ssl.erb'), } } @@ -703,7 +713,7 @@ if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": target => "${priority_real}-${filename}.conf", - order => 210, + order => 220, content => template('apache/vhost/_suphp.erb'), } } @@ -714,7 +724,7 @@ if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": target => "${priority_real}-${filename}.conf", - order => 220, + order => 230, content => template('apache/vhost/_php_admin.erb'), } } @@ -724,7 +734,7 @@ if $headers and ! empty($headers) { concat::fragment { "${name}-header": target => "${priority_real}-${filename}.conf", - order => 230, + order => 240, content => template('apache/vhost/_header.erb'), } } @@ -734,7 +744,7 @@ if $request_headers and ! empty($request_headers) { concat::fragment { "${name}-requestheader": target => "${priority_real}-${filename}.conf", - order => 240, + order => 250, content => template('apache/vhost/_requestheader.erb'), } } @@ -751,7 +761,7 @@ if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": target => "${priority_real}-${filename}.conf", - order => 250, + order => 260, content => template('apache/vhost/_wsgi.erb'), } } @@ -761,7 +771,7 @@ if $custom_fragment { concat::fragment { "${name}-custom_fragment": target => "${priority_real}-${filename}.conf", - order => 260, + order => 270, content => template('apache/vhost/_custom_fragment.erb'), } } @@ -774,7 +784,7 @@ if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": target => "${priority_real}-${filename}.conf", - order => 270, + order => 280, content => template('apache/vhost/_fastcgi.erb'), } } @@ -784,7 +794,7 @@ if $suexec_user_group { concat::fragment { "${name}-suexec": target => "${priority_real}-${filename}.conf", - order => 280, + order => 290, content => template('apache/vhost/_suexec.erb'), } } @@ -798,7 +808,7 @@ if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { concat::fragment { "${name}-passenger": target => "${priority_real}-${filename}.conf", - order => 290, + order => 300, content => template('apache/vhost/_passenger.erb'), } } @@ -808,7 +818,7 @@ if $add_default_charset { concat::fragment { "${name}-charsets": target => "${priority_real}-${filename}.conf", - order => 300, + order => 310, content => template('apache/vhost/_charsets.erb'), } } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 84a95bf44d..d80752d8ae 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -322,6 +322,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } diff --git a/templates/vhost/_allow_encoded_slashes.erb b/templates/vhost/_allow_encoded_slashes.erb new file mode 100644 index 0000000000..40c73433b1 --- /dev/null +++ b/templates/vhost/_allow_encoded_slashes.erb @@ -0,0 +1,4 @@ +<%- if @allow_encoded_slashes -%> + + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> From a425c288cc357dc1d9c8dd4738b086365ec6adf5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 13 Nov 2014 11:23:07 -0800 Subject: [PATCH 0453/2267] We should get rid of unused templates Otherwise we run the risk of having updates going into the wrong place --- templates/vhost.conf.erb | 69 ---------------------------------------- 1 file changed, 69 deletions(-) delete mode 100644 templates/vhost.conf.erb diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb deleted file mode 100644 index 859a3ae7f4..0000000000 --- a/templates/vhost.conf.erb +++ /dev/null @@ -1,69 +0,0 @@ -# ************************************ -# Vhost template in module puppetlabs-apache -# Managed by Puppet -# ************************************ - -> - ServerName <%= @servername %> -<% if @serveradmin -%> - ServerAdmin <%= @serveradmin %> -<% end -%> - - ## Vhost docroot -<% if @virtual_docroot -%> - VirtualDocumentRoot "<%= @virtual_docroot %>" -<% else -%> - DocumentRoot "<%= @docroot %>" -<% end -%> -<%= scope.function_template(['apache/vhost/_aliases.erb']) -%> - -<%= scope.function_template(['apache/vhost/_itk.erb']) -%> - -<% if @fallbackresource -%> - FallbackResource <%= @fallbackresource %> -<% end -%> -<%- if @allow_encoded_slashes -%> - AllowEncodedSlashes <%= @allow_encoded_slashes %> -<%- end -%> - - ## Directories, there should at least be a declaration for <%= @docroot %> -<%= scope.function_template(['apache/vhost/_directories.erb']) -%> - - ## Load additional static includes -<% Array(@additional_includes).each do |include| -%> - Include "<%= include %>" -<% end -%> - - ## Logging -<% if @error_log -%> - ErrorLog "<%= @error_log_destination %>" -<% end -%> -<% if @log_level -%> - LogLevel <%= @log_level %> -<% end -%> - ServerSignature Off -<% if @access_log and @_access_log_env_var -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> -<% elsif @access_log -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> -<% end -%> -<%= scope.function_template(['apache/vhost/_action.erb']) -%> -<%= scope.function_template(['apache/vhost/_block.erb']) -%> -<%= scope.function_template(['apache/vhost/_error_document.erb']) -%> -<%= scope.function_template(['apache/vhost/_proxy.erb']) -%> -<%= scope.function_template(['apache/vhost/_rack.erb']) -%> -<%= scope.function_template(['apache/vhost/_redirect.erb']) -%> -<%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> -<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> -<%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> -<%= scope.function_template(['apache/vhost/_setenv.erb']) -%> -<%= scope.function_template(['apache/vhost/_ssl.erb']) -%> -<%= scope.function_template(['apache/vhost/_suphp.erb']) -%> -<%= scope.function_template(['apache/vhost/_php_admin.erb']) -%> -<%= scope.function_template(['apache/vhost/_header.erb']) -%> -<%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> -<%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> -<%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_suexec.erb']) -%> - From 8d22b806eb528e3d8c93bf5229b86b9529bce7b9 Mon Sep 17 00:00:00 2001 From: muresan Date: Fri, 14 Nov 2014 17:05:02 +0000 Subject: [PATCH 0454/2267] Updated _directories.erb to add support for 'SetEnv' Updated _directories.erb to add support for 'SetEnv'. --- templates/vhost/_directories.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e756875f29..9827e38c7a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -195,6 +195,11 @@ <%- end -%> <%- end -%> <%- end -%> + <%- if directory['setenv'] -%> + <%- Array(directory['setenv']).each do |setenv| -%> + SetEnv <%= setenv %> + <%- end -%> + <%- end -%> <%- if @shibboleth_enabled -%> <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> ShibRequireSession <%= directory['shib_require_session'] %> From a767f1510a619785cdba4b3ca0fc484bfd300b5c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 17 Nov 2014 13:42:05 -0800 Subject: [PATCH 0455/2267] MODULES-1403 - fix doc bug --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 564e65536a..c565da3ab2 100644 --- a/README.md +++ b/README.md @@ -1582,7 +1582,10 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': … - custom_fragment => ' + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' SetHandler balancer-manager Order allow,deny @@ -1594,7 +1597,9 @@ Pass a string of custom configuration directives to be placed at the end of the Allow from all ProxyStatus On', -} + }, + ] + } ``` ######`deny` From 6d100c8033468e34c96a6cd8161a89b149201e94 Mon Sep 17 00:00:00 2001 From: Mike Delaney Date: Tue, 30 Sep 2014 08:54:03 -0400 Subject: [PATCH 0456/2267] MODULES-1384 - idempotency for wsgi_script_aliases When parsing wsgi_aliases, sort the keys then generate the underlying template. --- templates/vhost/_wsgi.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index a0d4ded654..9f01d40910 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -13,9 +13,9 @@ WSGIProcessGroup <%= @wsgi_process_group %> <% end -%> <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> - <%- @wsgi_script_aliases.each do |a, p| -%> - <%- if a != '' and p != ''-%> - WSGIScriptAlias <%= a %> "<%= p %>" + <%- @wsgi_script_aliases.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" <%- end -%> <%- end -%> <% end -%> From 5ac2f34e46f7347ba04fd86f5096ffc4f287e164 Mon Sep 17 00:00:00 2001 From: Geoffrey Corey Date: Tue, 18 Nov 2014 14:37:03 +0100 Subject: [PATCH 0457/2267] Add configurable options for mpm_event --- manifests/mod/event.pp | 20 ++++++++++++-------- spec/classes/mod/event_spec.rb | 33 +++++++++++++++++++++++++++++++++ templates/mod/event.conf.erb | 4 ++++ 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index cb7ed96cd6..f2b28fde28 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -1,12 +1,16 @@ class apache::mod::event ( - $startservers = '2', - $maxclients = '150', - $minsparethreads = '25', - $maxsparethreads = '75', - $threadsperchild = '25', - $maxrequestsperchild = '0', - $serverlimit = '25', - $apache_version = $::apache::apache_version, + $startservers = '2', + $maxclients = '150', + $minsparethreads = '25', + $maxsparethreads = '75', + $threadsperchild = '25', + $maxrequestsperchild = '0', + $serverlimit = '25', + $apache_version = $::apache::apache_version, + $threadlimit = '64', + $listenbacklog = '511', + $maxrequestworkers = '256', + $maxconnectionsperchild = '0', ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 3061ca9b1f..f85f4d3288 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -34,11 +34,44 @@ } end + it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('event') } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + context "Test mpm_event params" do + let :params do + { + :serverlimit => '0', + :startservers => '1', + :maxclients => '2', + :minsparethreads => '3', + :maxsparethreads => '4', + :threadsperchild => '5', + :maxrequestsperchild => '6', + :threadlimit => '7', + :listenbacklog => '8', + :maxrequestworkers => '9', + :maxconnectionsperchild => '10', + } + end + + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') + .with_content(/^\s*ServerLimit\s*0/) + .with_content(/^\s*StartServers\s*1/) + .with_content(/^\s*MaxClients\s*2/) + .with_content(/^\s*MinSpareThreads\s*3/) + .with_content(/^\s*MaxSpareThreads\s*4/) + .with_content(/^\s*ThreadsPerChild\s*5/) + .with_content(/^\s*MaxRequestsPerChild\s*6/) + .with_content(/^\s*ThreadLimit\s*7/) + .with_content(/^\s*ListenBacklog\s*8/) + .with_content(/^\s*MaxRequestWorkers\s*9/) + .with_content(/^\s*MaxConnectionsPerChild\s*10/) + } + end + context "with Apache version < 2.4" do let :params do { diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index 40099543d5..e7ef7ea6ea 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -6,4 +6,8 @@ MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> + MaxRequestWorkers <%= @maxrequestworkers %> + MaxConnectionsPerChild <%= @maxconnectionsperchild %> From 468647c1ea2e9a95b7633fe419a24c5b9f447815 Mon Sep 17 00:00:00 2001 From: Geoffrey Corey Date: Wed, 19 Nov 2014 14:12:50 +0100 Subject: [PATCH 0458/2267] Add basic mpm_event docs, fix formatting, appease older ruby --- README.md | 20 ++++++++++++++++++-- spec/classes/mod/event_spec.rb | 24 +++++++++++------------- templates/mod/event.conf.erb | 20 ++++++++++---------- 3 files changed, 39 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index c565da3ab2..719e6bde14 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::event](#class-apachemodevent) * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) @@ -525,7 +526,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `dev` * `dir`* * `disk_cache` -* `event` +* `event`(see [`apache::mod::event`](#class-apachemodevent) below) * `expires` * `fastcgi` * `fcgid` @@ -569,11 +570,26 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. +####Class: `apache::mod::event + +Installs and manages mpm_event module. + +Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html). + +To configure the event thread limit: + +```puppet + class {'apache::mod::event': + $threadlimit => '128', + } +``` + + ####Class: `apache::mod::info` Installs and manages mod_info which provides a comprehensive overview of the server configuration. -Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). +Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html). These are the default settings: diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index f85f4d3288..7030a72e8b 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -57,19 +57,17 @@ } end - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') - .with_content(/^\s*ServerLimit\s*0/) - .with_content(/^\s*StartServers\s*1/) - .with_content(/^\s*MaxClients\s*2/) - .with_content(/^\s*MinSpareThreads\s*3/) - .with_content(/^\s*MaxSpareThreads\s*4/) - .with_content(/^\s*ThreadsPerChild\s*5/) - .with_content(/^\s*MaxRequestsPerChild\s*6/) - .with_content(/^\s*ThreadLimit\s*7/) - .with_content(/^\s*ListenBacklog\s*8/) - .with_content(/^\s*MaxRequestWorkers\s*9/) - .with_content(/^\s*MaxConnectionsPerChild\s*10/) - } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) } end context "with Apache version < 2.4" do diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index e7ef7ea6ea..970ce088ce 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -1,13 +1,13 @@ - ServerLimit <%= @serverlimit %> - StartServers <%= @startservers %> - MaxClients <%= @maxclients %> - MinSpareThreads <%= @minsparethreads %> - MaxSpareThreads <%= @maxsparethreads %> - ThreadsPerChild <%= @threadsperchild %> - MaxRequestsPerChild <%= @maxrequestsperchild %> - ThreadLimit <%= @threadlimit %> - ListenBacklog <%= @listenbacklog %> - MaxRequestWorkers <%= @maxrequestworkers %> + ServerLimit <%= @serverlimit %> + StartServers <%= @startservers %> + MaxClients <%= @maxclients %> + MinSpareThreads <%= @minsparethreads %> + MaxSpareThreads <%= @maxsparethreads %> + ThreadsPerChild <%= @threadsperchild %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> + MaxRequestWorkers <%= @maxrequestworkers %> MaxConnectionsPerChild <%= @maxconnectionsperchild %> From fb729a09f9d1ea586ab04bd163617483748b550e Mon Sep 17 00:00:00 2001 From: Joshua Brunner Date: Tue, 11 Nov 2014 16:13:21 +0100 Subject: [PATCH 0459/2267] Omit priority prefix if {priority => false} passed to vhost/custom_config Do not prefix filenames in apache::vhost and apache::custom_config when priority is set to false. --- README.md | 4 + manifests/custom_config.pp | 13 +- manifests/vhost.pp | 1489 +++++++++++++------------ spec/acceptance/custom_config_spec.rb | 17 + spec/acceptance/vhost_spec.rb | 16 + 5 files changed, 793 insertions(+), 746 deletions(-) diff --git a/README.md b/README.md index 719e6bde14..d0d90bab28 100644 --- a/README.md +++ b/README.md @@ -477,6 +477,8 @@ The content of the configuration file. Only one of `$content` and `$source` can The priority of the configuration file, used for ordering. Defaults to '25'. +Pass priority `false` to omit the priority prefix in file names. + #####`source` The source of the configuration file. Only one of `$content` and `$source` can be specified. @@ -1170,6 +1172,8 @@ If nothing matches the priority, the first name-based vhost is used. Likewise, p *Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. +Pass priority `false` to omit the priority prefix in file names. + #####`proxy_dest` Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index cadc2354db..7bd4d3ed8e 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -23,8 +23,15 @@ validate_bool($verify_config) + if $priority { + $priority_prefix = "${priority}-" + } else { + $priority_prefix = '' + } + ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') + $filename_middle = regsubst($name, ' ', '_', 'G') + $filename = "${priority_prefix}${filename_middle}.conf" if ! $verify_config or $ensure == 'absent' { $notifies = Service['httpd'] @@ -34,7 +41,7 @@ file { "apache_${name}": ensure => $ensure, - path => "${confdir}/${priority}-${filename}.conf", + path => "${confdir}/${filename}", content => $content, source => $source, require => Package['httpd'], @@ -51,7 +58,7 @@ } exec { "remove ${name} if invalid": - command => "/bin/rm ${confdir}/${priority}-${filename}.conf", + command => "/bin/rm ${confdir}/${filename}", unless => $verify_command, subscribe => File["apache_${name}"], refreshonly => true, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 50b3a1ec4a..997866980b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -61,772 +61,775 @@ $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, $php_admin_flags = {}, - $php_admin_values = {}, - $no_proxy_uris = [], - $proxy_preserve_host = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $redirectmatch_dest = undef, - $rack_base_uris = undef, - $headers = undef, - $request_headers = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $setenv = [], - $setenvif = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $wsgi_chunked_request = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $additional_includes = [], - $apache_version = $::apache::apache_version, - $allow_encoded_slashes = undef, - $suexec_user_group = undef, - $passenger_app_root = undef, - $passenger_ruby = undef, - $passenger_min_instances = undef, - $passenger_start_timeout = undef, - $passenger_pre_start = undef, - $add_default_charset = undef, -) { - # The base class must be included first because it is used by parameter defaults - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $apache_name = $::apache::params::apache_name - - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. - Allowed values are 'present' and 'absent'.") - validate_re($suphp_engine, '^(on|off)$', - "${suphp_engine} is not supported for suphp_engine. - Allowed values are 'on' and 'off'.") - validate_bool($ip_based) - validate_bool($access_log) - validate_bool($error_log) - validate_bool($ssl) - validate_bool($default_vhost) - validate_bool($ssl_proxyengine) - if $rewrites { - validate_array($rewrites) - validate_hash($rewrites[0]) - } - - # Input validation begins - - if $suexec_user_group { - validate_re($suexec_user_group, '^\w+ \w+$', - "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") - } - - if $wsgi_pass_authorization { - validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', - "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. - Allowed values are 'on' and 'off'.") - } - - # Deprecated backwards-compatibility - if $rewrite_base { - warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') - } - if $rewrite_rule { - warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') - } - if $rewrite_cond { - warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') - } - - if $wsgi_script_aliases { - validate_hash($wsgi_script_aliases) - } - if $wsgi_daemon_process_options { - validate_hash($wsgi_daemon_process_options) - } - if $wsgi_import_script_options { - validate_hash($wsgi_import_script_options) - } - if $itk { - validate_hash($itk) - } - - validate_re($logroot_ensure, '^(directory|absent)$', - "${logroot_ensure} is not supported for logroot_ensure. - Allowed values are 'directory' and 'absent'.") - - if $log_level { - validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', - "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") - } - - if $access_log_file and $access_log_pipe { - fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") - } - - if $error_log_file and $error_log_pipe { - fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") - } - - if $fallbackresource { - validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') - } - - if $custom_fragment { - validate_string($custom_fragment) - } - - if $allow_encoded_slashes { - validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") - } - - # Input validation ends - - if $ssl and $ensure == 'present' { - include ::apache::mod::ssl - # Required for the AddType lines. - include ::apache::mod::mime - } - - if $virtual_docroot { - include ::apache::mod::vhost_alias - } - - if $wsgi_daemon_process { - include ::apache::mod::wsgi - } - - if $suexec_user_group { - include ::apache::mod::suexec - } - - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { - include ::apache::mod::passenger - } - - # Configure the defaultness of a vhost - if $priority { - $priority_real = $priority - } elsif $default_vhost { - $priority_real = '10' - } else { - $priority_real = '25' - } - - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') - - # This ensures that the docroot exists - # But enables it to be specified across multiple vhost resources - if ! defined(File[$docroot]) and $manage_docroot { - file { $docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, - mode => $docroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], - } - } - - # Same as above, but for logroot - if ! defined(File[$logroot]) { - file { $logroot: - ensure => $logroot_ensure, - mode => $logroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], - } - } - - - # Is apache::mod::passenger enabled (or apache::mod['passenger']) - $passenger_enabled = defined(Apache::Mod['passenger']) - - # Is apache::mod::shib enabled (or apache::mod['shib2']) - $shibboleth_enabled = defined(Apache::Mod['shib2']) - - # Define log file names - if $access_log_file { - $access_log_destination = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $access_log_destination = $access_log_pipe - } elsif $access_log_syslog { - $access_log_destination = $access_log_syslog - } else { - if $ssl { - $access_log_destination = "${logroot}/${name}_access_ssl.log" - } else { - $access_log_destination = "${logroot}/${name}_access.log" - } - } - - if $error_log_file { - $error_log_destination = "${logroot}/${error_log_file}" - } elsif $error_log_pipe { - $error_log_destination = $error_log_pipe - } elsif $error_log_syslog { - $error_log_destination = $error_log_syslog - } else { - if $ssl { - $error_log_destination = "${logroot}/${name}_error_ssl.log" - } else { - $error_log_destination = "${logroot}/${name}_error.log" - } - } - - # Set access log format - if $access_log_format { - $_access_log_format = "\"${access_log_format}\"" - } else { - $_access_log_format = 'combined' - } - - if $access_log_env_var { - $_access_log_env_var = "env=${access_log_env_var}" - } - - if $ip { - if $port { - $listen_addr_port = "${ip}:${port}" - $nvh_addr_port = "${ip}:${port}" - } else { - $listen_addr_port = undef - $nvh_addr_port = $ip - if ! $servername and ! $ip_based { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") - } - } - } else { - if $port { - $listen_addr_port = $port - $nvh_addr_port = "${vhost_name}:${port}" - } else { - $listen_addr_port = undef - $nvh_addr_port = $name - if ! $servername { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") - } - } - } - if $add_listen { - if $ip and defined(Apache::Listen["${port}"]) { - fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") - } - if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { "${listen_addr_port}": } - } - } - if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { - ::apache::namevirtualhost { $nvh_addr_port: } - } - } - - # Load mod_rewrite if needed and not yet loaded - if $rewrites or $rewrite_cond { - if ! defined(Class['apache::mod::rewrite']) { - include ::apache::mod::rewrite - } - } - - # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { - if ! defined(Class['apache::mod::alias']) { - include ::apache::mod::alias - } - } - - # Load mod_proxy if needed and not yet loaded - if ($proxy_dest or $proxy_pass) { - if ! defined(Class['apache::mod::proxy']) { - include ::apache::mod::proxy - } - if ! defined(Class['apache::mod::proxy_http']) { - include ::apache::mod::proxy_http - } - } - - # Load mod_passenger if needed and not yet loaded - if $rack_base_uris { - if ! defined(Class['apache::mod::passenger']) { - include ::apache::mod::passenger - } - } - - # Load mod_fastci if needed and not yet loaded - if $fastcgi_server and $fastcgi_socket { - if ! defined(Class['apache::mod::fastcgi']) { - include ::apache::mod::fastcgi - } - } - - # Check if mod_headers is required to process $headers/$request_headers - if $headers or $request_headers { - if ! defined(Class['apache::mod::headers']) { - include ::apache::mod::headers - } - } - - ## Create a default directory list if none defined - if $directories { - if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { - fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") - } - $_directories = $directories - } else { - $_directory = { - provider => 'directory', - path => $docroot, - options => $options, - allow_override => $override, - directoryindex => $directoryindex, - } - - if versioncmp($apache_version, '2.4') >= 0 { - $_directory_version = { - require => 'all granted', + $php_admin_values = {}, + $no_proxy_uris = [], + $proxy_preserve_host = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $rack_base_uris = undef, + $headers = undef, + $request_headers = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $apache_version = $::apache::apache_version, + $allow_encoded_slashes = undef, + $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, + $add_default_charset = undef, + ) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + + $apache_name = $::apache::params::apache_name + + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. + Allowed values are 'present' and 'absent'.") + validate_re($suphp_engine, '^(on|off)$', + "${suphp_engine} is not supported for suphp_engine. + Allowed values are 'on' and 'off'.") + validate_bool($ip_based) + validate_bool($access_log) + validate_bool($error_log) + validate_bool($ssl) + validate_bool($default_vhost) + validate_bool($ssl_proxyengine) + if $rewrites { + validate_array($rewrites) + validate_hash($rewrites[0]) + } + + # Input validation begins + + if $suexec_user_group { + validate_re($suexec_user_group, '^\w+ \w+$', + "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") + } + + if $wsgi_pass_authorization { + validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', + "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. + Allowed values are 'on' and 'off'.") + } + + # Deprecated backwards-compatibility + if $rewrite_base { + warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') + } + if $rewrite_rule { + warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') + } + if $rewrite_cond { + warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') + } + + if $wsgi_script_aliases { + validate_hash($wsgi_script_aliases) + } + if $wsgi_daemon_process_options { + validate_hash($wsgi_daemon_process_options) + } + if $wsgi_import_script_options { + validate_hash($wsgi_import_script_options) + } + if $itk { + validate_hash($itk) + } + + validate_re($logroot_ensure, '^(directory|absent)$', + "${logroot_ensure} is not supported for logroot_ensure. + Allowed values are 'directory' and 'absent'.") + + if $log_level { + validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', + "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + } + + if $access_log_file and $access_log_pipe { + fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") + } + + if $error_log_file and $error_log_pipe { + fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") + } + + if $fallbackresource { + validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') + } + + if $custom_fragment { + validate_string($custom_fragment) + } + + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + # Input validation ends + + if $ssl and $ensure == 'present' { + include ::apache::mod::ssl + # Required for the AddType lines. + include ::apache::mod::mime + } + + if $virtual_docroot { + include ::apache::mod::vhost_alias + } + + if $wsgi_daemon_process { + include ::apache::mod::wsgi + } + + if $suexec_user_group { + include ::apache::mod::suexec + } + + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + include ::apache::mod::passenger + } + + # Configure the defaultness of a vhost + if $priority { + $priority_prefix = "${priority}-" + } elsif $priority == false { + $priority_prefix = '' + } elsif $default_vhost { + $priority_prefix = '10-' + } else { + $priority_prefix = '25-' + } + + ## Apache include does not always work with spaces in the filename + $filename_middle = regsubst($name, ' ', '_', 'G') + $filename = "${priority_prefix}${filename_middle}.conf" + + # This ensures that the docroot exists + # But enables it to be specified across multiple vhost resources + if ! defined(File[$docroot]) and $manage_docroot { + file { $docroot: + ensure => directory, + owner => $docroot_owner, + group => $docroot_group, + mode => $docroot_mode, + require => Package['httpd'], + before => Concat[$filename], + } + } + + # Same as above, but for logroot + if ! defined(File[$logroot]) { + file { $logroot: + ensure => $logroot_ensure, + mode => $logroot_mode, + require => Package['httpd'], + before => Concat[$filename], + } + } + + + # Is apache::mod::passenger enabled (or apache::mod['passenger']) + $passenger_enabled = defined(Apache::Mod['passenger']) + + # Is apache::mod::shib enabled (or apache::mod['shib2']) + $shibboleth_enabled = defined(Apache::Mod['shib2']) + + # Define log file names + if $access_log_file { + $access_log_destination = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $access_log_destination = $access_log_pipe + } elsif $access_log_syslog { + $access_log_destination = $access_log_syslog + } else { + if $ssl { + $access_log_destination = "${logroot}/${name}_access_ssl.log" + } else { + $access_log_destination = "${logroot}/${name}_access.log" + } + } + + if $error_log_file { + $error_log_destination = "${logroot}/${error_log_file}" + } elsif $error_log_pipe { + $error_log_destination = $error_log_pipe + } elsif $error_log_syslog { + $error_log_destination = $error_log_syslog + } else { + if $ssl { + $error_log_destination = "${logroot}/${name}_error_ssl.log" + } else { + $error_log_destination = "${logroot}/${name}_error.log" + } + } + + # Set access log format + if $access_log_format { + $_access_log_format = "\"${access_log_format}\"" + } else { + $_access_log_format = 'combined' + } + + if $access_log_env_var { + $_access_log_env_var = "env=${access_log_env_var}" + } + + if $ip { + if $port { + $listen_addr_port = "${ip}:${port}" + $nvh_addr_port = "${ip}:${port}" + } else { + $listen_addr_port = undef + $nvh_addr_port = $ip + if ! $servername and ! $ip_based { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") + } + } + } else { + if $port { + $listen_addr_port = $port + $nvh_addr_port = "${vhost_name}:${port}" + } else { + $listen_addr_port = undef + $nvh_addr_port = $name + if ! $servername { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") + } + } + } + if $add_listen { + if $ip and defined(Apache::Listen["${port}"]) { + fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") + } + if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { + ::apache::listen { "${listen_addr_port}": } + } + } + if ! $ip_based { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { + ::apache::namevirtualhost { $nvh_addr_port: } + } + } + + # Load mod_rewrite if needed and not yet loaded + if $rewrites or $rewrite_cond { + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } + } + + # Load mod_alias if needed and not yet loaded + if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { + if ! defined(Class['apache::mod::alias']) { + include ::apache::mod::alias + } + } + + # Load mod_proxy if needed and not yet loaded + if ($proxy_dest or $proxy_pass) { + if ! defined(Class['apache::mod::proxy']) { + include ::apache::mod::proxy + } + if ! defined(Class['apache::mod::proxy_http']) { + include ::apache::mod::proxy_http + } + } + + # Load mod_passenger if needed and not yet loaded + if $rack_base_uris { + if ! defined(Class['apache::mod::passenger']) { + include ::apache::mod::passenger + } + } + + # Load mod_fastci if needed and not yet loaded + if $fastcgi_server and $fastcgi_socket { + if ! defined(Class['apache::mod::fastcgi']) { + include ::apache::mod::fastcgi + } + } + + # Check if mod_headers is required to process $headers/$request_headers + if $headers or $request_headers { + if ! defined(Class['apache::mod::headers']) { + include ::apache::mod::headers + } + } + + ## Create a default directory list if none defined + if $directories { + if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { + fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") + } + $_directories = $directories + } else { + $_directory = { + provider => 'directory', + path => $docroot, + options => $options, + allow_override => $override, + directoryindex => $directoryindex, + } + + if versioncmp($apache_version, '2.4') >= 0 { + $_directory_version = { + require => 'all granted', + } + } else { + $_directory_version = { + order => 'allow,deny', + allow => 'from all', + } + } + + $_directories = [ merge($_directory, $_directory_version) ] + } + + concat { $filename: + ensure => $ensure, + path => "${::apache::vhost_dir}/${filename}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + order => 'numeric', + require => Package['httpd'], + notify => Service['httpd'], + } + if $::osfamily == 'Debian' { + $vhost_enable_dir = $::apache::vhost_enable_dir + $vhost_symlink_ensure = $ensure ? { + present => link, + default => $ensure, + } + file{ "${filename} symlink": + ensure => $vhost_symlink_ensure, + path => "${vhost_enable_dir}/${filename}", + target => "${::apache::vhost_dir}/${filename}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => Concat[$filename], + notify => Service['httpd'], + } + } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => $filename, + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + concat::fragment { "${name}-docroot": + target => $filename, + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => $filename, + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => $filename, + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => $filename, + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => $filename, + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + # - $shibboleth_enabled + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => $filename, + order => 60, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => $filename, + order => 70, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => $filename, + order => 80, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => $filename, + order => 90, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + if $access_log { + concat::fragment { "${name}-access_log": + target => $filename, + order => 100, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => $filename, + order => 110, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => $filename, + order => 120, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => $filename, + order => 130, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass { + concat::fragment { "${name}-proxy": + target => $filename, + order => 140, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => $filename, + order => 150, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_dest + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + # - $redirectmatch_dest + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + concat::fragment { "${name}-redirect": + target => $filename, + order => 160, + content => template('apache/vhost/_redirect.erb'), + } } - } else { - $_directory_version = { - order => 'allow,deny', - allow => 'from all', + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => $filename, + order => 170, + content => template('apache/vhost/_rewrite.erb'), } } - - $_directories = [ merge($_directory, $_directory_version) ] - } - - concat { "${priority_real}-${filename}.conf": - ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - order => 'numeric', - require => Package['httpd'], - notify => Service['httpd'], - } - if $::osfamily == 'Debian' { - $vhost_enable_dir = $::apache::vhost_enable_dir - $vhost_symlink_ensure = $ensure ? { - present => link, - default => $ensure, - } - file{ "${priority_real}-${filename}.conf symlink": - ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - require => Concat["${priority_real}-${filename}.conf"], - notify => Service['httpd'], - } - } - - # Template uses: - # - $nvh_addr_port - # - $servername - # - $serveradmin - concat::fragment { "${name}-apache-header": - target => "${priority_real}-${filename}.conf", - order => 0, - content => template('apache/vhost/_file_header.erb'), - } - - # Template uses: - # - $virtual_docroot - # - $docroot - concat::fragment { "${name}-docroot": - target => "${priority_real}-${filename}.conf", - order => 10, - content => template('apache/vhost/_docroot.erb'), - } - - # Template uses: - # - $aliases - if $aliases and ! empty($aliases) { - concat::fragment { "${name}-aliases": - target => "${priority_real}-${filename}.conf", - order => 20, - content => template('apache/vhost/_aliases.erb'), - } - } - - # Template uses: - # - $itk - # - $::kernelversion - if $itk and ! empty($itk) { - concat::fragment { "${name}-itk": - target => "${priority_real}-${filename}.conf", - order => 30, - content => template('apache/vhost/_itk.erb'), - } - } - - # Template uses: - # - $fallbackresource - if $fallbackresource { - concat::fragment { "${name}-fallbackresource": - target => "${priority_real}-${filename}.conf", - order => 40, - content => template('apache/vhost/_fallbackresource.erb'), - } - } - - # Template uses: - # - $allow_encoded_slashes - if $allow_encoded_slashes { - concat::fragment { "${name}-allow_encoded_slashes": - target => "${priority_real}-${filename}.conf", - order => 50, - content => template('apache/vhost/_allow_encoded_slashes.erb'), - } - } - - # Template uses: - # - $_directories - # - $docroot - # - $apache_version - # - $suphp_engine - # - $shibboleth_enabled - if $_directories and ! empty($_directories) { - concat::fragment { "${name}-directories": - target => "${priority_real}-${filename}.conf", - order => 60, - content => template('apache/vhost/_directories.erb'), - } - } - - # Template uses: - # - $additional_includes - if $additional_includes and ! empty($additional_includes) { - concat::fragment { "${name}-additional_includes": - target => "${priority_real}-${filename}.conf", - order => 70, - content => template('apache/vhost/_additional_includes.erb'), - } - } - - # Template uses: - # - $error_log - # - $log_level - # - $error_log_destination - # - $log_level - if $error_log or $log_level { - concat::fragment { "${name}-logging": - target => "${priority_real}-${filename}.conf", - order => 80, - content => template('apache/vhost/_logging.erb'), - } - } - - # Template uses no variables - concat::fragment { "${name}-serversignature": - target => "${priority_real}-${filename}.conf", - order => 90, - content => template('apache/vhost/_serversignature.erb'), - } - - # Template uses: - # - $access_log - # - $_access_log_env_var - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - if $access_log { - concat::fragment { "${name}-access_log": - target => "${priority_real}-${filename}.conf", - order => 100, - content => template('apache/vhost/_access_log.erb'), - } - } - - # Template uses: - # - $action - if $action { - concat::fragment { "${name}-action": - target => "${priority_real}-${filename}.conf", - order => 110, - content => template('apache/vhost/_action.erb'), - } - } - - # Template uses: - # - $block - # - $apache_version - if $block and ! empty($block) { - concat::fragment { "${name}-block": - target => "${priority_real}-${filename}.conf", - order => 120, - content => template('apache/vhost/_block.erb'), - } - } - - # Template uses: - # - $error_documents - if $error_documents and ! empty($error_documents) { - concat::fragment { "${name}-error_document": - target => "${priority_real}-${filename}.conf", - order => 130, - content => template('apache/vhost/_error_document.erb'), - } - } - - # Template uses: - # - $proxy_dest - # - $proxy_pass - # - $proxy_preserve_host - # - $no_proxy_uris - if $proxy_dest or $proxy_pass { - concat::fragment { "${name}-proxy": - target => "${priority_real}-${filename}.conf", - order => 140, - content => template('apache/vhost/_proxy.erb'), - } - } - - # Template uses: - # - $rack_base_uris - if $rack_base_uris { - concat::fragment { "${name}-rack": - target => "${priority_real}-${filename}.conf", - order => 150, - content => template('apache/vhost/_rack.erb'), - } - } - - # Template uses: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # - $redirect_dest_a - # - $redirect_source_a - # - $redirect_status_a - # - $redirectmatch_status - # - $redirectmatch_regexp - # - $redirectmatch_dest - # - $redirectmatch_status_a - # - $redirectmatch_regexp_a - # - $redirectmatch_dest - if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { - concat::fragment { "${name}-redirect": - target => "${priority_real}-${filename}.conf", - order => 160, - content => template('apache/vhost/_redirect.erb'), - } - } - - # Template uses: - # - $rewrites - # - $rewrite_base - # - $rewrite_rule - # - $rewrite_cond - if $rewrites or $rewrite_rule { - concat::fragment { "${name}-rewrite": - target => "${priority_real}-${filename}.conf", - order => 170, - content => template('apache/vhost/_rewrite.erb'), - } - } - - # Template uses: - # - $scriptaliases - # - $scriptalias - if $scriptaliases and ! empty($scriptaliases) { - concat::fragment { "${name}-scriptalias": - target => "${priority_real}-${filename}.conf", + + # Template uses: + # - $scriptaliases + # - $scriptalias + if $scriptaliases and ! empty($scriptaliases) { + concat::fragment { "${name}-scriptalias": + target => $filename, order => 180, content => template('apache/vhost/_scriptalias.erb'), } } - + # Template uses: # - $serveraliases if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": - target => "${priority_real}-${filename}.conf", - order => 190, - content => template('apache/vhost/_serveralias.erb'), - } + target => $filename, + order => 190, + content => template('apache/vhost/_serveralias.erb'), } +} - # Template uses: - # - $setenv - # - $setenvif - if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { - concat::fragment { "${name}-setenv": - target => "${priority_real}-${filename}.conf", - order => 200, - content => template('apache/vhost/_setenv.erb'), - } - } +# Template uses: +# - $setenv +# - $setenvif +if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => $filename, + order => 200, + content => template('apache/vhost/_setenv.erb'), +} +} - # Template uses: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl_path - # - $ssl_crl - # - $ssl_crl_check - # - $ssl_proxyengine - # - $ssl_protocol - # - $ssl_cipher - # - $ssl_honorcipherorder - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # - $apache_version - if $ssl { - concat::fragment { "${name}-ssl": - target => "${priority_real}-${filename}.conf", - order => 210, - content => template('apache/vhost/_ssl.erb'), - } - } +# Template uses: +# - $ssl +# - $ssl_cert +# - $ssl_key +# - $ssl_chain +# - $ssl_certs_dir +# - $ssl_ca +# - $ssl_crl_path +# - $ssl_crl +# - $ssl_crl_check +# - $ssl_proxyengine +# - $ssl_protocol +# - $ssl_cipher +# - $ssl_honorcipherorder +# - $ssl_verify_client +# - $ssl_verify_depth +# - $ssl_options +# - $apache_version +if $ssl { + concat::fragment { "${name}-ssl": + target => $filename, + order => 210, + content => template('apache/vhost/_ssl.erb'), +} +} - # Template uses: - # - $suphp_engine - # - $suphp_addhandler - # - $suphp_configpath - if $suphp_engine == 'on' { - concat::fragment { "${name}-suphp": - target => "${priority_real}-${filename}.conf", - order => 220, - content => template('apache/vhost/_suphp.erb'), - } - } +# Template uses: +# - $suphp_engine +# - $suphp_addhandler +# - $suphp_configpath +if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => $filename, + order => 220, + content => template('apache/vhost/_suphp.erb'), +} +} - # Template uses: - # - $php_admin_values - # - $php_admin_flags - if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { - concat::fragment { "${name}-php_admin": - target => "${priority_real}-${filename}.conf", - order => 230, - content => template('apache/vhost/_php_admin.erb'), - } - } +# Template uses: +# - $php_admin_values +# - $php_admin_flags +if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => $filename, + order => 230, + content => template('apache/vhost/_php_admin.erb'), +} +} - # Template uses: - # - $headers - if $headers and ! empty($headers) { - concat::fragment { "${name}-header": - target => "${priority_real}-${filename}.conf", - order => 240, - content => template('apache/vhost/_header.erb'), - } - } +# Template uses: +# - $headers +if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => $filename, + order => 240, + content => template('apache/vhost/_header.erb'), +} +} - # Template uses: - # - $request_headers - if $request_headers and ! empty($request_headers) { - concat::fragment { "${name}-requestheader": - target => "${priority_real}-${filename}.conf", - order => 250, - content => template('apache/vhost/_requestheader.erb'), - } - } +# Template uses: +# - $request_headers +if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => $filename, + order => 250, + content => template('apache/vhost/_requestheader.erb'), +} +} - # Template uses: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_daemon_process_options - # - $wsgi_import_script - # - $wsgi_import_script_options - # - $wsgi_process_group - # - $wsgi_script_aliases - # - $wsgi_pass_authorization - if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { - concat::fragment { "${name}-wsgi": - target => "${priority_real}-${filename}.conf", - order => 260, - content => template('apache/vhost/_wsgi.erb'), - } - } +# Template uses: +# - $wsgi_application_group +# - $wsgi_daemon_process +# - $wsgi_daemon_process_options +# - $wsgi_import_script +# - $wsgi_import_script_options +# - $wsgi_process_group +# - $wsgi_script_aliases +# - $wsgi_pass_authorization +if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => $filename, + order => 260, + content => template('apache/vhost/_wsgi.erb'), +} +} - # Template uses: - # - $custom_fragment - if $custom_fragment { - concat::fragment { "${name}-custom_fragment": - target => "${priority_real}-${filename}.conf", - order => 270, - content => template('apache/vhost/_custom_fragment.erb'), - } - } +# Template uses: +# - $custom_fragment +if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => $filename, + order => 270, + content => template('apache/vhost/_custom_fragment.erb'), +} +} - # Template uses: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # - $apache_version - if $fastcgi_server or $fastcgi_dir { - concat::fragment { "${name}-fastcgi": - target => "${priority_real}-${filename}.conf", - order => 280, - content => template('apache/vhost/_fastcgi.erb'), - } - } +# Template uses: +# - $fastcgi_server +# - $fastcgi_socket +# - $fastcgi_dir +# - $apache_version +if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => $filename, + order => 280, + content => template('apache/vhost/_fastcgi.erb'), +} +} - # Template uses: - # - $suexec_user_group - if $suexec_user_group { - concat::fragment { "${name}-suexec": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_suexec.erb'), - } - } +# Template uses: +# - $suexec_user_group +if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => $filename, + order => 290, + content => template('apache/vhost/_suexec.erb'), +} +} - # Template uses: - # - $passenger_app_root - # - $passenger_ruby - # - $passenger_min_instances - # - $passenger_start_timeout - # - $passenger_pre_start - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 300, - content => template('apache/vhost/_passenger.erb'), - } - } +# Template uses: +# - $passenger_app_root +# - $passenger_ruby +# - $passenger_min_instances +# - $passenger_start_timeout +# - $passenger_pre_start +if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => $filename, + order => 300, + content => template('apache/vhost/_passenger.erb'), +} +} - # Template uses: - # - $add_default_charset - if $add_default_charset { - concat::fragment { "${name}-charsets": - target => "${priority_real}-${filename}.conf", - order => 310, - content => template('apache/vhost/_charsets.erb'), - } - } +# Template uses: +# - $add_default_charset +if $add_default_charset { + concat::fragment { "${name}-charsets": + target => $filename, + order => 310, + content => template('apache/vhost/_charsets.erb'), +} +} - # Template uses no variables - concat::fragment { "${name}-file_footer": - target => "${priority_real}-${filename}.conf", - order => 999, - content => template('apache/vhost/_file_footer.erb'), - } +# Template uses no variables +concat::fragment { "${name}-file_footer": +target => $filename, +order => 999, +content => template('apache/vhost/_file_footer.erb'), +} } diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index fce6bb306f..bbceaca3e7 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -35,4 +35,21 @@ class { 'apache': } it { is_expected.to contain '# just a comment' } end end + + describe 'custom_config without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'prefix_test': + priority => false, + content => '# just a comment', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/prefix_test.conf") do + it { is_expected.to be_file } + end + end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..72d30f10ff 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1223,4 +1223,20 @@ class { 'apache': } end end + describe 'virtualhost without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.server': + priority => false, + docroot => '/tmp' + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/test.server.conf") do + it { is_expected.to be_file } + end + end end From 2bae808dce4f2edbd23516d216445ae9ed0e2a85 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Thu, 20 Nov 2014 15:34:34 -0800 Subject: [PATCH 0460/2267] Add metadata summary per FM-1523 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index f6361a10e0..f59c55a60b 100644 --- a/metadata.json +++ b/metadata.json @@ -2,7 +2,7 @@ "name": "puppetlabs-apache", "version": "1.2.0", "author": "puppetlabs", - "summary": "Puppet module for Apache", + "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", From d833c3e6a81752453738becf56fafd8c0d996d09 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Fri, 21 Nov 2014 11:08:20 -0800 Subject: [PATCH 0461/2267] Fix MODULES-1510 Removes wiki link from Contributing section and replaces it with newly-created docs site link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 719e6bde14..8994e6baa2 100644 --- a/README.md +++ b/README.md @@ -2374,7 +2374,7 @@ Puppet Labs modules on the Puppet Forge are open projects, and community contrib We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) +Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html) ###Running tests From 5efcdcda4a71f69dbe80ca8326dfdc2d13ab8829 Mon Sep 17 00:00:00 2001 From: valeriominetti Date: Wed, 26 Nov 2014 14:58:52 +0100 Subject: [PATCH 0462/2267] MODULES-825: apache 2.4 mod_itk needs mod_prefork in apache 2.4 mod_prefork can be installed along with mod_itk On ubuntu 14.04 mod_itk library name is "mpm_itk.so" instead of "mod_mpm_itk.so". Added an if statement that creates a symlink in case of a debian distro. this preserve old manifest behaviour in library loading while fixing ubuntu bug. --- manifests/mod/itk.pp | 6 ++++-- manifests/mod/prefork.pp | 6 ++++-- manifests/mpm.pp | 7 +++++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 1083e5ed24..dc020b810a 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -13,8 +13,10 @@ if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + } } if defined(Class['apache::mod::worker']) { fail('May not include both apache::mod::itk and apache::mod::worker on the same node') diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index b3adeae8c8..6a66ef1c90 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -10,8 +10,10 @@ if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + } } if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node') diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 6437016ba7..ca976a41bd 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -45,6 +45,13 @@ before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } + + if $mpm == 'itk' { + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } + } } if versioncmp($apache_version, '2.4') < 0 { From 66036ddae62ce92377381846c0ad4d21ba72da29 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 2 Dec 2014 11:41:33 -0800 Subject: [PATCH 0463/2267] Update for using Geppetto plugin in CI --- .geppetto-rc.json | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .geppetto-rc.json diff --git a/.geppetto-rc.json b/.geppetto-rc.json new file mode 100644 index 0000000000..7df2329891 --- /dev/null +++ b/.geppetto-rc.json @@ -0,0 +1,9 @@ +{ + "excludes": [ + "**/contrib/**", + "**/examples/**", + "**/tests/**", + "**/spec/**", + "**/pkg/**" + ] +} From 8f89cae176f0b6bb97c54f48f5859834c3422bb8 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 2 Dec 2014 16:43:07 -0800 Subject: [PATCH 0464/2267] Fix uninitialized variable lint --- manifests/mod/version.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp index c0e405686a..1cc4412e1d 100644 --- a/manifests/mod/version.pp +++ b/manifests/mod/version.pp @@ -1,4 +1,6 @@ -class apache::mod::version { +class apache::mod::version( + $apache_version = $::apache::apache_version +) { if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { warning("${module_name}: module version_module is built-in and can't be loaded") From 371da59865bff0d410f1c40d97ef5b8331ecda05 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Tue, 2 Dec 2014 20:14:31 -0700 Subject: [PATCH 0465/2267] add centos7 beaker host --- spec/acceptance/nodesets/centos-70-x64.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 spec/acceptance/nodesets/centos-70-x64.yml diff --git a/spec/acceptance/nodesets/centos-70-x64.yml b/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 0000000000..2ab0052043 --- /dev/null +++ b/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + box : puppetlabs/centos-7.0-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm + hypervisor : vagrant +CONFIG: + log_level: verbose + type: foss From f2b83cb22a9313e7f44a1f4e697a6ebabbb26870 Mon Sep 17 00:00:00 2001 From: Spencer Krum Date: Sun, 7 Dec 2014 12:16:17 -0800 Subject: [PATCH 0466/2267] Fix linting errors --- manifests/mpm.pp | 6 +++--- manifests/params.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index ca976a41bd..180686cfa3 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -45,11 +45,11 @@ before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } - + if $mpm == 'itk' { file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so" + ensure => link, + target => "${lib_path}/mpm_itk.so" } } } diff --git a/manifests/params.pp b/manifests/params.pp index 6a221fd633..7c836146cc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -104,7 +104,7 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef From 4bb91692bcd05c3e0dde16d05025384e65ccc048 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Mon, 8 Dec 2014 13:02:02 -0500 Subject: [PATCH 0467/2267] Fix support for Fedora Rawhide --- manifests/version.pp | 2 +- spec/classes/apache_spec.rb | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index dc5288dca0..fae008a84d 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -12,7 +12,7 @@ case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { + if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { $default = '2.4' } else { $default = '2.2' diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index fe61a9796b..a9d9438544 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -488,6 +488,42 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } end end + context "on Fedora" do + let :facts do + super().merge({ + :operatingsystem => 'Fedora' + }) + end + + context "21" do + let :facts do + super().merge({ + :lsbdistrelease => '21', + :operatingsystemrelease => '21' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + context "Rawhide" do + let :facts do + super().merge({ + :lsbdistrelease => 'Rawhide', + :operatingsystemrelease => 'Rawhide' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + # kinda obsolete + context "17" do + let :facts do + super().merge({ + :lsbdistrelease => '17', + :operatingsystemrelease => '17' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } + end + end end context "on a FreeBSD OS" do let :facts do From 4bf9de724f8421411efa4daee42b91fb473f71a5 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 8 Dec 2014 10:23:13 -0800 Subject: [PATCH 0468/2267] Update .travis.yml, Gemfile, Rakefile, and CONTRIBUTING.md --- .travis.yml | 2 +- CONTRIBUTING.md | 22 ++++------------------ Gemfile | 12 +++++++----- 3 files changed, 12 insertions(+), 24 deletions(-) diff --git a/.travis.yml b/.travis.yml index 86222c2813..bd66c7d1c3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ --- language: ruby -bundler_args: --without development +bundler_args: --without system_tests script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e1288478a2..f1cbde4bbf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -41,11 +41,9 @@ Checklist (and a short version for the impatient) * Pre-requisites: - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. * Preferred method: @@ -94,17 +92,7 @@ The long version whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches + 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of @@ -124,7 +112,7 @@ The long version in order to open a pull request. - 4. Update the related GitHub issue. + 3. Update the related GitHub issue. If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the @@ -220,14 +208,12 @@ review. Additional Resources ==================== -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) +* [Getting additional help](http://puppetlabs.com/community/get-help) * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) * [Patchwork](https://patchwork.puppetlabs.com) -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) diff --git a/Gemfile b/Gemfile index e960f7c4b7..0684f19238 100644 --- a/Gemfile +++ b/Gemfile @@ -1,15 +1,17 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do +group :development, :unit_tests do gem 'rake', :require => false gem 'rspec-puppet', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'serverspec', :require => false gem 'puppet-lint', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false - gem 'pry', :require => false gem 'simplecov', :require => false + gem 'puppet_facts', :require => false +end + +group :system_tests do + gem 'beaker-rspec', :require => false + gem 'serverspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION'] From e079dc81c441ea2f460ae0bee89d402556bde9df Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 8 Dec 2014 22:52:02 -0800 Subject: [PATCH 0469/2267] Add json gem The puppet_facts gem implicitly depends on the json gem. On Ruby 1.8.7, json is not built in. On Puppet 2.7, it is not explicitly pulled in by the hiera gem. So we add it here explicitly. --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 0684f19238..12fd363eac 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ group :development, :unit_tests do gem 'puppet-lint', :require => false gem 'simplecov', :require => false gem 'puppet_facts', :require => false + gem 'json', :require => false end group :system_tests do From dd4a8d8fb7579d0461e40be8a92308a4e288b2a4 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 16 Dec 2014 22:32:56 +0100 Subject: [PATCH 0470/2267] acceptance: add test for actual port --- spec/acceptance/class_spec.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index e006251cf8..954b6ac587 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -32,6 +32,10 @@ class { 'apache': } it { is_expected.to be_enabled } it { is_expected.to be_running } end + + describe port(80) do + it { should be_listening } + end end context 'custom site/mod dir parameters' do From afca7d5317d783e64e3f974146a80b48565b6be3 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 17 Dec 2014 11:55:15 +0100 Subject: [PATCH 0471/2267] Fix apache::mod::version title written as apache::mod::reqtimeout --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8994e6baa2..f580bb6bc9 100644 --- a/README.md +++ b/README.md @@ -860,7 +860,7 @@ mod_reqtimeout configuration. } ``` -####Class: `apache::mod::reqtimeout` +####Class: `apache::mod::version` This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 about loading mod_version, as on these platforms it's already built-in. From 45efd31927f60ddf795410ea99d15a856db8a9b1 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Tue, 2 Dec 2014 20:08:03 -0700 Subject: [PATCH 0472/2267] add mod_security apache module --- README.md | 85 ++++-- manifests/mod/security.pp | 64 ++++ manifests/params.pp | 54 ++++ manifests/security/rule_link.pp | 12 + manifests/vhost.pp | 30 +- spec/acceptance/mod_security_spec.rb | 228 ++++++++++++++ spec/classes/mod/security_spec.rb | 93 ++++++ spec/defines/modsec_link_spec.rb | 51 ++++ templates/mod/security.conf.erb | 68 +++++ templates/mod/security_crs.conf.erb | 428 +++++++++++++++++++++++++++ templates/vhost/_security.erb | 20 ++ 11 files changed, 1114 insertions(+), 19 deletions(-) create mode 100644 manifests/mod/security.pp create mode 100644 manifests/security/rule_link.pp create mode 100644 spec/acceptance/mod_security_spec.rb create mode 100644 spec/classes/mod/security_spec.rb create mode 100644 spec/defines/modsec_link_spec.rb create mode 100644 templates/mod/security.conf.erb create mode 100644 templates/mod/security_crs.conf.erb create mode 100644 templates/vhost/_security.erb diff --git a/README.md b/README.md index 8994e6baa2..87c385348c 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::security](#class-modsecurity) * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) @@ -555,6 +556,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rewrite` * `rpaf`* * `setenvif` +* `security` * `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) @@ -583,7 +585,7 @@ To configure the event thread limit: $threadlimit => '128', } ``` - + ####Class: `apache::mod::info` @@ -748,8 +750,8 @@ Installs Apache mod_status and uses the status.conf.erb template. These are the extended_status = 'On', status_path = '/server-status', ){ - - + + } ``` @@ -875,6 +877,24 @@ A string or an array that sets the `RequestReadTimeout` option. Defaults to `['header=20-40,MinRate=500', 'body=20,MinRate=500']`. +####Class: `apache::mod::security` + +Installs and configures mod_security. Defaults to enabled and running on all +vhosts. + +```puppet + include '::apache::mod::security' +``` + +#####`modsec_dir` + +Directory to install the modsec configuration and activated rules links into + +#####`activated_rules` + +Array of rules from the modsec_crs_path to activate by symlinking to +${modsec_dir}/activated_rules. + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. @@ -907,7 +927,7 @@ If you have a series of specific configurations and do not want a base `::apache #####`access_log` -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. +Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. #####`access_log_file` @@ -1109,6 +1129,34 @@ in without being aware of the consequences; see http://httpd.apache.org/docs/2.4 Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. +######`modsec_body_limit` + +Configures the maximum request body size (in bytes) ModSecurity will accept for buffering + +######`modsec_disable_vhost` + +Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. + +######`modsec_disable_ids` + +Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], + } +``` + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, + } +``` + +######`modsec_disable_ips` + +Array of IPs to exclude from mod_security rule matching + #####`no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). @@ -1160,7 +1208,7 @@ Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.ne #####`port` -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. #####`priority` @@ -1208,7 +1256,7 @@ Specifies the address to redirect to. Defaults to 'undef'. #####`redirect_source` -Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. +Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ```puppet apache::vhost { 'site.name.fdqn': @@ -1459,9 +1507,9 @@ To set up a virtual host with WSGI The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. -The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. +The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. General `directories` usage looks something like @@ -1488,7 +1536,7 @@ Available handlers, represented as keys, should be placed within the `directory` } ``` -Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: +Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: ######`addhandlers` @@ -1620,7 +1668,7 @@ Pass a string of custom configuration directives to be placed at the end of the ######`deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': @@ -1734,10 +1782,10 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', + directories => [ + { path => '/path/to/directory', passenger_enabled => 'on', - }, + }, ], } ``` @@ -1771,9 +1819,9 @@ Sets a `SetHandler` directive as per the [Apache Core documentation](http://http ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', } ], } @@ -1824,7 +1872,7 @@ Allows an valid content setting to be set or altered for the application request ######`shib_use_headers` -When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ######`ssl_options` @@ -2015,7 +2063,7 @@ A unique alias. This is used internally to link the action with the FastCGI serv #####`file_type` -The MIME-type of the file to be processed by the FastCGI server. +The MIME-type of the file to be processed by the FastCGI server. ###Virtual Host Examples @@ -2310,6 +2358,7 @@ If you need to use ProxySet in the balancer config * `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. * `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. +* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk. ###Templates diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp new file mode 100644 index 0000000000..9641d70df5 --- /dev/null +++ b/manifests/mod/security.pp @@ -0,0 +1,64 @@ +class apache::mod::security ( + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, +){ + + if $::osfamily == 'FreeBSD' { + fail('FreeBSD is not currently supported') + } + + ::apache::mod { 'security': + id => 'security2_module', + lib => 'mod_security2.so', + } + + ::apache::mod { 'unique_id_module': + id => 'unique_id_module', + lib => 'mod_unique_id.so', + } + + if $crs_package { + package { $crs_package: + ensure => 'latest', + before => File['security.conf'], + } + } + + # Template uses: + # - $modsec_dir + file { 'security.conf': + ensure => file, + content => template('apache/mod/security.conf.erb'), + path => "${::apache::mod_dir}/security.conf", + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + + file { $modsec_dir: + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + recurse => true, + } + + file { "${modsec_dir}/activated_rules": + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + } + + file { "${modsec_dir}/security_crs.conf": + ensure => file, + content => template('apache/mod/security_crs.conf.erb'), + require => File[$modsec_dir], + notify => Service['httpd'], + } + + apache::security::rule_link { $activated_rules: } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 6a221fd633..ac92b2b147 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -83,6 +83,7 @@ }, 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', + 'security' => 'mod_security', 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', @@ -109,6 +110,32 @@ } else { $wsgi_socket_prefix = undef } + $modsec_crs_package = 'mod_security_crs' + $modsec_crs_path = '/usr/lib/modsecurity.d' + $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -149,6 +176,7 @@ 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', @@ -165,6 +193,32 @@ $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' $docroot = '/var/www' + $modsec_crs_package = 'modsecurity-crs' + $modsec_crs_path = '/usr/share/modsecurity-crs' + $modsec_dir = '/etc/modsecurity' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] # # Passenger-specific settings diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp new file mode 100644 index 0000000000..1ddc9d6aa3 --- /dev/null +++ b/manifests/security/rule_link.pp @@ -0,0 +1,12 @@ +define apache::security::rule_link () { + + $parts = split($title, '/') + $filename = $parts[-1] + + file { $filename: + ensure => 'link', + path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", + target => "${::apache::params::modsec_crs_path}/${title}", + require => File["${::apache::mod::security::modsec_dir}/activated_rules"], + } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 50b3a1ec4a..711dffeeb2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -106,6 +106,10 @@ $passenger_start_timeout = undef, $passenger_pre_start = undef, $add_default_charset = undef, + $modsec_disable_vhost = undef, + $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + $modsec_body_limit = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -414,6 +418,17 @@ $_directories = [ merge($_directory, $_directory_version) ] } + ## Create a global LocationMatch if locations aren't defined + if $modsec_disable_ids { + if is_hash($modsec_disable_ids) { + $_modsec_disable_ids = $modsec_disable_ids + } elsif is_array($modsec_disable_ids) { + $_modsec_disable_ids = { '.*' => $modsec_disable_ids } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + } + } + concat { "${priority_real}-${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", @@ -491,7 +506,7 @@ content => template('apache/vhost/_fallbackresource.erb'), } } - + # Template uses: # - $allow_encoded_slashes if $allow_encoded_slashes { @@ -823,6 +838,19 @@ } } + # Template uses: + # - $modsec_disable_vhost + # - $modsec_disable_ids + # - $modsec_disable_ips + # - $modsec_body_limit + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { + concat::fragment { "${name}-security": + target => "${priority_real}-${filename}.conf", + order => 320, + content => template('apache/vhost/_security.erb') + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}-${filename}.conf", diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb new file mode 100644 index 0000000000..74d1cd26ea --- /dev/null +++ b/spec/acceptance/mod_security_spec.rb @@ -0,0 +1,228 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::security class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + package_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + package_name = 'httpd' + end + + context "default mod_security config" do + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe package(package_name) do + it { is_expected.to be_installed } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + end #default mod_security config + + context "mod_security should allow disabling by vhost" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Index page\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_vhost => false, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by vhost + + context "mod_security should allow disabling by ip" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Index page\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ips => [ '127.0.0.1' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by ip + + context "mod_security should allow disabling by id" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + file { '/var/www/html/index2.html': + ensure => file, + content => 'Page 2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ids => [ '950007' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + end #mod_security should allow disabling by id + + +end #apache::mod::security class diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb new file mode 100644 index 0000000000..05586c2caa --- /dev/null +++ b/spec/classes/mod/security_spec.rb @@ -0,0 +1,93 @@ +require 'spec_helper' + +describe 'apache::mod::security', :type => :class do + let :pre_condition do + 'include apache' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('mod_security_crs') } + it { should contain_file('security.conf').with( + :path => '/etc/httpd/conf.d/security.conf' + ) } + it { should contain_file('/etc/httpd/modsecurity.d').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d/activated_rules', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( + :path => '/etc/httpd/modsecurity.d/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux' + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('modsecurity-crs') } + it { should contain_file('security.conf').with( + :path => '/etc/apache2/mods-available/security.conf' + ) } + it { should contain_file('/etc/modsecurity').with( + :ensure => 'directory', + :path => '/etc/modsecurity', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/activated_rules').with( + :ensure => 'directory', + :path => '/etc/modsecurity/activated_rules', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/security_crs.conf').with( + :path => '/etc/modsecurity/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + +end diff --git a/spec/defines/modsec_link_spec.rb b/spec/defines/modsec_link_spec.rb new file mode 100644 index 0000000000..c1633d01d8 --- /dev/null +++ b/spec/defines/modsec_link_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe 'apache::security::rule_link', :type => :define do + let :pre_condition do + 'class { "apache": } + class { "apache::mod::security": activated_rules => [] } + ' + end + + let :title do + 'base_rules/modsecurity_35_bad_robots.data' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data' + ) } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux' + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data' + ) } + end + +end diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb new file mode 100644 index 0000000000..ed884eadde --- /dev/null +++ b/templates/mod/security.conf.erb @@ -0,0 +1,68 @@ + + # ModSecurity Core Rules Set configuration +<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> + IncludeOptional <%= @modsec_dir %>/*.conf + IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf +<%- else -%> + Include <%= @modsec_dir %>/*.conf + Include <%= @modsec_dir %>/activated_rules/*.conf +<%- end -%> + + # Default recommended configuration + SecRuleEngine On + SecRequestBodyAccess On + SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + SecRequestBodyLimit 13107200 + SecRequestBodyNoFilesLimit 131072 + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimitAction Reject + SecRule REQBODY_ERROR "!@eq 0" \ + "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_MISSING_SEMICOLON}, \ + IQ %{MULTIPART_INVALID_QUOTING}, \ + IP %{MULTIPART_INVALID_PART}, \ + IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ + FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" + + SecPcreMatchLimit 1000 + SecPcreMatchLimitRecursion 1000 + + SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + SecResponseBodyAccess Off + SecResponseBodyMimeType text/plain text/html text/xml + SecResponseBodyLimit 524288 + SecResponseBodyLimitAction ProcessPartial + SecDebugLogLevel 0 + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogParts ABIJDEFHZ + SecAuditLogType Serial + SecArgumentSeparator & + SecCookieFormat 0 +<%- if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> + SecDebugLog /var/log/apache2/modsec_debug.log + SecAuditLog /var/log/apache2/modsec_audit.log + SecTmpDir /var/cache/modsecurity + SecDataDir /var/cache/modsecurity +<% else -%> + SecDebugLog /var/log/httpd/modsec_debug.log + SecAuditLog /var/log/httpd/modsec_audit.log + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security +<% end -%> + diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb new file mode 100644 index 0000000000..4a990eb3a5 --- /dev/null +++ b/templates/mod/security_crs.conf.erb @@ -0,0 +1,428 @@ +# --------------------------------------------------------------- +# Core ModSecurity Rule Set ver.2.2.6 +# Copyright (C) 2006-2012 Trustwave All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENCE file for full details. +# --------------------------------------------------------------- + + +# +# -- [[ Recommended Base Configuration ]] ------------------------------------------------- +# +# The configuration directives/settings in this file are used to control +# the OWASP ModSecurity CRS. These settings do **NOT** configure the main +# ModSecurity settings such as: +# +# - SecRuleEngine +# - SecRequestBodyAccess +# - SecAuditEngine +# - SecDebugLog +# +# You should use the modsecurity.conf-recommended file that comes with the +# ModSecurity source code archive. +# +# Ref: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended +# + + +# +# -- [[ Rule Version ]] ------------------------------------------------------------------- +# +# Rule version data is added to the "Producer" line of Section H of the Audit log: +# +# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. +# +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecComponentSignature +# +SecComponentSignature "OWASP_CRS/2.2.6" + + +# +# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] ----------------- +# +# Each detection rule uses the "block" action which will inherit the SecDefaultAction +# specified below. Your settings here will determine which mode of operation you use. +# +# -- [[ Self-Contained Mode ]] -- +# Rules inherit the "deny" disruptive action. The first rule that matches will block. +# +# -- [[ Collaborative Detection Mode ]] -- +# This is a "delayed blocking" mode of operation where each matching rule will inherit +# the "pass" action and will only contribute to anomaly scores. Transactional blocking +# can be applied +# +# -- [[ Alert Logging Control ]] -- +# You have three options - +# +# - To log to both the Apache error_log and ModSecurity audit_log file use: "log" +# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog" +# - To log *only* to the Apache error_log file use: "log,noauditlog" +# +# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction +# +SecDefaultAction "phase:1,deny,log" + + +# +# -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- +# +# These are the default scoring points for each severity level. You may +# adjust these to you liking. These settings will be used in macro expansion +# in the rules to increment the anomaly scores when rules match. +# +# These are the default Severity ratings (with anomaly scores) of the individual rules - +# +# - 2: Critical - Anomaly Score of 5. +# Is the highest severity level possible without correlation. It is +# normally generated by the web attack rules (40 level files). +# - 3: Error - Anomaly Score of 4. +# Is generated mostly from outbound leakage rules (50 level files). +# - 4: Warning - Anomaly Score of 3. +# Is generated by malicious client rules (35 level files). +# - 5: Notice - Anomaly Score of 2. +# Is generated by the Protocol policy and anomaly files. +# +SecAction \ + "id:'900001', \ + phase:1, \ + t:none, \ + setvar:tx.critical_anomaly_score=5, \ + setvar:tx.error_anomaly_score=4, \ + setvar:tx.warning_anomaly_score=3, \ + setvar:tx.notice_anomaly_score=2, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Scoring Threshold Levels ]] ------------------------------ +# +# These variables are used in macro expansion in the 49 inbound blocking and 59 +# outbound blocking files. +# +# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric +# operators. If you have an earlier version, edit the 49/59 files directly to +# set the appropriate anomaly score levels. +# +# You should set the score to the proper threshold you would prefer. If set to "5" +# it will work similarly to previous Mod CRS rules and will create an event in the error_log +# file if there are any rules that match. If you would like to lessen the number of events +# generated in the error_log file, you should increase the anomaly score threshold to +# something like "20". This would only generate an event in the error_log file if +# there are multiple lower severity rule matches or if any 1 higher severity item matches. +# +SecAction \ + "id:'900002', \ + phase:1, \ + t:none, \ + setvar:tx.inbound_anomaly_score_level=5, \ + nolog, \ + pass" + + +SecAction \ + "id:'900003', \ + phase:1, \ + t:none, \ + setvar:tx.outbound_anomaly_score_level=4, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- +# +# This is a collaborative detection mode where each rule will increment an overall +# anomaly score for the transaction. The scores are then evaluated in the following files: +# +# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file +# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file +# +# If you want to use anomaly scoring mode, then uncomment this line. +# +#SecAction \ + "id:'900004', \ + phase:1, \ + t:none, \ + setvar:tx.anomaly_score_blocking=on, \ + nolog, \ + pass" + + +# +# -- [[ GeoIP Database ]] ----------------------------------------------------------------- +# +# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. +# +# You must first download the MaxMind GeoIP Lite City DB - +# +# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +# +# You then need to define the proper path for the SecGeoLookupDb directive +# +# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html +# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html +# +#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat + +# +# -- [[ Regression Testing Mode ]] -------------------------------------------------------- +# +# If you are going to run the regression testing mode, you should uncomment the +# following rule. It will enable DetectionOnly mode for the SecRuleEngine and +# will enable Response Header tagging so that the client testing script can see +# which rule IDs have matched. +# +# You must specify the your source IP address where you will be running the tests +# from. +# +#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ + "id:'900005', \ + phase:1, \ + t:none, \ + ctl:ruleEngine=DetectionOnly, \ + setvar:tx.regression_testing=1, \ + nolog, \ + pass" + + +# +# -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- +# +# Set the following policy settings here and they will be propagated to the 23 rules +# file (modsecurity_common_23_request_limits.conf) by using macro expansion. +# If you run into false positives, you can adjust the settings here. +# +# Only the max number of args is uncommented by default as there are a high rate +# of false positives. Uncomment the items you wish to set. +# +# +# -- Maximum number of arguments in request limited +SecAction \ + "id:'900006', \ + phase:1, \ + t:none, \ + setvar:tx.max_num_args=255, \ + nolog, \ + pass" + +# +# -- Limit argument name length +#SecAction \ + "id:'900007', \ + phase:1, \ + t:none, \ + setvar:tx.arg_name_length=100, \ + nolog, \ + pass" + +# +# -- Limit value name length +#SecAction \ + "id:'900008', \ + phase:1, \ + t:none, \ + setvar:tx.arg_length=400, \ + nolog, \ + pass" + +# +# -- Limit arguments total length +#SecAction \ + "id:'900009', \ + phase:1, \ + t:none, \ + setvar:tx.total_arg_length=64000, \ + nolog, \ + pass" + +# +# -- Individual file size is limited +#SecAction \ + "id:'900010', \ + phase:1, \ + t:none, \ + setvar:tx.max_file_size=1048576, \ + nolog, \ + pass" + +# +# -- Combined file size is limited +#SecAction \ + "id:'900011', \ + phase:1, \ + t:none, \ + setvar:tx.combined_file_sizes=1048576, \ + nolog, \ + pass" + + +# +# Set the following policy settings here and they will be propagated to the 30 rules +# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. +# If you run into false positves, you can adjust the settings here. +# +SecAction \ + "id:'900012', \ + phase:1, \ + t:none, \ + setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \ + setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ + setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ + setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \ + setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ + nolog, \ + pass" + + +# +# -- [[ Content Security Policy (CSP) Settings ]] ----------------------------------------- +# +# The purpose of these settings is to send CSP response headers to +# Mozilla FireFox users so that you can enforce how dynamic content +# is used. CSP usage helps to prevent XSS attacks against your users. +# +# Reference Link: +# +# https://developer.mozilla.org/en/Security/CSP +# +# Uncomment this SecAction line if you want use CSP enforcement. +# You need to set the appropriate directives and settings for your site/domain and +# and activate the CSP file in the experimental_rules directory. +# +# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html +# +#SecAction \ + "id:'900013', \ + phase:1, \ + t:none, \ + setvar:tx.csp_report_only=1, \ + setvar:tx.csp_report_uri=/csp_violation_report, \ + setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \ + nolog, \ + pass" + + +# +# -- [[ Brute Force Protection ]] --------------------------------------------------------- +# +# If you are using the Brute Force Protection rule set, then uncomment the following +# lines and set the following variables: +# - Protected URLs: resources to protect (e.g. login pages) - set to your login page +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900014', \ + phase:1, \ + t:none, \ + setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \ + setvar:'tx.brute_force_burst_time_slice=60', \ + setvar:'tx.brute_force_counter_threshold=10', \ + setvar:'tx.brute_force_block_timeout=300', \ + nolog, \ + pass" + + +# +# -- [[ DoS Protection ]] ---------------------------------------------------------------- +# +# If you are using the DoS Protection rule set, then uncomment the following +# lines and set the following variables: +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900015', \ + phase:1, \ + t:none, \ + setvar:'tx.dos_burst_time_slice=60', \ + setvar:'tx.dos_counter_threshold=100', \ + setvar:'tx.dos_block_timeout=600', \ + nolog, \ + pass" + + +# +# -- [[ Check UTF enconding ]] ----------------------------------------------------------- +# +# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise +# it will result in false positives. +# +# Uncomment this line if your site uses UTF8 encoding +#SecAction \ + "id:'900016', \ + phase:1, \ + t:none, \ + setvar:tx.crs_validate_utf8_encoding=1, \ + nolog, \ + pass" + + +# +# -- [[ Enable XML Body Parsing ]] ------------------------------------------------------- +# +# The rules in this file will trigger the XML parser upon an XML request +# +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'900017', \ + phase:1, \ + t:none,t:lowercase, \ + nolog, \ + pass, \ + chain" + SecRule REQBODY_PROCESSOR "!@streq XML" \ + "ctl:requestBodyProcessor=XML" + + +# +# -- [[ Global and IP Collections ]] ----------------------------------------------------- +# +# Create both Global and IP collections for rules to use +# There are some CRS rules that assume that these two collections +# have already been initiated. +# +SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \ + "id:'900018', \ + phase:1, \ + t:none,t:sha1,t:hexEncode, \ + setvar:tx.ua_hash=%{matched_var}, \ + nolog, \ + pass" + + +SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \ + "id:'900019', \ + phase:1, \ + t:none, \ + capture, \ + setvar:tx.real_ip=%{tx.1}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "!@eq 0" \ + "id:'900020', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "@eq 0" \ + "id:'900021', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ + nolog, \ + pass" diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb new file mode 100644 index 0000000000..5ab0a5b5da --- /dev/null +++ b/templates/vhost/_security.erb @@ -0,0 +1,20 @@ +<% if @modsec_disable_vhost -%> + SecRuleEngine Off +<% end -%> +<% if @_modsec_disable_ids.is_a?(Hash) -%> +<% @_modsec_disable_ids.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveById <%= rule %> +<% end -%> + +<% end -%> +<% end -%> +<% ips = Array(@modsec_disable_ips).join(',') %> +<% if ips != '' %> + SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" + SecAction "phase:2,pass,nolog,id:1234123456" +<% end -%> +<% if @modsec_body_limit -%> + SecRequestBodyLimit <%= @modsec_body_limit %> +<% end -%> From 69456070d21de95457eea754362fef890335a26c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 18 Dec 2014 16:36:59 -0800 Subject: [PATCH 0473/2267] Fix tests from #948 --- spec/acceptance/mod_security_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 74d1cd26ea..2e7948023c 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -101,7 +101,7 @@ class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', docroot => '/var/www/html', - modsec_disable_vhost => false, + modsec_disable_vhost => true, } EOS apply_manifest(pp, :catch_failures => true) From a1309d889b0387c923e76603cbcaa2e23caec275 Mon Sep 17 00:00:00 2001 From: Armin ranjbar Date: Fri, 19 Dec 2014 16:56:42 +0330 Subject: [PATCH 0474/2267] Fixes version automatic detection for debian jessie; Debian 8, Jessie uses Apache version 2.4 --- manifests/version.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/version.pp b/manifests/version.pp index dc5288dca0..4c245339e0 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -21,6 +21,8 @@ 'Debian': { if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { $default = '2.4' + } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { + $default = '2.4' } else { $default = '2.2' } From c47f0e45749058edf2b85767fa7a70308fc478f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 19 Dec 2014 11:06:32 -0800 Subject: [PATCH 0475/2267] Paths should be different for all deb based OSes Not just ubuntu. Fix for #948 --- templates/mod/security.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index ed884eadde..7597c461f6 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -54,7 +54,7 @@ SecAuditLogType Serial SecArgumentSeparator & SecCookieFormat 0 -<%- if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> +<%- if scope.lookupvar('::osfamily') == 'Debian' -%> SecDebugLog /var/log/apache2/modsec_debug.log SecAuditLog /var/log/apache2/modsec_audit.log SecTmpDir /var/cache/modsecurity From bb96180f62a1897a9f81dfb6a821f2f10c9bdfd3 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 4 Dec 2014 05:58:54 -0700 Subject: [PATCH 0476/2267] MODULES-1382: support multiple access log directives --- manifests/vhost.pp | 56 +++++++++++++-------------- spec/acceptance/vhost_spec.rb | 28 ++++++++++++++ spec/defines/vhost_spec.rb | 67 +++++++++++++++++++++++++++++++++ templates/vhost/_access_log.erb | 24 ++++++++++-- 4 files changed, 143 insertions(+), 32 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 52a8056f70..9e05cb566f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -40,11 +40,12 @@ $logroot_mode = undef, $log_level = undef, $access_log = true, - $access_log_file = undef, - $access_log_pipe = undef, - $access_log_syslog = undef, - $access_log_format = undef, - $access_log_env_var = undef, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + $access_logs = undef, $aliases = undef, $directories = undef, $error_log = true, @@ -269,19 +270,28 @@ # Is apache::mod::shib enabled (or apache::mod['shib2']) $shibboleth_enabled = defined(Apache::Mod['shib2']) - # Define log file names - if $access_log_file { - $access_log_destination = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $access_log_destination = $access_log_pipe - } elsif $access_log_syslog { - $access_log_destination = $access_log_syslog - } else { - if $ssl { - $access_log_destination = "${logroot}/${name}_access_ssl.log" + if $access_log and !$access_logs { + if $access_log_file { + $_logs_dest = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $_logs_dest = $access_log_pipe + } elsif $access_log_syslog { + $_logs_dest = $access_log_syslog } else { - $access_log_destination = "${logroot}/${name}_access.log" + $_logs_dest = undef } + $_access_logs = [{ + 'file' => $access_log_file, + 'pipe' => $access_log_pipe, + 'syslog' => $access_log_syslog, + 'format' => $access_log_format, + 'env' => $access_log_env_var + }] + } elsif $access_logs { + if !is_array($access_logs) { + fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") + } + $_access_logs = $access_logs } if $error_log_file { @@ -298,17 +308,6 @@ } } - # Set access log format - if $access_log_format { - $_access_log_format = "\"${access_log_format}\"" - } else { - $_access_log_format = 'combined' - } - - if $access_log_env_var { - $_access_log_env_var = "env=${access_log_env_var}" - } - if $ip { if $port { $listen_addr_port = "${ip}:${port}" @@ -569,7 +568,8 @@ # - $access_log_destination # - $_access_log_format # - $_access_log_env_var - if $access_log { + # - $access_logs + if $access_log or $access_logs { concat::fragment { "${name}-access_log": target => "${priority_real}-${filename}.conf", order => 100, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..0aff9268c1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -761,6 +761,34 @@ class { 'apache': } end end + describe 'multiple access_logs' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + access_logs => [ + {'file' => 'log1'}, + {'file' => 'log2', 'env' => 'admin' }, + {'file' => '/var/tmp/log3', 'format' => '%h %l'}, + {'syslog' => 'syslog' } + ] + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "/tmp/log1" combined' } + it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' } + it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' } + it { is_expected.to contain 'CustomLog "syslog" combined' } + end + end + describe 'aliases' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index d80752d8ae..66b1862508 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -407,6 +407,63 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end end + describe 'access logs' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context 'single log file' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s*$/ + )} + end + context 'single log file with environment' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + 'access_log_env_var' => 'prod' + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s+env=prod$/ + )} + end + context 'multiple log files' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => [ + { 'file' => '/tmp/log1', 'env' => 'dev' }, + { 'file' => 'log2' }, + { 'syslog' => 'syslog', 'format' => '%h %l' } + ], + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "syslog" "%h %l"\s*$/ + )} + end + end # access logs describe 'validation' do context 'bad ensure' do let :params do @@ -620,5 +677,15 @@ let :facts do default_facts end it { expect { is_expected.to compile }.to raise_error } end + context 'bad access_logs' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => '/var/log/somewhere', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end end end diff --git a/templates/vhost/_access_log.erb b/templates/vhost/_access_log.erb index 1ec47ff710..d1ec426a4a 100644 --- a/templates/vhost/_access_log.erb +++ b/templates/vhost/_access_log.erb @@ -1,5 +1,21 @@ -<% if @access_log and @_access_log_env_var -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> -<% elsif @access_log -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> +<% @_access_logs.each do |log| -%> +<% env ||= "env=#{log['env']}" if log['env'] -%> +<% env ||= '' -%> +<% format ||= "\"#{log['format']}\"" if log['format'] -%> +<% format ||= 'combined' -%> +<% if log['file'] -%> +<% if log['file'].chars.first == '/' -%> +<% destination = "#{log['file']}" -%> +<% else -%> +<% destination = "#{@logroot}/#{log['file']}" -%> +<% end -%> +<% elsif log['syslog'] -%> +<% destination = "syslog" -%> +<% elsif log['pipe'] -%> +<% destination = log['pipe'] -%> +<% else -%> +<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> +<% destination ||= "#{@logroot}/#{@name}_access.log" -%> +<% end -%> + CustomLog "<%= destination %>" <%= format %> <%= env %> <% end -%> From 1c40ea31f96ca8d551164eb983d3192b6e0d397c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 23 Dec 2014 11:25:30 -0800 Subject: [PATCH 0477/2267] Don't run tests on platforms they don't work on Also, some formatting cleanup. --- spec/acceptance/mod_security_spec.rb | 42 ++++++++++++++-------------- spec/spec_helper_acceptance.rb | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 2e7948023c..60295787e0 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::security class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' @@ -22,13 +22,13 @@ it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, content => 'Index page', @@ -51,14 +51,14 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end end #default mod_security config @@ -66,16 +66,16 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by vhost" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, - content => "Index page\\n", + content => 'Index page', } EOS apply_manifest(pp, :catch_failures => true) @@ -91,7 +91,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -108,7 +108,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end @@ -118,16 +118,16 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by ip" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, - content => "Index page\\n", + content => 'Index page', } EOS apply_manifest(pp, :catch_failures => true) @@ -143,7 +143,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -160,7 +160,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end @@ -170,13 +170,13 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by id" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, content => 'Index page', @@ -199,7 +199,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -216,7 +216,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 94178fbd7f..ce388328f9 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -41,7 +41,7 @@ on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] } end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } end end end From 649cc799b75dfc6eef4e5cfce8bfc3b1b595ac58 Mon Sep 17 00:00:00 2001 From: Jason Antman Date: Fri, 24 Oct 2014 09:13:48 -0400 Subject: [PATCH 0478/2267] MODULES-1458 allow specifying mod_wsgi package and path/module name --- README.md | 16 ++++++++++++ manifests/mod/wsgi.pp | 22 ++++++++++++++++- spec/classes/mod/wsgi_spec.rb | 46 +++++++++++++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ba805b8cbe..ee6e03ec79 100644 --- a/README.md +++ b/README.md @@ -729,6 +729,22 @@ For customized parameters, which tell Apache how Python is currently configured } ``` +To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides, +(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory): + +```puppet + class { 'apache::mod::wsgi': + wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", + wsgi_python_home => '/path/to/venv', + wsgi_python_path => '/path/to/venv/site-packages', + package_name => 'python27-mod_wsgi', + mod_path => 'python27-mod_wsgi.so', + } +``` + +If ``mod_path`` does not contain "/", it will be prefixed by the default module path +for your OS; otherwise, it will be used literally. + More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). ####Class: `apache::mod::fcgid` diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 2a47bb68e3..7841706035 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -2,8 +2,28 @@ $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, $wsgi_python_path = undef, $wsgi_python_home = undef, + $package_name = undef, + $mod_path = undef, ){ - ::apache::mod { 'wsgi': } + + if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { + fail('apache::mod::wsgi - both package_name and mod_path must be specified!') + } + + if $package_name != undef { + if $mod_path =~ /\// { + $_mod_path = $mod_path + } else { + $_mod_path = "${::apache::params::lib_path}/${mod_path}" + } + ::apache::mod { 'wsgi': + package => $package_name, + path => $_mod_path, + } + } + else { + ::apache::mod { 'wsgi': } + } # Template uses: # - $wsgi_socket_prefix diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 3875d3fd09..a68c808305 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -55,6 +55,52 @@ end it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} end + describe "with custom package_name and mod_path" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => '/foo/bar/baz', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'package' => 'mod_wsgi_package', + 'path' => '/foo/bar/baz', + }) + } + it { is_expected.to contain_package("mod_wsgi_package") } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module /foo/bar/baz") } + end + describe "with custom mod_path not containing /" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => 'wsgi_mod_name.so', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'path' => 'modules/wsgi_mod_name.so', + 'package' => 'mod_wsgi_package', + }) + } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module modules/wsgi_mod_name.so") } + + end + describe "with package_name but no mod_path" do + let :params do + { + :mod_path => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + end + describe "with mod_path but no package_name" do + let :params do + { + :package_name => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + end end context "on a FreeBSD OS" do let :facts do From 54fce8ab86810aa844b5cbc7e1d68e45cd6878a7 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 29 Dec 2014 10:40:50 -0800 Subject: [PATCH 0479/2267] Add IntelliJ files to the ignore list --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b5b7a00d67..b5db85e051 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +.idea/ +*.iml From 1bd26e02e69f0da6b4fc3c162ef50b80faa43ebd Mon Sep 17 00:00:00 2001 From: John Woffindin Date: Wed, 19 Nov 2014 14:46:40 +1300 Subject: [PATCH 0480/2267] Add support for SSLPassPhraseDialog to be specified for mod_ssl. Defaults to 'builtin' to match the current behavior. --- README.md | 7 ++++--- manifests/mod/ssl.pp | 13 +++++++------ spec/classes/mod/ssl_spec.rb | 29 +++++++++++++++++++++++++++++ templates/mod/ssl.conf.erb | 2 +- 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 019e0e1fa8..09616ad41c 100644 --- a/README.md +++ b/README.md @@ -732,9 +732,10 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ```puppet class { 'apache::mod::ssl': - ssl_compression => false, - ssl_options => [ 'StdEnvVars' ], - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], + ssl_compression => false, + ssl_options => [ 'StdEnvVars' ], + ssl_pass_phrase_dialog => 'builtin', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 293e9319cc..c1278ff74f 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,10 +1,11 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_options = [ 'StdEnvVars' ], - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - $apache_version = $::apache::apache_version, - $package_name = undef, + $ssl_compression = false, + $ssl_options = [ 'StdEnvVars' ], + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_pass_phrase_dialog = 'builtin', + $apache_version = $::apache::apache_version, + $package_name = undef, ) { $session_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 93f04e3ca5..f3fc7ae645 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -78,4 +78,33 @@ it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } end + + # Template config doesn't vary by distro + context "on all distros" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + context 'not setting ssl_pass_phrase_dialog' do + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)} + end + + context 'setting ssl_pass_phrase_dialog' do + let :params do + { + :ssl_pass_phrase_dialog => 'exec:/path/to/program', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} + end + + end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index e92e37e7a9..a0e61650e0 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -7,7 +7,7 @@ AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl - SSLPassPhraseDialog builtin + SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout 300 <% if @ssl_compression -%> From 0012b4ab952f745de06953e486dbcbb71bddd127 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Dec 2014 14:56:16 -0800 Subject: [PATCH 0481/2267] $::selinux is a bool, not a string --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/class_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 3a21ab0eb2..50ee3e85fa 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -339,7 +339,7 @@ class { 'apache': describe 'setup' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 954b6ac587..92870bb6ac 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -42,7 +42,7 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..ec143756f2 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1187,7 +1187,7 @@ class { 'apache::mod::fastcgi': } describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', From b659a8effaeb62b862594204688cbb53a2410145 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Dec 2014 11:13:03 -0800 Subject: [PATCH 0482/2267] Make sure we're using system ruby in the mod_passenger tests PE ships with different versions of ruby than the version mod_passenger was compiled against. Make sure we use the system ruby in the tests. --- spec/acceptance/mod_passenger_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 9a758a44ee..4b3516f69e 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -137,7 +137,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("/usr/sbin/passenger-memory-stats") do |r| + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) @@ -158,7 +158,7 @@ class { 'apache::mod::passenger': } unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' it 'should output status via passenger-status' do # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("/usr/sbin/passenger-status") do |r| + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| # spacing may vary expect(r.stdout).to match(/[\-]+ General information [\-]+/) if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' From 9416be717d48ec1cb6ac85498693477b9432b390 Mon Sep 17 00:00:00 2001 From: Pete Soloway Date: Tue, 30 Dec 2014 11:41:59 -0800 Subject: [PATCH 0483/2267] Added code example for setenv class Example usage is based on the Apache docs' own example for the SetEnv directive: http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv Change requested here: https://tickets.puppetlabs.com/browse/DOCUMENT-204 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 019e0e1fa8..aa9266cddc 100644 --- a/README.md +++ b/README.md @@ -1426,6 +1426,14 @@ Sets the servername corresponding to the hostname you connect to the virtual hos Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. +Example: + +```puppet + apache::vhost {'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], + } +``` + #####`setenvif` Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. From 1db205abccb41d633d7babb5338c7c7f3b6b0efd Mon Sep 17 00:00:00 2001 From: Pete Soloway Date: Tue, 30 Dec 2014 14:07:47 -0800 Subject: [PATCH 0484/2267] Corrected style errors Thanks for the edits, Hunter! Can you validate my corrections? I'm making these in-browser, and GitHub's editor might be throwing me off by converting my spaces to tabs. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index aa9266cddc..b517027208 100644 --- a/README.md +++ b/README.md @@ -1429,9 +1429,9 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: ```puppet - apache::vhost {'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], - } + apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], + } ``` #####`setenvif` From 48080116661465d082543a335d4e1629332a7b6a Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Dec 2014 14:34:30 -0800 Subject: [PATCH 0485/2267] Strict variable fix --- manifests/version.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/version.pp b/manifests/version.pp index 010061b703..f22797c4cb 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -12,14 +12,14 @@ case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { + if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { $default = '2.4' } else { $default = '2.2' } } 'Debian': { - if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { + if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { $default = '2.4' } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { $default = '2.4' From 46574de24196a71bdcd83485d23beac105d40d9d Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Fri, 2 Jan 2015 02:33:31 +0100 Subject: [PATCH 0486/2267] fix apache_version for Debian >7 --- manifests/version.pp | 2 +- spec/acceptance/version.rb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index f22797c4cb..8304bb1a0c 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -21,7 +21,7 @@ 'Debian': { if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { $default = '2.4' - } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { + } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 { $default = '2.4' } else { $default = '2.2' diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index b88412b42f..c1578c52e6 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -38,6 +38,8 @@ if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10 $apache_version = '2.4' + elsif _operatingsystem == 'Debian' and _operatingsystemrelease >= 8.0 + $apache_version = '2.4' else $apache_version = '2.2' end From 35d7d04afdd8b6e0d00fa5807420d531bc7de86c Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Fri, 2 Jan 2015 03:28:29 +0100 Subject: [PATCH 0487/2267] add passenger support for Debian/jessie --- README.passenger.md | 1 + manifests/params.pp | 5 +++++ spec/acceptance/mod_passenger_spec.rb | 12 ++++++++++-- spec/classes/mod/passenger_spec.rb | 19 +++++++++++++++++++ templates/mod/passenger.conf.erb | 2 +- 5 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.passenger.md b/README.passenger.md index 4b4caa8c09..84e6992ffa 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -27,6 +27,7 @@ puppetlabs-apache: OS | Passenger version | `PassengerRoot` ---------------- | ------------------ | ---------------- Debian 7 | 3.0.13 | /usr +Debian 8 | 4.0.53 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini Ubuntu 12.04 | 2.2.11 | /usr Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21 diff --git a/manifests/params.pp b/manifests/params.pp index d7e00ca18b..616102fa62 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -256,6 +256,11 @@ $passenger_ruby = '/usr/bin/ruby' $passenger_default_ruby = undef } + 'jessie': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } default: { # The following settings may or may not work on Debian releases not # supported by this module. diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 4b3516f69e..f6e710db01 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -31,6 +31,10 @@ when 'wheezy' passenger_root = '/usr' passenger_ruby = '/usr/bin/ruby' + when 'jessie' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' else # This may or may not work on Debian releases other than the above passenger_root = '/usr' @@ -124,6 +128,9 @@ class { 'apache::mod::passenger': } when 'wheezy' it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when 'jessie' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } else # This may or may not work on Debian releases other than the above it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } @@ -142,9 +149,10 @@ class { 'apache::mod::passenger': } expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) - # passenger-memory-stats output on Ubuntu 14.04 does not contain + # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain # these two lines - unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' + unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Debian' && fact('operatingsystemrelease') == '8.0')) expect(r.stdout).to match(/### Processes: [0-9]+/) expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 23154014a4..0093d4b919 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -175,6 +175,25 @@ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } end + + context "with Debian 8 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8.0', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'jessie', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end end context "on a RedHat OS" do diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index dd9eee3b13..a56d2d5d14 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -1,4 +1,4 @@ -# The Passanger Apache module configuration file is being +# The Passenger Apache module configuration file is being # managed by Puppet and changes will be overwritten. <%- if @passenger_root -%> From 52bb5c77bd3832fb7b7dc2bfb3fb663058f1ecd8 Mon Sep 17 00:00:00 2001 From: Jason Lingohr Date: Mon, 12 Jan 2015 17:41:36 +1100 Subject: [PATCH 0488/2267] Typo for custom_fragment example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cc48f837a2..484bb3eb7d 100644 --- a/README.md +++ b/README.md @@ -2069,7 +2069,7 @@ Within your virtual host, you can then configure the specified file type to be h ```puppet apache::vhost { 'www': ... - custom_fragment = 'AddType application/x-httpd-php .php' + custom_fragment => 'AddType application/x-httpd-php .php' ... } ``` From 7511cdaeaba8adc9afbadfaa60d65fe77abccdfa Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 4 Dec 2014 03:32:21 -0700 Subject: [PATCH 0489/2267] MODULES-1554: update error docs and icons path for RHEL7-based systems --- manifests/init.pp | 3 -- manifests/mod/alias.pp | 7 +++- manifests/params.pp | 8 +++- spec/classes/mod/alias_spec.rb | 68 ++++++++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 spec/classes/mod/alias_spec.rb diff --git a/manifests/init.pp b/manifests/init.pp index 32966b86f7..a8084131fb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -242,21 +242,18 @@ 'debian': { $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { $pidfile = 'run/httpd.pid' $error_log = 'error_log' - $error_documents_path = '/var/www/error' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' - $error_documents_path = '/usr/local/www/apache22/error' $scriptalias = '/usr/local/www/apache22/cgi-bin' $access_log_file = 'httpd-access.log' } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index ee017b490f..0e019abbd1 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,9 +1,14 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { + $ver24 = versioncmp($apache_version, 2.4) >= 0 + $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', - 'redhat' => '/var/www/icons', + 'redhat' => $ver24 ? { + true => '/usr/share/httpd/icons', + default => '/var/www/icons', + }, 'freebsd' => '/usr/local/www/apache22/icons', } apache::mod { 'alias': } diff --git a/manifests/params.pp b/manifests/params.pp index 616102fa62..7e19d99fa9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -105,7 +105,11 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' - if $::osfamily == 'RedHat' { + $error_documents_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/error', + default => '/var/www/error' + } + if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef @@ -219,6 +223,7 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf' ] + $error_documents_path = '/usr/share/apache2/error' # # Passenger-specific settings @@ -335,6 +340,7 @@ $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache22/data' + $error_documents_path = '/usr/local/www/apache22/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb new file mode 100644 index 0000000000..503575af61 --- /dev/null +++ b/spec/classes/mod/alias_spec.rb @@ -0,0 +1,68 @@ +require 'spec_helper' + +describe 'apache::mod::alias', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) } + end + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) } + end + context "on a RedHat 7-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } + end + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache22\/icons\/"/) } + end +end From 4a96814e13a81d8a434a104929c2f0a265a69e43 Mon Sep 17 00:00:00 2001 From: Farzad FARID Date: Fri, 16 Jan 2015 10:09:53 +0100 Subject: [PATCH 0490/2267] ssl_protocol expects a string, not an array. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 484bb3eb7d..2de3522992 100644 --- a/README.md +++ b/README.md @@ -735,7 +735,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_options => [ 'StdEnvVars' ], ssl_pass_phrase_dialog => 'builtin', - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` From 3c3df650278ef17bb4931922e7a3a775ab128464 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Sat, 17 Jan 2015 06:06:28 -0700 Subject: [PATCH 0491/2267] fix versioncmp test in mod::alias --- manifests/mod/alias.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..40480c3d4c 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,7 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { - $ver24 = versioncmp($apache_version, 2.4) >= 0 + $ver24 = versioncmp($apache_version, '2.4') >= 0 $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', From 6ab9b84fb3d5b46eaf111603d7cf5d0a8e3dce12 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 20 Jan 2015 15:37:40 +0100 Subject: [PATCH 0492/2267] Fix doc about confd_dir on Debian --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 484bb3eb7d..49a9ddbd0b 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ Changes the location of the configuration directory the main configuration file #####`confd_dir` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, and '/usr/local/etc/apache22' on FreeBSD. #####`conf_template` From 83df47136427292973d813777fcd69ef5bb8ae72 Mon Sep 17 00:00:00 2001 From: Sergii Golovatiuk Date: Tue, 20 Jan 2015 15:23:25 +0100 Subject: [PATCH 0493/2267] Specify mod_proxy_connect module for Apache >= 2.3.5 mod_proxy_connect was moved to own module since Apache >= 2.3.5. AllowCONNECT directive won't work without this module on Ubuntu 14.04 or Debian 8. Signed-off-by: Sergii Golovatiuk --- manifests/mod/proxy_connect.pp | 8 +++++ spec/classes/mod/proxy_connect_spec.rb | 50 ++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 manifests/mod/proxy_connect.pp create mode 100644 spec/classes/mod/proxy_connect_spec.rb diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp new file mode 100644 index 0000000000..3bae848446 --- /dev/null +++ b/manifests/mod/proxy_connect.pp @@ -0,0 +1,8 @@ +class apache::mod::proxy_connect ( + $apache_version = $::apache::apache_version, +) { + if versioncmp($apache_version, '2.4') >= 0 { + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] + ::apache::mod { 'proxy_connect': } + } +} diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb new file mode 100644 index 0000000000..c54d255a5e --- /dev/null +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper' + +describe 'apache::mod::proxy_connect', :type => :class do + let :pre_condition do + [ + 'include apache', + 'include apache::mod::proxy', + ] + end + context 'on a Debian OS' do + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context 'with Apache version < 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '7.0', + :lsbdistcodename => 'wheezy', + }) + end + let :params do + { + :apache_version => '2.2', + } + end + it { is_expected.not_to contain_apache__mod('proxy_connect') } + end + context 'with Apache version >= 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '8.0', + :lsbdistcodename => 'jessie', + }) + end + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_apache__mod('proxy_connect') } + end + end +end From a4cbf7920727b4328da9a44f8af5480d9a30039e Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Wed, 21 Jan 2015 22:32:30 +0000 Subject: [PATCH 0494/2267] Quoted params to versioncmp in mod/alias.pp to avoid type error --- manifests/mod/alias.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..40480c3d4c 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,7 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { - $ver24 = versioncmp($apache_version, 2.4) >= 0 + $ver24 = versioncmp($apache_version, '2.4') >= 0 $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', From da59ce65e3f790f5fcba7a3d52bbb78c64f1e4b0 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 21 Jan 2015 13:02:53 -0800 Subject: [PATCH 0495/2267] modules-1559 apache module no service refresh --- README.md | 4 +++ manifests/init.pp | 3 +++ manifests/mod.pp | 6 ++--- manifests/mod/alias.pp | 2 +- manifests/mod/authnz_ldap.pp | 2 +- manifests/mod/autoindex.pp | 2 +- manifests/mod/cgid.pp | 2 +- manifests/mod/dav_fs.pp | 2 +- manifests/mod/deflate.pp | 2 +- manifests/mod/dir.pp | 2 +- manifests/mod/disk_cache.pp | 2 +- manifests/mod/event.pp | 2 +- manifests/mod/fastcgi.pp | 2 +- manifests/mod/fcgid.pp | 2 +- manifests/mod/info.pp | 2 +- manifests/mod/itk.pp | 2 +- manifests/mod/ldap.pp | 2 +- manifests/mod/mime.pp | 2 +- manifests/mod/mime_magic.pp | 2 +- manifests/mod/negotiation.pp | 2 +- manifests/mod/nss.pp | 2 +- manifests/mod/pagespeed.pp | 2 +- manifests/mod/passenger.pp | 2 +- manifests/mod/peruser.pp | 2 +- manifests/mod/php.pp | 2 +- manifests/mod/prefork.pp | 4 +-- manifests/mod/proxy.pp | 2 +- manifests/mod/proxy_html.pp | 2 +- manifests/mod/reqtimeout.pp | 2 +- manifests/mod/rpaf.pp | 2 +- manifests/mod/security.pp | 4 +-- manifests/mod/setenvif.pp | 2 +- manifests/mod/ssl.pp | 2 +- manifests/mod/status.pp | 2 +- manifests/mod/suphp.pp | 2 +- manifests/mod/userdir.pp | 2 +- manifests/mod/worker.pp | 4 +-- manifests/mod/wsgi.pp | 2 +- manifests/mpm.pp | 6 ++--- manifests/peruser/multiplexer.pp | 2 +- manifests/peruser/processor.pp | 2 +- manifests/service.pp | 13 +++++---- manifests/vhost.pp | 4 +-- spec/acceptance/apache_parameters_spec.rb | 19 +++++++++++++ spec/classes/service_spec.rb | 33 +++++++++++++++++++++++ spec/defines/vhost_spec.rb | 2 +- 46 files changed, 116 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 484bb3eb7d..d48e237f91 100644 --- a/README.md +++ b/README.md @@ -438,6 +438,10 @@ Determines whether the service should be running. Valid values are 'true', 'fals Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian, and 'apache22' on FreeBSD. +#####`service_manage` + +Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. + #####`trace_enable` Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. diff --git a/manifests/init.pp b/manifests/init.pp index a8084131fb..81f32e26a8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,6 +28,7 @@ $default_ssl_crl_check = undef, $ip = undef, $service_enable = true, + $service_manage = true, $service_ensure = 'running', $purge_configs = true, $purge_vhost_dir = undef, @@ -72,6 +73,7 @@ validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) + validate_bool($service_manage) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', @@ -126,6 +128,7 @@ class { '::apache::service': service_name => $service_name, service_enable => $service_enable, + service_manage => $service_manage, service_ensure => $service_ensure, } diff --git a/manifests/mod.pp b/manifests/mod.pp index 88cdcd6a5b..0891bf0b77 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -88,7 +88,7 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $::osfamily == 'Debian' { @@ -105,7 +105,7 @@ Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } # Each module may have a .conf file as well, which should be # defined in the class apache::mod::module @@ -123,7 +123,7 @@ Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..f1f331da28 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -19,6 +19,6 @@ content => template('apache/mod/alias.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 800e656e89..b75369ffcd 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -14,6 +14,6 @@ content => template('apache/mod/authnz_ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp index f5f0f07458..c0969a814e 100644 --- a/manifests/mod/autoindex.pp +++ b/manifests/mod/autoindex.pp @@ -7,6 +7,6 @@ content => template('apache/mod/autoindex.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 2a0c178e01..ee9044cd5a 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -17,7 +17,7 @@ content => template('apache/mod/cgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index 0cb663f5c5..af037e32d0 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -15,6 +15,6 @@ content => template('apache/mod/dav_fs.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 561cbadbf9..9b8d43621c 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -19,6 +19,6 @@ content => template('apache/mod/deflate.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index 11631305a4..6243a1bb7d 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -16,6 +16,6 @@ content => template('apache/mod/dir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 13c9c78352..54c0528379 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -19,6 +19,6 @@ content => template('apache/mod/disk_cache.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index f2b28fde28..18a226ee53 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -43,7 +43,7 @@ content => template('apache/mod/event.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index a185bb31fa..1f7e5df4fb 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -17,7 +17,7 @@ content => template('apache/mod/fastcgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 70761e41d7..a143c2b434 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -19,6 +19,6 @@ content => template('apache/mod/fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 2c3d56ed88..f0d03eb0f6 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -13,6 +13,6 @@ content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index dc020b810a..49794945d4 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -39,7 +39,7 @@ content => template('apache/mod/itk.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index d3b17ff5b8..fbd56d539a 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -9,6 +9,6 @@ content => template('apache/mod/ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index ccdb5d4b3c..86000d1679 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -10,7 +10,7 @@ content => template('apache/mod/mime.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $mime_support_package { package { $mime_support_package: diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index c276268e4d..c057b01f50 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -9,6 +9,6 @@ content => template('apache/mod/mime_magic.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index 0bdbfdc3cc..02a3a0e64d 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -20,6 +20,6 @@ content => template('apache/mod/negotiation.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index f0eff1cdf7..132b41b3f6 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -20,6 +20,6 @@ content => template('apache/mod/nss.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index efe100861d..588849c472 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -50,6 +50,6 @@ content => template('apache/mod/pagespeed.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 12139cb2b4..7ff6b71be3 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -81,6 +81,6 @@ content => template('apache/mod/passenger.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 518655a1d4..107e47ce81 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -43,7 +43,7 @@ content => template('apache/mod/peruser.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } file { "${::apache::mod_dir}/peruser": ensure => directory, diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index c1f76065a6..4c5d85d56c 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -55,6 +55,6 @@ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 6a66ef1c90..90fa39a89c 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -39,7 +39,7 @@ content => template('apache/mod/prefork.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { @@ -56,7 +56,7 @@ line => '#HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 03c1e78c95..8c685d55b5 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -11,6 +11,6 @@ content => template('apache/mod/proxy.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 549eb117fa..279cb64ade 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -32,6 +32,6 @@ content => template('apache/mod/proxy_html.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp index 62088873bb..34c96a6784 100644 --- a/manifests/mod/reqtimeout.pp +++ b/manifests/mod/reqtimeout.pp @@ -9,6 +9,6 @@ content => template('apache/mod/reqtimeout.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index 6fbc1d4e04..12b86eb8bd 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -15,6 +15,6 @@ content => template('apache/mod/rpaf.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 9641d70df5..57b75726e1 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -33,7 +33,7 @@ path => "${::apache::mod_dir}/security.conf", require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } file { $modsec_dir: @@ -56,7 +56,7 @@ ensure => file, content => template('apache/mod/security_crs.conf.erb'), require => File[$modsec_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } apache::security::rule_link { $activated_rules: } diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp index 15b1441d83..c73102dfbe 100644 --- a/manifests/mod/setenvif.pp +++ b/manifests/mod/setenvif.pp @@ -7,6 +7,6 @@ content => template('apache/mod/setenvif.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index c1278ff74f..4036fd28af 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -56,6 +56,6 @@ content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 9c61836960..4c3f8d9e25 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -41,6 +41,6 @@ content => template('apache/mod/status.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index f9a572f463..c50beea06c 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -8,7 +8,7 @@ content => template('apache/mod/suphp.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } } diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index accfe64a79..038e0790bc 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -13,6 +13,6 @@ content => template('apache/mod/userdir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 0d2815964b..48d1c9f229 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -41,7 +41,7 @@ content => template('apache/mod/worker.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { @@ -58,7 +58,7 @@ line => 'HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 7841706035..80f9738ff9 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -35,7 +35,7 @@ content => template('apache/mod/wsgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 180686cfa3..a5cca49882 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -23,7 +23,7 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } @@ -34,7 +34,7 @@ target => "${::apache::mod_dir}/${mpm}.conf", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if versioncmp($apache_version, '2.4') >= 0 { @@ -43,7 +43,7 @@ target => "${::apache::mod_dir}/${mpm}.load", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $mpm == 'itk' { diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp index 9e57ac30b2..97143a1d4f 100644 --- a/manifests/peruser/multiplexer.pp +++ b/manifests/peruser/multiplexer.pp @@ -12,6 +12,6 @@ ensure => file, content => "Multiplexer ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/multiplexers"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp index 1d68934657..30de61d7c4 100644 --- a/manifests/peruser/processor.pp +++ b/manifests/peruser/processor.pp @@ -12,6 +12,6 @@ ensure => file, content => "Processor ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/processors"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/service.pp b/manifests/service.pp index 0c1f7b96aa..d934f3d46b 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -20,12 +20,14 @@ $service_name = $::apache::params::service_name, $service_enable = true, $service_ensure = 'running', + $service_manage = true, ) { # The base class must be included first because parameter defaults depend on it if ! defined(Class['apache::params']) { fail('You must include the apache::params class before using any apache defined resources') } validate_bool($service_enable) + validate_bool($service_manage) case $service_ensure { true, false, 'running', 'stopped': { @@ -35,10 +37,11 @@ $_service_ensure = undef } } - - service { 'httpd': - ensure => $_service_ensure, - name => $service_name, - enable => $service_enable, + if $service_manage { + service { 'httpd': + ensure => $_service_ensure, + name => $service_name, + enable => $service_enable, + } } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e05cb566f..3c0b149dfe 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -438,7 +438,7 @@ mode => '0644', order => 'numeric', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } if $::osfamily == 'Debian' { $vhost_enable_dir = $::apache::vhost_enable_dir @@ -454,7 +454,7 @@ group => $::apache::params::root_group, mode => '0644', require => Concat["${priority_real}-${filename}.conf"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 50ee3e85fa..82d589f78d 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -46,6 +46,7 @@ pp = <<-EOS class { 'apache': service_enable => true, + service_manage => true, service_ensure => running, } EOS @@ -75,6 +76,24 @@ class { 'apache': end end + describe 'service manage => false' do + it 'we dont manage the service, so it shouldnt start the service' do + pp = <<-EOS + class { 'apache': + service_enable => true, + service_manage => false, + service_ensure => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + end + describe 'purge parameters => false' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 4d6efbe3fd..fda1f51279 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -60,6 +60,14 @@ end end + context "$service_manage must be a bool" do + let (:params) {{ :service_manage => 'not-a-boolean' }} + + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a boolean/) + end + end + context "with $service_ensure => 'running'" do let (:params) {{ :service_ensure => 'running', }} it { is_expected.to contain_service("httpd").with( @@ -124,4 +132,29 @@ ) } end + + context "on a RedHat 5 OS, do not manage service" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '5', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:params) do + { + 'service_ensure' => 'running', + 'service_name' => 'httpd', + 'service_manage' => false + } + end + it 'should not manage the httpd service' do + subject.should_not contain_service('httpd') + end + end + end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 66b1862508..16b7f4e41d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -285,7 +285,7 @@ 'owner' => 'root', 'mode' => '0644', 'require' => 'Package[httpd]', - 'notify' => 'Service[httpd]', + 'notify' => 'Class[Apache::Service]', }) } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } From cc36364179836f4152dafc9d40f78b611c220bf9 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 21 Jan 2015 16:36:22 -0800 Subject: [PATCH 0496/2267] MODULES-1680 - sort php_* hashes for idempotency They were already being sorted in templates/vhost/_php*.erb, but not in templates/vhost/_directories.erb --- templates/vhost/_directories.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 703afaa8dd..97f2318c64 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -88,24 +88,24 @@ PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> - <%- directory['php_flags'].each do |flag,value| -%> + <%- directory['php_flags'].sort.each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_values'] and ! directory['php_values'].empty? -%> - <%- directory['php_values'].each do |key,value| -%> + <%- directory['php_values'].sort.each do |key,value| -%> php_value <%= "#{key} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> - <%- directory['php_admin_flags'].each do |flag,value| -%> + <%- directory['php_admin_flags'].sort.each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_admin_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> - <%- directory['php_admin_values'].each do |key,value| -%> + <%- directory['php_admin_values'].sort.each do |key,value| -%> php_admin_value <%= "#{key} #{value}" %> <%- end -%> <%- end -%> From 361ce833ba13cf555a54eec850e5d8579898fb3b Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 22 Jan 2015 05:35:56 -0700 Subject: [PATCH 0497/2267] MODULES-1696: ensure mod::setenvif is included if needed --- manifests/vhost.pp | 6 ++++++ spec/defines/vhost_spec.rb | 1 + 2 files changed, 7 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e05cb566f..d26f281f92 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -390,6 +390,12 @@ } } + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + if ! defined(Class['apache::mod::setenvif']) { + include ::apache::mod::setenvif + } + } + ## Create a default directory list if none defined if $directories { if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 66b1862508..7545a6e505 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -281,6 +281,7 @@ it { is_expected.to contain_class('apache::mod::passenger') } it { is_expected.to contain_class('apache::mod::fastcgi') } it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::setenvif') } it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ 'owner' => 'root', 'mode' => '0644', From 16e2a0de444fcf48ca0497b90341aa68674054d2 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 15 Jan 2015 06:41:47 -0700 Subject: [PATCH 0498/2267] MODULES-1688: fix indenting in vhost/_directories.erb template --- templates/vhost/_directories.erb | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 97f2318c64..685dad9a1f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -3,20 +3,20 @@ ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> - <%- if /^(.*)match$/ =~ directory['provider'] -%> - <%- provider = $1.capitalize + 'Match' -%> - <%- else -%> - <%- provider = directory['provider'].capitalize -%> - <%- end -%> - <%- else -%> - <%- provider = 'Directory' -%> - <%- end -%> - <%- path = directory['path'] -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = $1.capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> + <%- end -%> + <%- else -%> + <%- provider = 'Directory' -%> + <%- end -%> + <%- path = directory['path'] -%> <<%= provider %> "<%= path %>"> - <%- if directory['headers'] -%> - <%- Array(directory['headers']).each do |header| -%> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> Header <%= header %> <%- end -%> <%- end -%> @@ -89,7 +89,7 @@ <%- end -%> <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> <%- directory['php_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> @@ -100,7 +100,7 @@ <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> <%- directory['php_admin_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_admin_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> From a723b5609723295630419e701035474eb5e2d140 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Fri, 23 Jan 2015 06:44:51 -0700 Subject: [PATCH 0499/2267] add configuration options to mod_security --- README.md | 23 ++++++++++++++++++++++- manifests/mod/security.pp | 25 ++++++++++++++++++------- manifests/security/rule_link.pp | 1 + templates/mod/security_crs.conf.erb | 8 ++++---- 4 files changed, 45 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d48e237f91..eef827481a 100644 --- a/README.md +++ b/README.md @@ -907,6 +907,10 @@ vhosts. include '::apache::mod::security' ``` +#####`crs_package` + +Name of package to install containing crs rules + #####`modsec_dir` Directory to install the modsec configuration and activated rules links into @@ -916,6 +920,23 @@ Directory to install the modsec configuration and activated rules links into Array of rules from the modsec_crs_path to activate by symlinking to ${modsec_dir}/activated_rules. +#####`allowed_methods` + +HTTP methods allowed by mod_security + +#####`content_types` + +Content-types allowed by mod_security + +#####`restricted_extensions` + +Extensions prohibited by mod_security + +#####`restricted_headers` + +Headers restricted by mod_security + + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. @@ -1824,7 +1845,7 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ``` *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. - + ######`php_value` and `php_flag` `php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 57b75726e1..84e55e2921 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -1,7 +1,11 @@ class apache::mod::security ( - $crs_package = $::apache::params::modsec_crs_package, - $activated_rules = $::apache::params::modsec_default_rules, - $modsec_dir = $::apache::params::modsec_dir, + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, + $allowed_methods = 'GET HEAD POST OPTIONS', + $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', + $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', + $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', ){ if $::osfamily == 'FreeBSD' { @@ -31,6 +35,8 @@ ensure => file, content => template('apache/mod/security.conf.erb'), path => "${::apache::mod_dir}/security.conf", + owner => $::apache::params::user, + group => $::apache::params::group, require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], @@ -42,14 +48,19 @@ group => $::apache::params::group, mode => '0555', purge => true, + force => true, recurse => true, } file { "${modsec_dir}/activated_rules": - ensure => directory, - owner => $::apache::params::user, - group => $::apache::params::group, - mode => '0555', + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + force => true, + recurse => true, + notify => Class['apache::service'], } file { "${modsec_dir}/security_crs.conf": diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp index 1ddc9d6aa3..a56a2d97f0 100644 --- a/manifests/security/rule_link.pp +++ b/manifests/security/rule_link.pp @@ -8,5 +8,6 @@ path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", target => "${::apache::params::modsec_crs_path}/${title}", require => File["${::apache::mod::security::modsec_dir}/activated_rules"], + notify => Class['apache::service'], } } diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 4a990eb3a5..016efc797e 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -269,11 +269,11 @@ SecAction \ "id:'900012', \ phase:1, \ t:none, \ - setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \ - setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ + setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \ + setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \ setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ - setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \ - setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ + setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \ + setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \ nolog, \ pass" From df385d64095cad7369ed404351e2a8c5f8207937 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 4 Feb 2015 17:02:03 +0100 Subject: [PATCH 0500/2267] Pin rspec gems --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 12fd363eac..62c5693973 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,8 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :unit_tests do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', :require => false gem 'simplecov', :require => false From ad7d6bc9bb1594dc792ae82dd0fe1a89d10ca3bc Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 4 Feb 2015 13:36:01 -0700 Subject: [PATCH 0501/2267] use bool2httpd for server_signature and trace_enable --- templates/httpd.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 54d24c8ae3..9b889ac508 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -1,7 +1,7 @@ # Security ServerTokens <%= @server_tokens %> -ServerSignature <%= @server_signature %> -TraceEnable <%= @trace_enable %> +ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> +TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> ServerName "<%= @servername %>" ServerRoot "<%= @server_root %>" From 67f9c0cf665452fd30bb87ec073c8ee0b368083f Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 4 Feb 2015 14:01:10 -0800 Subject: [PATCH 0502/2267] (MODULES-1719) Add parameter for SSLRandomSeed bytes --- README.md | 6 ++++-- manifests/mod/ssl.pp | 1 + spec/classes/mod/ssl_spec.rb | 9 +++++++++ templates/mod/ssl.conf.erb | 4 ++-- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a4b17ae596..b36b16d89b 100644 --- a/README.md +++ b/README.md @@ -738,9 +738,11 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', + ssl_protocol => ['all','-SSLv2','-SSLv3'], ssl_pass_phrase_dialog => 'builtin', - ssl_protocol => 'all -SSLv2 -SSLv3', - } + ssl_random_seed_bytes => '512', + } ``` To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 4036fd28af..f2b62459e3 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,6 +4,7 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f3fc7ae645..75a844151e 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -106,5 +106,14 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} end + context 'setting ssl_random_seed_bytes' do + let :params do + { + :ssl_random_seed_bytes => '1024', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} + end + end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index a0e61650e0..6fb25c16ee 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -1,8 +1,8 @@ SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom 512 + SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl From 555825e4911ea87b25d3f840b9ca1ca8a87f7f79 Mon Sep 17 00:00:00 2001 From: Zachary Alex Stern Date: Fri, 6 Feb 2015 13:18:09 -0800 Subject: [PATCH 0503/2267] Fix license for forge linting. --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index f59c55a60b..73ef359875 100644 --- a/metadata.json +++ b/metadata.json @@ -3,7 +3,7 @@ "version": "1.2.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", - "license": "Apache 2.0", + "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", From 18ade35b9da6a6c0dea0ade8875e23e77548e080 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Mon, 9 Feb 2015 14:23:56 +0100 Subject: [PATCH 0504/2267] ssl_protocol expects a string, not an array. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b36b16d89b..42d04bc337 100644 --- a/README.md +++ b/README.md @@ -739,7 +739,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_options => [ 'StdEnvVars' ], ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_protocol => ['all','-SSLv2','-SSLv3'], + ssl_protocol => 'all -SSLv2 -SSLv3', ssl_pass_phrase_dialog => 'builtin', ssl_random_seed_bytes => '512', } From 5bc940d74121815119c140cd0f96c0995fd65a67 Mon Sep 17 00:00:00 2001 From: cristi1979 Date: Wed, 10 Sep 2014 10:12:03 +0300 Subject: [PATCH 0505/2267] add _additional_includes.erb --- README.md | 4 ++++ manifests/init.pp | 2 ++ manifests/params.pp | 1 + spec/acceptance/apache_parameters_spec.rb | 2 +- spec/classes/apache_spec.rb | 10 ++++++++-- templates/httpd.conf.erb | 2 +- templates/vhost/_additional_includes.erb | 9 +++++++-- 7 files changed, 24 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a4b17ae596..35d9cf6b74 100644 --- a/README.md +++ b/README.md @@ -1001,6 +1001,10 @@ Determines whether the vhost creates a Listen statement. The default value is 't Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +#####`use_optional_includes` + +Specifies if for apache > 2.4 it should use IncludeOptional instead of Include. + #####`additional_includes` Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. diff --git a/manifests/init.pp b/manifests/init.pp index 81f32e26a8..74cf753db4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -67,6 +67,7 @@ $trace_enable = 'On', $allow_encoded_slashes = undef, $package_ensure = 'installed', + $use_optional_includes = $::apache::params::use_optional_includes, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -74,6 +75,7 @@ # true/false is sufficient for both ensure and enable validate_bool($service_enable) validate_bool($service_manage) + validate_bool($use_optional_includes) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', diff --git a/manifests/params.pp b/manifests/params.pp index 7e19d99fa9..7568179fdc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -27,6 +27,7 @@ # The default error log level $log_level = 'warn' + $use_optional_includes = false if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 82d589f78d..4c6fa7f56d 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -242,7 +242,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } describe 'confd_dir' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped }" + pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }" apply_manifest(pp, :catch_failures => true) end end diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a9d9438544..a8786bba5e 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -92,7 +92,10 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => '2.4' } + { + :apache_version => '2.4', + :use_optional_includes => true + } end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } @@ -315,7 +318,10 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => '2.4' } + { + :apache_version => '2.4', + :use_optional_includes => true + } end it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 54d24c8ae3..fd9b0a293d 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -64,7 +64,7 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" diff --git a/templates/vhost/_additional_includes.erb b/templates/vhost/_additional_includes.erb index d4d5f91342..aa9f0fe351 100644 --- a/templates/vhost/_additional_includes.erb +++ b/templates/vhost/_additional_includes.erb @@ -1,5 +1,10 @@ <% Array(@additional_includes).each do |include| -%> - + ## Load additional static includes - Include "<%= include %>" +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> +IncludeOptional "<%= include %>" +<%- else -%> +Include "<%= include %>" +<%- end -%> + <% end -%> From 1581972e83c52b6fd3e56fc41b0c8319788f017f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 07:53:32 -0800 Subject: [PATCH 0506/2267] Fix for PR 845 `use_optional_includes` should only be used for `additional_includes`, otherwise things don't work. --- README.md | 2 +- templates/httpd.conf.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e18516a1f5..96339e86fe 100644 --- a/README.md +++ b/README.md @@ -1005,7 +1005,7 @@ Setting `add_listen` to 'false' stops the vhost from creating a Listen statement #####`use_optional_includes` -Specifies if for apache > 2.4 it should use IncludeOptional instead of Include. +Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'. #####`additional_includes` diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 417526ba3c..9b889ac508 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -64,7 +64,7 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" From c971a1fd088f0212e2e703397a63f58b91c592a5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 07:44:26 -0800 Subject: [PATCH 0507/2267] FM-2140 - Fix for suphp test Add a sleep in the suphp test to allow things to start up properly --- spec/acceptance/mod_suphp_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 1b91581441..190edfc613 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -32,6 +32,7 @@ class { 'apache::mod::suphp': } end it 'should answer to suphp.example.com' do + shell("/bin/sleep 10") shell("/usr/bin/curl suphp.example.com:80") do |r| expect(r.stdout).to match(/^daemon$/) expect(r.exit_code).to eq(0) From e11d499722ea60332cb32758144a20c98403849f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 11:35:50 -0800 Subject: [PATCH 0508/2267] Concat started using a new fact --- spec/classes/apache_spec.rb | 5 +++++ spec/classes/dev_spec.rb | 3 +++ spec/classes/mod/alias_spec.rb | 4 ++++ spec/classes/mod/auth_kerb_spec.rb | 3 +++ spec/classes/mod/authnz_ldap_spec.rb | 2 ++ spec/classes/mod/dav_svn_spec.rb | 3 +++ spec/classes/mod/deflate_spec.rb | 3 +++ spec/classes/mod/dev_spec.rb | 1 + spec/classes/mod/dir_spec.rb | 3 +++ spec/classes/mod/event_spec.rb | 3 +++ spec/classes/mod/fastcgi_spec.rb | 2 ++ spec/classes/mod/fcgid_spec.rb | 4 ++++ spec/classes/mod/info_spec.rb | 3 +++ spec/classes/mod/itk_spec.rb | 2 ++ spec/classes/mod/mime_magic_spec.rb | 3 +++ spec/classes/mod/mime_spec.rb | 2 ++ spec/classes/mod/negotiation_spec.rb | 1 + spec/classes/mod/pagespeed_spec.rb | 2 ++ spec/classes/mod/passenger_spec.rb | 7 +++++++ spec/classes/mod/perl_spec.rb | 3 +++ spec/classes/mod/peruser_spec.rb | 1 + spec/classes/mod/php_spec.rb | 4 ++++ spec/classes/mod/prefork_spec.rb | 3 +++ spec/classes/mod/proxy_connect_spec.rb | 1 + spec/classes/mod/proxy_html_spec.rb | 3 +++ spec/classes/mod/python_spec.rb | 3 +++ spec/classes/mod/reqtimeout_spec.rb | 3 +++ spec/classes/mod/rpaf_spec.rb | 2 ++ spec/classes/mod/security_spec.rb | 4 +++- spec/classes/mod/shib_spec.rb | 4 +++- spec/classes/mod/speling_spec.rb | 2 ++ spec/classes/mod/ssl_spec.rb | 5 +++++ spec/classes/mod/status_spec.rb | 7 +++++++ spec/classes/mod/suphp_spec.rb | 2 ++ spec/classes/mod/worker_spec.rb | 4 ++++ spec/classes/mod/wsgi_spec.rb | 3 +++ spec/classes/params_spec.rb | 1 + spec/classes/service_spec.rb | 4 ++++ spec/defines/balancermember_spec.rb | 1 + spec/defines/custom_config_spec.rb | 1 + spec/defines/fastcgi_server_spec.rb | 4 ++++ spec/defines/mod_spec.rb | 3 +++ spec/defines/modsec_link_spec.rb | 4 +++- spec/defines/vhost_spec.rb | 7 +++++++ 44 files changed, 132 insertions(+), 3 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a8786bba5e..6d1e3ca00e 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -12,6 +12,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -221,6 +222,7 @@ :operatingsystemrelease => '5', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -541,6 +543,7 @@ :operatingsystemrelease => '9', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -621,6 +624,7 @@ :operatingsystemrelease => '6', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with a custom apache_name parameter' do @@ -659,6 +663,7 @@ { :osfamily => 'Darwin', :operatingsystemrelease => '13.1.0', :concat_basedir => '/dne', + :is_pe => false, } end diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index df342d40e8..83292b1b15 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -8,6 +8,7 @@ :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -21,6 +22,7 @@ :osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -35,6 +37,7 @@ :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 503575af61..7f1458ccf8 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -15,6 +15,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -30,6 +31,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -45,6 +47,7 @@ :operatingsystemrelease => '7', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -60,6 +63,7 @@ :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 1706bfb8d3..8f82ff4dd4 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -15,6 +15,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index a0a913a6e2..f897833996 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -16,6 +16,7 @@ :kernel => 'Linux', :operatingsystem => 'Debian', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -49,6 +50,7 @@ :kernel => 'Linux', :operatingsystem => 'RedHat', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 95abef9948..791baae03c 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -50,6 +52,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index c61010f28a..343e940f63 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -41,6 +41,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end @@ -67,6 +68,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end @@ -86,6 +88,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index 84d80e344a..f653389776 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -18,6 +18,7 @@ :osfamily => osfamily, :operatingsystem => osfamily, :operatingsystemrelease => operatingsystemrelease, + :is_pe => false, } end it { is_expected.to contain_class('apache::dev') } diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 1efed2fe79..8aec59fed0 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -17,6 +17,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :lsbdistcodename => 'squeeze', + :is_pe => false, } end context "passing no parameters" do @@ -48,6 +49,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do @@ -79,6 +81,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 7030a72e8b..bc5aa41106 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -108,6 +110,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 126c5cc3ef..e204bb7460 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index a342e58135..214ec75bea 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -35,6 +36,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -79,6 +81,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -103,6 +106,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 20ed127dcb..cdf1663456 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -78,6 +78,7 @@ def general_info_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -104,6 +105,7 @@ def general_info_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -126,6 +128,7 @@ def general_info_specs :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index b5d50a18af..5556f5ee7c 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index 5e78230e28..f846ce386b 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -21,6 +21,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -65,6 +66,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -91,6 +93,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb index 32edbc4b02..3c7ad88d18 100644 --- a/spec/classes/mod/mime_spec.rb +++ b/spec/classes/mod/mime_spec.rb @@ -21,6 +21,7 @@ def general_mime_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -40,6 +41,7 @@ def general_mime_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index d01442cb9a..813e76def0 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -13,6 +13,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index c4abd3e100..c3f5a41447 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 0093d4b919..9c9935939e 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -130,6 +131,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -149,6 +151,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -168,6 +171,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -187,6 +191,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -206,6 +211,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -244,6 +250,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 2c14c31f06..5bfe8ff2d2 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index c0dfc96f55..9ae063cceb 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index cf61318797..1508863513 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -12,6 +12,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do @@ -49,6 +50,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with default params" do @@ -130,6 +132,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do @@ -163,6 +166,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with content param' do diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 34bca08dc0..f5c0e93759 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -105,6 +107,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb index c54d255a5e..f4b4cc2e6b 100644 --- a/spec/classes/mod/proxy_connect_spec.rb +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with Apache version < 2.4' do diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 81a2bb5371..ce3e70c3a9 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -25,6 +25,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :hardwaremodel => 'i386', + :is_pe => false, } end @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -76,6 +78,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 17b62d43bd..9b6d846de0 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/reqtimeout_spec.rb b/spec/classes/mod/reqtimeout_spec.rb index 07c09b0940..97aa7db453 100644 --- a/spec/classes/mod/reqtimeout_spec.rb +++ b/spec/classes/mod/reqtimeout_spec.rb @@ -17,6 +17,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :lsbdistcodename => 'squeeze', + :is_pe => false, } end context "passing no parameters" do @@ -51,6 +52,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do @@ -85,6 +87,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index ca3a594848..418797bdf8 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -56,6 +57,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 05586c2caa..93f751ee4e 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :concat_basedir => '/', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { should contain_apache__mod('security').with( @@ -57,7 +58,8 @@ :lsbdistcodename => 'squeeze', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :kernel => 'Linux' + :kernel => 'Linux', + :is_pe => false, } end it { should contain_apache__mod('security').with( diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb index e515db96df..0254d4c3c6 100644 --- a/spec/classes/mod/shib_spec.rb +++ b/spec/classes/mod/shib_spec.rb @@ -14,6 +14,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :fqdn => 'test.example.com', + :is_pe => false, } end describe 'with no parameters' do @@ -31,10 +32,11 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :fqdn => 'test.example.com', + :is_pe => false, } end describe 'with no parameters' do it { should contain_apache__mod('shib2').with_id('mod_shib') } end end -end \ No newline at end of file +end diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb index 814e0d6720..b07af25897 100644 --- a/spec/classes/mod/speling_spec.rb +++ b/spec/classes/mod/speling_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__mod('speling') } @@ -30,6 +31,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__mod('speling') } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 75a844151e..f7755ed362 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { expect { subject }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } @@ -29,6 +30,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -56,6 +58,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -73,6 +76,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -90,6 +94,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 502562959c..e3b3d24428 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -36,6 +36,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -65,6 +66,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -87,6 +89,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -112,6 +115,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -134,6 +138,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -159,6 +164,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -183,6 +189,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index b74b4c8646..9b20000f30 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -30,6 +31,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 5902c2c7ea..7afdb70e6a 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -105,6 +107,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -123,6 +126,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index a68c808305..e8dd00db0a 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -34,6 +35,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -112,6 +114,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index 6f63758a3a..92b314f92e 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -12,6 +12,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__params } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index fda1f51279..786b3935f4 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -103,6 +104,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -123,6 +125,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -143,6 +146,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let(:params) do diff --git a/spec/defines/balancermember_spec.rb b/spec/defines/balancermember_spec.rb index b7293b390e..0322d308eb 100644 --- a/spec/defines/balancermember_spec.rb +++ b/spec/defines/balancermember_spec.rb @@ -28,6 +28,7 @@ :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernel => 'Linux', + :is_pe => false, } end describe "allows multiple balancermembers with the same url" do diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index 187b8a7b56..e9650a736b 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'defaults with content' do diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 1dc8fd444a..8aa422dbcb 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -18,6 +18,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -39,6 +40,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -59,6 +61,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -81,6 +84,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end describe ".conf content" do diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 377c877926..dbeaf4ac40 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -57,6 +58,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -96,6 +98,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/defines/modsec_link_spec.rb b/spec/defines/modsec_link_spec.rb index c1633d01d8..a5b4c5390c 100644 --- a/spec/defines/modsec_link_spec.rb +++ b/spec/defines/modsec_link_spec.rb @@ -21,6 +21,7 @@ class { "apache::mod::security": activated_rules => [] } :id => 'root', :concat_basedir => '/', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { should contain_file('modsecurity_35_bad_robots.data').with( @@ -39,7 +40,8 @@ class { "apache::mod::security": activated_rules => [] } :lsbdistcodename => 'squeeze', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :kernel => 'Linux' + :kernel => 'Linux', + :is_pe => false, } end it { should contain_file('modsecurity_35_bad_robots.data').with( diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9a8746a233..e52c901587 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -24,6 +24,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -42,6 +43,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -68,6 +70,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -91,6 +94,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end describe 'basic assumptions' do @@ -257,6 +261,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernelversion => '3.6.2', + :is_pe => false, } end @@ -350,6 +355,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernelversion => '3.6.2', + :is_pe => false, } end @@ -418,6 +424,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'single log file' do From be8de013021a924cbf0024afef604db4e4e865f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 14:20:13 -0800 Subject: [PATCH 0509/2267] Fixup for PR 928 - omit priority There were a lot of conflicts in vhost so I updated them manually rather than in the merge. --- manifests/vhost.pp | 94 +++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index edd589a623..5d2ad8e5d6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -230,11 +230,13 @@ # Configure the defaultness of a vhost if $priority { - $priority_real = $priority + $priority_real = "${priority}-" + } elsif $priority == false { + $priority_real = '' } elsif $default_vhost { - $priority_real = '10' + $priority_real = '10-' } else { - $priority_real = '25' + $priority_real = '25-' } ## Apache include does not always work with spaces in the filename @@ -249,7 +251,7 @@ group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}${filename}.conf"], } } @@ -259,7 +261,7 @@ ensure => $logroot_ensure, mode => $logroot_mode, require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}${filename}.conf"], } } @@ -436,9 +438,9 @@ } } - concat { "${priority_real}-${filename}.conf": + concat { "${priority_real}${filename}.conf": ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -452,14 +454,14 @@ present => link, default => $ensure, } - file{ "${priority_real}-${filename}.conf symlink": + file{ "${priority_real}${filename}.conf symlink": ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${vhost_enable_dir}/${priority_real}${filename}.conf", + target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => Concat["${priority_real}-${filename}.conf"], + require => Concat["${priority_real}${filename}.conf"], notify => Class['apache::service'], } } @@ -469,7 +471,7 @@ # - $servername # - $serveradmin concat::fragment { "${name}-apache-header": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 0, content => template('apache/vhost/_file_header.erb'), } @@ -478,7 +480,7 @@ # - $virtual_docroot # - $docroot concat::fragment { "${name}-docroot": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 10, content => template('apache/vhost/_docroot.erb'), } @@ -487,7 +489,7 @@ # - $aliases if $aliases and ! empty($aliases) { concat::fragment { "${name}-aliases": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 20, content => template('apache/vhost/_aliases.erb'), } @@ -498,7 +500,7 @@ # - $::kernelversion if $itk and ! empty($itk) { concat::fragment { "${name}-itk": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 30, content => template('apache/vhost/_itk.erb'), } @@ -508,7 +510,7 @@ # - $fallbackresource if $fallbackresource { concat::fragment { "${name}-fallbackresource": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 40, content => template('apache/vhost/_fallbackresource.erb'), } @@ -518,7 +520,7 @@ # - $allow_encoded_slashes if $allow_encoded_slashes { concat::fragment { "${name}-allow_encoded_slashes": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 50, content => template('apache/vhost/_allow_encoded_slashes.erb'), } @@ -532,7 +534,7 @@ # - $shibboleth_enabled if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 60, content => template('apache/vhost/_directories.erb'), } @@ -542,7 +544,7 @@ # - $additional_includes if $additional_includes and ! empty($additional_includes) { concat::fragment { "${name}-additional_includes": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 70, content => template('apache/vhost/_additional_includes.erb'), } @@ -555,7 +557,7 @@ # - $log_level if $error_log or $log_level { concat::fragment { "${name}-logging": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 80, content => template('apache/vhost/_logging.erb'), } @@ -563,7 +565,7 @@ # Template uses no variables concat::fragment { "${name}-serversignature": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 90, content => template('apache/vhost/_serversignature.erb'), } @@ -577,7 +579,7 @@ # - $access_logs if $access_log or $access_logs { concat::fragment { "${name}-access_log": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 100, content => template('apache/vhost/_access_log.erb'), } @@ -587,7 +589,7 @@ # - $action if $action { concat::fragment { "${name}-action": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 110, content => template('apache/vhost/_action.erb'), } @@ -598,7 +600,7 @@ # - $apache_version if $block and ! empty($block) { concat::fragment { "${name}-block": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 120, content => template('apache/vhost/_block.erb'), } @@ -608,7 +610,7 @@ # - $error_documents if $error_documents and ! empty($error_documents) { concat::fragment { "${name}-error_document": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 130, content => template('apache/vhost/_error_document.erb'), } @@ -621,7 +623,7 @@ # - $no_proxy_uris if $proxy_dest or $proxy_pass { concat::fragment { "${name}-proxy": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 140, content => template('apache/vhost/_proxy.erb'), } @@ -631,7 +633,7 @@ # - $rack_base_uris if $rack_base_uris { concat::fragment { "${name}-rack": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 150, content => template('apache/vhost/_rack.erb'), } @@ -652,7 +654,7 @@ # - $redirectmatch_dest if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 160, content => template('apache/vhost/_redirect.erb'), } @@ -665,7 +667,7 @@ # - $rewrite_cond if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 170, content => template('apache/vhost/_rewrite.erb'), } @@ -676,7 +678,7 @@ # - $scriptalias if $scriptaliases and ! empty($scriptaliases) { concat::fragment { "${name}-scriptalias": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 180, content => template('apache/vhost/_scriptalias.erb'), } @@ -686,7 +688,7 @@ # - $serveraliases if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 190, content => template('apache/vhost/_serveralias.erb'), } @@ -697,7 +699,7 @@ # - $setenvif if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { concat::fragment { "${name}-setenv": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 200, content => template('apache/vhost/_setenv.erb'), } @@ -723,7 +725,7 @@ # - $apache_version if $ssl { concat::fragment { "${name}-ssl": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 210, content => template('apache/vhost/_ssl.erb'), } @@ -735,7 +737,7 @@ # - $suphp_configpath if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 220, content => template('apache/vhost/_suphp.erb'), } @@ -746,7 +748,7 @@ # - $php_flags if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { concat::fragment { "${name}-php": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 220, content => template('apache/vhost/_php.erb'), } @@ -757,7 +759,7 @@ # - $php_admin_flags if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 230, content => template('apache/vhost/_php_admin.erb'), } @@ -767,7 +769,7 @@ # - $headers if $headers and ! empty($headers) { concat::fragment { "${name}-header": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 240, content => template('apache/vhost/_header.erb'), } @@ -777,7 +779,7 @@ # - $request_headers if $request_headers and ! empty($request_headers) { concat::fragment { "${name}-requestheader": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 250, content => template('apache/vhost/_requestheader.erb'), } @@ -794,7 +796,7 @@ # - $wsgi_pass_authorization if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 260, content => template('apache/vhost/_wsgi.erb'), } @@ -804,7 +806,7 @@ # - $custom_fragment if $custom_fragment { concat::fragment { "${name}-custom_fragment": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 270, content => template('apache/vhost/_custom_fragment.erb'), } @@ -817,7 +819,7 @@ # - $apache_version if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 280, content => template('apache/vhost/_fastcgi.erb'), } @@ -827,7 +829,7 @@ # - $suexec_user_group if $suexec_user_group { concat::fragment { "${name}-suexec": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 290, content => template('apache/vhost/_suexec.erb'), } @@ -841,7 +843,7 @@ # - $passenger_pre_start if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 300, content => template('apache/vhost/_passenger.erb'), } @@ -851,7 +853,7 @@ # - $add_default_charset if $add_default_charset { concat::fragment { "${name}-charsets": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 310, content => template('apache/vhost/_charsets.erb'), } @@ -864,7 +866,7 @@ # - $modsec_body_limit if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { concat::fragment { "${name}-security": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 320, content => template('apache/vhost/_security.erb') } @@ -872,7 +874,7 @@ # Template uses no variables concat::fragment { "${name}-file_footer": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 999, content => template('apache/vhost/_file_footer.erb'), } From 1e50cd6f32d722281d8294168b6f58691f526792 Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Tue, 23 Dec 2014 00:47:25 +0000 Subject: [PATCH 0510/2267] change default version for freebsd from 2.2 to 2.4 --- README.md | 1 + manifests/default_mods.pp | 22 ++--- manifests/init.pp | 2 +- manifests/mod/alias.pp | 2 +- manifests/mod/cgi.pp | 8 +- manifests/mod/cgid.pp | 7 +- manifests/mod/disk_cache.pp | 8 +- manifests/mod/filter.pp | 3 + manifests/mod/peruser.pp | 107 ++++++++++++------------ manifests/mod/php.pp | 6 +- manifests/mpm.pp | 5 +- manifests/package.pp | 69 ++++++++------- manifests/params.pp | 26 +++--- manifests/version.pp | 2 +- spec/acceptance/class_spec.rb | 4 +- spec/acceptance/default_mods_spec.rb | 4 +- spec/acceptance/itk_spec.rb | 2 +- spec/acceptance/mod_dav_svn_spec.rb | 4 +- spec/acceptance/mod_deflate_spec.rb | 4 +- spec/acceptance/mod_mime_spec.rb | 4 +- spec/acceptance/mod_negotiation_spec.rb | 6 +- spec/acceptance/mod_pagespeed_spec.rb | 6 +- spec/acceptance/mod_php_spec.rb | 6 +- spec/acceptance/mod_proxy_html_spec.rb | 2 +- spec/acceptance/prefork_worker_spec.rb | 2 +- spec/acceptance/version.rb | 18 ++-- spec/classes/apache_spec.rb | 17 ++-- spec/classes/mod/alias_spec.rb | 4 +- spec/classes/mod/deflate_spec.rb | 2 +- spec/classes/mod/event_spec.rb | 2 +- spec/classes/mod/info_spec.rb | 68 +++++++++++++-- spec/classes/mod/itk_spec.rb | 6 +- spec/classes/mod/peruser_spec.rb | 10 ++- spec/classes/mod/php_spec.rb | 6 +- spec/classes/mod/prefork_spec.rb | 2 +- spec/classes/mod/rpaf_spec.rb | 2 +- spec/classes/mod/worker_spec.rb | 2 +- spec/classes/service_spec.rb | 2 +- spec/defines/fastcgi_server_spec.rb | 2 +- spec/defines/mod_spec.rb | 4 +- spec/defines/vhost_spec.rb | 2 +- 41 files changed, 278 insertions(+), 183 deletions(-) create mode 100644 manifests/mod/filter.pp diff --git a/README.md b/README.md index 984e2ce300..a8d621e4ed 100644 --- a/README.md +++ b/README.md @@ -535,6 +535,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `expires` * `fastcgi` * `fcgid` +* `filter` * `headers` * `include` * `info`* diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 09e360a49e..d3f5dc0a90 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -7,7 +7,7 @@ # They are not configurable at this time, so we just include # them to make sure it works. case $::osfamily { - 'redhat', 'freebsd': { + 'redhat': { ::apache::mod { 'log_config': } if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it @@ -18,6 +18,10 @@ ::apache::mod { 'unixd': } } } + 'freebsd': { + ::apache::mod { 'log_config': } + ::apache::mod { 'unixd': } + } default: {} } ::apache::mod { 'authz_host': } @@ -74,26 +78,27 @@ include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling + include ::apache::mod::filter ::apache::mod { 'asis': } ::apache::mod { 'auth_digest': } - ::apache::mod { 'authn_alias': } + ::apache::mod { 'auth_form': } ::apache::mod { 'authn_anon': } + ::apache::mod { 'authn_core': } ::apache::mod { 'authn_dbm': } - ::apache::mod { 'authn_default': } + ::apache::mod { 'authn_socache': } + ::apache::mod { 'authz_dbd': } ::apache::mod { 'authz_dbm': } ::apache::mod { 'authz_owner': } - ::apache::mod { 'cern_meta': } - ::apache::mod { 'charset_lite': } ::apache::mod { 'dumpio': } ::apache::mod { 'expires': } ::apache::mod { 'file_cache': } - ::apache::mod { 'filter':} ::apache::mod { 'imagemap':} ::apache::mod { 'include': } ::apache::mod { 'logio': } + ::apache::mod { 'request': } + ::apache::mod { 'session': } ::apache::mod { 'unique_id': } - ::apache::mod { 'usertrack': } } default: {} } @@ -126,9 +131,6 @@ id => 'authz_core_module', } - # filter is needed by mod_deflate - ::apache::mod { 'filter': } - # lots of stuff seems to break without access_compat ::apache::mod { 'access_compat': } } else { diff --git a/manifests/init.pp b/manifests/init.pp index 74cf753db4..f7b89076d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -259,7 +259,7 @@ 'freebsd': { $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' - $scriptalias = '/usr/local/www/apache22/cgi-bin' + $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } default: { diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index ff196b01a3..c9f8e4dab1 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -9,7 +9,7 @@ true => '/usr/share/httpd/icons', default => '/var/www/icons', }, - 'freebsd' => '/usr/local/www/apache22/icons', + 'freebsd' => '/usr/local/www/apache24/icons', } apache::mod { 'alias': } # Template uses $icons_path diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 6c3c6aec8d..91352e8c8d 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,4 +1,10 @@ class apache::mod::cgi { - Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + } + } + ::apache::mod { 'cgi': } } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index ee9044cd5a..8946f652b9 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -1,5 +1,10 @@ class apache::mod::cgid { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + } + } # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 54c0528379..2730809cf1 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -4,6 +4,12 @@ 'redhat' => '/var/cache/mod_proxy', 'freebsd' => '/var/cache/mod_disk_cache', } + + $mod_name = $::osfamily ? { + 'FreeBSD' => 'cache_disk', + default => 'disk_cache', + } + if $::osfamily != 'FreeBSD' { # FIXME: investigate why disk_cache was dependent on proxy # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not @@ -11,7 +17,7 @@ } Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - apache::mod { 'disk_cache': } + apache::mod { $mod_name: } # Template uses $cache_proxy file { 'disk_cache.conf': ensure => file, diff --git a/manifests/mod/filter.pp b/manifests/mod/filter.pp new file mode 100644 index 0000000000..26dc488b3a --- /dev/null +++ b/manifests/mod/filter.pp @@ -0,0 +1,3 @@ +class apache::mod::filter { + ::apache::mod { 'filter': } +} diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 107e47ce81..6b9dfad95f 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -8,66 +8,63 @@ $expiretimeout = '120', $keepalive = 'Off', ) { - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::peruser and apache::mod::event on the same node') - } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - } - - $mod_dir = $::apache::mod_dir - - # Template uses: - # - $minspareprocessors - # - $minprocessors - # - $maxprocessors - # - $maxclients - # - $maxrequestsperchild - # - $idletimeout - # - $expiretimeout - # - $keepalive - # - $mod_dir - file { "${::apache::mod_dir}/peruser.conf": - ensure => file, - content => template('apache/mod/peruser.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - file { "${::apache::mod_dir}/peruser": - ensure => directory, - require => File[$::apache::mod_dir], - } - file { "${::apache::mod_dir}/peruser/multiplexers": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - file { "${::apache::mod_dir}/peruser/processors": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - - ::apache::peruser::multiplexer { '01-default': } case $::osfamily { 'freebsd' : { - class { '::apache::package': - mpm_module => 'peruser' - } + fail("Unsupported osfamily ${::osfamily}") } default: { - fail("Unsupported osfamily ${::osfamily}") + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::peruser and apache::mod::event on the same node') + } + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') + } + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') + } + File { + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + } + + $mod_dir = $::apache::mod_dir + + # Template uses: + # - $minspareprocessors + # - $minprocessors + # - $maxprocessors + # - $maxclients + # - $maxrequestsperchild + # - $idletimeout + # - $expiretimeout + # - $keepalive + # - $mod_dir + file { "${::apache::mod_dir}/peruser.conf": + ensure => file, + content => template('apache/mod/peruser.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + file { "${::apache::mod_dir}/peruser": + ensure => directory, + require => File[$::apache::mod_dir], + } + file { "${::apache::mod_dir}/peruser/multiplexers": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + file { "${::apache::mod_dir}/peruser/processors": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + + ::apache::peruser::multiplexer { '01-default': } } } } diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 4c5d85d56c..1d1274f3b4 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -6,7 +6,9 @@ $content = undef, $template = 'apache/mod/php5.conf.erb', $source = undef, -) { + $root_group = $::apache::params::root_group, +) inherits apache::params { + if defined(Class['::apache::mod::prefork']) { Class['::apache::mod::prefork']->File['php5.conf'] } @@ -47,7 +49,7 @@ ensure => file, path => "${::apache::mod_dir}/php5.conf", owner => 'root', - group => 'root', + group => $root_group, mode => '0644', content => $manage_content, source => $source, diff --git a/manifests/mpm.pp b/manifests/mpm.pp index a5cca49882..2b33634f29 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -13,7 +13,10 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 and + (($::osfamily != 'FreeBSD') or + ($::osfamily == 'FreeBSD' and $mpm == 'itk')) { + file { "${mod_dir}/${mpm}.load": ensure => file, path => "${mod_dir}/${mpm}.load", diff --git a/manifests/package.pp b/manifests/package.pp index a4e4015c52..56e81e5b74 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -3,43 +3,54 @@ $mpm_module = $::apache::params::mpm_module, ) inherits ::apache::params { case $::osfamily { - 'freebsd' : { - $all_mpms = [ - 'www/apache22', - 'www/apache22-worker-mpm', - 'www/apache22-event-mpm', - 'www/apache22-itk-mpm', - 'www/apache22-peruser-mpm', - ] - if $mpm_module { - $apache_package = $mpm_module ? { - 'prefork' => 'www/apache22', - default => "www/apache22-${mpm_module}-mpm" + 'FreeBSD': { + case $mpm_module { + 'prefork': { + $SET = 'MPM_PREFORK' + $UNSET = 'MPM_WORKER MPM_EVENT' } - } else { - $apache_package = 'www/apache22' + 'worker': { + $SET = 'MPM_WORKER' + $UNSET = 'MPM_PERFORK MPM_EVENT' + } + 'event': { + $SET = 'MPM_EVENT' + $UNSET = 'MPM_PERFORK MPM_WORKER' + } + 'itk': { + $SET = nil + $UNSET = nil + package { 'www/mod_mpm_itk': + ensure => installed, + } + } + default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } } - $other_mpms = delete($all_mpms, $apache_package) - # Configure ports to have apache module packages dependent on correct - # version of apache package (apache22, apache22-worker-mpm, ...) - file_line { 'APACHE_PORT in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "APACHE_PORT=${apache_package}", - match => '^\s*#?\s*APACHE_PORT\s*=\s*', - before => Package['httpd'], + + # Configure ports to have apache build options set correctly + if $SET { + file_line { + 'apache SET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_SET_FORCE= ${SET}", + match => '^apache24_SET_FORCE=.*', + before => Package['httpd']; + 'apache UNSET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_UNSET_FORCE= ${UNSET}", + match => '^apache24_UNSET_FORCE=.*', + before => Package['httpd']; + } } - # remove other packages - ensure_resource('package', $other_mpms, { - ensure => absent, - before => Package['httpd'], - require => File_line['APACHE_PORT in /etc/make.conf'], - }) + $apache_package = $::apache::params::apache_name } default: { $apache_package = $::apache::params::apache_name } } + package { 'httpd': ensure => $ensure, name => $apache_package, diff --git a/manifests/params.pp b/manifests/params.pp index 7568179fdc..2a77b033eb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -110,7 +110,7 @@ '7' => '/usr/share/httpd/error', default => '/var/www/error' } - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef @@ -282,9 +282,9 @@ $user = 'www' $group = 'www' $root_group = 'wheel' - $apache_name = 'apache22' - $service_name = 'apache22' - $httpd_dir = '/usr/local/etc/apache22' + $apache_name = 'apache24' + $service_name = 'apache24' + $httpd_dir = '/usr/local/etc/apache24' $server_root = '/usr/local' $conf_dir = $httpd_dir $confd_dir = "${httpd_dir}/Includes" @@ -294,14 +294,14 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" - $logroot = '/var/log/apache22' + $logroot = '/var/log/apache24' $logroot_mode = undef - $lib_path = '/usr/local/libexec/apache22' + $lib_path = '/usr/local/libexec/apache24' $mpm_module = 'prefork' $dev_packages = undef - $default_ssl_cert = '/usr/local/etc/apache22/server.crt' - $default_ssl_key = '/usr/local/etc/apache22/server.key' - $ssl_certs_dir = '/usr/local/etc/apache22' + $default_ssl_cert = '/usr/local/etc/apache24/server.crt' + $default_ssl_key = '/usr/local/etc/apache24/server.key' + $ssl_certs_dir = '/usr/local/etc/apache24' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' @@ -311,7 +311,7 @@ $suphp_engine = 'off' $suphp_configpath = undef $mod_packages = { - # NOTE: I list here only modules that are not included in www/apache22 + # NOTE: I list here only modules that are not included in www/apache24 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config # NOTE: 'php' needs to enable APACHE option in make config # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config @@ -320,7 +320,7 @@ 'fcgid' => 'www/mod_fcgid', 'passenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', - 'php5' => 'lang/php5', + 'php5' => 'www/mod_php5', 'proxy_html' => 'www/mod_proxy_html', 'python' => 'www/mod_python3', 'wsgi' => 'www/mod_wsgi', @@ -340,8 +340,8 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef - $docroot = '/usr/local/www/apache22/data' - $error_documents_path = '/usr/local/www/apache22/error' + $docroot = '/usr/local/www/apache24/data' + $error_documents_path = '/usr/local/www/apache24/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/version.pp b/manifests/version.pp index 8304bb1a0c..7f1da0f071 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -28,7 +28,7 @@ } } 'FreeBSD': { - $default = '2.2' + $default = '2.4' } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 92870bb6ac..76e5cd612f 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -9,8 +9,8 @@ package_name = 'apache2' service_name = 'apache2' when 'FreeBSD' - package_name = 'apache22' - service_name = 'apache22' + package_name = 'apache24' + service_name = 'apache24' end context 'default parameters' do diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 2565ce77b9..f06a966af9 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -8,8 +8,8 @@ mod_dir = '/etc/apache2/mods-available' servicename = 'apache2' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - servicename = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + servicename = 'apache24' end describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index b810657ec3..2dde8f407e 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -4,7 +4,7 @@ when 'Debian' service_name = 'apache2' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' else # Not implemented yet service_name = :skip diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 7e5afed520..10c9b77d75 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -15,8 +15,8 @@ service_name = 'httpd' authz_svn_load_file = 'dav_svn_authz_svn.load' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' authz_svn_load_file = 'dav_svn_authz_svn.load' end diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index 6052cc283f..668897c049 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -9,8 +9,8 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default deflate config" do diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index ff93dbca67..6bd959ce3a 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -9,8 +9,8 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default mime config" do diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 25e4acbeae..371ab0f1d6 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default negotiation config" do diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 0bc07389da..24b6807946 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default pagespeed config" do diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 91eab0f1f7..28da68d3af 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default php config" do diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index eab162b1a3..91bb0a097c 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -7,7 +7,7 @@ when 'RedHat' service_name = 'httpd' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' end context "default proxy_html config" do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 562ff5323d..5ed8726d63 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -6,7 +6,7 @@ when 'Debian' servicename = 'apache2' when 'FreeBSD' - servicename = 'apache22' + servicename = 'apache24' end case fact('osfamily') diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index c1578c52e6..098b0f41c3 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -44,15 +44,15 @@ $apache_version = '2.2' end when 'FreeBSD' - $confd_dir = '/usr/local/etc/apache22/Includes' - $mod_dir = '/usr/local/etc/apache22/Modules' - $conf_file = '/usr/local/etc/apache22/httpd.conf' - $ports_file = '/usr/local/etc/apache22/Includes/ports.conf' - $vhost = '/usr/local/etc/apache22/Vhosts/15-default.conf' - $vhost_dir = '/usr/local/etc/apache22/Vhosts' - $run_dir = '/var/run/apache22' - $service_name = 'apache22' - $package_name = 'apache22' + $confd_dir = '/usr/local/etc/apache24/Includes' + $mod_dir = '/usr/local/etc/apache24/Modules' + $conf_file = '/usr/local/etc/apache24/httpd.conf' + $ports_file = '/usr/local/etc/apache24/Includes/ports.conf' + $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' + $vhost_dir = '/usr/local/etc/apache24/Vhosts' + $run_dir = '/var/run/apache24' + $service_name = 'apache24' + $package_name = 'apache24' $error_log = 'http-error.log' $apache_version = '2.2' diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6d1e3ca00e..ebe267d7ad 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -540,7 +540,7 @@ :kernel => 'FreeBSD', :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :is_pe => false, @@ -551,25 +551,25 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } - it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + it { is_expected.to contain_file("/usr/local/www/apache24/data").with( 'ensure' => 'directory' ) } - it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( + it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules").with( + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { is_expected.to contain_concat("/usr/local/etc/apache22/ports.conf").with( + it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with( 'owner' => 'root', 'group' => 'wheel', 'mode' => '0644', @@ -579,7 +579,6 @@ [ 'auth_basic', 'authn_file', - 'authz_default', 'authz_groupfile', 'authz_host', 'authz_user', @@ -587,7 +586,7 @@ 'env' ].each do |modname| it { is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } it { is_expected.not_to contain_file("#{modname}.conf") } @@ -605,11 +604,11 @@ 'setenvif', ].each do |modname| it { is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } it { is_expected.to contain_file("#{modname}.conf").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.conf", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf", 'ensure' => 'file' ) } end diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 7f1458ccf8..151c37e65a 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -60,13 +60,13 @@ :kernel => 'FreeBSD', :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache22\/icons\/"/) } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) } end end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 343e940f63..2eb6f5e8ad 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -97,7 +97,7 @@ class { "apache::mod::deflate": it { is_expected.to contain_file("deflate.conf").with({ :ensure => 'file', - :path => '/usr/local/etc/apache22/Modules/deflate.conf', + :path => '/usr/local/etc/apache24/Modules/deflate.conf', } ) } end end diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index bc5aa41106..796b6c3931 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -19,7 +19,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('event') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') } end context "on a Debian OS" do let :facts do diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index cdf1663456..32c6339dd9 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -1,5 +1,5 @@ # This function is called inside the OS specific contexts -def general_info_specs +def general_info_specs_22 it { is_expected.to contain_apache__mod('info') } context 'passing no parameters' do @@ -62,6 +62,62 @@ def general_info_specs end end +def general_info_specs_24 + it { is_expected.to contain_apache__mod('info') } + + context 'passing no parameters' do + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Require ip 127.0.0.1 ::1\n"\ + "\n" + ) + } + end + context 'passing restrict_access => false' do + let :params do { + :restrict_access => false + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } + end + context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do + let :params do + {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']} + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\ + "\n" + ) + } + end + context 'passing both restrict_access and allow_from' do + let :params do + { + :restrict_access => false, + :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1'] + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } + end +end + describe 'apache::mod::info', :type => :class do let :pre_condition do "class { 'apache': default_mods => false, }" @@ -83,7 +139,7 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', @@ -110,7 +166,7 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', @@ -122,7 +178,7 @@ def general_info_specs let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -133,11 +189,11 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_24() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', - :path => '/usr/local/etc/apache22/Modules/info.conf', + :path => '/usr/local/etc/apache24/Modules/info.conf', } ) } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 5556f5ee7c..1644408761 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -55,17 +55,19 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :is_pe => false, + :mpm_module => 'itk', } end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('itk') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_package("www/mod_mpm_itk") } end end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index 9ae063cceb..d38f8bba62 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -8,7 +8,7 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -17,8 +17,10 @@ :is_pe => false, } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.not_to contain_apache__mod('peruser') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/) + end end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 1508863513..f2dbfb1a91 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -126,7 +126,7 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -141,7 +141,7 @@ end it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_package("www/mod_php5") } it { is_expected.to contain_file('php5.load') } end context "with mpm_module => itk" do @@ -151,7 +151,7 @@ it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_class('apache::mod::itk') } it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_package("www/mod_php5") } it { is_expected.to contain_file('php5.load') } end end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index f5c0e93759..58c06e0bda 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -112,6 +112,6 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 418797bdf8..d2d5c342d1 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -64,7 +64,7 @@ it { is_expected.to contain_apache__mod('rpaf') } it { is_expected.to contain_package("www/mod_rpaf2") } it { is_expected.to contain_file('rpaf.conf').with({ - 'path' => '/usr/local/etc/apache22/Modules/rpaf.conf', + 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf', }) } it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 7afdb70e6a..bb99a0fe65 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -112,7 +112,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') } end # Template config doesn't vary by distro diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 786b3935f4..ef3504d19e 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -129,7 +129,7 @@ } end it { is_expected.to contain_service("httpd").with( - 'name' => 'apache22', + 'name' => 'apache24', 'ensure' => 'running', 'enable' => 'true' ) diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 8aa422dbcb..efb913e6b0 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -69,7 +69,7 @@ it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( :ensure => 'present', - :path => "/usr/local/etc/apache22/Includes/fastcgi-pool-#{title}.conf" + :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf" ) } end end diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index dbeaf4ac40..3700b0edb4 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -109,8 +109,8 @@ it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do is_expected.to contain_file('spec_m.load').with({ - :path => '/usr/local/etc/apache22/Modules/spec_m.load', - :content => "LoadModule spec_m_module /usr/local/libexec/apache22/mod_spec_m.so\n", + :path => '/usr/local/etc/apache24/Modules/spec_m.load', + :content => "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n", :owner => 'root', :group => 'wheel', :mode => '0644', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index e52c901587..3e8b6edab5 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -79,7 +79,7 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', - :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' + :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } end end From 7bf9f4e133d3f6471e375492b6db3f960e4fecd5 Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 12 Feb 2015 09:55:06 +0000 Subject: [PATCH 0511/2267] removing a no longer working nodeset --- spec/acceptance/nodesets/sles-11sp1-x64.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 spec/acceptance/nodesets/sles-11sp1-x64.yml diff --git a/spec/acceptance/nodesets/sles-11sp1-x64.yml b/spec/acceptance/nodesets/sles-11sp1-x64.yml deleted file mode 100644 index a9f01d5f42..0000000000 --- a/spec/acceptance/nodesets/sles-11sp1-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - sles-11sp1-x64: - roles: - - master - platform: sles-11-x86_64 - box : sles-11sp1-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git From c00cdd4473eb064a185049a547a137b9c3433228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20M=C3=B6rner?= Date: Wed, 28 Jan 2015 22:23:16 +0100 Subject: [PATCH 0512/2267] Symlinks on all distros - Create symlinks on all distros (not just Debian) when a separate $vhost_enable_dir is used. Without this a different $vhost_enable_dir as conf.d on centos does not create symlinks to enable vhosts. - added a $vhost_enable_dir acceptance test --- manifests/vhost.pp | 2 +- spec/acceptance/vhost_spec.rb | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 3c0b149dfe..62472afad3 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -440,7 +440,7 @@ require => Package['httpd'], notify => Class['apache::service'], } - if $::osfamily == 'Debian' { + if $::apache::vhost_enable_dir { $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { present => link, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7309672ce9..5560ec5c07 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -92,6 +92,39 @@ class { 'apache': } end end + context 'new vhost with enable symlink' do + it 'should configure an apache vhost and symlink it from $vhost_enable_dir' do + pp = <<-EOS + class { 'apache': + vhost_enable_dir => "#{$httpd_dir}/sites-enabled", + } + file { '#{$run_dir}': + ensure => 'directory', + recurse => true, + } + + apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', + require => File['#{$run_dir}'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-first.example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName first.example.com" } + end + describe file("#{$httpd_dir}/sites-enabled") do + it { is_expected.to contain_file("25-first.example.com.conf").with( + :ensure => 'link', + :path => "#{$httpd_dir}/sites-enabled/25-first.example.com.conf", + :target => "#{$vhost_dir}/25-first.example.com.conf" + ) } + end + end + context 'new proxy vhost on port 80' do it 'should configure an apache proxy vhost' do pp = <<-EOS From bbe6d29a331081b68e20a1e89ee5e3ca7044ee94 Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Thu, 30 Oct 2014 10:47:30 -0400 Subject: [PATCH 0513/2267] Add support for mod_auth_cas module configuration --- README.md | 8 ++++- manifests/mod/auth_cas.pp | 48 +++++++++++++++++++++++++++ manifests/params.pp | 7 +++- spec/classes/mod/auth_cas_spec.rb | 54 +++++++++++++++++++++++++++++++ templates/mod/auth_cas.conf.erb | 40 +++++++++++++++++++++++ 5 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/auth_cas.pp create mode 100644 spec/classes/mod/auth_cas_spec.rb create mode 100644 templates/mod/auth_cas.conf.erb diff --git a/README.md b/README.md index 2d0e3599b1..651d1b1385 100644 --- a/README.md +++ b/README.md @@ -520,6 +520,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `actions` * `alias` * `auth_basic` +* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` * `authnz_ldap`* * `autoindex` @@ -578,7 +579,7 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. -####Class: `apache::mod::event +####Class: `apache::mod::event` Installs and manages mpm_event module. @@ -592,6 +593,11 @@ To configure the event thread limit: } ``` +####Class: `apache::mod::auth_cas` + +Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required. + +Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). ####Class: `apache::mod::info` diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp new file mode 100644 index 0000000000..fdb5ee80a2 --- /dev/null +++ b/manifests/mod/auth_cas.pp @@ -0,0 +1,48 @@ +class apache::mod::auth_cas ( + $cas_login_url, + $cas_validate_url, + $cas_cookie_path = $::apache::params::cas_cookie_path, + $cas_version = 2, + $cas_debug = 'Off', + $cas_validate_depth = undef, + $cas_certificate_path = undef, + $cas_proxy_validate_url = undef, + $cas_root_proxied_as = undef, + $cas_cookie_entropy = undef, + $cas_timeout = undef, + $cas_idle_timeout = undef, + $cas_cache_clean_interval = undef, + $cas_cookie_domain = undef, + $cas_cookie_http_only = undef, + $cas_authoritative = undef, + $suppress_warning = false, +) { + + validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) + + if $::osfamily == 'RedHat' and ! $suppress_warning { + warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') + } + + ::apache::mod { 'auth_cas': } + + file { $cas_cookie_path: + ensure => directory, + before => File['auth_cas.conf'], + mode => '0750', + owner => $apache::user, + group => $apache::group, + } + + # Template uses + # - All variables beginning with cas_ + file { 'auth_cas.conf': + ensure => file, + path => "${::apache::mod_dir}/auth_cas.conf", + content => template('apache/mod/auth_cas.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 7568179fdc..685579e349 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -67,7 +67,9 @@ $suphp_engine = 'off' $suphp_configpath = undef # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide + # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. $mod_packages = { + 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', @@ -110,11 +112,12 @@ '7' => '/usr/share/httpd/error', default => '/var/www/error' } - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef } + $cas_cookie_path = '/var/cache/mod_auth_cas/' $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' @@ -169,6 +172,7 @@ $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', @@ -198,6 +202,7 @@ $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' $docroot = '/var/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' diff --git a/spec/classes/mod/auth_cas_spec.rb b/spec/classes/mod/auth_cas_spec.rb new file mode 100644 index 0000000000..53c13c5a12 --- /dev/null +++ b/spec/classes/mod/auth_cas_spec.rb @@ -0,0 +1,54 @@ +require 'spec_helper' + +describe 'apache::mod::auth_cas', :type => :class do + let :params do + { + :cas_login_url => 'https://cas.example.com/login', + :cas_validate_url => 'https://cas.example.com/validate', + } + end + + let :pre_condition do + 'include ::apache' + end + + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("libapache2-mod-auth-cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') } + end + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("mod_auth_cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') } + end +end diff --git a/templates/mod/auth_cas.conf.erb b/templates/mod/auth_cas.conf.erb new file mode 100644 index 0000000000..926bd65f52 --- /dev/null +++ b/templates/mod/auth_cas.conf.erb @@ -0,0 +1,40 @@ +CASCookiePath <%= @cas_cookie_path %> +CASLoginURL <%= @cas_login_url %> +CASValidateURL <%= @cas_validate_url %> + +CASVersion <%= @cas_version %> +CASDebug <%= @cas_debug %> + +<% if @cas_certificate_path -%> +CASCertificatePath <%= @cas_certificate_path %> +<% end -%> +<% if @cas_proxy_validate_url -%> +CASProxyValidateURL <%= @cas_proxy_validate_url %> +<% end -%> +<% if @cas_validate_depth -%> +CASValidateDepth <%= @cas_validate_depth %> +<% end -%> +<% if @cas_root_proxied_as -%> +CASRootProxiedAs <%= @cas_root_proxied_as %> +<% end -%> +<% if @cas_cookie_entropy -%> +CASCookieEntropy <%= @cas_cookie_entropy %> +<% end -%> +<% if @cas_timeout -%> +CASTimeout <%= @cas_timeout %> +<% end -%> +<% if @cas_idle_timeout -%> +CASIdleTimeout <%= @cas_idle_timeout %> +<% end -%> +<% if @cas_cache_clean_interval -%> +CASCacheCleanInterval <%= @cas_cache_clean_interval %> +<% end -%> +<% if @cas_cookie_domain -%> +CASCookieDomain <%= @cas_cookie_domain %> +<% end -%> +<% if @cas_cookie_http_only -%> +CASCookieHttpOnly <%= @cas_cookie_http_only %> +<% end -%> +<% if @cas_authoritative -%> +CASAuthoritative <%= @cas_authoritative %> +<% end -%> From c0d3866f95eb4339acb2bc4f8186c6e74428854c Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 11 Feb 2015 15:00:22 -0800 Subject: [PATCH 0514/2267] Ensure that linter fails on warnings --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 01c85eb991..416807dadc 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,7 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') From 14c84595b8dcf8b535b340f46ef682243211227d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 13:37:08 -0800 Subject: [PATCH 0515/2267] Remove the ' ' for gepetto? --- manifests/package.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index 56e81e5b74..d4d96202f2 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -33,13 +33,13 @@ 'apache SET options in /etc/make.conf': ensure => $ensure, path => '/etc/make.conf', - line => "apache24_SET_FORCE= ${SET}", + line => "apache24_SET_FORCE=${SET}", match => '^apache24_SET_FORCE=.*', before => Package['httpd']; 'apache UNSET options in /etc/make.conf': ensure => $ensure, path => '/etc/make.conf', - line => "apache24_UNSET_FORCE= ${UNSET}", + line => "apache24_UNSET_FORCE=${UNSET}", match => '^apache24_UNSET_FORCE=.*', before => Package['httpd']; } From 3c43cf68f685e68897290ffb0980a9cf613abefd Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 14:13:26 -0800 Subject: [PATCH 0516/2267] Move test for symlinks to unit tests --- spec/acceptance/vhost_spec.rb | 33 --------------------------------- spec/defines/vhost_spec.rb | 7 ++++++- 2 files changed, 6 insertions(+), 34 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e003ab886b..ce504cc3a3 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -92,39 +92,6 @@ class { 'apache': } end end - context 'new vhost with enable symlink' do - it 'should configure an apache vhost and symlink it from $vhost_enable_dir' do - pp = <<-EOS - class { 'apache': - vhost_enable_dir => "#{$httpd_dir}/sites-enabled", - } - file { '#{$run_dir}': - ensure => 'directory', - recurse => true, - } - - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - require => File['#{$run_dir}'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{$vhost_dir}/25-first.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain "ServerName first.example.com" } - end - describe file("#{$httpd_dir}/sites-enabled") do - it { is_expected.to contain_file("25-first.example.com.conf").with( - :ensure => 'link', - :path => "#{$httpd_dir}/sites-enabled/25-first.example.com.conf", - :target => "#{$vhost_dir}/25-first.example.com.conf" - ) } - end - end - context 'new proxy vhost on port 80' do it 'should configure an apache proxy vhost' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3e8b6edab5..807488369e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -2,7 +2,7 @@ describe 'apache::vhost', :type => :define do let :pre_condition do - 'class { "apache": default_vhost => false, default_mods => false, }' + 'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}' end let :title do 'rspec.example.com' @@ -294,6 +294,11 @@ 'notify' => 'Class[Apache::Service]', }) } + it { is_expected.to contain_file('30-rspec.example.com.conf symlink').with({ + 'ensure' => 'link', + 'path' => '/etc/apache2/sites-enabled/30-rspec.example.com.conf', + }) + } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } From 0aae912bf26ff9004aac91a4d4f3100cbf09346d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 15:50:52 -0800 Subject: [PATCH 0517/2267] Bad variables for freebsd patch --- manifests/package.pp | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index d4d96202f2..395c03103c 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -6,20 +6,20 @@ 'FreeBSD': { case $mpm_module { 'prefork': { - $SET = 'MPM_PREFORK' - $UNSET = 'MPM_WORKER MPM_EVENT' + $set = 'MPM_PREFORK' + $unset = 'MPM_WORKER MPM_EVENT' } 'worker': { - $SET = 'MPM_WORKER' - $UNSET = 'MPM_PERFORK MPM_EVENT' + $set = 'MPM_WORKER' + $unset = 'MPM_PERFORK MPM_EVENT' } 'event': { - $SET = 'MPM_EVENT' - $UNSET = 'MPM_PERFORK MPM_WORKER' + $set = 'MPM_EVENT' + $unset = 'MPM_PERFORK MPM_WORKER' } 'itk': { - $SET = nil - $UNSET = nil + $set = undef + $unset = undef package { 'www/mod_mpm_itk': ensure => installed, } @@ -28,20 +28,20 @@ } # Configure ports to have apache build options set correctly - if $SET { - file_line { - 'apache SET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_SET_FORCE=${SET}", - match => '^apache24_SET_FORCE=.*', - before => Package['httpd']; - 'apache UNSET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_UNSET_FORCE=${UNSET}", - match => '^apache24_UNSET_FORCE=.*', - before => Package['httpd']; + if $set { + file_line { 'apache SET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_SET_FORCE=${set}", + match => '^apache24_SET_FORCE=.*', + before => Package['httpd'], + } + file_line { 'apache UNSET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_UNSET_FORCE=${unset}", + match => '^apache24_UNSET_FORCE=.*', + before => Package['httpd'], } } $apache_package = $::apache::params::apache_name From 2990db0da3c0bdd0259d3a2bbca008009215990b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 13 Feb 2015 09:45:32 -0800 Subject: [PATCH 0518/2267] Lost this in PR996 --- manifests/default_mods.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index d3f5dc0a90..2415464505 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -126,6 +126,9 @@ ::apache::mod { 'authn_file': } if versioncmp($apache_version, '2.4') >= 0 { + # filter is needed by mod_deflate + include ::apache::mod::filter + # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From d4bbb168b3d648e602905deb78ac704294d7f052 Mon Sep 17 00:00:00 2001 From: Cristian Falcas Date: Sun, 15 Feb 2015 18:21:06 +0200 Subject: [PATCH 0519/2267] Update README.md params from proxy_pass needs to be a hash (considering the erb templates/vhost/_proxy.erb) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 174e58120d..3b22ff46dd 100644 --- a/README.md +++ b/README.md @@ -1295,7 +1295,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', From 55b3d8bef410f25933f3b7ca02160e90a434fb6a Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Fri, 13 Feb 2015 09:29:45 +0100 Subject: [PATCH 0520/2267] add ProxyErrorOverride directive add tests for proxy_error_override --- README.md | 4 ++++ manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 2 ++ spec/defines/vhost_spec.rb | 1 + templates/vhost/_proxy.erb | 3 +++ 5 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 3b22ff46dd..54839ef088 100644 --- a/README.md +++ b/README.md @@ -1222,6 +1222,10 @@ Specifies URLs you do not want to proxy. This parameter is meant to be used in c Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). +#####`proxy_error_override` + +Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. + #####`options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: diff --git a/manifests/vhost.pp b/manifests/vhost.pp index b772654cf2..1113a1ea9f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -67,6 +67,7 @@ $php_admin_values = {}, $no_proxy_uris = [], $proxy_preserve_host = false, + $proxy_error_override = false, $redirect_source = '/', $redirect_dest = undef, $redirect_status = undef, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index ce504cc3a3..24f3afd98e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -103,6 +103,7 @@ class { 'apache': } { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], proxy_preserve_host => true, + proxy_error_override => true, } EOS apply_manifest(pp, :catch_failures => true) @@ -113,6 +114,7 @@ class { 'apache': } it { is_expected.to contain "ServerName proxy.example.com" } it { is_expected.to contain "ProxyPass" } it { is_expected.to contain "ProxyPreserveHost On" } + it { is_expected.to contain "ProxyErrorOverride On" } it { is_expected.not_to contain "" } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 807488369e..483617f4c7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -192,6 +192,7 @@ 'php_admin_values' => ['true', 'false'], 'no_proxy_uris' => '/foo', 'proxy_preserve_host' => true, + 'proxy_error_override' => true, 'redirect_source' => '/bar', 'redirect_dest' => '/', 'redirect_status' => 'temp', diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index dd25e2c87a..58fcc98177 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -6,6 +6,9 @@ <% if @proxy_preserve_host -%> ProxyPreserveHost On <%- end -%> +<% if @proxy_error_override -%> + ProxyErrorOverride On +<%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> From c11c6224daccc4718c8bf3061eb164dd1e7e399a Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Sun, 18 Jan 2015 14:55:49 +0100 Subject: [PATCH 0521/2267] MODULES-1622: Allow multiple Deny directives in a directory --- README.md | 2 +- spec/defines/vhost_spec.rb | 19 ++++++++++++++----- templates/vhost/_directories.erb | 8 +++++++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 484bb3eb7d..b821c6513b 100644 --- a/README.md +++ b/README.md @@ -1697,7 +1697,7 @@ Pass a string of custom configuration directives to be placed at the end of the ######`deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ```puppet apache::vhost { 'sample.example.net': diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 66b1862508..1d442ae3dc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -147,11 +147,20 @@ 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', 'access_log_env_var' => '', 'aliases' => '/image', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' - }, + 'directories' => [ + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'allow' => [ 'from 127.0.0.1', 'from 127.0.0.2', ], + 'deny' => [ 'from 127.0.0.3', 'from 127.0.0.4', ], + }, + { + 'path' => '/var/www/foo', + 'provider' => 'files', + 'allow' => 'from 127.0.0.1', + 'deny' => 'from all', + }, + ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', 'error_log_pipe' => '', diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 703afaa8dd..41916f3feb 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -55,8 +55,14 @@ <%- else -%> Order allow,deny <%- end -%> - <%- if directory['deny'] and directory['deny'] != '' -%> + <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> + <%- if directory['deny'].kind_of?(Array) -%> + <%- Array(directory['deny']).each do |restrict| -%> + Deny <%= restrict %> + <%- end -%> + <%- else -%> Deny <%= directory['deny'] %> + <%- end -%> <%- end -%> <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> <%- if directory['allow'].kind_of?(Array) -%> From a530b41fcf67c73bd4abc9eaf99a72e5340dc942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Berger?= Date: Wed, 21 Jan 2015 02:50:16 +0100 Subject: [PATCH 0522/2267] Add RewriteMap support --- README.md | 7 ++++++- manifests/vhost.pp | 1 + spec/acceptance/vhost_spec.rb | 2 ++ templates/vhost/_rewrite.erb | 7 +++++++ tests/vhost.pp | 15 +++++++++++++++ 5 files changed, 31 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 484bb3eb7d..bf95956589 100644 --- a/README.md +++ b/README.md @@ -1327,7 +1327,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1388,6 +1388,11 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + }, ], } ``` diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e05cb566f..3fa1965138 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -657,6 +657,7 @@ # - $rewrite_base # - $rewrite_rule # - $rewrite_cond + # - $rewrite_map if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": target => "${priority_real}-${filename}.conf", diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7309672ce9..03855488a8 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -999,6 +999,7 @@ class { 'apache': } { comment => 'test', rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]', rewrite_rule => ['^index\.html$ welcome.html'], + rewrite_map => ['lc int:tolower'], } ], } @@ -1011,6 +1012,7 @@ class { 'apache': } it { is_expected.to contain '#test' } it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' } + it { is_expected.to contain 'RewriteMap lc int:tolower' } end end diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index 46dd95691c..81e3bc4679 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -19,6 +19,13 @@ <%- end -%> <%- end -%> <%- end -%> + <%- if rewrite_details['rewrite_map'] -%> + <%- Array(rewrite_details['rewrite_map']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteMap <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> <%- Array(commands).each do |command| -%> RewriteRule <%= command %> diff --git a/tests/vhost.pp b/tests/vhost.pp index 4ffb782990..a46b677846 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -154,6 +154,21 @@ } ] } + +# Rewrite a URL to lower case +apache::vhost { 'sixteenth.example.com non-ssl': + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrites => [ + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + } + ] +} + apache::vhost { 'sixteenth.example.com ssl': servername => 'sixteenth.example.com', port => '443', From d431fce700f357a6330544490788bd124b2982dd Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Tue, 17 Feb 2015 15:03:39 +0000 Subject: [PATCH 0523/2267] Supersede ssl_random_seed_bytes with ssl_random_seeds option to allow setting of both random source and bytes. --- README.md | 7 ++++++- manifests/mod/ssl.pp | 8 +++++++- spec/classes/mod/ssl_spec.rb | 12 ++++++++---- templates/mod/ssl.conf.erb | 9 +++++---- 4 files changed, 26 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 7a2a9dfdfa..9976db3e40 100644 --- a/README.md +++ b/README.md @@ -750,7 +750,12 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', ssl_protocol => 'all -SSLv2 -SSLv3', ssl_pass_phrase_dialog => 'builtin', - ssl_random_seed_bytes => '512', + ssl_random_seeds => [ + 'startup builtin', + 'startup file:/dev/urandom 512', + 'connect builtin', + 'connect file:/dev/urandom 512', + ], } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index f2b62459e3..b0a511a35e 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,7 +4,12 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seed_bytes = '512', + $ssl_random_seeds = [ + 'startup builtin', + 'startup file:/dev/urandom 512', + 'connect builtin', + 'connect file:/dev/urandom 512', + ], $apache_version = $::apache::apache_version, $package_name = undef, ) { @@ -49,6 +54,7 @@ # $ssl_options # $session_cache, # $ssl_mutex + # $ssl_random_seeds # $apache_version # file { 'ssl.conf': diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f7755ed362..a657567abe 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -111,13 +111,17 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} end - context 'setting ssl_random_seed_bytes' do + context 'setting ssl_random_seeds' do let :params do { - :ssl_random_seed_bytes => '1024', - } + :ssl_random_seeds => ['startup builtin', + 'startup file:/dev/random 256', + 'connect file:/dev/urandom 1024' ], + } end - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed startup builtin$/)} + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed startup file:\/dev\/random 256$/)} + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed connect file:\/dev\/urandom 1024$/)} end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 6fb25c16ee..e9155545b0 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -1,8 +1,9 @@ - SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> - SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> + <%- Array(@ssl_random_seeds).each do |ssl_random_seed| -%> + <%- if ssl_random_seed != '' -%> + SSLRandomSeed <%= ssl_random_seed %> + <%- end -%> + <%- end -%> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl From 5607d87fe2a7eeb6d8a3013939087d1825b828ff Mon Sep 17 00:00:00 2001 From: Jonathan Davies Date: Tue, 17 Feb 2015 16:56:38 +0000 Subject: [PATCH 0524/2267] ssl.pp: Fixed indent. --- manifests/mod/ssl.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index b0a511a35e..9e352cbf1b 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,7 +4,7 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seeds = [ + $ssl_random_seeds = [ 'startup builtin', 'startup file:/dev/urandom 512', 'connect builtin', From c89bb3e79df54e1eae58af98b581ba044f359474 Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Tue, 17 Feb 2015 18:04:55 +0100 Subject: [PATCH 0525/2267] Add tests and check content of directories concat fragment --- spec/defines/vhost_spec.rb | 45 ++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 1d442ae3dc..29828de72f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -147,20 +147,10 @@ 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', 'access_log_env_var' => '', 'aliases' => '/image', - 'directories' => [ - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'allow' => [ 'from 127.0.0.1', 'from 127.0.0.2', ], - 'deny' => [ 'from 127.0.0.3', 'from 127.0.0.4', ], - }, - { - 'path' => '/var/www/foo', - 'provider' => 'files', - 'allow' => 'from 127.0.0.1', - 'deny' => 'from all', - }, - ], + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + }, 'error_log' => false, 'error_log_file' => 'httpd_error_log', 'error_log_pipe' => '', @@ -346,6 +336,21 @@ 'manage_docroot' => true, 'logroot' => '/tmp/logroot', 'logroot_ensure' => 'absent', + 'directories' => [ + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'allow' => [ 'from 127.0.0.1', 'from 127.0.0.2', ], + 'deny' => [ 'from 127.0.0.3', 'from 127.0.0.4', ], + }, + { + 'path' => '/var/www/foo', + 'provider' => 'files', + 'allow' => 'from 127.0.0.5', + 'deny' => 'from all', + }, + ], + } end let :facts do @@ -389,6 +394,18 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Allow from 127\.0\.0\.1$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Allow from 127\.0\.0\.2$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Allow from 127\.0\.0\.5$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Deny from 127\.0\.0\.3$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Deny from 127\.0\.0\.4$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Deny from all$/ ) } it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } From 438209d3e091bbef7679be101d3f1a218309c46b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 13 Feb 2015 14:29:58 -0800 Subject: [PATCH 0526/2267] 1.3.0 prep --- CHANGELOG.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 2 +- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2ccb4c6c3..967e8a237d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,62 @@ +##2015-02-17 - Supported Release 1.3.0 +###Summary + +This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. + +####Features +- New parameters - `apache` + - `service_manage` + - `use_optional_includes` +- New parameters - `apache::service` + - `service_manage` +- New parameters - `apache::vhost` + - `access_logs` + - `php_flags` + - `php_values` + - `modsec_disable_vhost` + - `modsec_disable_ids` + - `modsec_disable_ips` + - `modsec_body_limit` +- Improved FreeBSD support +- Add ability to omit priority prefix if `$priority` is set to false +- Add `apache::security::rule_link` define +- Improvements to `apache::mod::*` + - Add `apache::mod::auth_cass` class + - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` + - Add `apache::mod::filter` class + - Add `root_group` to `apache::mod::php` + - Add `apache::mod::proxy_connect` class + - Add `apache::mod::security` class + - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes parameters to `apache::mod::ssl` (MODULES-1719) + - Add `status_path` parameter to `apache::mod::status` + - Add `apache_version` parameter to `apache::mod::version` + - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) +- Improved SCL support + - Add support for specifying the docroot +- Updated `_directories.erb` to add support for SetEnv +- Support multiple access log directives (MODULES-1382) +- Add passenger support for Debian Jessie +- Add support for not having puppet restart the apache service (MODULES-1559) + +####Bugfixes +- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) +- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) +- Load fcgid after unixd on RHEL7 +- Allow disabling default vhost for Apache 2.4 +- Test fixes +- `mod_version` is now built-in (MODULES-1446) +- Sort LogFormats for idempotency +- `allow_encoded_slashes` was omitted from `apache::vhost` +- Fix documentation bug (MODULES-1403, MODULES-1510) +- Sort `wsgi_script_aliases` for idempotency (MODULES-1384) +- lint fixes +- Fix automatic version detection for Debian Jessie +- Fix error docs and icons path for RHEL7-based systems (MODULES-1554) +- Sort php_* hashes for idempotency (MODULES-1680) +- Ensure `mod::setenvif` is included if needed (MODULES-1696) +- Fix indentation in `vhost/_directories.erb` template (MODULES-1688) +- Create symlinks on all distros if `vhost_enable_dir` is specified + ##2014-09-30 - Supported Release 1.2.0 ###Summary diff --git a/metadata.json b/metadata.json index 73ef359875..d778e3bfae 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.2.0", + "version": "1.3.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 082c58423c3d1d90361aeb4e3623d3290fdfd7b6 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 17 Feb 2015 09:21:08 -0800 Subject: [PATCH 0527/2267] Test was using the wrong directory --- spec/acceptance/custom_config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index bbceaca3e7..8b59f703fb 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -48,7 +48,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{$vhost_dir}/prefix_test.conf") do + describe file("#{$confd_dir}/prefix_test.conf") do it { is_expected.to be_file } end end From 70db610ac98595bb149ab7cf180ca9bb3a4aa9c7 Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Wed, 18 Feb 2015 16:26:42 +0100 Subject: [PATCH 0528/2267] adjust params and mpm to recent FreeBSD packages --- manifests/mpm.pp | 5 +---- manifests/params.pp | 4 ++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 2b33634f29..a5cca49882 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -13,10 +13,7 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if versioncmp($apache_version, '2.4') >= 0 and - (($::osfamily != 'FreeBSD') or - ($::osfamily == 'FreeBSD' and $mpm == 'itk')) { - + if versioncmp($apache_version, '2.4') >= 0 { file { "${mod_dir}/${mpm}.load": ensure => file, path => "${mod_dir}/${mpm}.load", diff --git a/manifests/params.pp b/manifests/params.pp index add2d94aed..a2ec04fd7e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -309,8 +309,8 @@ $ssl_certs_dir = '/usr/local/etc/apache24' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef - $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' - $passenger_ruby = '/usr/bin/ruby' + $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58' + $passenger_ruby = '/usr/local/bin/ruby' $passenger_default_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' From 3a702ecf4e3ae3c474743feba0ecbbde98cebe29 Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Wed, 18 Feb 2015 10:34:51 -0800 Subject: [PATCH 0529/2267] SuPHP acceptance fixes?, chasing the test bug that is timing --- spec/acceptance/mod_suphp_spec.rb | 42 +++++++++++++++++-------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 190edfc613..308173a118 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -2,10 +2,10 @@ describe 'apache::mod::suphp class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do case fact('osfamily') - when 'Debian' - context "default suphp config" do - it 'succeeds in puppeting suphp' do - pp = <<-EOS + when 'Debian' + context "default suphp config" do + it 'succeeds in puppeting suphp' do + pp = <<-EOS class { 'apache': mpm_module => 'prefork', } @@ -22,24 +22,28 @@ class { 'apache::mod::suphp': } group => 'daemon', content => "\\n", } - EOS - apply_manifest(pp, :catch_failures => true) - end + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service('apache2') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('apache2') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'should answer to suphp.example.com' do - shell("/bin/sleep 10") - shell("/usr/bin/curl suphp.example.com:80") do |r| - expect(r.stdout).to match(/^daemon$/) - expect(r.exit_code).to eq(0) + it 'should answer to suphp.example.com' do + timeout = 0 + loop do + r = shell('curl suphp.example.com:80') + timeout += 1 + break if timeout > 20 || r.stdout =~ /^daemon$/ + sleep(1) + end + shell("/usr/bin/curl suphp.example.com:80") do |r| + expect(r.stdout).to match(/^daemon$/) + expect(r.exit_code).to eq(0) + end end end - end - when 'RedHat' - # Not implemented yet end end From 7f97336e47c60ca2ff3114cd2f4008837b01381b Mon Sep 17 00:00:00 2001 From: Travis Fields Date: Wed, 18 Feb 2015 13:08:05 -0800 Subject: [PATCH 0530/2267] Fixed an order of operations issue in the test that caused some weird behavior when apache would delay or not restart after a file was dropped into the docroot --- spec/acceptance/mod_suphp_spec.rb | 40 ++++++++++++++++++------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 308173a118..fa0125e496 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -6,22 +6,24 @@ context "default suphp config" do it 'succeeds in puppeting suphp' do pp = <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::php': } - class { 'apache::mod::suphp': } - apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/var/www/suphp', - } - host { 'suphp.example.com': ip => '127.0.0.1', } - file { '/var/www/suphp/index.php': - ensure => file, - owner => 'daemon', - group => 'daemon', - content => "\\n", - } +class { 'apache': + mpm_module => 'prefork', +} +host { 'suphp.example.com': ip => '127.0.0.1', } +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/var/www/suphp', +} +file { '/var/www/suphp/index.php': + ensure => file, + owner => 'daemon', + group => 'daemon', + content => "\\n", + require => File['/var/www/suphp'], + before => Class['apache::mod::php'], +} +class { 'apache::mod::php': } +class { 'apache::mod::suphp': } EOS apply_manifest(pp, :catch_failures => true) end @@ -36,7 +38,11 @@ class { 'apache::mod::suphp': } loop do r = shell('curl suphp.example.com:80') timeout += 1 - break if timeout > 20 || r.stdout =~ /^daemon$/ + break if r.stdout =~ /^daemon$/ + if timeout > 40 + expect(timeout < 40).to be true + break + end sleep(1) end shell("/usr/bin/curl suphp.example.com:80") do |r| From 7cee3052e888e1308b5b010b5b7b07ca6317ad6d Mon Sep 17 00:00:00 2001 From: Kylo Ginsberg Date: Thu, 19 Feb 2015 13:46:54 -0800 Subject: [PATCH 0531/2267] (maint) Remove travis badge Travis runs of puppetlabs-apache take quite a while and clog the travis pipeline for other puppetlabs projects , so it seemed like a good idea to restrict travis builds to PRs, but not to merges to master. As a side effect, this renders the travis badge stale, so removing it. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 019e0e1fa8..1627df4e3b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ #apache -[![Build Status](https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=master)](https://travis-ci.org/puppetlabs/puppetlabs-apache) - ####Table of Contents 1. [Overview - What is the apache module?](#overview) From cfc2846f403b60efc4cbc80ae131e324a71d3b24 Mon Sep 17 00:00:00 2001 From: Olli Helenius Date: Fri, 20 Feb 2015 11:03:31 +0200 Subject: [PATCH 0532/2267] Add support for Passenger's PassengerAppEnv setting (#1776) Add support for specifying PassengerAppEnv either as a global setting to `apache::mod::passenger` or per `apache::vhost`. --- README.md | 4 ++++ README.passenger.md | 8 ++++++++ manifests/mod/passenger.pp | 2 ++ manifests/vhost.pp | 6 ++++-- spec/classes/mod/passenger_spec.rb | 6 ++++++ spec/defines/vhost_spec.rb | 1 + templates/mod/passenger.conf.erb | 3 +++ templates/vhost/_passenger.erb | 3 +++ 8 files changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9976db3e40..3e5b879a45 100644 --- a/README.md +++ b/README.md @@ -1252,6 +1252,10 @@ Sets the overrides for the specified virtual host. Accepts an array of [AllowOve Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. +#####`passenger_app_env` + +Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. + #####`passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. diff --git a/README.passenger.md b/README.passenger.md index 84e6992ffa..5b33d29096 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -201,6 +201,14 @@ Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. +### passenger_app_env + +Sets the global default `PassengerAppEnv` for Passenger applications. Not set by +default (`undef`) and thus defaults to Passenger's built-in value of 'production'. +This directive can be overridden in an `apache::vhost` resource. + +https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv + ## Parameters used to load the module Unlike the tuning parameters specified above, the following parameters are only diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 7ff6b71be3..e0c35295a8 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -12,6 +12,7 @@ $passenger_default_ruby = $::apache::params::passenger_default_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, + $passenger_app_env = undef, $mod_package = undef, $mod_package_ensure = undef, $mod_lib = undef, @@ -73,6 +74,7 @@ # - $passenger_max_requests # - $passenger_stat_throttle_rate # - $passenger_use_global_queue + # - $passenger_app_env # - $rack_autodetect # - $rails_autodetect file { 'passenger.conf': diff --git a/manifests/vhost.pp b/manifests/vhost.pp index dc6ca58811..1828b7e0a4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -105,6 +105,7 @@ $allow_encoded_slashes = undef, $suexec_user_group = undef, $passenger_app_root = undef, + $passenger_app_env = undef, $passenger_ruby = undef, $passenger_min_instances = undef, $passenger_start_timeout = undef, @@ -225,7 +226,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { include ::apache::mod::passenger } @@ -839,11 +840,12 @@ # Template uses: # - $passenger_app_root + # - $passenger_app_env # - $passenger_ruby # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 9c9935939e..af51602e13 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -95,6 +95,12 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) } end + describe "with passenger_app_env => 'foo'" do + let :params do + { :passenger_app_env => 'foo' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerAppEnv foo$/) } + end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 483617f4c7..6dc6f4e780 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -245,6 +245,7 @@ 'suexec_user_group' => 'root root', 'allow_encoded_slashes' => 'nodecode', 'passenger_app_root' => '/usr/share/myapp', + 'passenger_app_env' => 'test', 'passenger_ruby' => '/usr/bin/ruby1.9.1', 'passenger_min_instances' => '1', 'passenger_start_timeout' => '600', diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index a56d2d5d14..22805f5a70 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -34,4 +34,7 @@ <%- if @passenger_use_global_queue -%> PassengerUseGlobalQueue <%= @passenger_use_global_queue %> <%- end -%> + <%- if @passenger_app_env -%> + PassengerAppEnv <%= @passenger_app_env %> + <%- end -%> diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index df2a86d376..130e769353 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -1,6 +1,9 @@ <% if @passenger_app_root -%> PassengerAppRoot <%= @passenger_app_root %> <% end -%> +<% if @passenger_app_env -%> + PassengerAppEnv <%= @passenger_app_env %> +<% end -%> <% if @passenger_ruby -%> PassengerRuby <%= @passenger_ruby %> <% end -%> From 5bb84d2daad0cb87c59cfb9c470492d6dbd71d3e Mon Sep 17 00:00:00 2001 From: Harald Skoglund Date: Fri, 20 Feb 2015 15:36:52 +0100 Subject: [PATCH 0533/2267] fix bug in scriptalias code that keeps scriptalias from beeing included --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index dc6ca58811..103288c45f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -678,7 +678,7 @@ # Template uses: # - $scriptaliases # - $scriptalias - if $scriptaliases and ! empty($scriptaliases) { + if ( $scriptalias or $scriptaliases != [] ) { concat::fragment { "${name}-scriptalias": target => "${priority_real}${filename}.conf", order => 180, From 669b303331f2718e59aa7ce0f19fb7c7ef2fe8e7 Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Fri, 20 Feb 2015 19:59:19 +0100 Subject: [PATCH 0534/2267] MODULES-1784 check for deprecated options and fail when they are unsupported --- templates/vhost/_directories.erb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 423e56f852..6244c73c36 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -2,6 +2,20 @@ ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- scope.function_fail(["Apache::Vhost: Using allow is not supported in your Apache version"]) -%> + <%- end -%> + <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> + <%- scope.function_fail(["Apache::Vhost: Using deny is not supported in your Apache version"]) -%> + <%- end -%> + <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%> + <%- scope.function_fail(["Apache::Vhost: Using order is not supported in your Apache version"]) -%> + <%- end -%> + <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%> + <%- scope.function_fail(["Apache::Vhost: Using satisfy is not supported in your Apache version"]) -%> + <%- end -%> + <%- end -%> <%- if directory['path'] and directory['path'] != '' -%> <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> <%- if /^(.*)match$/ =~ directory['provider'] -%> From c40c1d0932d0c166f18fa5487af1dd704cffc13b Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Sat, 21 Feb 2015 15:08:05 +0100 Subject: [PATCH 0535/2267] MODULES-1779 install package mod_ldap on CentOS 7 --- manifests/params.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index a2ec04fd7e..7a27926778 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -77,6 +77,10 @@ }, 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', + 'ldap' => $::apache::version::distrelease ? { + '7' => 'mod_ldap', + default => undef, + }, 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', From 48465e51734a3f94c2dab4ce0862cc202c340918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20M=C3=B6rner?= Date: Sun, 22 Feb 2015 14:49:41 +0100 Subject: [PATCH 0536/2267] Fixed default config warning AH00513: WARNING: MaxRequestWorkers of 256 is not an integer multiple of ThreadsPerChild of 25, decreasing to nearest multiple 250, for a maximum of 10 servers. --- manifests/mod/event.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 18a226ee53..28053a6590 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -9,7 +9,7 @@ $apache_version = $::apache::apache_version, $threadlimit = '64', $listenbacklog = '511', - $maxrequestworkers = '256', + $maxrequestworkers = '250', $maxconnectionsperchild = '0', ) { if defined(Class['apache::mod::itk']) { From 5bc7a0bc7e5370b0a2a420512fe6e596886ab0f2 Mon Sep 17 00:00:00 2001 From: derdanne Date: Tue, 24 Feb 2015 10:36:41 +0100 Subject: [PATCH 0537/2267] add gentoo compatibility --- .fixtures.yml | 1 + README.md | 41 +++++++++-------- manifests/default_mods.pp | 8 +++- manifests/init.pp | 17 +++++++ manifests/mod/alias.pp | 1 + manifests/mod/disk_cache.pp | 1 + manifests/mod/event.pp | 5 ++ manifests/mod/itk.pp | 5 ++ manifests/mod/peruser.pp | 6 +++ manifests/mod/prefork.pp | 5 ++ manifests/mod/proxy_html.pp | 2 +- manifests/mod/ssl.pp | 4 ++ manifests/mod/worker.pp | 5 ++ manifests/params.pp | 61 +++++++++++++++++++++++++ manifests/version.pp | 3 ++ spec/acceptance/class_spec.rb | 3 ++ spec/acceptance/default_mods_spec.rb | 5 +- spec/acceptance/mod_deflate_spec.rb | 3 ++ spec/acceptance/mod_mime_spec.rb | 3 ++ spec/acceptance/mod_negotiation_spec.rb | 4 ++ spec/acceptance/mod_pagespeed_spec.rb | 6 ++- spec/acceptance/mod_php_spec.rb | 4 ++ spec/acceptance/mod_proxy_html_spec.rb | 2 + spec/acceptance/prefork_worker_spec.rb | 2 + spec/acceptance/version.rb | 13 ++++++ spec/classes/apache_spec.rb | 42 +++++++++++++++++ spec/classes/dev_spec.rb | 15 ++++++ spec/classes/mod/auth_kerb_spec.rb | 17 +++++++ spec/classes/mod/dav_svn_spec.rb | 17 +++++++ spec/classes/mod/deflate_spec.rb | 23 ++++++++++ spec/classes/mod/dir_spec.rb | 32 +++++++++++++ spec/classes/mod/event_spec.rb | 19 +++++++- spec/classes/mod/fcgid_spec.rb | 19 ++++++++ spec/classes/mod/info_spec.rb | 22 +++++++++ spec/classes/mod/passenger_spec.rb | 17 +++++++ spec/classes/mod/perl_spec.rb | 17 +++++++ spec/classes/mod/peruser_spec.rb | 17 +++++++ spec/classes/mod/php_spec.rb | 33 +++++++++++++ spec/classes/mod/prefork_spec.rb | 17 +++++++ spec/classes/mod/proxy_html_spec.rb | 17 +++++++ spec/classes/mod/python_spec.rb | 17 +++++++ spec/classes/mod/reqtimeout_spec.rb | 35 ++++++++++++++ spec/classes/mod/rpaf_spec.rb | 40 ++++++++++++++++ spec/classes/mod/ssl_spec.rb | 18 +++++++- spec/classes/mod/worker_spec.rb | 17 +++++++ spec/classes/mod/wsgi_spec.rb | 20 ++++++++ spec/classes/service_spec.rb | 45 +++++++++--------- spec/defines/fastcgi_server_spec.rb | 21 +++++++++ spec/defines/mod_spec.rb | 31 +++++++++++++ spec/defines/vhost_spec.rb | 22 +++++++++ 50 files changed, 750 insertions(+), 50 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index b5f76c03ac..6eddf260f6 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -2,5 +2,6 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" concat: "git://github.com/puppetlabs/puppetlabs-concat.git" + portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" diff --git a/README.md b/README.md index b7a84ff94c..099230c2d9 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,8 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD and Gentoo +* depends on module 'gentoo/puppet-portage' for Gentoo ###Beginning with Apache @@ -79,7 +80,7 @@ To install Apache with the default parameters class { 'apache': } ``` -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters +The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD and Gentoo systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters ```puppet class { 'apache': @@ -238,11 +239,11 @@ Configures the behavior of the module templates, package names, and default mods #####`conf_dir` -Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. #####`confd_dir` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2/conf.d' on Gentoo. #####`conf_template` @@ -270,7 +271,7 @@ The default certificate authority, which is automatically set to 'undef'. This d #####`default_ssl_cert` -The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. +The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_chain` @@ -290,7 +291,7 @@ Sets the default certificate revocation check level via the [SSLCARevocationChec #####`default_ssl_key` -The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. +The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_vhost` @@ -315,7 +316,7 @@ Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [cu #####`docroot` -Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, '/usr/local/www/apache22/data' on FreeBSD, and '/var/www/localhost/htdocs' on Gentoo. #####`error_documents` @@ -323,7 +324,7 @@ Enables custom error documents. Defaults to 'false'. #####`httpd_dir` -Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. #####`keepalive` @@ -355,7 +356,7 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log #####`logroot` -Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD. +Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo. #####`logroot_mode` @@ -372,11 +373,11 @@ Setting this to 'false' stops the user resource from being created. This is for #####`mod_dir` -Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, and '/usr/local/etc/apache22/Modules' for FreeBSD. +Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, '/usr/local/etc/apache22/Modules' for FreeBSD, and '/etc/apache2/modules.d' on Gentoo. #####`mpm_module` -Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat and FreeBSD, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters: +Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat, FreeBSD and Gentoo, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters: * `apache::mod::event` * `apache::mod::itk` @@ -416,7 +417,7 @@ Sets the server name. Defaults to `fqdn` provided by Facter. #####`server_root` -Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local' on FreeBSD. +Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local' on FreeBSD, and '/var/www' on Gentoo. #####`server_signature` @@ -436,7 +437,7 @@ Determines whether the service should be running. Valid values are 'true', 'fals #####`service_name` -Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian, and 'apache22' on FreeBSD. +Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian and Gentoo, and 'apache22' on FreeBSD. #####`service_manage` @@ -448,7 +449,7 @@ Controls how TRACE requests per RFC 2616 are handled. More information about [Tr #####`vhost_dir` -Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, and '/usr/local/etc/apache22/Vhosts' on FreeBSD. +Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo. #####`apache_name` @@ -1515,9 +1516,9 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). -`suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. +`suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. -`suphp_configpath` defaults to 'undef' on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian. +`suphp_configpath` defaults to 'undef' on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. `suphp_engine` allows values 'on' or 'off'. Defaults to 'off' @@ -2013,7 +2014,7 @@ Specifies the SSL certificate authority. Defaults to 'undef'. #####`ssl_cert` -Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD. +Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo. #####`ssl_protocol` @@ -2033,7 +2034,7 @@ Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html #####`ssl_certs_dir` -Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, and '/usr/local/etc/apache22' on FreeBSD. +Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, '/usr/local/etc/apache22' on FreeBSD, and '/etc/ssl/apache2' on Gentoo. #####`ssl_chain` @@ -2053,7 +2054,7 @@ Sets the certificate revocation check level via the [SSLCARevocationCheck direct #####`ssl_key` -Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_verify_client` @@ -2471,7 +2472,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. -The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. +The module contains support for other distributions and operating systems, such as FreeBSD, Gentoo and Amazon Linux, but is not formally tested on those and regressions can occur. ###SELinux and Custom Paths diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 2415464505..b600b1be7c 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -24,8 +24,12 @@ } default: {} } - ::apache::mod { 'authz_host': } - + case $::osfamily { + 'gentoo': {} + default: { + ::apache::mod { 'authz_host': } + } + } # The rest of the modules only get loaded if we want all modules enabled if $all { case $::osfamily { diff --git a/manifests/init.pp b/manifests/init.pp index f7b89076d8..b3da9ff0a5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -261,6 +261,23 @@ $error_log = 'httpd-error.log' $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' + } 'gentoo': { + $pidfile = '/run/apache2.pid' + $error_log = 'error.log' + $error_documents_path = '/usr/share/apache2/error' + $scriptalias = '/var/www/localhost/cgi-bin' + $access_log_file = 'access.log' + + ::portage::makeconf { 'apache2_modules': + content => $default_mods, + } + file { [ + '/etc/apache2/modules.d/.keep_www-servers_apache-2', + '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' + ]: + ensure => absent, + require => Package['httpd'], + } } default: { fail("Unsupported osfamily ${::osfamily}") diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index c9f8e4dab1..ca3f226b38 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -10,6 +10,7 @@ default => '/var/www/icons', }, 'freebsd' => '/usr/local/www/apache24/icons', + 'gentoo' => '/usr/share/apache2/icons', } apache::mod { 'alias': } # Template uses $icons_path diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 2730809cf1..2b9d8a9101 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -3,6 +3,7 @@ 'debian' => '/var/cache/apache2/mod_disk_cache', 'redhat' => '/var/cache/mod_proxy', 'freebsd' => '/var/cache/mod_disk_cache', + 'gentoo' => '/var/cache/apache2/mod_disk_cache', } $mod_name = $::osfamily ? { diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 18a226ee53..8dc26e5e6b 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -59,6 +59,11 @@ apache_version => $apache_version, } } + 'gentoo': { + ::portage::makeconf { 'apache2_mpms': + content => 'event', + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 49794945d4..2be7d832db 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -48,6 +48,11 @@ apache_version => $apache_version, } } + 'gentoo': { + ::portage::makeconf { 'apache2_mpms': + content => 'itk', + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 6b9dfad95f..b6a8015f94 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -14,6 +14,12 @@ fail("Unsupported osfamily ${::osfamily}") } default: { + if $::osfamily == 'gentoo' { + ::portage::makeconf { 'apache2_mpms': + content => 'peruser', + } + } + if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::peruser and apache::mod::event on the same node') } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 90fa39a89c..035e8818a4 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -65,6 +65,11 @@ apache_version => $apache_version, } } + 'gentoo': { + ::portage::makeconf { 'apache2_mpms': + content => 'prefork', + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 279cb64ade..8b910c2510 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -4,7 +4,7 @@ # Add libxml2 case $::osfamily { - /RedHat|FreeBSD/: { + /RedHat|FreeBSD|Gentoo/: { ::apache::mod { 'xml2enc': } $loadfiles = undef } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 9e352cbf1b..c1f118f4a8 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -17,6 +17,7 @@ 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", 'redhat' => '/var/cache/mod_ssl/scache(512000)', 'freebsd' => '/var/run/ssl_scache(512000)', + 'gentoo' => '/var/run/ssl_scache(512000)', } case $::osfamily { @@ -35,6 +36,9 @@ 'freebsd': { $ssl_mutex = 'default' } + 'gentoo': { + $ssl_mutex = 'default' + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 48d1c9f229..02a1beae37 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -67,6 +67,11 @@ apache_version => $apache_version, } } + 'gentoo': { + ::portage::makeconf { 'apache2_mpms': + content => 'worker', + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/params.pp b/manifests/params.pp index add2d94aed..386fec3c14 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -347,6 +347,67 @@ $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache24/data' $error_documents_path = '/usr/local/www/apache24/error' + } elsif $::osfamily == 'Gentoo' { + $user = 'apache' + $group = 'apache' + $root_group = 'wheel' + $apache_name = 'www-servers/apache' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/var/www' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/modules.d" + $mod_enable_dir = undef + $vhost_dir = "${httpd_dir}/vhosts.d" + $vhost_enable_dir = undef + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib/apache2/modules' + $mpm_module = 'prefork' + $dev_packages = undef + $default_ssl_cert = '/etc/ssl/apache2/server.crt' + $default_ssl_key = '/etc/ssl/apache2/server.key' + $ssl_certs_dir = '/etc/ssl/apache2' + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + $passenger_default_ruby = undef + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + # NOTE: I list here only modules that are not included in www-servers/apache + 'auth_kerb' => 'www-apache/mod_auth_kerb', + 'fcgid' => 'www-apache/mod_fcgid', + 'passenger' => 'www-apache/passenger', + 'perl' => 'www-apache/mod_perl', + 'php5' => 'dev-lang/php', + 'proxy_html' => 'www-apache/mod_proxy_html', + 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', + 'python' => 'www-apache/mod_python', + 'wsgi' => 'www-apache/mod_wsgi', + 'dav_svn' => 'dev-vcs/subversion', + 'xsendfile' => 'www-apache/mod_xsendfile', + 'rpaf' => 'www-apache/mod_rpaf', + 'xml2enc' => 'www-apache/mod_xml2enc', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = undef # TODO: revisit + $mime_support_package = 'app-misc/mime-types' + $mime_types_config = '/etc/mime.types' + $wsgi_socket_prefix = undef + $docroot = '/var/www/localhost/htdocs' + $error_documents_path = '/usr/share/apache2/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/version.pp b/manifests/version.pp index 7f1da0f071..ce3b907694 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -30,6 +30,9 @@ 'FreeBSD': { $default = '2.4' } + 'Gentoo': { + $default = '2.4' + } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 76e5cd612f..0a7d67bbb0 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -11,6 +11,9 @@ when 'FreeBSD' package_name = 'apache24' service_name = 'apache24' + when 'Gentoo' + package_name = 'www-servers/apache' + service_name = 'apache2' end context 'default parameters' do diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index f06a966af9..0199f180b3 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -10,6 +10,9 @@ when 'FreeBSD' mod_dir = '/usr/local/etc/apache24/Modules' servicename = 'apache24' +when 'Gentoo' + mod_dir = '/etc/apache2/modules.d' + servicename = 'apache2' end describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do @@ -100,7 +103,7 @@ class { 'apache': it 'should apply with no errors' do pp = <<-EOS class { 'apache': default_mods => false } - ::apache::mod { 'auth_basic': + ::apache::mod { 'auth_basic': loadfile_name => 'zz_auth_basic.load', } EOS diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index 668897c049..3b505bdbfd 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -11,6 +11,9 @@ when 'FreeBSD' mod_dir = '/usr/local/etc/apache24/Modules' service_name = 'apache24' + when 'Gentoo' + mod_dir = '/etc/apache2/modules.d' + service_name = 'apache2' end context "default deflate config" do diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index 6bd959ce3a..d1886c4bde 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -11,6 +11,9 @@ when 'FreeBSD' mod_dir = '/usr/local/etc/apache24/Modules' service_name = 'apache24' + when 'Gentoo' + mod_dir = '/etc/apache2/modules.d' + service_name = 'apache2' end context "default mime config" do diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 371ab0f1d6..a44edbf268 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -14,6 +14,10 @@ vhost_dir = '/usr/local/etc/apache24/Vhosts' mod_dir = '/usr/local/etc/apache24/Modules' service_name = 'apache24' + when 'Gentoo' + vhost_dir = '/etc/apache2/vhosts.d' + mod_dir = '/etc/apache2/modules.d' + service_name = 'apache2' end context "default negotiation config" do diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 24b6807946..5fa342e9ae 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -14,6 +14,10 @@ vhost_dir = '/usr/local/etc/apache24/Vhosts' mod_dir = '/usr/local/etc/apache24/Modules' service_name = 'apache24' + when 'Gentoo' + vhost_dir = '/etc/apache2/vhosts.d' + mod_dir = '/etc/apache2/modules.d' + service_name = 'apache2' end context "default pagespeed config" do @@ -30,7 +34,7 @@ class { 'apt': } repos => 'main', include_src => false, before => Class['apache'], - } + } } elsif $::osfamily == 'RedHat' { yumrepo { 'mod-pagespeed': baseurl => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture", diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 28da68d3af..502ec1ddcd 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -14,6 +14,10 @@ vhost_dir = '/usr/local/etc/apache24/Vhosts' mod_dir = '/usr/local/etc/apache24/Modules' service_name = 'apache24' + when 'Gentoo' + vhost_dir = '/etc/apache2/vhosts.d' + mod_dir = '/etc/apache2/modules.d' + service_name = 'apache2' end context "default php config" do diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index 91bb0a097c..e456000890 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -8,6 +8,8 @@ service_name = 'httpd' when 'FreeBSD' service_name = 'apache24' + when 'Gentoo' + service_name = 'apache2' end context "default proxy_html config" do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 5ed8726d63..0ac27232d3 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -7,6 +7,8 @@ servicename = 'apache2' when 'FreeBSD' servicename = 'apache24' +when 'Gentoo' + servicename = 'apache2' end case fact('osfamily') diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 098b0f41c3..117e23d9fe 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -56,6 +56,19 @@ $error_log = 'http-error.log' $apache_version = '2.2' +when 'Gentoo' + $confd_dir = '/etc/apache2/conf.d' + $mod_dir = '/etc/apache2/modules.d' + $conf_file = '/etc/apache2/httpd.conf' + $ports_file = '/etc/apache2/ports.conf' + $vhost = '/etc/apache2/vhosts.d/15-default.conf' + $vhost_dir = '/etc/apache2/vhosts.d' + $run_dir = '/var/run/apache2' + $service_name = 'apache2' + $package_name = 'www-servers/apache' + $error_log = 'http-error.log' + + $apache_version = '2.4' else $apache_version = '0' end diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index ebe267d7ad..a9fe707cf7 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -613,6 +613,48 @@ ) } end end + context "on a Gentoo OS" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_user("apache") } + it { is_expected.to contain_group("apache") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/localhost/htdocs").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/apache2/vhosts.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_file("/etc/apache2/modules.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } + it { is_expected.to contain_concat("/etc/apache2/ports.conf").with( + 'owner' => 'root', + 'group' => 'wheel', + 'mode' => '0644', + 'notify' => 'Class[Apache::Service]' + ) } + end context 'on all OSes' do let :facts do { diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 83292b1b15..09a031a394 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -42,4 +42,19 @@ end it { is_expected.to contain_class("apache::params") } end + context "on a Gentoo OS" do + let :pre_condition do + 'include apache::package' + end + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 8f82ff4dd4..beba378a9d 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -56,4 +56,21 @@ it { is_expected.to contain_apache__mod("auth_kerb") } it { is_expected.to contain_package("www/mod_auth_kerb2") } end + context "on a Gentoo OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("www-apache/mod_auth_kerb") } + end end diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 791baae03c..06c6b870f2 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -59,4 +59,21 @@ it { is_expected.to contain_apache__mod('dav_svn') } it { is_expected.to contain_package("devel/subversion") } end + context "on a Gentoo OS", :compile do + let :facts do + { + :id => 'root', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("dev-vcs/subversion") } + end end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 2eb6f5e8ad..d0d8fedc21 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -100,4 +100,27 @@ class { "apache::mod::deflate": :path => '/usr/local/etc/apache24/Modules/deflate.conf', } ) } end + + context "On a Gentoo OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/modules.d/deflate.conf', + } ) } + end end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 8aec59fed0..11622a41cb 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -103,4 +103,36 @@ it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end + end end diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 796b6c3931..dd0a427eaf 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -21,6 +21,23 @@ it { is_expected.not_to contain_apache__mod('event') } it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('event') } + it { is_expected.to contain_file("/etc/apache2/modules.d/event.conf").with_ensure('file') } + end context "on a Debian OS" do let :facts do { @@ -58,7 +75,7 @@ :maxconnectionsperchild => '10', } end - + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index 214ec75bea..f772ff7a25 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -114,4 +114,23 @@ it { is_expected.to contain_apache__mod('fcgid') } it { is_expected.to contain_package("www/mod_fcgid") } end + + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("www-apache/mod_fcgid") } + end end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 32c6339dd9..b444bc0037 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -197,4 +197,26 @@ def general_info_specs_24 } ) } end + context 'on a Gentoo OS' do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_info_specs_24() + + it { is_expected.to contain_file('info.conf').with({ + :ensure => 'file', + :path => '/etc/apache2/modules.d/info.conf', + } ) } + end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 9c9935939e..619c8f4f1e 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -257,4 +257,21 @@ it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("www/rubygem-passenger") } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("www-apache/passenger") } + end end diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 5bfe8ff2d2..17ee1b366b 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -56,4 +56,21 @@ it { is_expected.to contain_apache__mod('perl') } it { is_expected.to contain_package("www/mod_perl2") } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :operatingsystem => 'Gentoo', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("www-apache/mod_perl") } + end end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index d38f8bba62..f39cbcf6c4 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -23,4 +23,21 @@ }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/) end end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('peruser') } + it { is_expected.to contain_file("/etc/apache2/modules.d/peruser.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index f2dbfb1a91..246b3bbd49 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -155,6 +155,39 @@ it { is_expected.to contain_file('php5.load') } end end + describe "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + context "with mpm_module => prefork" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("dev-lang/php") } + it { is_expected.to contain_file('php5.load') } + end + context "with mpm_module => itk" do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("dev-lang/php") } + it { is_expected.to contain_file('php5.load') } + end + end describe "OS independent tests" do let :facts do { diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 58c06e0bda..3e2954fc71 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -114,4 +114,21 @@ it { is_expected.not_to contain_apache__mod('prefork') } it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/etc/apache2/modules.d/prefork.conf").with_ensure('file') } + end end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index ce3e70c3a9..80106931e0 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -85,4 +85,21 @@ it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } it { is_expected.to contain_package("www/mod_proxy_html") } end + context "on a Gentoo OS", :compile do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_package("www-apache/mod_proxy_html") } + end end diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 9b6d846de0..46c4cde3a2 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -56,4 +56,21 @@ it { is_expected.to contain_apache__mod("python") } it { is_expected.to contain_package("www/mod_python3") } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("www-apache/mod_python") } + end end diff --git a/spec/classes/mod/reqtimeout_spec.rb b/spec/classes/mod/reqtimeout_spec.rb index 97aa7db453..1869eb68dc 100644 --- a/spec/classes/mod/reqtimeout_spec.rb +++ b/spec/classes/mod/reqtimeout_spec.rb @@ -112,4 +112,39 @@ it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } end end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end end diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index d2d5c342d1..83591bc282 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -68,6 +68,46 @@ }) } it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + describe "with sethostname => true" do + let :params do + { :sethostname => 'true' } + end + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + end + describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do + let :params do + { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } + end + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + end + describe "with header => X-Real-IP" do + let :params do + { :header => 'X-Real-IP' } + end + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + end + end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('rpaf') } + it { is_expected.to contain_package("www-apache/mod_rpaf") } + it { is_expected.to contain_file('rpaf.conf').with({ + 'path' => '/etc/apache2/modules.d/rpaf.conf', + }) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + describe "with sethostname => true" do let :params do { :sethostname => 'true' } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index a657567abe..217c9ee8ba 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -83,6 +83,23 @@ it { is_expected.to contain_apache__mod('ssl') } end + context 'on a Gentoo OS' do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + end + # Template config doesn't vary by distro context "on all distros" do let :facts do @@ -123,6 +140,5 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed startup file:\/dev\/random 256$/)} it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed connect file:\/dev\/urandom 1024$/)} end - end end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index bb99a0fe65..38a79aeb26 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -114,6 +114,23 @@ it { is_expected.not_to contain_apache__mod('worker') } it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/etc/apache2/modules.d/worker.conf").with_ensure('file') } + end # Template config doesn't vary by distro context "on all distros" do diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index e8dd00db0a..3f03ec907f 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -124,4 +124,24 @@ } it { is_expected.to contain_package("www/mod_wsgi") } end + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => nil + ) + } + it { is_expected.to contain_package("www-apache/mod_wsgi") } + end end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index ef3504d19e..09906b0d35 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -94,7 +94,7 @@ end - context "on a RedHat 5 OS" do + context "on a RedHat 5 OS, do not manage service" do let :facts do { :osfamily => 'RedHat', @@ -107,12 +107,16 @@ :is_pe => false, } end - it { is_expected.to contain_service("httpd").with( - 'name' => 'httpd', - 'ensure' => 'running', - 'enable' => 'true' - ) - } + let(:params) do + { + 'service_ensure' => 'running', + 'service_name' => 'httpd', + 'service_manage' => false + } + end + it 'should not manage the httpd service' do + subject.should_not contain_service('httpd') + end end context "on a FreeBSD 5 OS" do @@ -136,29 +140,24 @@ } end - context "on a RedHat 5 OS, do not manage service" do + context "on a Gentoo OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '5', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', :concat_basedir => '/dne', - :operatingsystem => 'RedHat', :id => 'root', :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', :is_pe => false, } end - let(:params) do - { - 'service_ensure' => 'running', - 'service_name' => 'httpd', - 'service_manage' => false - } - end - it 'should not manage the httpd service' do - subject.should_not contain_service('httpd') - end + it { is_expected.to contain_service("httpd").with( + 'name' => 'apache2', + 'ensure' => 'running', + 'enable' => 'true' + ) + } end - end diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index efb913e6b0..1a6d3199c4 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -72,6 +72,27 @@ :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf" ) } end + context "on Gentoo systems" do + let :default_facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :kernel => 'Linux', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf" + ) } + end end describe 'os-independent items' do let :facts do diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 3700b0edb4..e4e9845290 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -118,4 +118,35 @@ end end end + + context "on a Gentoo osfamily" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + + describe "for non-special modules" do + let :title do + 'spec_m' + end + it { is_expected.to contain_class("apache::params") } + it "should manage the module load file" do + is_expected.to contain_file('spec_m.load').with({ + :path => '/etc/apache2/modules.d/spec_m.load', + :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", + :owner => 'root', + :group => 'wheel', + :mode => '0644', + } ) + end + end + end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2e77391a13..d2153a605b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -82,6 +82,28 @@ :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } end + context "on Gentoo systems" do + let :default_facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + let :params do default_params end + let :facts do default_facts end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_file("25-rspec.example.com.conf").with( + :ensure => 'present', + :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf' + ) } + end end describe 'os-independent items' do let :facts do From 25be287baff98b7d72b31d837a7697a299eff39f Mon Sep 17 00:00:00 2001 From: Eric Shamow Date: Tue, 30 Sep 2014 19:53:34 -0700 Subject: [PATCH 0538/2267] (#1391) Correct Ubuntu Trusty mod_prefork package name This module calls apache2-prefork-dev as the package name for the mod_prefork module for all Debian-flavored Linuxes. However Ubuntu 14.04 changes this to apache2-dev and makes apache2-prefork-dev an alias. The result is that calling this resource, even with the package installed, always results in a package changed purged to present message, as it's scanning dpkg for apache2-prefork-dev, finding the package missing, and then installing the alias via apt. --- manifests/params.pp | 6 +++++- spec/classes/dev_spec.rb | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 23ebeb1ba1..80675a3530 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -168,7 +168,6 @@ $logroot_mode = undef $lib_path = '/usr/lib/apache2/modules' $mpm_module = 'worker' - $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_certs_dir = '/etc/ssl/certs' @@ -234,6 +233,11 @@ 'base_rules/modsecurity_crs_60_correlation.conf' ] $error_documents_path = '/usr/share/apache2/error' + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) { + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] + } else { + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] + } # # Passenger-specific settings diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 09a031a394..6857132a15 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -16,6 +16,16 @@ it { is_expected.to contain_package("libapr1-dev") } it { is_expected.to contain_package("apache2-prefork-dev") } end + context "on an Ubuntu 14 OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :operatingsystemrelease => '14.04', + } + end + it { is_expected.to contain_package("apache2-dev") } + end context "on a RedHat OS" do let :facts do { From d5329d63a90991df44633b18bf367f43440a5337 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 25 Feb 2015 16:48:14 -0800 Subject: [PATCH 0539/2267] Add facts to work with strict variables. --- spec/classes/dev_spec.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 6857132a15..e2e0b47af8 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -19,9 +19,12 @@ context "on an Ubuntu 14 OS" do let :facts do { + :lsbdistrelease => '14.04', + :lsbdistcodename => 'trusty', :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :operatingsystemrelease => '14.04', + :is_pe => false, } end it { is_expected.to contain_package("apache2-dev") } From 47f900759fa417572fbb0f6e5f9509474808eb6e Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 26 Feb 2015 13:09:25 +0100 Subject: [PATCH 0540/2267] (#1391) Correct Debian jessie mod_prefork dev package name This module calls apache2-prefork-dev as the package name for the mod_prefork module for all Debian-flavored Linuxes. However Ubuntu 14.04 changes this to apache2-dev and makes apache2-prefork-dev an alias. The result is that calling this resource, even with the package installed, always results in a package changed purged to present message, as it's scanning dpkg for apache2-prefork-dev, finding the package missing, and then installing the alias via apt. Relates to 25be287baf for the Ubuntu part --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 80675a3530..54b74e64bc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -233,7 +233,7 @@ 'base_rules/modsecurity_crs_60_correlation.conf' ] $error_documents_path = '/usr/share/apache2/error' - if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) { + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] } else { $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] From a99f0f7aa44c3a7a94200476b1d01abc47c924f4 Mon Sep 17 00:00:00 2001 From: grafjo Date: Thu, 26 Feb 2015 14:00:24 +0100 Subject: [PATCH 0541/2267] Fixed vhost proxy_pass params documentation brace was missing --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1009527ddd..2fcc25f0c5 100644 --- a/README.md +++ b/README.md @@ -1307,7 +1307,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', From 29bc0b3b53cbb482741321c7fa169b787605abde Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Thu, 26 Feb 2015 14:46:52 +0100 Subject: [PATCH 0542/2267] Add tests for allow, deny, order and satisfy deprecation validation --- spec/defines/vhost_spec.rb | 96 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 2e77391a13..35240e7648 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -354,12 +354,14 @@ 'provider' => 'files', 'allow' => [ 'from 127.0.0.1', 'from 127.0.0.2', ], 'deny' => [ 'from 127.0.0.3', 'from 127.0.0.4', ], + 'satisfy' => 'any', }, { 'path' => '/var/www/foo', 'provider' => 'files', 'allow' => 'from 127.0.0.5', 'deny' => 'from all', + 'order' => 'deny,allow', }, ], @@ -419,6 +421,10 @@ :content => /^\s+Deny from 127\.0\.0\.4$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Deny from all$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Satisfy any$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Order deny,allow$/ ) } it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } @@ -728,4 +734,94 @@ it { expect { is_expected.to compile }.to raise_error } end end + describe 'allow/deny/order/satisfy deprecation validation' do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'bad allow parameter' do + let :params do + { + 'docroot' => '/var/www/files', + 'apache_version' => '2.4', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'allow' => 'from 127.0.0.1', + }, + } + end + let :facts do default_facts end + it do + expect { + should contain_concat__fragment('rspec.example.com-directories') + }.to raise_error(Puppet::Error) + end + end + context 'bad deny parameter' do + let :params do + { + 'docroot' => '/var/www/files', + 'apache_version' => '2.4', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from 127.0.0.1', + }, + } + end + let :facts do default_facts end + it do + expect { + should contain_concat__fragment('rspec.example.com-directories') + }.to raise_error(Puppet::Error) + end + end + context 'bad satisfy parameter' do + let :params do + { + 'docroot' => '/var/www/files', + 'apache_version' => '2.4', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'satisfy' => 'any', + }, + } + end + let :facts do default_facts end + it do + expect { + should contain_concat__fragment('rspec.example.com-directories') + }.to raise_error(Puppet::Error) + end + end + context 'bad order parameter' do + let :params do + { + 'docroot' => '/var/www/files', + 'apache_version' => '2.4', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'order' => 'deny,allow', + }, + } + end + let :facts do default_facts end + it do + expect { + should contain_concat__fragment('rspec.example.com-directories') + }.to raise_error(Puppet::Error) + end + end + end end From 49ae67227d7c7bbb6393db6c8adfed18bf9ffbc3 Mon Sep 17 00:00:00 2001 From: Tyler Antonio Date: Thu, 26 Feb 2015 08:46:25 -0700 Subject: [PATCH 0543/2267] Corrected error in documentation for ssl_protocol and ssl_cipher. --- README.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1009527ddd..2dd6fbd1ed 100644 --- a/README.md +++ b/README.md @@ -747,7 +747,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_options => [ 'StdEnvVars' ], ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], ssl_pass_phrase_dialog => 'builtin', ssl_random_seeds => [ 'startup builtin', @@ -2020,15 +2020,11 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. - -If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. #####`ssl_cipher` -Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'undef'. - -If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. +Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'HIGH:MEDIUM:!aNULL:!MD5'. #####`ssl_honorcipherorder` From 3abb4c24b8ad652dced9b28904e8cc9252609e0f Mon Sep 17 00:00:00 2001 From: Niek Beernink Date: Wed, 26 Nov 2014 11:15:57 +0100 Subject: [PATCH 0544/2267] make icons directorylisting configurable --- README.md | 16 +++++++++++++++- manifests/mod/alias.pp | 3 ++- templates/mod/alias.conf.erb | 2 +- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9bc6e8d670..f61346f0fc 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::alias](#class-apachemodalias) * [Class: apache::mod::event](#class-apachemodevent) * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) @@ -517,7 +518,7 @@ Used to enable arbitrary Apache HTTPD modules for which there is no specific `ap There are many `apache::mod::[name]` classes within this module that can be declared using `include`: * `actions` -* `alias` +* `alias`(see [`apache::mod::alias`](#class-apachemodalias) below) * `auth_basic` * `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` @@ -579,6 +580,19 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. +###Class: `apache::mod::alias` + +Installs and manages the alias module. + +Full Documentation for alias is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_alias.html). + +To disable directory listing for the icons directory: +```puppet + class { 'apache::mod::alias': + icons_options => 'None', + } +``` + ####Class: `apache::mod::event` Installs and manages mpm_event module. diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index ca3f226b38..c1f60fd62e 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,5 +1,6 @@ class apache::mod::alias( - $apache_version = $apache::apache_version + $apache_version = $apache::apache_version, + $icons_options = 'Indexes MultiViews', ) { $ver24 = versioncmp($apache_version, '2.4') >= 0 diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb index 151a806c9f..2056476e82 100644 --- a/templates/mod/alias.conf.erb +++ b/templates/mod/alias.conf.erb @@ -1,7 +1,7 @@ Alias /icons/ "<%= @icons_path %>/" "> - Options Indexes MultiViews + Options <%= @icons_options %> AllowOverride None <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted From c6568bce5634cc269e439c5191492196c51f3de5 Mon Sep 17 00:00:00 2001 From: Jochen Haeberle Date: Fri, 2 Jan 2015 18:31:51 +0100 Subject: [PATCH 0545/2267] allow some include apache::mod:: statements needed for basic_auth. The modules could not be inclued if you set default_mods => false. --- manifests/mod/authn_file.pp | 3 +++ manifests/mod/authz_default.pp | 3 +++ manifests/mod/authz_user.pp | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 manifests/mod/authn_file.pp create mode 100644 manifests/mod/authz_default.pp create mode 100644 manifests/mod/authz_user.pp diff --git a/manifests/mod/authn_file.pp b/manifests/mod/authn_file.pp new file mode 100644 index 0000000000..bc787244a2 --- /dev/null +++ b/manifests/mod/authn_file.pp @@ -0,0 +1,3 @@ +class apache::mod::authn_file { + ::apache::mod { 'authn_file': } +} diff --git a/manifests/mod/authz_default.pp b/manifests/mod/authz_default.pp new file mode 100644 index 0000000000..23edd9b5ac --- /dev/null +++ b/manifests/mod/authz_default.pp @@ -0,0 +1,3 @@ +class apache::mod::authz_default { + ::apache::mod { 'authz_default': } +} diff --git a/manifests/mod/authz_user.pp b/manifests/mod/authz_user.pp new file mode 100644 index 0000000000..948a3e2c97 --- /dev/null +++ b/manifests/mod/authz_user.pp @@ -0,0 +1,3 @@ +class apache::mod::authz_user { + ::apache::mod { 'authz_user': } +} From f134c393d439bc9c0ed91a44e7d649c79aa8d163 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 26 Feb 2015 12:56:47 -0800 Subject: [PATCH 0546/2267] Add docs and update default_mods to use the new classes --- README.md | 3 +++ manifests/default_mods.pp | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9bc6e8d670..e6f43b751c 100644 --- a/README.md +++ b/README.md @@ -521,7 +521,10 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `auth_basic` * `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` +* `authn_file` * `authnz_ldap`* +* `authz_default` +* `authz_user` * `autoindex` * `cache` * `cgi` diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index b600b1be7c..a05b5f81e6 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -118,6 +118,7 @@ } } include ::apache::mod::alias + include ::apache::mod::authn_file include ::apache::mod::autoindex include ::apache::mod::dav include ::apache::mod::dav_fs @@ -127,7 +128,6 @@ include ::apache::mod::negotiation include ::apache::mod::setenvif ::apache::mod { 'auth_basic': } - ::apache::mod { 'authn_file': } if versioncmp($apache_version, '2.4') >= 0 { # filter is needed by mod_deflate @@ -141,11 +141,12 @@ # lots of stuff seems to break without access_compat ::apache::mod { 'access_compat': } } else { - ::apache::mod { 'authz_default': } + include ::apache::mod::authz_default } + include ::apache::mod::authz_user + ::apache::mod { 'authz_groupfile': } - ::apache::mod { 'authz_user': } ::apache::mod { 'env': } } elsif $mods { ::apache::default_mods::load { $mods: } From 3886f68511ced54acfc4e8bda4f706a60ed59439 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 26 Feb 2015 11:48:37 -0800 Subject: [PATCH 0547/2267] Adds tests --- spec/classes/mod/alias_spec.rb | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 151c37e65a..9bb28b3aa2 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -53,6 +53,30 @@ it { is_expected.to contain_apache__mod("alias") } it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } end + context "with icons options", :compile do + let :pre_condition do + 'class { apache: default_mods => false }' + end + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + let :params do + { + 'icons_options' => 'foo' + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Options foo/) } + end context "on a FreeBSD OS", :compile do let :facts do { From 7c6199c43d493223d80ce079cea885769e242ea2 Mon Sep 17 00:00:00 2001 From: Roman Garifullin Date: Mon, 2 Feb 2015 20:13:47 +0500 Subject: [PATCH 0548/2267] add proper array support for require now valid access rules are generated from directory template --- templates/vhost/_directories.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 423e56f852..3aa42ec93b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -38,7 +38,9 @@ <%- end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['require'] and directory['require'] != '' -%> - Require <%= Array(directory['require']).join(' ') %> + <%- Array(directory['require']).each do |require| -%> + Require <%= require %> + <%- end -%> <%- end -%> <%- if directory['auth_require'] -%> Require <%= directory['auth_require'] %> From 0780062e0f8bbfce2200e505e0747eeadd095472 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 26 Feb 2015 14:56:45 -0800 Subject: [PATCH 0549/2267] Added tests and cleaned up the template --- spec/defines/vhost_spec.rb | 24 +++++++++++++++++++----- templates/vhost/_directories.erb | 4 ++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f294ab2ce5..f230ba9cd7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -173,10 +173,18 @@ 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', 'access_log_env_var' => '', 'aliases' => '/image', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - }, + 'directories' => [ + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => [ 'valid-user', 'all denied', ], + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => 'all granted', + }, + ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', 'error_log_pipe' => '', @@ -277,7 +285,7 @@ let :facts do { :osfamily => 'RedHat', - :operatingsystemrelease => '6', + :operatingsystemrelease => '7', :concat_basedir => '/dne', :operatingsystem => 'RedHat', :id => 'root', @@ -328,6 +336,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require valid-user$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all denied$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all granted$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 3aa42ec93b..0bfabd0117 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -38,8 +38,8 @@ <%- end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['require'] and directory['require'] != '' -%> - <%- Array(directory['require']).each do |require| -%> - Require <%= require %> + <%- Array(directory['require']).each do |req| -%> + Require <%= req %> <%- end -%> <%- end -%> <%- if directory['auth_require'] -%> From aef4a7edd87c00be12c145f1d90d6db84d0ebaf4 Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Wed, 4 Mar 2015 21:14:24 +0000 Subject: [PATCH 0550/2267] include mod filter when needed instead of instantiating it --- manifests/default_mods.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index a05b5f81e6..145c4feeb3 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -158,7 +158,7 @@ } # filter is needed by mod_deflate - ::apache::mod { 'filter': } + include ::apache::mod::filter } } else { if versioncmp($apache_version, '2.4') >= 0 { @@ -168,7 +168,7 @@ } # filter is needed by mod_deflate - ::apache::mod { 'filter': } + include ::apache::mod::filter } } } From df3fd8b3f1dcb58de127ae530310353d129cfbf8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 4 Mar 2015 13:45:08 -0800 Subject: [PATCH 0551/2267] Don't manage docroot when default vhosts are disabled As the code is now, if you set default_vhost or default_ssl_vhost to false, the docroot directory will still be managed, but you will be unable to set non-default ownership. Set manage_docroot to the value of default*_vhost in the vhost resource declarations. --- manifests/init.pp | 2 ++ spec/classes/apache_spec.rb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index b3da9ff0a5..a001c051b5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -355,6 +355,7 @@ priority => '15', ip => $ip, logroot_mode => $logroot_mode, + manage_docroot => $default_vhost, } $ssl_access_log_file = $::osfamily ? { 'freebsd' => $access_log_file, @@ -371,6 +372,7 @@ priority => '15', ip => $ip, logroot_mode => $logroot_mode, + manage_docroot => $default_ssl_vhost, } } } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a9fe707cf7..8dfbe3815a 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -690,6 +690,7 @@ } end it { is_expected.to contain_apache__vhost('default').with_ensure('absent') } + it { is_expected.not_to contain_file('/var/www/html') } end context 'with default ssl vhost' do let :params do { @@ -697,6 +698,7 @@ } end it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') } + it { is_expected.to contain_file('/var/www/html') } end end context 'with unsupported osfamily' do From 58517efdd00a6eb825a1b9f272b581485d13d94c Mon Sep 17 00:00:00 2001 From: Steven Post Date: Fri, 6 Mar 2015 13:06:24 +0100 Subject: [PATCH 0552/2267] Documentation: fix Quickstart instructions for Ruby 1.8.7 (Red Hat) --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1683f62f0e..69723a0f3e 100644 --- a/README.md +++ b/README.md @@ -2535,9 +2535,14 @@ Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/ This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation. Quickstart: - + Ruby > 1.8.7 gem install bundler bundle install bundle exec rake spec bundle exec rspec spec/acceptance RS_DEBUG=yes bundle exec rspec spec/acceptance + + Ruby = 1.8.7 + gem install bundler + bundle install --without system_tests + bundle exec rake spec From 38ccc5b392085161f2d4caedfeecb9175f855ff1 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Tue, 17 Feb 2015 13:02:07 +0100 Subject: [PATCH 0553/2267] Style fix --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index a001c051b5..4e596c09d0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -54,7 +54,7 @@ $group = $::apache::params::group, $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, - $max_keepalive_requests = $apache::params::max_keepalive_requests, + $max_keepalive_requests = $::apache::params::max_keepalive_requests, $logroot = $::apache::params::logroot, $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, From de5903281b26c2484c1bc5b1aeaed61b6de8a2de Mon Sep 17 00:00:00 2001 From: Steven Post Date: Fri, 6 Mar 2015 16:40:36 +0100 Subject: [PATCH 0554/2267] Add support for DefaultCharSet directive --- README.md | 4 ++++ manifests/init.pp | 1 + templates/httpd.conf.erb | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 69723a0f3e..e3a817f7c1 100644 --- a/README.md +++ b/README.md @@ -250,6 +250,10 @@ Overrides the template used for the main apache configuration file. Defaults to *Note:* Using this parameter is potentially risky, as the module has been built for a minimal configuration file with the configuration primarily coming from conf.d/ entries. +#####`default_charset` + +If defined, the value will be set as `AddDefaultCharset` in the main configuration file. It is undefined by default. + #####`default_confd_files` Generates default set of include-able Apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with the Apache package on a given platform. diff --git a/manifests/init.pp b/manifests/init.pp index a001c051b5..2bdbeb8bba 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,6 +17,7 @@ $service_name = $::apache::params::service_name, $default_mods = true, $default_vhost = true, + $default_charset = undef, $default_confd_files = true, $default_ssl_vhost = false, $default_ssl_cert = $::apache::params::default_ssl_cert, diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 9b889ac508..50d57e29ec 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -30,6 +30,10 @@ AccessFileName .htaccess AllowOverride None +<% if @default_charset -%> +AddDefaultCharset <%= @default_charset %> +<% end -%> + DefaultType none HostnameLookups Off ErrorLog "<%= @logroot %>/<%= @error_log %>" From 65735038b07418ad734f2d7298c26208200959b0 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Fri, 6 Mar 2015 17:11:28 +0100 Subject: [PATCH 0555/2267] Add basic test for the default charset --- spec/classes/apache_spec.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 8dfbe3815a..6848771c60 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -110,6 +110,14 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} } end + context "when specifying default character set" do + let :params do + { :default_charset => 'none' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} } + end + # Assert that both load files and conf files are placed and symlinked for these mods [ 'alias', @@ -337,6 +345,14 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} } end + context "when specifying default character set" do + let :params do + { :default_charset => 'none' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } From 3f94e6b1235d2432d4d6d0d4a7ed1650121f4841 Mon Sep 17 00:00:00 2001 From: Nate Butler Date: Fri, 6 Mar 2015 13:30:51 -0500 Subject: [PATCH 0556/2267] Ensure resources notify Apache::Service class (#MODULES-1829) Fix resources that notify Service[httpd] With the introduction of the service_manage bool, the Service[httpd] class will not be part of the catalog if false. However there are still some resources which notify Service[httpd] instead of the wrapper Apache::Service class and these choke on undefined Service[httpd] resource if service_manage is false. --- README.md | 2 +- manifests/balancer.pp | 2 +- manifests/custom_config.pp | 4 ++-- manifests/mod/auth_cas.pp | 2 +- spec/defines/custom_config_spec.rb | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 69723a0f3e..576cd888f3 100644 --- a/README.md +++ b/README.md @@ -2505,7 +2505,7 @@ Something along the lines of: exec { 'restorecon_apache': command => 'restorecon -Rv /apache_spec', path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], + before => Class['Apache::Service'], require => Class['apache'], } class { 'apache': } diff --git a/manifests/balancer.pp b/manifests/balancer.pp index a59b6762b8..765dae6290 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -50,7 +50,7 @@ owner => '0', group => '0', mode => '0644', - notify => Service['httpd'], + notify => Class['Apache::Service'], } concat::fragment { "00-${name}-header": diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 7bd4d3ed8e..ceb1fd077a 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -34,7 +34,7 @@ $filename = "${priority_prefix}${filename_middle}.conf" if ! $verify_config or $ensure == 'absent' { - $notifies = Service['httpd'] + $notifies = Class['Apache::Service'] } else { $notifies = undef } @@ -53,7 +53,7 @@ command => $verify_command, subscribe => File["apache_${name}"], refreshonly => true, - notify => Service['httpd'], + notify => Class['Apache::Service'], before => Exec["remove ${name} if invalid"], } diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index fdb5ee80a2..5b13af66a2 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -42,7 +42,7 @@ content => template('apache/mod/auth_cas.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['Apache::Service'], } } diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index e9650a736b..4a38a1fcf8 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -30,7 +30,7 @@ 'refreshonly' => 'true', 'subscribe' => 'File[apache_rspec]', 'command' => '/usr/sbin/apachectl -t', - 'notify' => 'Service[httpd]', + 'notify' => 'Class[Apache::Service]', 'before' => 'Exec[remove rspec if invalid]', }) } @@ -83,7 +83,7 @@ it { is_expected.to_not contain_exec('service notify for rspec') } it { is_expected.to_not contain_exec('remove rspec if invalid') } it { is_expected.to contain_file('apache_rspec').with({ - 'notify' => 'Service[httpd]' + 'notify' => 'Class[Apache::Service]' }) } end From aea676e036e4e3dbffbb3997058d7837f61d3745 Mon Sep 17 00:00:00 2001 From: Josh Baer Date: Sun, 8 Mar 2015 12:58:01 +0100 Subject: [PATCH 0557/2267] Fix typo in fallbackresource Minor change, fallbackresource incorrectly typed as fallbackresouce --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 0780631bb5..6fe87c5a84 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -381,7 +381,7 @@ class { 'apache': } case fact('lsbdistcodename') when 'precise', 'wheezy' - context 'vhost fallbackresouce example' do + context 'vhost fallbackresource example' do it 'should configure a vhost with Fallbackresource' do pp = <<-EOS class { 'apache': } From 78fd5e4618cf2973956d2193d04cd774ebd54246 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Tue, 10 Mar 2015 16:16:50 -0400 Subject: [PATCH 0558/2267] Added missing comma in the aliases example section --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 063c7ec95f..6de64712b9 100644 --- a/README.md +++ b/README.md @@ -1053,7 +1053,7 @@ Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', - } + }, { alias => '/image', path => '/ftp/pub/image', }, From 4270df47ac1887211fc50ac88b1ae094bd28917b Mon Sep 17 00:00:00 2001 From: Steven Post Date: Thu, 6 Mar 2014 09:59:29 +0100 Subject: [PATCH 0559/2267] Apache: give a lower priority to mod_passenger We need mod_proxy loaded before mod_passenger, load order is alphabetic unless defined within the Apache httpd module code itself. For mod_passenger, this isn't defined, mod_proxy also doesn't know about mod_passenger. --- manifests/mod/passenger.pp | 6 +++--- manifests/params.pp | 8 ++++---- spec/classes/mod/passenger_spec.rb | 24 ++++++++++++------------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e0c35295a8..b6cd9c33c1 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -15,9 +15,9 @@ $passenger_app_env = undef, $mod_package = undef, $mod_package_ensure = undef, - $mod_lib = undef, + $mod_lib = 'mod_passenger.so', $mod_lib_path = undef, - $mod_id = undef, + $mod_id = 'passenger_module', $mod_path = undef, ) { # Managed by the package, but declare it to avoid purging @@ -56,7 +56,7 @@ $_id = $mod_id $_path = $mod_path - ::apache::mod { 'passenger': + ::apache::mod { 'zpassenger': package => $_package, package_ensure => $_package_ensure, lib => $_lib, diff --git a/manifests/params.pp b/manifests/params.pp index 54b74e64bc..937719219b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -82,7 +82,7 @@ default => undef, }, 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'mod_passenger', + 'zpassenger' => 'mod_passenger', 'perl' => 'mod_perl', 'php5' => $::apache::version::distrelease ? { '5' => 'php53', @@ -182,7 +182,7 @@ 'fcgid' => 'libapache2-mod-fcgid', 'nss' => 'libapache2-mod-nss', 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', + 'zpassenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', 'php5' => 'libapache2-mod-php5', 'proxy_html' => 'libapache2-mod-proxy-html', @@ -331,7 +331,7 @@ # NOTE: not sure where the shibboleth should come from 'auth_kerb' => 'www/mod_auth_kerb2', 'fcgid' => 'www/mod_fcgid', - 'passenger' => 'www/rubygem-passenger', + 'zpassenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', 'php5' => 'www/mod_php5', 'proxy_html' => 'www/mod_proxy_html', @@ -391,7 +391,7 @@ # NOTE: I list here only modules that are not included in www-servers/apache 'auth_kerb' => 'www-apache/mod_auth_kerb', 'fcgid' => 'www-apache/mod_fcgid', - 'passenger' => 'www-apache/passenger', + 'zpassenger' => 'www-apache/passenger', 'perl' => 'www-apache/mod_perl', 'php5' => 'dev-lang/php', 'proxy_html' => 'www-apache/mod_proxy_html', diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 78823d88b3..01cf78beec 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -20,10 +20,10 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_apache__mod('zpassenger') } it { is_expected.to contain_package("libapache2-mod-passenger") } - it { is_expected.to contain_file('passenger.load').with({ - 'path' => '/etc/apache2/mods-available/passenger.load', + it { is_expected.to contain_file('zpassenger.load').with({ + 'path' => '/etc/apache2/mods-available/zpassenger.load', }) } it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', @@ -105,25 +105,25 @@ let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } end - it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } + it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } end describe "with mod_lib_path => '/usr/lib/foo'" do let :params do { :mod_lib_path => '/usr/lib/foo' } end - it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } + it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } end describe "with mod_lib => 'mod_foo.so'" do let :params do { :mod_lib => 'mod_foo.so' } end - it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } + it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } end describe "with mod_id => 'mod_foo'" do let :params do { :mod_id => 'mod_foo' } end - it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + it { is_expected.to contain_file('zpassenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } end context "with Ubuntu 12.04 defaults" do @@ -221,15 +221,15 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_apache__mod('zpassenger') } it { is_expected.to contain_package("mod_passenger") } it { is_expected.to contain_file('passenger_package.conf').with({ 'path' => '/etc/httpd/conf.d/passenger.conf', }) } it { is_expected.to contain_file('passenger_package.conf').without_content } it { is_expected.to contain_file('passenger_package.conf').without_source } - it { is_expected.to contain_file('passenger.load').with({ - 'path' => '/etc/httpd/conf.d/passenger.load', + it { is_expected.to contain_file('zpassenger.load').with({ + 'path' => '/etc/httpd/conf.d/zpassenger.load', }) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } @@ -260,7 +260,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_apache__mod('zpassenger') } it { is_expected.to contain_package("www/rubygem-passenger") } end context "on a Gentoo OS" do @@ -277,7 +277,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_apache__mod('zpassenger') } it { is_expected.to contain_package("www-apache/passenger") } end end From 6679778d9c30f1b65308775a905b6375e6834939 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Thu, 12 Mar 2015 10:02:04 +0100 Subject: [PATCH 0560/2267] Allow setting environment variables inside the proxy locations This patch adds support to set variables using 'SetEnv' inside proxy locations. This is needed to support some backends that don't properly support HTTP/1.1, as it allows a fallback by the Apache httpd server. For details see [1] (Apache httpd documentation) and [2] (use case). [1] http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#envsettings [2] https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache --- README.md | 3 +++ spec/defines/vhost_spec.rb | 7 ++++++- templates/vhost/_proxy.erb | 5 +++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6de64712b9..975e8a0e7c 100644 --- a/README.md +++ b/README.md @@ -1335,12 +1335,15 @@ apache::vhost { 'site.name.fdqn': 'params' => { 'retry' => '0', 'timeout' => '5' }, }, { 'path' => '/e', 'url' => 'http://backend-a/e', 'keywords' => ['nocanon', 'interpolate'] }, + { 'path' => '/f', 'url' => 'http://backend-f/', + 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, ], } ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). +`setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings #####`rack_base_uris` diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 18e4257c83..cd6c9c5c8e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -211,7 +211,8 @@ 'params' => { 'retry' => '0', 'timeout' => '5' - } + }, + 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'], } ], 'suphp_addhandler' => 'foo', @@ -353,6 +354,10 @@ /retry=0/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /SetEnv force-proxy-request-1.0 1/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /SetEnv proxy-nokeepalive 1/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 58fcc98177..f026c87674 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -25,6 +25,11 @@ ProxyPassReverse <%= reverse_url %> <%- end -%> <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var -%> + <%- end -%> + <%- end -%> <% end -%> <% if @proxy_dest -%> From bdbd5344920d5bb1c746e22ba959163eec2ac7ab Mon Sep 17 00:00:00 2001 From: Steven Post Date: Tue, 3 Mar 2015 14:34:31 +0100 Subject: [PATCH 0561/2267] Remove Debian workaround as it broke Red Hat systems --- manifests/mod/passenger.pp | 14 -------------- spec/classes/mod/passenger_spec.rb | 1 - 2 files changed, 15 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e0c35295a8..3409c25c0f 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -25,20 +25,6 @@ file { 'passenger_package.conf': path => "${::apache::mod_dir}/${passenger_conf_package_file}", } - } else { - # Remove passenger_extra.conf left over from before Passenger support was - # reworked for Debian. This is a temporary fix for users running this - # module from master after release 1.0.1 It will be removed in two - # releases from now. - $passenger_package_conf_ensure = $::osfamily ? { - 'Debian' => 'absent', - default => undef, - } - - file { 'passenger_package.conf': - ensure => $passenger_package_conf_ensure, - path => "${::apache::mod_dir}/passenger_extra.conf", - } } $_package = $mod_package diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 78823d88b3..41b5a87817 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -28,7 +28,6 @@ it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { is_expected.to contain_file('passenger_package.conf').with_ensure('absent') } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } From 97e9352fd6e6908005df7e1a51bd92a5e1b42a60 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Thu, 12 Mar 2015 16:23:06 +0100 Subject: [PATCH 0562/2267] Apache: allow setting the default type This setting is only valid on Apache httpd 2.2 (and possibly lower) --- README.md | 4 +++ manifests/init.pp | 1 + spec/classes/apache_spec.rb | 66 +++++++++++++++++++++++++++++++++++++ templates/httpd.conf.erb | 4 ++- 4 files changed, 74 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6de64712b9..c2a99e5efc 100644 --- a/README.md +++ b/README.md @@ -313,6 +313,10 @@ Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets SSL vhosts only respond to HTTPS queries. +#####`default_type` + +(Apache httpd 2.2 only) MIME content-type that will be sent if the server cannot determine a type in any other way. This directive has been deprecated in Apache httpd 2.4, and only exists there for backwards compatibility of configuration files. + #####`default_vhost` Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). diff --git a/manifests/init.pp b/manifests/init.pp index 9a9a36b8e3..0b8544f93a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,6 +27,7 @@ $default_ssl_crl_path = undef, $default_ssl_crl = undef, $default_ssl_crl_check = undef, + $default_type = 'none', $ip = undef, $service_enable = true, $service_manage = true, diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6848771c60..2be2ef346a 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -149,6 +149,40 @@ ) } end + describe "Check default type" do + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + context "when default_type => 'none'" do + let :params do + { :default_type => 'none' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} } + end + context "when default_type => 'text/plain'" do + let :params do + { :default_type => 'text/plain' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} } + end + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^DefaultType [.]*$} } + end + end + describe "Don't create user resource" do context "when parameter manage_user is false" do let :params do @@ -353,6 +387,38 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} } end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + context "when default_type => 'none'" do + let :params do + { :default_type => 'none' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType none$} } + end + context "when default_type => 'text/plain'" do + let :params do + { :default_type => 'text/plain' } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType text/plain$} } + end + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^DefaultType [.]*$} } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 50d57e29ec..6c50e28711 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -34,7 +34,9 @@ AccessFileName .htaccess AddDefaultCharset <%= @default_charset %> <% end -%> -DefaultType none +<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%> +DefaultType <%= @default_type %> +<%- end -%> HostnameLookups Off ErrorLog "<%= @logroot %>/<%= @error_log %>" LogLevel <%= @log_level %> From 07f7240ce52cd3f4f01b4641d2b054d7b3a85d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 12 Mar 2015 21:11:24 +0100 Subject: [PATCH 0563/2267] add parameters to globall configure expires * check if expiresdefault is set, before trying to set it.. * [{}] is a really really silly default for an array of hashes, in case anyone wondered * all dates must be quoted --- README.md | 27 ++++++++++ manifests/mod/expires.pp | 19 +++++++- spec/classes/mod/expires_spec.rb | 84 ++++++++++++++++++++++++++++++++ templates/mod/expires.conf.erb | 11 +++++ 4 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 spec/classes/mod/expires_spec.rb create mode 100644 templates/mod/expires.conf.erb diff --git a/README.md b/README.md index c2a99e5efc..9bb1f70601 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) * [Class: apache::mod::status](#class-apachemodstatus) + * [Class: apache::mod::expires](#class-apachemodexpires) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Class: apache::mod::negotiation](#class-apachemodnegotiation) @@ -800,6 +801,32 @@ Installs Apache mod_status and uses the status.conf.erb template. These are the } ``` +####Class: `apache::mod::expires` + +Installs Apache mod_expires and uses the expires.conf.erb template. These are the defaults: + +```puppet + class { 'apache::mod::expires': + expires_active = true, + expires_default = undef, + expires_by_type = undef, +){ + + + } +``` + +`expires_by_type` is an array of Hashes, describing a set of types and their expire times: + +```puppet + class { 'apache::mod::expires': + expires_by_type = [ + { 'text/json' => 'access plus 1 month' }, + { 'text/html' => 'access plus 1 year' }, + ] + } +``` + ####Class: `apache::mod::wsgi` Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp index aae4c59d98..8c1ce84410 100644 --- a/manifests/mod/expires.pp +++ b/manifests/mod/expires.pp @@ -1,3 +1,20 @@ -class apache::mod::expires { +class apache::mod::expires ( + $expires_active = true, + $expires_default = undef, + $expires_by_type = undef, +) { ::apache::mod { 'expires': } + + # Template uses + # $expries_active + # $expries_default + # $expries_by_type + file { 'expires.conf': + ensure => file, + path => "${::apache::mod_dir}/expires.conf", + content => template('apache/mod/expires.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } } diff --git a/spec/classes/mod/expires_spec.rb b/spec/classes/mod/expires_spec.rb new file mode 100644 index 0000000000..e6eab7c48d --- /dev/null +++ b/spec/classes/mod/expires_spec.rb @@ -0,0 +1,84 @@ +require 'spec_helper' + +describe 'apache::mod::expires', :type => :class do + let :pre_condition do + 'include apache' + end + context "with expires active", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("expires") } + it { is_expected.to contain_file("expires.conf").with(:content => /ExpiresActive On\n/) } + end + context "with expires default", :compile do + let :pre_condition do + 'class { apache: default_mods => false }' + end + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + let :params do + { + 'expires_default' => 'access plus 1 month' + } + end + it { is_expected.to contain_apache__mod("expires") } + it { is_expected.to contain_file("expires.conf").with_content( + "ExpiresActive On\n" \ + "ExpiresDefault \"access plus 1 month\"\n" + ) + } + end + context "with expires by type", :compile do + let :pre_condition do + 'class { apache: default_mods => false }' + end + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + let :params do + { + 'expires_by_type' => [ + { 'text/json' => 'mod plus 1 day' }, + { 'text/html' => 'access plus 1 year' }, + ] + } + end + it { is_expected.to contain_apache__mod("expires") } + it { is_expected.to contain_file("expires.conf").with_content( + "ExpiresActive On\n" \ + "ExpiresByType text/json \"mod plus 1 day\"\n" \ + "ExpiresByType text/html \"access plus 1 year\"\n" + ) + } + end +end diff --git a/templates/mod/expires.conf.erb b/templates/mod/expires.conf.erb new file mode 100644 index 0000000000..7660cfcd05 --- /dev/null +++ b/templates/mod/expires.conf.erb @@ -0,0 +1,11 @@ +ExpiresActive <%= scope.function_bool2httpd([@expires_active]) %> +<%- if ! @expires_default.nil? and ! @expires_default.empty? -%> +ExpiresDefault "<%= @expires_default %>" +<%- end -%> +<%- if ! @expires_by_type.nil? and ! @expires_by_type.empty? -%> +<%- [@expires_by_type].flatten.each do |line| -%> +<%- line.map do |type, seconds| -%> +ExpiresByType <%= type %> "<%= seconds -%>" +<%- end -%> +<%- end -%> +<%- end -%> From e0255bdf8d983654fb35d2a3d3dcd3deccfcc4df Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Tue, 20 Jan 2015 11:13:19 -0500 Subject: [PATCH 0564/2267] Add mod_remoteip module http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html --- README.md | 1 + manifests/mod/remoteip.pp | 27 ++++++++++++++++ spec/classes/mod/remoteip_spec.rb | 53 +++++++++++++++++++++++++++++++ templates/mod/remoteip.conf.erb | 21 ++++++++++++ 4 files changed, 102 insertions(+) create mode 100644 manifests/mod/remoteip.pp create mode 100644 spec/classes/mod/remoteip_spec.rb create mode 100644 templates/mod/remoteip.conf.erb diff --git a/README.md b/README.md index c2a99e5efc..2628d25c29 100644 --- a/README.md +++ b/README.md @@ -572,6 +572,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `proxy_http` * `python` * `reqtimeout` +* `remoteip`* * `rewrite` * `rpaf`* * `setenvif` diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp new file mode 100644 index 0000000000..564390e94d --- /dev/null +++ b/manifests/mod/remoteip.pp @@ -0,0 +1,27 @@ +class apache::mod::remoteip ( + $header = 'X-Forwarded-For', + $proxy_ips = [ '127.0.0.1' ], + $proxies_header = undef, + $trusted_proxy_ips = undef, + $apache_version = $::apache::apache_version +) { + if versioncmp($apache_version, '2.4') < 0 { + fail('mod_remoteip is only available in Apache 2.4') + } + + ::apache::mod { 'remoteip': } + + # Template uses: + # - $header + # - $proxy_ips + # - $proxies_header + # - $trusted_proxy_ips + file { 'remoteip.conf': + ensure => file, + path => "${::apache::mod_dir}/remoteip.conf", + content => template('apache/mod/remoteip.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } +} diff --git a/spec/classes/mod/remoteip_spec.rb b/spec/classes/mod/remoteip_spec.rb new file mode 100644 index 0000000000..e3d095351a --- /dev/null +++ b/spec/classes/mod/remoteip_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe 'apache::mod::remoteip', :type => :class do + let :pre_condition do + [ + 'include apache', + ] + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8', + :concat_basedir => '/dne', + :lsbdistcodename => 'jessie', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let :params do + { :apache_version => '2.4' } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('remoteip') } + it { is_expected.to contain_file('remoteip.conf').with({ + 'path' => '/etc/apache2/mods-available/remoteip.conf', + }) } + + describe "with header X-Forwarded-For" do + let :params do + { :header => 'X-Forwarded-For' } + end + it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPHeader X-Forwarded-For$/) } + end + describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do + let :params do + { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } + end + it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.17.8$/) } + it { is_expected.to contain_file('remoteip.conf').with_content(/^RemoteIPInternalProxy 10.42.18.99$/) } + end + describe "with Apache version < 2.4" do + let :params do + { :apache_version => '2.2' } + end + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/) + end + end + end +end diff --git a/templates/mod/remoteip.conf.erb b/templates/mod/remoteip.conf.erb new file mode 100644 index 0000000000..0adff71108 --- /dev/null +++ b/templates/mod/remoteip.conf.erb @@ -0,0 +1,21 @@ +# Declare the header field which should be parsed for useragent IP addresses +RemoteIPHeader <%= @header %> + +# Declare client intranet IP addresses trusted to present +# the RemoteIPHeader value +<%- @proxy_ips.each do |proxy| -%> +RemoteIPInternalProxy <%= proxy %> +<%- end -%> + +# Declare the header field which will record all intermediate IP addresses +<%- if @proxies_header -%> +RemoteIPProxiesHeader <%= @proxies_header %> +<%- end -%> + +# Declare client intranet IP addresses trusted to present +# the RemoteIPHeader value +<%- if @trusted_proxy_ips -%> + <%- @trusted_proxy_ips.each do |proxy| -%> +RemoteIPTrustedProxy <%= proxy %> + <%- end -%> +<%- end -%> From 12232f76e1c4c070610a8eac882a3e051509e5ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 13 Mar 2015 19:11:14 +0100 Subject: [PATCH 0565/2267] remoteip: force-cast and flatten arguments to arrays --- templates/mod/remoteip.conf.erb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/templates/mod/remoteip.conf.erb b/templates/mod/remoteip.conf.erb index 0adff71108..b4518f9b04 100644 --- a/templates/mod/remoteip.conf.erb +++ b/templates/mod/remoteip.conf.erb @@ -1,21 +1,23 @@ # Declare the header field which should be parsed for useragent IP addresses RemoteIPHeader <%= @header %> +<%- if @proxy_ips -%> # Declare client intranet IP addresses trusted to present # the RemoteIPHeader value -<%- @proxy_ips.each do |proxy| -%> +<%- [@proxy_ips].flatten.each do |proxy| -%> RemoteIPInternalProxy <%= proxy %> +<%- end -%> <%- end -%> -# Declare the header field which will record all intermediate IP addresses <%- if @proxies_header -%> +# Declare the header field which will record all intermediate IP addresses RemoteIPProxiesHeader <%= @proxies_header %> <%- end -%> +<%- if @trusted_proxy_ips -%> # Declare client intranet IP addresses trusted to present # the RemoteIPHeader value -<%- if @trusted_proxy_ips -%> - <%- @trusted_proxy_ips.each do |proxy| -%> + <%- [@trusted_proxy_ips].flatten.each do |proxy| -%> RemoteIPTrustedProxy <%= proxy %> <%- end -%> <%- end -%> From 92ba6467508a9f8620c4cbf460878d9e59dd23cf Mon Sep 17 00:00:00 2001 From: Steven Post Date: Fri, 23 Jan 2015 16:10:34 +0100 Subject: [PATCH 0566/2267] Apache - mod_passenger: allow setting PassengerMinInstances --- manifests/mod/passenger.pp | 2 ++ spec/classes/mod/passenger_spec.rb | 6 ++++++ templates/mod/passenger.conf.erb | 3 +++ 3 files changed, 11 insertions(+) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index f5104e2e03..2f0a80b79f 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -11,6 +11,7 @@ $passenger_ruby = $::apache::params::passenger_ruby, $passenger_default_ruby = $::apache::params::passenger_default_ruby, $passenger_max_pool_size = undef, + $passenger_min_instances = undef, $passenger_use_global_queue = undef, $passenger_app_env = undef, $mod_package = undef, @@ -56,6 +57,7 @@ # - $passenger_ruby # - $passenger_default_ruby # - $passenger_max_pool_size + # - $passenger_min_instances # - $passenger_high_performance # - $passenger_max_requests # - $passenger_stat_throttle_rate diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index c8430aa1ff..bd37f5b530 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -76,6 +76,12 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } end + describe "with passenger_min_instances => 5" do + let :params do + { :passenger_min_instances => 5 } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMinInstances 5$/) } + end describe "with rack_autodetect => on" do let :params do { :rack_autodetect => 'on' } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 22805f5a70..e50a2d636c 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -16,6 +16,9 @@ <%- if @passenger_max_pool_size -%> PassengerMaxPoolSize <%= @passenger_max_pool_size %> <%- end -%> + <%- if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> + <%- end -%> <%- if @passenger_pool_idle_time -%> PassengerPoolIdleTime <%= @passenger_pool_idle_time %> <%- end -%> From 1eed398e201ef392bd9e1e0dc42c2d70e2659686 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Wed, 5 Mar 2014 15:10:07 +0100 Subject: [PATCH 0567/2267] Apache: add support for the ProxyPassMatch directive --- README.md | 8 ++++++++ manifests/vhost.pp | 6 +++++- spec/defines/vhost_spec.rb | 13 +++++++++++++ templates/vhost/_proxy.erb | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 96a7b1ac7c..7f338e96db 100644 --- a/README.md +++ b/README.md @@ -1247,6 +1247,10 @@ Array of IPs to exclude from mod_security rule matching Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +#####`no_proxy_uris_match` + +This directive is equivalent to `no_proxy_uris`, but takes regular expressions. + #####`proxy_preserve_host` Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). @@ -1349,6 +1353,10 @@ apache::vhost { 'site.name.fdqn': `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings +#####`proxy_pass_match` + +This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. + #####`rack_base_uris` Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 3c5808f6e9..70d2a57bb9 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -57,7 +57,10 @@ $scriptalias = undef, $scriptaliases = [], $proxy_dest = undef, + $proxy_dest_match = undef, + $proxy_dest_reverse_match = undef, $proxy_pass = undef, + $proxy_pass_match = undef, $suphp_addhandler = $::apache::params::suphp_addhandler, $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, @@ -66,6 +69,7 @@ $php_admin_flags = {}, $php_admin_values = {}, $no_proxy_uris = [], + $no_proxy_uris_match = [], $proxy_preserve_host = false, $proxy_error_override = false, $redirect_source = '/', @@ -364,7 +368,7 @@ } # Load mod_proxy if needed and not yet loaded - if ($proxy_dest or $proxy_pass) { + if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) { if ! defined(Class['apache::mod::proxy']) { include ::apache::mod::proxy } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index cd6c9c5c8e..fd47876d9c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -215,12 +215,25 @@ 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'], } ], + 'proxy_pass_match' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, + 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'], + } + ], 'suphp_addhandler' => 'foo', 'suphp_engine' => 'on', 'suphp_configpath' => '/var/www/html', 'php_admin_flags' => ['foo', 'bar'], 'php_admin_values' => ['true', 'false'], 'no_proxy_uris' => '/foo', + 'no_proxy_uris_match' => '/foomatch', 'proxy_preserve_host' => true, 'proxy_error_override' => true, 'redirect_source' => '/bar', diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index f026c87674..67c8eb274a 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -32,6 +32,29 @@ <%- end -%> <% end -%> +<% [@proxy_pass_match].flatten.compact.each do |proxy| %> + ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] %> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + > + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var -%> + <%- end -%> + <%- end -%> + +<% end -%> <% if @proxy_dest -%> <%- Array(@no_proxy_uris).each do |uri| -%> ProxyPass <%= uri %> ! @@ -41,3 +64,12 @@ ProxyPassReverse <%= @proxy_dest %>/ <% end -%> +<% if @proxy_dest_match -%> +<%- Array(@no_proxy_uris_match).each do |uri| -%> + ProxyPassMatch <%= uri %> ! +<% end -%> + ProxyPassMatch / <%= @proxy_dest_match %>/ + + ProxyPassReverse <%= @proxy_dest_reverse_match %>/ + +<% end -%> From 84411341b85ef4eaad8529de890262df5a159385 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Mon, 16 Mar 2015 12:46:31 +0100 Subject: [PATCH 0568/2267] Documentation: style fix Use a code block for the commands so they are displayed properly on GitHub. --- README.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 96a7b1ac7c..c3ea9ca4d2 100644 --- a/README.md +++ b/README.md @@ -2546,14 +2546,21 @@ Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/ This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation. Quickstart: - Ruby > 1.8.7 + +####Ruby > 1.8.7 + +``` gem install bundler bundle install bundle exec rake spec bundle exec rspec spec/acceptance RS_DEBUG=yes bundle exec rspec spec/acceptance +``` - Ruby = 1.8.7 +####Ruby = 1.8.7 + +``` gem install bundler bundle install --without system_tests bundle exec rake spec +``` From 9b96fc1452902530572a6a29d39311f9b261a4b8 Mon Sep 17 00:00:00 2001 From: Niklas H Date: Mon, 16 Mar 2015 18:13:24 +0100 Subject: [PATCH 0569/2267] allow acess to userdirs again After fixing the permission directives for Apache 2.4 in 460775670a, the userdirs were not accessible anymore because of `Require all denied. --- templates/mod/userdir.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index add525d5ea..754824cdc8 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -9,7 +9,7 @@ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all denied + Require all granted <%- else -%> Order allow,deny Allow from all @@ -17,7 +17,7 @@ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all denied + Require all granted <%- else -%> Order allow,deny Allow from all From fca58388400fcb78a001cebaa2a159611af3f92e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 16 Mar 2015 10:21:45 -0700 Subject: [PATCH 0570/2267] Give a lower priority to mod_passenger This was initially implemented in #1060. --- manifests/mod/passenger.pp | 7 ++++--- manifests/params.pp | 8 ++++---- spec/acceptance/mod_passenger_spec.rb | 4 ++-- spec/classes/mod/passenger_spec.rb | 8 ++++---- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index b6cd9c33c1..d6030edbf9 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -15,9 +15,9 @@ $passenger_app_env = undef, $mod_package = undef, $mod_package_ensure = undef, - $mod_lib = 'mod_passenger.so', + $mod_lib = undef, $mod_lib_path = undef, - $mod_id = 'passenger_module', + $mod_id = undef, $mod_path = undef, ) { # Managed by the package, but declare it to avoid purging @@ -56,13 +56,14 @@ $_id = $mod_id $_path = $mod_path - ::apache::mod { 'zpassenger': + ::apache::mod { 'passenger': package => $_package, package_ensure => $_package_ensure, lib => $_lib, lib_path => $_lib_path, id => $_id, path => $_path, + loadfile_name => 'zpassenger.load', } # Template uses: diff --git a/manifests/params.pp b/manifests/params.pp index 937719219b..54b74e64bc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -82,7 +82,7 @@ default => undef, }, 'pagespeed' => 'mod-pagespeed-stable', - 'zpassenger' => 'mod_passenger', + 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', 'php5' => $::apache::version::distrelease ? { '5' => 'php53', @@ -182,7 +182,7 @@ 'fcgid' => 'libapache2-mod-fcgid', 'nss' => 'libapache2-mod-nss', 'pagespeed' => 'mod-pagespeed-stable', - 'zpassenger' => 'libapache2-mod-passenger', + 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', 'php5' => 'libapache2-mod-php5', 'proxy_html' => 'libapache2-mod-proxy-html', @@ -331,7 +331,7 @@ # NOTE: not sure where the shibboleth should come from 'auth_kerb' => 'www/mod_auth_kerb2', 'fcgid' => 'www/mod_fcgid', - 'zpassenger' => 'www/rubygem-passenger', + 'passenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', 'php5' => 'www/mod_php5', 'proxy_html' => 'www/mod_proxy_html', @@ -391,7 +391,7 @@ # NOTE: I list here only modules that are not included in www-servers/apache 'auth_kerb' => 'www-apache/mod_auth_kerb', 'fcgid' => 'www-apache/mod_fcgid', - 'zpassenger' => 'www-apache/passenger', + 'passenger' => 'www-apache/passenger', 'perl' => 'www-apache/mod_perl', 'php5' => 'dev-lang/php', 'proxy_html' => 'www-apache/mod_proxy_html', diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index f6e710db01..7b2d0da9af 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -6,7 +6,7 @@ service_name = 'apache2' mod_dir = '/etc/apache2/mods-available/' conf_file = "#{mod_dir}passenger.conf" - load_file = "#{mod_dir}passenger.load" + load_file = "#{mod_dir}zpassenger.load" case fact('operatingsystem') when 'Ubuntu' @@ -49,7 +49,7 @@ service_name = 'httpd' mod_dir = '/etc/httpd/conf.d/' conf_file = "#{mod_dir}passenger.conf" - load_file = "#{mod_dir}passenger.load" + load_file = "#{mod_dir}zpassenger.load" # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1' passenger_ruby = '/usr/bin/ruby' diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 01cf78beec..e05b1e39bb 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -20,7 +20,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('zpassenger') } + it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("libapache2-mod-passenger") } it { is_expected.to contain_file('zpassenger.load').with({ 'path' => '/etc/apache2/mods-available/zpassenger.load', @@ -221,7 +221,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('zpassenger') } + it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("mod_passenger") } it { is_expected.to contain_file('passenger_package.conf').with({ 'path' => '/etc/httpd/conf.d/passenger.conf', @@ -260,7 +260,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('zpassenger') } + it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("www/rubygem-passenger") } end context "on a Gentoo OS" do @@ -277,7 +277,7 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('zpassenger') } + it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("www-apache/passenger") } end end From d1ec93703cc11628947a155e670974b4f9dde1a5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 16 Mar 2015 16:23:33 -0700 Subject: [PATCH 0571/2267] Document all the parameters added in #1069 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index e1f0341579..01ee2654f9 100644 --- a/README.md +++ b/README.md @@ -1353,6 +1353,14 @@ apache::vhost { 'site.name.fdqn': `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings +#####`proxy_dest_match` + +This directive is equivalent to proxy_dest, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. + +#####`proxy_dest_reverse_match` + +Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. + #####`proxy_pass_match` This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. From e5fd9d0621581251c98373fdf1b585401efcf130 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 16 Mar 2015 16:33:26 -0700 Subject: [PATCH 0572/2267] 1.4.0 prep --- CHANGELOG.md | 43 +++++++++++++++++++++++++++++++++++++++++++ metadata.json | 6 +++--- 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 967e8a237d..c300701cca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,46 @@ +##2015-03-17 - Supported Release 1.4.0 +###Summary + +This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` + +####Features +- New parameters to `apache` + - `default_charset` + - `default_type` +- New parameters to `apache::vhost` + - `proxy_error_override` + - `passenger_app_env` (MODULES-1776) + - `proxy_dest_match` + - `proxy_dest_reverse_match` + - `proxy_pass_match` + - `no_proxy_uris_match` +- New parameters to `apache::mod::passenger` + - `passenger_app_env` + - `passenger_min_instances` +- New parameter to `apache::mod::alias` + - `icons_options` +- New classes added under `apache::mod::*` + - `authn_file` + - `authz_default` + - `authz_user` +- Added support for 'deny' as an array in 'directories' under `apache::vhost` +- Added support for RewriteMap +- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030)) +- Added check for deprecated options in directories and fail when they are unsupported +- Added gentoo compatibility +- Added proper array support for `require` in the `directories` parameter in `apache::vhost` +- Added support for `setenv` inside proxy locations + +###Bugfixes +- Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) +- Install required `mod_ldap` package for EL7 (MODULES-1779) +- Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. +- Use the correct `mod_prefork` package name for trusty and jessie +- Don't manage docroot when default vhosts are disabled +- Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829) +- Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` +- Remove old Debian work-around that removed `passenger_extra.conf` + ##2015-02-17 - Supported Release 1.3.0 ###Summary diff --git a/metadata.json b/metadata.json index d778e3bfae..feb7daa194 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.3.0", + "version": "1.4.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -67,7 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} ] } From c6a4574ebc4b5946e9778c15c6eac48fa75a7236 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 16 Mar 2015 15:13:38 -0700 Subject: [PATCH 0573/2267] Revert "Supersede ssl_random_seed_bytes with ssl_random_seeds option to allow setting of both random source and bytes." This reverts commit d431fce700f357a6330544490788bd124b2982dd. Reverting this commit as it introduces a backwards incompatible change, removing the `ssl_random_seed_bytes` parameter. Conflicts: manifests/mod/ssl.pp --- README.md | 7 +------ manifests/mod/ssl.pp | 8 +------- spec/classes/mod/ssl_spec.rb | 12 ++++-------- templates/mod/ssl.conf.erb | 9 ++++----- 4 files changed, 10 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index e1f0341579..aab37667c1 100644 --- a/README.md +++ b/README.md @@ -774,12 +774,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], ssl_pass_phrase_dialog => 'builtin', - ssl_random_seeds => [ - 'startup builtin', - 'startup file:/dev/urandom 512', - 'connect builtin', - 'connect file:/dev/urandom 512', - ], + ssl_random_seed_bytes => '512', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index c1f118f4a8..5296a1d512 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,12 +4,7 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seeds = [ - 'startup builtin', - 'startup file:/dev/urandom 512', - 'connect builtin', - 'connect file:/dev/urandom 512', - ], + $ssl_random_seed_bytes = '512', $apache_version = $::apache::apache_version, $package_name = undef, ) { @@ -58,7 +53,6 @@ # $ssl_options # $session_cache, # $ssl_mutex - # $ssl_random_seeds # $apache_version # file { 'ssl.conf': diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 217c9ee8ba..7ef8fba5c2 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -128,17 +128,13 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} end - context 'setting ssl_random_seeds' do + context 'setting ssl_random_seed_bytes' do let :params do { - :ssl_random_seeds => ['startup builtin', - 'startup file:/dev/random 256', - 'connect file:/dev/urandom 1024' ], - } + :ssl_random_seed_bytes => '1024', + } end - it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed startup builtin$/)} - it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed startup file:\/dev\/random 256$/)} - it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLRandomSeed connect file:\/dev\/urandom 1024$/)} + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} end end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index e9155545b0..6fb25c16ee 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -1,9 +1,8 @@ - <%- Array(@ssl_random_seeds).each do |ssl_random_seed| -%> - <%- if ssl_random_seed != '' -%> - SSLRandomSeed <%= ssl_random_seed %> - <%- end -%> - <%- end -%> + SSLRandomSeed startup builtin + SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> + SSLRandomSeed connect builtin + SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl From 17ed791e50dbbc89667c55bc08c10cb4b00fb5ef Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 17 Mar 2015 13:52:47 -0700 Subject: [PATCH 0574/2267] Debian 7 is very inconsistent with mod_suphp It works fine on all the ubuntus. It's clearly ok. I don't know why debian 7 does this. --- spec/acceptance/mod_suphp_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index fa0125e496..33f57fba6c 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper_acceptance' describe 'apache::mod::suphp class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('osfamily') - when 'Debian' + case fact('operatingsystem') + when 'Ubuntu' context "default suphp config" do it 'succeeds in puppeting suphp' do pp = <<-EOS From 66c66516c48c8a9241d4cf2208c6a54ac09d1668 Mon Sep 17 00:00:00 2001 From: Frank Groeneveld Date: Wed, 18 Mar 2015 14:29:11 +0100 Subject: [PATCH 0575/2267] Make Options directive configurable for mod userdir --- manifests/mod/userdir.pp | 1 + templates/mod/userdir.conf.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 038e0790bc..4b3d0b8e80 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -3,6 +3,7 @@ $dir = 'public_html', $disable_root = true, $apache_version = $::apache::apache_version, + $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ], ) { ::apache::mod { 'userdir': } diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index add525d5ea..377fdb097f 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -6,7 +6,7 @@ /*/<%= @dir %>"> AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Options <%= @options.join(' ') %> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied From 48d7aa04200bf758b7592c3a29f9bc823e4d96aa Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Wed, 18 Mar 2015 12:45:00 -0400 Subject: [PATCH 0576/2267] add section for FreeBSD limitations --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index a7a396be5f..b06e0ff620 100644 --- a/README.md +++ b/README.md @@ -2542,6 +2542,10 @@ Something along the lines of: You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context. +###FreeBSD + +In order to use this module on FreeBSD, you *must* use apache24-2.4.12 (www/apache24) or newer. + ##Development ###Contributing From 945e1e75de8c29341986e23a0650dc0e90a077f0 Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Wed, 18 Mar 2015 19:35:31 +0100 Subject: [PATCH 0577/2267] Allow settings to be overridden as parameters to apache::mod::ssl --- README.md | 15 +++++++++------ manifests/mod/ssl.pp | 26 +++++++++++++++++--------- spec/defines/vhost_spec.rb | 6 ++++++ templates/mod/ssl.conf.erb | 12 ++++++------ 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index a7a396be5f..32bafc2231 100644 --- a/README.md +++ b/README.md @@ -769,12 +769,15 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ```puppet class { 'apache::mod::ssl': - ssl_compression => false, - ssl_options => [ 'StdEnvVars' ], - ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], - ssl_pass_phrase_dialog => 'builtin', - ssl_random_seed_bytes => '512', + ssl_compression => false, + ssl_cryptodevice => 'builtin', + ssl_options => [ 'StdEnvVars' ], + ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', + ssl_honorcipherorder => 'On', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], + ssl_pass_phrase_dialog => 'builtin', + ssl_random_seed_bytes => '512', + ssl_sessioncachetimeout => '300', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 5296a1d512..4a6b823347 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,12 +1,15 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_options = [ 'StdEnvVars' ], - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seed_bytes = '512', - $apache_version = $::apache::apache_version, - $package_name = undef, + $ssl_compression = false, + $ssl_cryptodevice = 'builtin', + $ssl_options = [ 'StdEnvVars' ], + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_honorcipherorder = 'On', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', + $ssl_sessioncachetimeout = '300', + $apache_version = $::apache::apache_version, + $package_name = undef, ) { $session_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", @@ -50,9 +53,14 @@ # Template uses # # $ssl_compression + # $ssl_cryptodevice + # $ssl_cipher + # $ssl_honorcipherorder # $ssl_options - # $session_cache, + # $session_cache # $ssl_mutex + # $ssl_random_seed_bytes + # $ssl_sessioncachetimeout # $apache_version # file { 'ssl.conf': diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index fd47876d9c..add8a2b4ab 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -313,6 +313,12 @@ it { is_expected.to compile } it { is_expected.to_not contain_file('/var/www/foo') } it { is_expected.to contain_class('apache::mod::ssl') } + it { is_expected.to contain_file('ssl.conf').with( + :content => /^\s+SSLHonorCipherOrder On$/ ) } + it { is_expected.to contain_file('ssl.conf').with( + :content => /^\s+SSLPassPhraseDialog builtin$/ ) } + it { is_expected.to contain_file('ssl.conf').with( + :content => /^\s+SSLSessionCacheTimeout 300$/ ) } it { is_expected.to contain_class('apache::mod::mime') } it { is_expected.to contain_class('apache::mod::vhost_alias') } it { is_expected.to contain_class('apache::mod::wsgi') } diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 6fb25c16ee..933aa1fcc8 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -9,17 +9,17 @@ SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" - SSLSessionCacheTimeout 300 + SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> <% if @ssl_compression -%> SSLCompression On <% end -%> - <% if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Mutex <%= @ssl_mutex %> - <% else -%> + <%- else -%> SSLMutex <%= @ssl_mutex %> - <% end -%> - SSLCryptoDevice builtin - SSLHonorCipherOrder On + <%- end -%> + SSLCryptoDevice <%= @ssl_cryptodevice %> + SSLHonorCipherOrder <%= @ssl_honorcipherorder %> SSLCipherSuite <%= @ssl_cipher %> SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> From 6c261046746471428b55e6258f35d646f0b6fe63 Mon Sep 17 00:00:00 2001 From: Ken Geis Date: Thu, 19 Mar 2015 22:43:34 -0700 Subject: [PATCH 0578/2267] fix typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c300701cca..b6dd08ab44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -64,7 +64,7 @@ This release has many new features and bugfixes, including the ability to option - Add ability to omit priority prefix if `$priority` is set to false - Add `apache::security::rule_link` define - Improvements to `apache::mod::*` - - Add `apache::mod::auth_cass` class + - Add `apache::mod::auth_cas` class - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` - Add `apache::mod::filter` class - Add `root_group` to `apache::mod::php` From 43c5c5e7fcd444a790f4d38d4103422042e0346d Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Sun, 22 Mar 2015 17:43:41 +0100 Subject: [PATCH 0579/2267] MODULES-1789 add initial mod_geoip support --- README.md | 36 ++++++++++++++++++++++++++++++++ manifests/mod/geoip.pp | 29 +++++++++++++++++++++++++ manifests/params.pp | 1 + templates/mod/geoip.conf.erb | 22 +++++++++++++++++++ templates/vhost/_directories.erb | 3 +++ 5 files changed, 91 insertions(+) create mode 100644 manifests/mod/geoip.pp create mode 100644 templates/mod/geoip.conf.erb diff --git a/README.md b/README.md index ee88972742..87f4412887 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ * [Classes: apache::mod::*](#classes-apachemodname) * [Class: apache::mod::alias](#class-apachemodalias) * [Class: apache::mod::event](#class-apachemodevent) + * [Class: apache::mod::geoip](#class-apachemodgeoip) * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) @@ -624,6 +625,25 @@ Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_valid Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). +####Class: `apache::mod::geoip` + +Installs and manages mod_geoip. + +Full documentation on mod_geoip is available from [MaxMind](http://dev.maxmind.com/geoip/legacy/mod_geoip2/). + +These are the default settings: + +```puppet + class {'apache::mod::geoip': + $enable => 'Off', + $dbfile => '/usr/share/GeoIP/GeoIP.dat', + $flag => 'Standard', + $output => 'All', + } +``` + +The parameter `dbfile` can be a single directory or a hash of directories. + ####Class: `apache::mod::info` Installs and manages mod_info which provides a comprehensive overview of the server configuration. @@ -1829,6 +1849,22 @@ An array of hashes used to override the [ErrorDocument](https://httpd.apache.org } ``` +######`geoip_enable` + +Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. +Note that you must declare `class {'apache::mod::geoip': }` before using this directive. + +```puppet + apache::vhost { 'first.example.com': + docroot => '/var/www/first', + directories => [ + { path => '/var/www/first', + geoip_enable => 'On', + }, + ], + } +``` + ######`headers` Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp new file mode 100644 index 0000000000..5f4a8ab1d8 --- /dev/null +++ b/manifests/mod/geoip.pp @@ -0,0 +1,29 @@ +class apache::mod::geoip ( + $enable = 'Off', + $dbfile = '/usr/share/GeoIP/GeoIP.dat', + $flag = 'Standard', + $output = 'All', + $enableutf8 = undef, + $scanproxyheaders = undef, + $uselastxforwarededforip = undef, +) { + ::apache::mod { 'geoip': } + + # Template uses: + # - enable + # - dbfile + # - flag + # - output + # - enableutf8 + # - scanproxyheaders + # - uselastxforwarededforip + file { 'geoip.conf': + ensure => file, + path => "${::apache::mod_dir}/geoip.conf", + content => template('apache/mod/geoip.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 54b74e64bc..ce5edec124 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -77,6 +77,7 @@ }, 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', + 'geoip' => 'mod_geoip', 'ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', default => undef, diff --git a/templates/mod/geoip.conf.erb b/templates/mod/geoip.conf.erb new file mode 100644 index 0000000000..92f5dd6871 --- /dev/null +++ b/templates/mod/geoip.conf.erb @@ -0,0 +1,22 @@ +GeoIPEnable <%= @enable %> + +<%- if @dbfile and ! [ false, 'false', '' ].include?(@dbfile) -%> + <%- if @dbfile.kind_of?(Array) -%> + <%- Array(@dbfile).each do |file| -%> +GeoIPDBFile <%= file %> <%= @flag %> + <%- end -%> + <%- else -%> +GeoIPDBFile <%= @dbfile %> <%= @flag %> + <%- end -%> +<%- end -%> +GeoIPOutput <%= @output %> +<% if @enableutf8 -%> +GeoIPEnableUTF8 <%= @enableutf8 %> +<% end -%> +<% if @scanproxyheaders -%> +GeoIPScanProxyHeaders <%= @scanproxyheaders %> +<% end -%> +<% if @uselastxforwarededforip -%> +GeoIPUseLastXForwardedForIP <%= @uselastxforwarededforip %> +<% end -%> + diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 4f40cace4e..e31e31b0d4 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -34,6 +34,9 @@ Header <%= header %> <%- end -%> <%- end -%> + <%- if directory['geoip_enable'] and directory['geoip_enable'] != '' -%> + GeoIPEnable <%= directory['geoip_enable'] %> + <%- end -%> <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> <%- end -%> From fefaa40ed3fe7b5fc35b6028a3bf1c908c688be9 Mon Sep 17 00:00:00 2001 From: Roman Mueller Date: Mon, 23 Mar 2015 17:53:50 +0100 Subject: [PATCH 0580/2267] Fix variable names, convert flags to bool and use bool2httpd function --- README.md | 12 ++++++------ manifests/mod/geoip.pp | 22 +++++++++++----------- templates/mod/geoip.conf.erb | 22 +++++++++++----------- templates/vhost/_directories.erb | 4 ++-- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 87f4412887..804645a2d4 100644 --- a/README.md +++ b/README.md @@ -635,14 +635,14 @@ These are the default settings: ```puppet class {'apache::mod::geoip': - $enable => 'Off', - $dbfile => '/usr/share/GeoIP/GeoIP.dat', - $flag => 'Standard', - $output => 'All', + $enable => false, + $db_file => '/usr/share/GeoIP/GeoIP.dat', + $flag => 'Standard', + $output => 'All', } ``` -The parameter `dbfile` can be a single directory or a hash of directories. +The parameter `db_file` can be a single directory or a hash of directories. ####Class: `apache::mod::info` @@ -1859,7 +1859,7 @@ Note that you must declare `class {'apache::mod::geoip': }` before using this di docroot => '/var/www/first', directories => [ { path => '/var/www/first', - geoip_enable => 'On', + geoip_enable => true, }, ], } diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp index 5f4a8ab1d8..4e87cb96a6 100644 --- a/manifests/mod/geoip.pp +++ b/manifests/mod/geoip.pp @@ -1,22 +1,22 @@ class apache::mod::geoip ( - $enable = 'Off', - $dbfile = '/usr/share/GeoIP/GeoIP.dat', - $flag = 'Standard', - $output = 'All', - $enableutf8 = undef, - $scanproxyheaders = undef, - $uselastxforwarededforip = undef, + $enable = false, + $db_file = '/usr/share/GeoIP/GeoIP.dat', + $flag = 'Standard', + $output = 'All', + $enable_utf8 = undef, + $scan_proxy_headers = undef, + $use_last_xforwarededfor_ip = undef, ) { ::apache::mod { 'geoip': } # Template uses: # - enable - # - dbfile + # - db_file # - flag # - output - # - enableutf8 - # - scanproxyheaders - # - uselastxforwarededforip + # - enable_utf8 + # - scan_proxy_headers + # - use_last_xforwarededfor_ip file { 'geoip.conf': ensure => file, path => "${::apache::mod_dir}/geoip.conf", diff --git a/templates/mod/geoip.conf.erb b/templates/mod/geoip.conf.erb index 92f5dd6871..84b5dfe92c 100644 --- a/templates/mod/geoip.conf.erb +++ b/templates/mod/geoip.conf.erb @@ -1,22 +1,22 @@ -GeoIPEnable <%= @enable %> +GeoIPEnable <%= scope.function_bool2httpd([@enable]) %> -<%- if @dbfile and ! [ false, 'false', '' ].include?(@dbfile) -%> - <%- if @dbfile.kind_of?(Array) -%> - <%- Array(@dbfile).each do |file| -%> +<%- if @db_file and ! [ false, 'false', '' ].include?(@db_file) -%> + <%- if @db_file.kind_of?(Array) -%> + <%- Array(@db_file).each do |file| -%> GeoIPDBFile <%= file %> <%= @flag %> <%- end -%> <%- else -%> -GeoIPDBFile <%= @dbfile %> <%= @flag %> +GeoIPDBFile <%= @db_file %> <%= @flag %> <%- end -%> <%- end -%> GeoIPOutput <%= @output %> -<% if @enableutf8 -%> -GeoIPEnableUTF8 <%= @enableutf8 %> +<% if ! @enable_utf8.nil? -%> +GeoIPEnableUTF8 <%= scope.function_bool2httpd([@enable_utf8]) %> <% end -%> -<% if @scanproxyheaders -%> -GeoIPScanProxyHeaders <%= @scanproxyheaders %> +<% if ! @scan_proxy_headers.nil? -%> +GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %> <% end -%> -<% if @uselastxforwarededforip -%> -GeoIPUseLastXForwardedForIP <%= @uselastxforwarededforip %> +<% if ! @use_last_xforwarededfor_ip.nil? -%> +GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %> <% end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e31e31b0d4..43afb0397a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -34,8 +34,8 @@ Header <%= header %> <%- end -%> <%- end -%> - <%- if directory['geoip_enable'] and directory['geoip_enable'] != '' -%> - GeoIPEnable <%= directory['geoip_enable'] %> + <%- if ! directory['geoip_enable'].nil? -%> + GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %> <%- end -%> <%- if directory['options'] -%> Options <%= Array(directory['options']).join(' ') %> From 6314dec51c4e8b5d8a7133754b2fd32c5bf721cd Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 19 Mar 2015 14:34:37 -0700 Subject: [PATCH 0581/2267] Update tests for rspec-puppet 2.0 This patch: - changes the raise_error matcher and the resource inspection to use `catalogue` instead of `subject` since `subject` since `subject` is not evaluated the way it used to be - changes `should compile` to `catalogue` in other raise_error matchers to be consistent - changes the resource count to use an rspec-puppet method instead of inspecting the subject and adjusting for meta resources - unpins rspec-puppet --- Gemfile | 1 - spec/classes/apache_spec.rb | 6 +++--- spec/classes/mod/fcgid_spec.rb | 2 +- spec/classes/mod/peruser_spec.rb | 2 +- spec/classes/mod/ssl_spec.rb | 2 +- spec/classes/mod/wsgi_spec.rb | 4 ++-- spec/classes/params_spec.rb | 5 +---- spec/classes/service_spec.rb | 4 ++-- spec/defines/custom_config_spec.rb | 6 +++--- 9 files changed, 14 insertions(+), 18 deletions(-) diff --git a/Gemfile b/Gemfile index 62c5693973..2452d15b82 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,6 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :unit_tests do gem 'rake', :require => false gem 'rspec-core', '3.1.7', :require => false - gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', :require => false gem 'simplecov', :require => false diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 2be2ef346a..07ef1cc270 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -487,7 +487,7 @@ let :params do { :mpm_module => 'breakme' } end - it { expect { subject }.to raise_error Puppet::Error, /does not match/ } + it { expect { catalogue }.to raise_error Puppet::Error, /does not match/ } end end @@ -561,7 +561,7 @@ end it "should fail" do expect do - subject + catalogue end.to raise_error(Puppet::Error, /"foo" does not match/) end end @@ -794,7 +794,7 @@ it do expect { - should compile + catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily/) end end diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index f772ff7a25..096717d351 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -57,7 +57,7 @@ } end it 'should contain the correct config' do - content = subject.resource('file', 'fcgid.conf').send(:parameters)[:content] + content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content] expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ '', ' AddHandler fcgid-script .fcgi', diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index f39cbcf6c4..097a36fff1 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -19,7 +19,7 @@ end it do expect { - should compile + catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/) end end diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 7ef8fba5c2..50aa8292fe 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -17,7 +17,7 @@ :is_pe => false, } end - it { expect { subject }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } + it { expect { catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } end context 'on a RedHat OS' do diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 3f03ec907f..5fe313acf4 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -93,7 +93,7 @@ :mod_path => '/foo/bar/baz', } end - it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } end describe "with mod_path but no package_name" do let :params do @@ -101,7 +101,7 @@ :package_name => '/foo/bar/baz', } end - it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + it { expect { catalogue }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } end end context "on a FreeBSD OS" do diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index 92b314f92e..d02209497b 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -17,11 +17,8 @@ end it { is_expected.to contain_apache__params } - # There are 4 resources in this class currently - # there should not be any more resources because it is a params class - # The resources are class[apache::version], class[apache::params], class[main], class[settings], stage[main] it "Should not contain any resources" do - expect(subject.resources.size).to eq(5) + should have_resource_count(0) end end end diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 09906b0d35..42935aea68 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -57,7 +57,7 @@ let (:params) {{ :service_enable => 'not-a-boolean' }} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a boolean/) + expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end @@ -65,7 +65,7 @@ let (:params) {{ :service_manage => 'not-a-boolean' }} it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /is not a boolean/) + expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) end end diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index 4a38a1fcf8..a5efd15a2f 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -110,14 +110,14 @@ end it do expect { - should compile + catalogue }.to raise_error(Puppet::Error, /Only one of \$content and \$source can be specified\./) end end context 'neither content nor source' do it do expect { - should compile + catalogue }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./) end end @@ -130,7 +130,7 @@ end it do expect { - should compile + catalogue }.to raise_error(Puppet::Error, /is not supported for ensure/) end end From 09afbcacc82b8fe535695980464baedfd66efccc Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 11 Feb 2015 14:55:52 -0800 Subject: [PATCH 0582/2267] Packages can't have undef names in future parser FreeBSD sets undef as its dev package list. Spec tests with the future parser claim this is invalid. This probably should not have worked with the current parser anyway. This patch adds a conditional so that dev packages are explicitly installed or not installed if they are needed. --- manifests/dev.pp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/manifests/dev.pp b/manifests/dev.pp index 4eaeb55782..6bd865606c 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -4,8 +4,10 @@ } include ::apache::params $packages = $::apache::params::dev_packages - package { $packages: - ensure => present, - require => Package['httpd'], + if $packages { # FreeBSD doesn't have dev packages to install + package { $packages: + ensure => present, + require => Package['httpd'], + } } } From 85269f1c7bb385ea8b2c52a3b15374627e702f97 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 11 Feb 2015 14:58:16 -0800 Subject: [PATCH 0583/2267] Update vhost spec for future parser Setting a variable to '' in the future parser is not the same as leaving it unset. This patch removes parameter declarations where the parameter being set would conflict with another parameter. --- spec/defines/vhost_spec.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index add8a2b4ab..865fe963d7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -168,7 +168,6 @@ 'log_level' => 'crit', 'access_log' => false, 'access_log_file' => 'httpd_access_log', - 'access_log_pipe' => '', 'access_log_syslog' => true, 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', 'access_log_env_var' => '', @@ -187,7 +186,6 @@ ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', - 'error_log_pipe' => '', 'error_log_syslog' => true, 'error_documents' => 'true', 'fallbackresource' => '/index.php', From c46221e169ab3d0874eeef22c5b7a717d3c1ee98 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 19 Mar 2015 14:14:57 -0700 Subject: [PATCH 0584/2267] Remove unneeded gem dependencies puppetlabs_spec_helper takes care of these dependencies for us. --- Gemfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Gemfile b/Gemfile index 2452d15b82..cc77f38cfa 100644 --- a/Gemfile +++ b/Gemfile @@ -1,10 +1,8 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :unit_tests do - gem 'rake', :require => false gem 'rspec-core', '3.1.7', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', :require => false gem 'simplecov', :require => false gem 'puppet_facts', :require => false gem 'json', :require => false From a7afbdb3450a8af6269a4de77c2b652529269638 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 23 Mar 2015 11:54:13 -0700 Subject: [PATCH 0585/2267] Put Puppet 2.7 envs in .sync.yml We want to eventually drop puppet 2.7 support in all modules. This will be easier if the central modulesync config repo isn't enforcing that all modules test on 2.7. When support needs to be dropped, we can just remove it from this .sync.yml file. --- .sync.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.sync.yml b/.sync.yml index 96d3c2bdb6..9c89f69186 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,10 +1,10 @@ --- .travis.yml: extras: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" Rakefile: extra_disabled_lint_checks: - 'disable_only_variable_string' From 4182dcf269c3dfc1e209d2968e59d9ceb2795d85 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 23 Mar 2015 12:19:16 -0700 Subject: [PATCH 0586/2267] Update .travis.yml This commit makes the following changes to the test matrix: - Runs tests on ruby 2.1.5 instead of 2.0.0 - Runs tests on ruby 1.8.7 with puppet 3.x - Adds an environment to run on an intermediate 3.x puppet version instead of latest (specifically 3.4.x) - Adds an environment to run with the future parser on latest puppet. This would affect the test runs for the validate and spec checks. - Runs the tests on docker --- .travis.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index bd66c7d1c3..d1a0d7cd93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,21 +1,28 @@ --- +sudo: false language: ruby bundler_args: --without system_tests script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true include: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.4.0" + - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.0.0 + - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes" + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.4.0" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" notifications: email: false From 92b04aaeee8776ab9031a56c31ac12548bb196df Mon Sep 17 00:00:00 2001 From: Alice Nodelman Date: Tue, 24 Mar 2015 11:35:33 -0700 Subject: [PATCH 0587/2267] (BKR-147) add Gemfile setting for BEAKER_VERSION for puppet... puppetdb, etc - support for BEAKER_VERSION and BEAKER_RSPEC_VERSION in gemfile --- Gemfile | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 62c5693973..e1ae0fa56a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,15 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" +def location_for(place, fake_version = nil) + if place =~ /^(git:[^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + group :development, :unit_tests do gem 'rake', :require => false gem 'rspec-core', '3.1.7', :require => false @@ -11,8 +21,17 @@ group :development, :unit_tests do gem 'json', :require => false end +beaker_version = ENV['BEAKER_VERSION'] +beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] group :system_tests do - gem 'beaker-rspec', :require => false + if beaker_version + gem 'beaker', *location_for(beaker_version) + end + if beaker_rspec_version + gem 'beaker-rspec', *location_for(beaker_rspec_version) + else + gem 'beaker-rspec', :require => false + end gem 'serverspec', :require => false end From d0b9e8207d730360060465fef4e5accadc73b94f Mon Sep 17 00:00:00 2001 From: stanner Date: Wed, 25 Mar 2015 14:52:55 -0400 Subject: [PATCH 0588/2267] Fixed setting multiple env_var in a location block for proxy pass. --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 67c8eb274a..f290fcb764 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -27,7 +27,7 @@ <%- end -%> <%- if proxy['setenv'] -%> <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var -%> + SetEnv <%= setenv_var %> <%- end -%> <%- end -%> From 4290182ba4b0432bcb0deae2e2ab963dd116a456 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Mon, 9 Mar 2015 14:30:01 +0100 Subject: [PATCH 0589/2267] no longer enforce default value for $apache_name --- manifests/package.pp | 4 ++-- manifests/vhost.pp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index 395c03103c..6595cb92dd 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -44,10 +44,10 @@ before => Package['httpd'], } } - $apache_package = $::apache::params::apache_name + $apache_package = $::apache::apache_name } default: { - $apache_package = $::apache::params::apache_name + $apache_package = $::apache::apache_name } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 70d2a57bb9..4cb440b535 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -125,7 +125,7 @@ fail('You must include the apache base class before using any apache defined resources') } - $apache_name = $::apache::params::apache_name + $apache_name = $::apache::apache_name validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. From 296aab51eb4925dcc80cb60bd2d99f51d121df99 Mon Sep 17 00:00:00 2001 From: Steven Post Date: Mon, 16 Mar 2015 13:29:38 +0100 Subject: [PATCH 0590/2267] The base class must be defined first so the parameters are known This also implies the dependency for the tests needed to be changed. Because of the changed dependency, tests needed some extra facts to please the concat module. --- manifests/dev.pp | 3 --- manifests/package.pp | 6 ++++++ spec/classes/dev_spec.rb | 29 +++++++++++++++++++++++------ spec/classes/mod/dev_spec.rb | 20 +++++++++++--------- 4 files changed, 40 insertions(+), 18 deletions(-) diff --git a/manifests/dev.pp b/manifests/dev.pp index 6bd865606c..b1947e9344 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -1,7 +1,4 @@ class apache::dev { - if $::osfamily == 'FreeBSD' and !defined(Class['apache::package']) { - fail('apache::dev requires apache::package; please include apache or apache::package class first') - } include ::apache::params $packages = $::apache::params::dev_packages if $packages { # FreeBSD doesn't have dev packages to install diff --git a/manifests/package.pp b/manifests/package.pp index 6595cb92dd..728b26010e 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -2,6 +2,12 @@ $ensure = 'present', $mpm_module = $::apache::params::mpm_module, ) inherits ::apache::params { + + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + case $::osfamily { 'FreeBSD': { case $mpm_module { diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index e2e0b47af8..eb3d76593a 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -1,6 +1,9 @@ require 'spec_helper' describe 'apache::dev', :type => :class do + let(:pre_condition) {[ + 'include apache' + ]} context "on a Debian OS" do let :facts do { @@ -9,6 +12,10 @@ :operatingsystem => 'Debian', :operatingsystemrelease => '6', :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => 'Linux' } end it { is_expected.to contain_class("apache::params") } @@ -25,6 +32,10 @@ :operatingsystem => 'Ubuntu', :operatingsystemrelease => '14.04', :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => 'Linux' } end it { is_expected.to contain_package("apache2-dev") } @@ -36,29 +47,31 @@ :operatingsystem => 'RedHat', :operatingsystemrelease => '6', :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => 'Linux' } end it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_package("httpd-devel") } end context "on a FreeBSD OS" do - let :pre_condition do - 'include apache::package' - end let :facts do { :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => 'FreeBSD' } end it { is_expected.to contain_class("apache::params") } end context "on a Gentoo OS" do - let :pre_condition do - 'include apache::package' - end let :facts do { :osfamily => 'Gentoo', @@ -66,6 +79,10 @@ :operatingsystemrelease => '3.16.1-gentoo', :concat_basedir => '/dne', :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => 'Linux' } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index f653389776..1686a02755 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -1,16 +1,14 @@ require 'spec_helper' describe 'apache::mod::dev', :type => :class do + let(:pre_condition) {[ + 'include apache' + ]} [ - ['RedHat', '6', 'Santiago'], - ['Debian', '6', 'squeeze'], - ['FreeBSD', '9', 'FreeBSD'], - ].each do |osfamily, operatingsystemrelease, lsbdistcodename| - if osfamily == 'FreeBSD' - let :pre_condition do - 'include apache::package' - end - end + ['RedHat', '6', 'Santiago', 'Linux'], + ['Debian', '6', 'squeeze', 'Linux'], + ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'], + ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel| context "on a #{osfamily} OS" do let :facts do { @@ -19,6 +17,10 @@ :operatingsystem => osfamily, :operatingsystemrelease => operatingsystemrelease, :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => kernel } end it { is_expected.to contain_class('apache::dev') } From 11d0a0abb2fa2d4a1bb5a5f98c4d28a847378b57 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 26 Mar 2015 13:15:01 -0700 Subject: [PATCH 0591/2267] Fix remoteip unit test for rspec-puppet 2 We updated the rspec-puppet tests, then merged e0255bdf,which assumed rspec-puppet 1. This patch updates the newly merged tests for the remoteip mod. --- spec/classes/mod/remoteip_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/remoteip_spec.rb b/spec/classes/mod/remoteip_spec.rb index e3d095351a..c9f5b4e831 100644 --- a/spec/classes/mod/remoteip_spec.rb +++ b/spec/classes/mod/remoteip_spec.rb @@ -46,7 +46,7 @@ { :apache_version => '2.2' } end it 'should fail' do - expect { subject }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/) + expect { catalogue }.to raise_error(Puppet::Error, /mod_remoteip is only available in Apache 2.4/) end end end From 8f8f6acf0dfefa7a7f6496404a0ce68d5c32a34f Mon Sep 17 00:00:00 2001 From: Pmoranga Date: Sat, 28 Mar 2015 21:41:48 +0100 Subject: [PATCH 0592/2267] fix syntax of code examples --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a6e3258d69..d9acce283b 100644 --- a/README.md +++ b/README.md @@ -811,9 +811,9 @@ Installs Apache mod_status and uses the status.conf.erb template. These are the ```puppet class { 'apache::mod::status': - allow_from = ['127.0.0.1','::1'], - extended_status = 'On', - status_path = '/server-status', + allow_from => ['127.0.0.1','::1'], + extended_status => 'On', + status_path => '/server-status', ){ @@ -826,9 +826,9 @@ Installs Apache mod_expires and uses the expires.conf.erb template. These are th ```puppet class { 'apache::mod::expires': - expires_active = true, - expires_default = undef, - expires_by_type = undef, + expires_active => true, + expires_default => undef, + expires_by_type => undef, ){ @@ -839,7 +839,7 @@ Installs Apache mod_expires and uses the expires.conf.erb template. These are th ```puppet class { 'apache::mod::expires': - expires_by_type = [ + expires_by_type => [ { 'text/json' => 'access plus 1 month' }, { 'text/html' => 'access plus 1 year' }, ] @@ -868,8 +868,8 @@ To specify an alternate mod\_wsgi package name to install and the name of the mo wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", wsgi_python_home => '/path/to/venv', wsgi_python_path => '/path/to/venv/site-packages', - package_name => 'python27-mod_wsgi', - mod_path => 'python27-mod_wsgi.so', + package_name => 'python27-mod_wsgi', + mod_path => 'python27-mod_wsgi.so', } ``` From 8ffc8a4b73fece51223a2f8cb5dbff3403095f48 Mon Sep 17 00:00:00 2001 From: Ken Geis Date: Mon, 30 Mar 2015 15:57:03 -0700 Subject: [PATCH 0593/2267] Update README.md fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a6e3258d69..5a6a356fa0 100644 --- a/README.md +++ b/README.md @@ -1705,7 +1705,7 @@ General `directories` usage looks something like *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. -Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like +Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like ```puppet apache::vhost { 'sample.example.net': From 8190107158fb2e3fe868810f5b5d736c4d08f519 Mon Sep 17 00:00:00 2001 From: Christian Kaenzig Date: Tue, 31 Mar 2015 11:36:17 +0200 Subject: [PATCH 0594/2267] (MODULES-1874) Fix proxy_connect module on apache >= 2.2 As discussed in MODULES-1874, the proxy_connect module exists since Apache 2.2, so there is no reason to restrict it to Apache >= 2.4. --- manifests/mod/proxy_connect.pp | 2 +- spec/classes/mod/proxy_connect_spec.rb | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp index 3bae848446..7adef1f899 100644 --- a/manifests/mod/proxy_connect.pp +++ b/manifests/mod/proxy_connect.pp @@ -1,7 +1,7 @@ class apache::mod::proxy_connect ( $apache_version = $::apache::apache_version, ) { - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.2') >= 0 { Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] ::apache::mod { 'proxy_connect': } } diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb index f4b4cc2e6b..dbb314c2bf 100644 --- a/spec/classes/mod/proxy_connect_spec.rb +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -19,7 +19,7 @@ :is_pe => false, } end - context 'with Apache version < 2.4' do + context 'with Apache version < 2.2' do let :facts do super().merge({ :operatingsystemrelease => '7.0', @@ -28,11 +28,25 @@ end let :params do { - :apache_version => '2.2', + :apache_version => '2.1', } end it { is_expected.not_to contain_apache__mod('proxy_connect') } end + context 'with Apache version = 2.2' do + let :facts do + super().merge({ + :operatingsystemrelease => '7.0', + :lsbdistcodename => 'wheezy', + }) + end + let :params do + { + :apache_version => '2.2', + } + end + it { is_expected.to contain_apache__mod('proxy_connect') } + end context 'with Apache version >= 2.4' do let :facts do super().merge({ From c901662a60f92632fa8eecbc478b1ef24d3f4c56 Mon Sep 17 00:00:00 2001 From: Neil Prockter Date: Thu, 9 Apr 2015 22:49:33 +0100 Subject: [PATCH 0595/2267] validate_apache_log_level function to apply same test to both apache class and vhost - trace levels also supported --- .../functions/validate_apache_log_level.rb | 27 +++++++++++++ manifests/init.pp | 5 +-- manifests/vhost.pp | 3 +- .../functions/validate_apache_log_level.rb | 39 +++++++++++++++++++ 4 files changed, 68 insertions(+), 6 deletions(-) create mode 100644 lib/puppet/parser/functions/validate_apache_log_level.rb create mode 100644 spec/unit/puppet/parser/functions/validate_apache_log_level.rb diff --git a/lib/puppet/parser/functions/validate_apache_log_level.rb b/lib/puppet/parser/functions/validate_apache_log_level.rb new file mode 100644 index 0000000000..8a1ade0bed --- /dev/null +++ b/lib/puppet/parser/functions/validate_apache_log_level.rb @@ -0,0 +1,27 @@ +module Puppet::Parser::Functions + newfunction(:validate_apache_log_level, :doc => <<-'ENDHEREDOC') do |args| + Perform simple validation of a string against the list of known log + levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel + validate_apache_loglevel('info') + + Modules maybe specified with their own levels like these: + validate_apache_loglevel('warn ssl:info') + validate_apache_loglevel('warn mod_ssl.c:info') + validate_apache_loglevel('warn ssl_module:info') + + Expected to be used from the main or vhost. + + Might be used from directory too later as apaceh supports that + + ENDHEREDOC + if (args.size != 1) then + raise Puppet::ParseError, ("validate_apache_loglevel(): wrong number of arguments (#{args.length}; must be 1)") + end + + log_level = args[0] + msg = "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels." + + raise Puppet::ParseError, (msg) unless log_level =~ Regexp.compile('(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])') + + end +end diff --git a/manifests/init.pp b/manifests/init.pp index 0b8544f93a..fc7049b9b7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -124,10 +124,7 @@ } } - $valid_log_level_re = '(emerg|alert|crit|error|warn|notice|info|debug)' - - validate_re($log_level, $valid_log_level_re, - "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + validate_apache_log_level($log_level) class { '::apache::service': service_name => $service_name, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4cb440b535..fb4136805b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -186,8 +186,7 @@ Allowed values are 'directory' and 'absent'.") if $log_level { - validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', - "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + validate_apache_log_level($log_level) } if $access_log_file and $access_log_pipe { diff --git a/spec/unit/puppet/parser/functions/validate_apache_log_level.rb b/spec/unit/puppet/parser/functions/validate_apache_log_level.rb new file mode 100644 index 0000000000..dfef66eeab --- /dev/null +++ b/spec/unit/puppet/parser/functions/validate_apache_log_level.rb @@ -0,0 +1,39 @@ +#! /usr/bin/env ruby -S rspec +require 'spec_helper' + +describe "the validate_apache_log_level function" do + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it "should exist" do + expect(Puppet::Parser::Functions.function("validate_apache_log_level")).to eq("function_validate_apache_log_level") + end + + it "should raise a ParseError if there is less than 1 arguments" do + expect { scope.function_validate_apache_log_level([]) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError when given garbage" do + expect { scope.function_validate_apache_log_level(['garbage']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should not raise a ParseError when given a plain log level" do + expect { scope.function_validate_apache_log_level(['info']) }.to_not raise_error + end + + it "should not raise a ParseError when given a log level and module log level" do + expect { scope.function_validate_apache_log_level(['warn ssl:info']) }.to_not raise_error + end + + it "should not raise a ParseError when given a log level and module log level" do + expect { scope.function_validate_apache_log_level(['warn mod_ssl.c:info']) }.to_not raise_error + end + + it "should not raise a ParseError when given a log level and module log level" do + expect { scope.function_validate_apache_log_level(['warn ssl_module:info']) }.to_not raise_error + end + + it "should not raise a ParseError when given a trace level" do + expect { scope.function_validate_apache_log_level(['trace4']) }.to_not raise_error + end + +end From b1d640ffd5d79fd7442eab2f3f4120ce73406025 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Mon, 9 Mar 2015 14:45:59 +0100 Subject: [PATCH 0596/2267] make $lib_path configurable --- README.md | 4 ++++ manifests/init.pp | 1 + manifests/mod.pp | 2 +- manifests/mod/wsgi.pp | 2 +- manifests/mpm.pp | 2 +- 5 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 22519bc48c..c64da7ae87 100644 --- a/README.md +++ b/README.md @@ -347,6 +347,10 @@ Sets the amount of time the server waits for subsequent requests on a persistent Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. +#####`lib_path` + +Specifies the location where apache module files are stored. It should not be configured manually without special reason. + #####`loadfile_name` Sets the file name for the module loadfile. Should be in the format *.load. This can be used to set the module load order. diff --git a/manifests/init.pp b/manifests/init.pp index 0b8544f93a..02c11dbf17 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,6 +48,7 @@ $mod_dir = $::apache::params::mod_dir, $mod_enable_dir = $::apache::params::mod_enable_dir, $mpm_module = $::apache::params::mpm_module, + $lib_path = $::apache::params::lib_path, $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, $manage_user = true, diff --git a/manifests/mod.pp b/manifests/mod.pp index 0891bf0b77..bc52d2e201 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -2,7 +2,7 @@ $package = undef, $package_ensure = 'present', $lib = undef, - $lib_path = $::apache::params::lib_path, + $lib_path = $::apache::lib_path, $id = undef, $path = undef, $loadfile_name = undef, diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 80f9738ff9..bff5b46b7c 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -14,7 +14,7 @@ if $mod_path =~ /\// { $_mod_path = $mod_path } else { - $_mod_path = "${::apache::params::lib_path}/${mod_path}" + $_mod_path = "${::apache::lib_path}/${mod_path}" } ::apache::mod { 'wsgi': package => $package_name, diff --git a/manifests/mpm.pp b/manifests/mpm.pp index a5cca49882..2478184f51 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -1,5 +1,5 @@ define apache::mpm ( - $lib_path = $::apache::params::lib_path, + $lib_path = $::apache::lib_path, $apache_version = $::apache::apache_version, ) { if ! defined(Class['apache']) { From b4c7ce6f9dafdd792db5bd3db0b19bf368f5e33b Mon Sep 17 00:00:00 2001 From: Maurits Landewers Date: Tue, 14 Apr 2015 11:41:25 +0200 Subject: [PATCH 0597/2267] Fix typo in expires documentation --- manifests/mod/expires.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp index 8c1ce84410..10542916aa 100644 --- a/manifests/mod/expires.pp +++ b/manifests/mod/expires.pp @@ -6,9 +6,9 @@ ::apache::mod { 'expires': } # Template uses - # $expries_active - # $expries_default - # $expries_by_type + # $expires_active + # $expires_default + # $expires_by_type file { 'expires.conf': ensure => file, path => "${::apache::mod_dir}/expires.conf", From 7fdafeeb3bdda9c5fc4d7bb1cfaa3c236e1b40e5 Mon Sep 17 00:00:00 2001 From: Matthias Kneer Date: Tue, 14 Apr 2015 12:56:10 +0200 Subject: [PATCH 0598/2267] - Changed vhost.pp to make use of the proxy template when proxy_pass_match is defined - Added rspec tests for proxy_pass_match --- manifests/vhost.pp | 3 +- spec/acceptance/vhost_spec.rb | 68 +++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fb4136805b..bbb5e61f2b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -624,9 +624,10 @@ # Template uses: # - $proxy_dest # - $proxy_pass + # - $proxy_pass_match # - $proxy_preserve_host # - $no_proxy_uris - if $proxy_dest or $proxy_pass { + if $proxy_dest or $proxy_pass or $proxy_pass_match { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", order => 140, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 6fe87c5a84..08594fa228 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -119,6 +119,33 @@ class { 'apache': } end end + context 'new proxy vhost on port 80' do + it 'should configure an apache proxy vhost' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'proxy.example.com': + port => '80', + docroot => '/var/www/proxy', + proxy_pass_match => [ + { 'path' => '/foo', 'url' => 'http://backend-foo/'}, + ], + proxy_preserve_host => true, + proxy_error_override => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-proxy.example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName proxy.example.com" } + it { is_expected.to contain "ProxyPassMatch" } + it { is_expected.to contain "ProxyPreserveHost On" } + it { is_expected.to contain "ProxyErrorOverride On" } + it { is_expected.not_to contain "" } + end + end + context 'new vhost on port 80' do it 'should configure two apache vhosts' do pp = <<-EOS @@ -498,6 +525,47 @@ class { 'apache': default_vhost => false, } end end + context 'proxy_pass_match for alternative vhost' do + it 'should configure a local vhost and a proxy vhost' do + apply_manifest(%{ + class { 'apache': default_vhost => false, } + apache::vhost { 'localhost': + docroot => '/var/www/local', + ip => '127.0.0.1', + port => '8888', + } + apache::listen { '*:80': } + apache::vhost { 'proxy.example.com': + docroot => '/var/www', + port => '80', + add_listen => false, + proxy_pass_match => { + 'path' => '/', + 'url' => 'http://localhost:8888/subdir/', + }, + } + host { 'proxy.example.com': ip => '127.0.0.1', } + file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } + file { '/var/www/local/subdir/index.html': + ensure => file, + content => "Hello from localhost\\n", + } + }, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + it 'should get a response from the back end' do + shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| + expect(r.stdout).to eq("Hello from localhost\n") + expect(r.exit_code).to eq(0) + end + end + end + describe 'ip_based' do it 'applies cleanly' do pp = <<-EOS From 26b77592d86bc3f4fe9cc68277c844b000a8799d Mon Sep 17 00:00:00 2001 From: Matthias Kneer Date: Tue, 14 Apr 2015 14:08:48 +0200 Subject: [PATCH 0599/2267] - Changed rspec test for proxy_pass_match to be more precise --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 08594fa228..434607531f 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -139,7 +139,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-proxy.example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain "ServerName proxy.example.com" } - it { is_expected.to contain "ProxyPassMatch" } + it { is_expected.to contain "ProxyPassMatch\s+/foo http://backend-foo/" } it { is_expected.to contain "ProxyPreserveHost On" } it { is_expected.to contain "ProxyErrorOverride On" } it { is_expected.not_to contain "" } From 3c2063330d4ecfbf9c89d4b4c4e7459f476e4d8f Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Tue, 14 Apr 2015 12:25:30 -0700 Subject: [PATCH 0600/2267] Use string instead, not regex, for file test The beaker-rspec contains matcher does not understand "+" in the context of checking whether a string is contained in a file resource (though it does seem to understand "\s" just fine), which was causing acceptance test failures. Since we know the exact string to expect we just remove the regular expression bits. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 434607531f..b5d51e91f4 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -139,7 +139,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-proxy.example.com.conf") do it { is_expected.to contain '' } it { is_expected.to contain "ServerName proxy.example.com" } - it { is_expected.to contain "ProxyPassMatch\s+/foo http://backend-foo/" } + it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" } it { is_expected.to contain "ProxyPreserveHost On" } it { is_expected.to contain "ProxyErrorOverride On" } it { is_expected.not_to contain "" } From 880cf46d1d9a78b090008ee45f115e12059d1f38 Mon Sep 17 00:00:00 2001 From: Joe Gracyk Date: Wed, 15 Apr 2015 23:31:30 -0700 Subject: [PATCH 0601/2267] MODULES-1937: avoids matching Amazon Linux as RHEL7+ --- manifests/version.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index ce3b907694..a50c9ec243 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -12,7 +12,9 @@ case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { + if ($::operatingsystem == 'Amazon') { + $default = '2.2' + } elsif ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { $default = '2.4' } else { $default = '2.2' From 0e20f6da35c970cbc70394a78840632f58a90838 Mon Sep 17 00:00:00 2001 From: Joe Gracyk Date: Wed, 15 Apr 2015 23:33:03 -0700 Subject: [PATCH 0602/2267] Removed a misleading portion of a comment --- manifests/version.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index a50c9ec243..a0c9d0dc92 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -3,7 +3,7 @@ # Try to automatically detect the version by OS # class apache::version { - # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, 3 on Amazon, etc. + # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc. $osr_array = split($::operatingsystemrelease,'[\/\.]') $distrelease = $osr_array[0] if ! $distrelease { From 8440eeca0a7dc49f72b60f35908ecb748cd505bf Mon Sep 17 00:00:00 2001 From: maneesh Date: Tue, 14 Apr 2015 14:19:36 -0700 Subject: [PATCH 0603/2267] check if ensure present before including alias module --- manifests/vhost.pp | 2 +- spec/defines/vhost_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index bbb5e61f2b..17f61e3132 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -361,7 +361,7 @@ # Load mod_alias if needed and not yet loaded if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { - if ! defined(Class['apache::mod::alias']) { + if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 865fe963d7..9bdcaba36c 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -448,7 +448,7 @@ it { is_expected.to_not contain_class('apache::mod::passenger') } it { is_expected.to_not contain_class('apache::mod::suexec') } it { is_expected.to_not contain_class('apache::mod::rewrite') } - it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to_not contain_class('apache::mod::alias') } it { is_expected.to_not contain_class('apache::mod::proxy') } it { is_expected.to_not contain_class('apache::mod::proxy_http') } it { is_expected.to_not contain_class('apache::mod::passenger') } From 98766fd6790092df829c1a5f7546c1f6c8639aff Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 17 Apr 2015 15:22:58 -0700 Subject: [PATCH 0604/2267] Use concat 1.2.x --- .fixtures.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index 6eddf260f6..4645a757fc 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,7 +1,9 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - concat: "git://github.com/puppetlabs/puppetlabs-concat.git" + concat: + repo: "git://github.com/puppetlabs/puppetlabs-concat.git" + branch: "1.2.x" portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" From f1f554b57fd841adfcfcf263ed5afb2c4d958b09 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Thu, 23 Apr 2015 14:11:36 +0200 Subject: [PATCH 0605/2267] (#1971) new $service_restart parameter to influence httpd. Adds a new parameter to apache and apache::service to permit restart paramter to the httpd service to be set. For instance this allows to a restart to be configured as apachectl graceful for instance. Fixes https://tickets.puppetlabs.com/browse/MODULES-1971 the change is fully backwards compatible. --- README.md | 5 +++++ manifests/init.pp | 10 ++++++---- manifests/service.pp | 8 +++++--- spec/classes/service_spec.rb | 12 ++++++++++++ 4 files changed, 28 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c64da7ae87..268b071b12 100644 --- a/README.md +++ b/README.md @@ -456,6 +456,11 @@ Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. +#####`service_restart` + +Determines whether the HTTPD service restart command should be anything other than the default managed by Puppet. Defaults to undef. + + #####`trace_enable` Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. diff --git a/manifests/init.pp b/manifests/init.pp index 37d866ad6d..22b2361aef 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -32,6 +32,7 @@ $service_enable = true, $service_manage = true, $service_ensure = 'running', + $service_restart = undef, $purge_configs = true, $purge_vhost_dir = undef, $purge_vdir = false, @@ -128,10 +129,11 @@ validate_apache_log_level($log_level) class { '::apache::service': - service_name => $service_name, - service_enable => $service_enable, - service_manage => $service_manage, - service_ensure => $service_ensure, + service_name => $service_name, + service_enable => $service_enable, + service_manage => $service_manage, + service_ensure => $service_ensure, + service_restart => $service_restart, } # Deprecated backwards-compatibility diff --git a/manifests/service.pp b/manifests/service.pp index d934f3d46b..708027921c 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -21,6 +21,7 @@ $service_enable = true, $service_ensure = 'running', $service_manage = true, + $service_restart = undef ) { # The base class must be included first because parameter defaults depend on it if ! defined(Class['apache::params']) { @@ -39,9 +40,10 @@ } if $service_manage { service { 'httpd': - ensure => $_service_ensure, - name => $service_name, - enable => $service_enable, + ensure => $_service_ensure, + name => $service_name, + enable => $service_enable, + restart => $service_restart } } } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 42935aea68..4c851385cd 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -91,6 +91,18 @@ let (:params) {{ :service_ensure => 'UNDEF' }} it { is_expected.to contain_service("httpd").without_ensure } end + + context "with $service_restart unset" do + it { is_expected.to contain_service("httpd").without_restart } + end + + context "with $service_restart => '/usr/sbin/apachectl graceful'" do + let (:params) {{ :service_restart => '/usr/sbin/apachectl graceful' }} + it { is_expected.to contain_service("httpd").with( + 'restart' => '/usr/sbin/apachectl graceful' + ) + } + end end From 73a1b9cc9a49e5d4dd7c7083ca52d6a6c9ddbd2c Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 24 Apr 2015 09:55:17 -0700 Subject: [PATCH 0606/2267] pin apt to 1.8.0 in spec_helper_acceptance --- spec/spec_helper_acceptance.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index ce388328f9..1091edcaf2 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -38,7 +38,7 @@ end # Required for manifest to make mod_pagespeed repository available if fact('osfamily') == 'Debian' - on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-apt', '--version 1.8.0', '--force'), { :acceptable_exit_codes => [0,1] } end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } From cab441ea5727db1954cfbf67de51200876e0df7a Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 22 Apr 2015 11:46:38 -0700 Subject: [PATCH 0607/2267] Update PE dependency in 1.4.x PE < 3.7.0 binds to puppetlabs-concat 1.0.x, which is incompatible with the vhost rewrite that was added in puppetlabs-apache 1.2.0. --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index feb7daa194..1466e42e1a 100644 --- a/metadata.json +++ b/metadata.json @@ -58,7 +58,7 @@ "requirements": [ { "name": "pe", - "version_requirement": "3.x" + "version_requirement": ">= 3.7.0 < 4.0.0" }, { "name": "puppet", From 06536478de0ab3b329af05cc7ae11a2cd145b7fb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 22 Apr 2015 13:00:43 -0700 Subject: [PATCH 0608/2267] 1.4.1 prep --- CHANGELOG.md | 4 ++++ metadata.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6dd08ab44..44ca14c391 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +##2015-04-28 - Supported Release 1.4.1 + +This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. + ##2015-03-17 - Supported Release 1.4.0 ###Summary diff --git a/metadata.json b/metadata.json index 1466e42e1a..e860ca4070 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.4.0", + "version": "1.4.1", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 842e8918c30771fb26f6c5cf861fc85dacee006a Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 30 Apr 2015 10:31:39 -0700 Subject: [PATCH 0609/2267] MODULES-1968 - Update the template to warn if using deprecated options --- spec/defines/vhost_spec.rb | 90 -------------------------------- templates/vhost/_directories.erb | 8 +-- 2 files changed, 4 insertions(+), 94 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 865fe963d7..816fd99a1f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -793,94 +793,4 @@ it { expect { is_expected.to compile }.to raise_error } end end - describe 'allow/deny/order/satisfy deprecation validation' do - let :default_facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - context 'bad allow parameter' do - let :params do - { - 'docroot' => '/var/www/files', - 'apache_version' => '2.4', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - 'allow' => 'from 127.0.0.1', - }, - } - end - let :facts do default_facts end - it do - expect { - should contain_concat__fragment('rspec.example.com-directories') - }.to raise_error(Puppet::Error) - end - end - context 'bad deny parameter' do - let :params do - { - 'docroot' => '/var/www/files', - 'apache_version' => '2.4', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from 127.0.0.1', - }, - } - end - let :facts do default_facts end - it do - expect { - should contain_concat__fragment('rspec.example.com-directories') - }.to raise_error(Puppet::Error) - end - end - context 'bad satisfy parameter' do - let :params do - { - 'docroot' => '/var/www/files', - 'apache_version' => '2.4', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - 'satisfy' => 'any', - }, - } - end - let :facts do default_facts end - it do - expect { - should contain_concat__fragment('rspec.example.com-directories') - }.to raise_error(Puppet::Error) - end - end - context 'bad order parameter' do - let :params do - { - 'docroot' => '/var/www/files', - 'apache_version' => '2.4', - 'directories' => { - 'path' => '/var/www/files', - 'provider' => 'files', - 'order' => 'deny,allow', - }, - } - end - let :facts do default_facts end - it do - expect { - should contain_concat__fragment('rspec.example.com-directories') - }.to raise_error(Puppet::Error) - end - end - end end diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 43afb0397a..1f45d2c0e6 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -4,16 +4,16 @@ <%- [@_directories].flatten.compact.each do |directory| -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> - <%- scope.function_fail(["Apache::Vhost: Using allow is not supported in your Apache version"]) -%> + <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%> <%- end -%> <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> - <%- scope.function_fail(["Apache::Vhost: Using deny is not supported in your Apache version"]) -%> + <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%> <%- end -%> <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%> - <%- scope.function_fail(["Apache::Vhost: Using order is not supported in your Apache version"]) -%> + <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%> <%- end -%> <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%> - <%- scope.function_fail(["Apache::Vhost: Using satisfy is not supported in your Apache version"]) -%> + <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%> <%- end -%> <%- end -%> <%- if directory['path'] and directory['path'] != '' -%> From 2c1b49fa4bc6042738c3642046029aef31ff3b88 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 6 May 2015 13:56:46 -0700 Subject: [PATCH 0610/2267] These slow travis way down. --- .sync.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.sync.yml b/.sync.yml index 9c89f69186..e5f5f79bae 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,10 +1,5 @@ --- .travis.yml: - extras: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" Rakefile: extra_disabled_lint_checks: - 'disable_only_variable_string' From 21efbdaa24cf5000266227f35ca209fa90052779 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 6 May 2015 14:30:28 -0700 Subject: [PATCH 0611/2267] sync via modulesync --- .travis.yml | 10 ---------- Gemfile | 9 +++------ 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index d1a0d7cd93..ecf7d9076b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,23 +6,13 @@ script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake matrix: fast_finish: true include: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.4.0" - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.4.0" - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" notifications: email: false diff --git a/Gemfile b/Gemfile index fcd27d5344..fb7202c83c 100644 --- a/Gemfile +++ b/Gemfile @@ -18,13 +18,8 @@ group :development, :unit_tests do gem 'json', :require => false end -beaker_version = ENV['BEAKER_VERSION'] -beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] group :system_tests do - if beaker_version - gem 'beaker', *location_for(beaker_version) - end - if beaker_rspec_version + if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] gem 'beaker-rspec', *location_for(beaker_rspec_version) else gem 'beaker-rspec', :require => false @@ -32,6 +27,8 @@ group :system_tests do gem 'serverspec', :require => false end + + if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else From a80726f24fd03736fcbb934a4a1af960ae5c65eb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 6 May 2015 14:32:17 -0700 Subject: [PATCH 0612/2267] beaker gemfile fixes --- Gemfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Gemfile b/Gemfile index fb7202c83c..2b1b7cd8d9 100644 --- a/Gemfile +++ b/Gemfile @@ -19,6 +19,9 @@ group :development, :unit_tests do end group :system_tests do + if beaker_version = ENV['BEAKER_VERSION'] + gem 'beaker', *location_for(beaker_version) + end if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] gem 'beaker-rspec', *location_for(beaker_rspec_version) else From 4673e29e0328ea6e8410a5f59e9545372d0111f4 Mon Sep 17 00:00:00 2001 From: Dave Garbus Date: Tue, 19 May 2015 11:10:34 -0500 Subject: [PATCH 0613/2267] Add the ability to specify GeoIPScanProxyHeaderField for mod_geoip --- manifests/mod/geoip.pp | 2 ++ templates/mod/geoip.conf.erb | 3 +++ 2 files changed, 5 insertions(+) diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp index 4e87cb96a6..1f8fb08eeb 100644 --- a/manifests/mod/geoip.pp +++ b/manifests/mod/geoip.pp @@ -5,6 +5,7 @@ $output = 'All', $enable_utf8 = undef, $scan_proxy_headers = undef, + $scan_proxy_header_field = undef, $use_last_xforwarededfor_ip = undef, ) { ::apache::mod { 'geoip': } @@ -16,6 +17,7 @@ # - output # - enable_utf8 # - scan_proxy_headers + # - scan_proxy_header_field # - use_last_xforwarededfor_ip file { 'geoip.conf': ensure => file, diff --git a/templates/mod/geoip.conf.erb b/templates/mod/geoip.conf.erb index 84b5dfe92c..00e61d98b4 100644 --- a/templates/mod/geoip.conf.erb +++ b/templates/mod/geoip.conf.erb @@ -16,6 +16,9 @@ GeoIPEnableUTF8 <%= scope.function_bool2httpd([@enable_utf8]) %> <% if ! @scan_proxy_headers.nil? -%> GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %> <% end -%> +<% if ! @scan_proxy_header_field.nil? -%> +GeoIPScanProxyHeaderField <%= @scan_proxy_header_field %> +<% end -%> <% if ! @use_last_xforwarededfor_ip.nil? -%> GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %> <% end -%> From 3691442c6841871da3e2db40a919b448689f85c4 Mon Sep 17 00:00:00 2001 From: Jamie Riedesel Date: Tue, 19 May 2015 14:19:59 -0400 Subject: [PATCH 0614/2267] Add user and group directives to Class: apache documentation The `user` and `group` parameters to `::apache` have existed for quite some time. This provides documentation about them. --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 268b071b12..f12907c2f5 100644 --- a/README.md +++ b/README.md @@ -331,6 +331,10 @@ Changes the location of the default [Documentroot](https://httpd.apache.org/docs Enables custom error documents. Defaults to 'false'. +#####`group` + +Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. + #####`httpd_dir` Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. @@ -469,6 +473,10 @@ Controls how TRACE requests per RFC 2616 are handled. More information about [Tr Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo. +#####`user` + +Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. + #####`apache_name` The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. From 740429e1f03430fb440c4d70c125101fa82f03c9 Mon Sep 17 00:00:00 2001 From: Christian Kaenzig Date: Tue, 26 May 2015 12:03:52 +0200 Subject: [PATCH 0615/2267] Fix in README.md for default values of php_flags --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f12907c2f5..ef509ff4a8 100644 --- a/README.md +++ b/README.md @@ -1365,11 +1365,11 @@ Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20 #####`php_flags & values` -Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'. +Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'. #####`php_admin_flags & values` -Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. +Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'. #####`port` From 91d23fd13317765734a03641f4dee42b2813c744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Thu, 9 Apr 2015 15:03:02 +0200 Subject: [PATCH 0616/2267] Do not offload overriding LogFormats to httpd if an admin overrides one of the pre-existing formats, do not offload that to httpd: check for it, and replace it at configuration generation time. --- README.md | 13 ++++++++++++- spec/classes/apache_spec.rb | 17 +++++++++++++++++ templates/httpd.conf.erb | 8 ++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f12907c2f5..e5698dcc79 100644 --- a/README.md +++ b/README.md @@ -357,7 +357,7 @@ Specifies the location where apache module files are stored. It should not be co #####`loadfile_name` -Sets the file name for the module loadfile. Should be in the format *.load. This can be used to set the module load order. +Sets the file name for the module loadfile. Should be in the format \*.load. This can be used to set the module load order. #####`log_level` @@ -371,6 +371,17 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } ``` +There are a number of predefined LogFormats in the httpd.conf that Puppet writes out: + +```httpd +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +``` + +If your `$log_formats` contains one of those, they will be overwritten with **your** definition. + #####`logroot` Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo. diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 07ef1cc270..77fa7e3e2c 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -218,6 +218,23 @@ end end + describe "Override existing LogFormats" do + context "When parameter log_formats is a hash" do + let :params do + { :log_formats => { + 'common' => "%v %h %l %u %t \"%r\" %>s %b", + 'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + } } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + end + end + context "on Ubuntu" do let :facts do super().merge({ diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 6c50e28711..8664a43e4d 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -60,10 +60,18 @@ Include "<%= @mod_load_dir %>/*.conf" <% end -%> Include "<%= @ports_file %>" +<% unless @log_formats.has_key?('combined') -%> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +<% end -%> +<% unless @log_formats.has_key?('common') -%> LogFormat "%h %l %u %t \"%r\" %>s %b" common +<% end -%> +<% unless @log_formats.has_key?('referer') -%> LogFormat "%{Referer}i -> %U" referer +<% end -%> +<% unless @log_formats.has_key?('agent') -%> LogFormat "%{User-agent}i" agent +<% end -%> <% if @log_formats and !@log_formats.empty? -%> <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> From e98359bd240ac546a5c866f484de04587c4d7fa1 Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Tue, 12 May 2015 14:30:34 +0200 Subject: [PATCH 0617/2267] Add basic initial support for SLES 11 Signed-off-by: Christophe Vanlancker --- manifests/default_mods.pp | 3 ++ manifests/init.pp | 6 ++++ manifests/mod.pp | 35 +++++++++++++++++++++++ manifests/mod/alias.pp | 1 + manifests/mod/prefork.pp | 2 +- manifests/mod/worker.pp | 2 +- manifests/mpm.pp | 32 +++++++++++++++++++++ manifests/params.pp | 60 +++++++++++++++++++++++++++++++++++++++ manifests/version.pp | 3 ++ 9 files changed, 142 insertions(+), 2 deletions(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 145c4feeb3..d609707b24 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -22,6 +22,9 @@ ::apache::mod { 'log_config': } ::apache::mod { 'unixd': } } + 'Suse': { + ::apache::mod { 'log_config': } + } default: {} } case $::osfamily { diff --git a/manifests/init.pp b/manifests/init.pp index 22b2361aef..9e6da98138 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -281,6 +281,12 @@ require => Package['httpd'], } } + 'Suse': { + $pidfile = '/var/run/httpd2.pid' + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod.pp b/manifests/mod.pp index bc52d2e201..920114a7c7 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -126,5 +126,40 @@ notify => Class['apache::service'], } } + } elsif $::osfamily == 'Suse' { + $enable_dir = $::apache::mod_enable_dir + file{ "${_loadfile_name} symlink": + ensure => link, + path => "${enable_dir}/${_loadfile_name}", + target => "${mod_dir}/${_loadfile_name}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => [ + File[$_loadfile_name], + Exec["mkdir ${enable_dir}"], + ], + before => File[$enable_dir], + notify => Class['apache::service'], + } + # Each module may have a .conf file as well, which should be + # defined in the class apache::mod::module + # Some modules do not require this file. + if defined(File["${mod}.conf"]) { + file{ "${mod}.conf symlink": + ensure => link, + path => "${enable_dir}/${mod}.conf", + target => "${mod_dir}/${mod}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => [ + File["${mod}.conf"], + Exec["mkdir ${enable_dir}"], + ], + before => File[$enable_dir], + notify => Class['apache::service'], + } + } } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index c1f60fd62e..2f078f6456 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -6,6 +6,7 @@ $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', + 'Suse' => '/usr/share/apache2/icons', 'redhat' => $ver24 ? { true => '/usr/share/httpd/icons', default => '/var/www/icons', diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 035e8818a4..91567de114 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -60,7 +60,7 @@ } } } - 'debian', 'freebsd' : { + 'debian', 'freebsd', 'Suse' : { ::apache::mpm{ 'prefork': apache_version => $apache_version, } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 02a1beae37..25925f8073 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -62,7 +62,7 @@ } } } - 'debian', 'freebsd': { + 'debian', 'freebsd', 'Suse': { ::apache::mpm{ 'worker': apache_version => $apache_version, } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 2478184f51..9e77349454 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -68,6 +68,38 @@ 'redhat': { # so we don't fail } + 'Suse': { + file { "${::apache::mod_enable_dir}/${mpm}.conf": + ensure => link, + target => "${::apache::mod_dir}/${mpm}.conf", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], + notify => Class['apache::service'], + } + + if versioncmp($apache_version, '2.4') >= 0 { + file { "${::apache::mod_enable_dir}/${mpm}.load": + ensure => link, + target => "${::apache::mod_dir}/${mpm}.load", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], + notify => Class['apache::service'], + } + + if $mpm == 'itk' { + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } + } + } + + if versioncmp($apache_version, '2.4') < 0 { + package { "apache2-${mpm}": + ensure => present, + } + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/params.pp b/manifests/params.pp index ce5edec124..b5d1421362 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -417,6 +417,66 @@ $wsgi_socket_prefix = undef $docroot = '/var/www/localhost/htdocs' $error_documents_path = '/usr/share/apache2/error' + } elsif $::osfamily == 'Suse' { + $user = 'wwwrun' + $group = 'wwwrun' + $root_group = 'root' + $apache_name = 'apache2' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-available" + $vhost_enable_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib64/apache2-prefork/' + $mpm_module = 'prefork' + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'fcgid' => 'apache2-mod_fcgid', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php53', + 'python' => 'apache2-mod_python', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $mime_support_package = 'aaa_base' + $mime_types_config = '/etc/mime.types' + $docroot = '/srv/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $error_documents_path = '/usr/share/apache2/error' + $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + $wsgi_socket_prefix = undef + } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/version.pp b/manifests/version.pp index ce3b907694..bdf1629b04 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -33,6 +33,9 @@ 'Gentoo': { $default = '2.4' } + 'Suse': { + $default = '2.2' + } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") } From 53a0d7379d093ae48e328598511701eef18792c1 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Sun, 17 May 2015 19:11:18 -0400 Subject: [PATCH 0618/2267] Added the ability to define the IndexStyleSheet setting for a directory --- README.md | 24 +++++++++++++++++++++--- spec/defines/vhost_spec.rb | 14 ++++++++++++++ templates/vhost/_directories.erb | 3 +++ 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 268b071b12..2d656a0244 100644 --- a/README.md +++ b/README.md @@ -1924,9 +1924,10 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], } @@ -1948,6 +1949,23 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind } ``` +######`index_style_sheet` + +Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], + } +``` + ######`options` Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 816fd99a1f..73836d350d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -183,6 +183,12 @@ 'provider' => 'files', 'require' => 'all granted', }, + { 'path' => '/var/www/files/indexed_directory', + 'directoryindex' => 'disabled', + 'options' => ['Indexes','FollowSymLinks','MultiViews'], + 'index_options' => ['FancyIndexing'], + 'index_style_sheet' => '/styles/style.css', + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -360,6 +366,14 @@ :content => /^\s+Require all denied$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require all granted$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+IndexOptions\sFancyIndexing$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+IndexStyleSheet\s'\/styles\/style\.css'$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+DirectoryIndex\sdisabled$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 1f45d2c0e6..529d9bdffa 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -46,6 +46,9 @@ <%- end -%> <%- if directory['index_order_default'] -%> IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> + <%- end -%> + <%- if directory['index_style_sheet'] -%> + IndexStyleSheet '<%= directory['index_style_sheet'] %>' <%- end -%> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %> From 6f3668603b830193e5fa3f5d9d4482dc90a0d023 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 7 May 2015 17:29:27 +0200 Subject: [PATCH 0619/2267] Move authn_core module to a class --- README.md | 1 + manifests/default_mods.pp | 12 ++++-------- manifests/mod/authn_core.pp | 7 +++++++ spec/classes/apache_spec.rb | 1 + 4 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 manifests/mod/authn_core.pp diff --git a/README.md b/README.md index 9af78168ac..b78cec33a7 100644 --- a/README.md +++ b/README.md @@ -560,6 +560,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `auth_basic` * `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` +* `authn_core` * `authn_file` * `authnz_ldap`* * `authz_default` diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index d609707b24..0d8969ca69 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -37,13 +37,12 @@ if $all { case $::osfamily { 'debian': { + include ::apache::mod::authn_core include ::apache::mod::reqtimeout - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'authn_core': } - } } 'redhat': { include ::apache::mod::actions + include ::apache::mod::authn_core include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic @@ -64,16 +63,14 @@ ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'authn_core': } - } - else { + if versioncmp($apache_version, '2.4') < 0 { ::apache::mod { 'authn_alias': } ::apache::mod { 'authn_default': } } } 'freebsd': { include ::apache::mod::actions + include ::apache::mod::authn_core include ::apache::mod::cache include ::apache::mod::disk_cache include ::apache::mod::headers @@ -91,7 +88,6 @@ ::apache::mod { 'auth_digest': } ::apache::mod { 'auth_form': } ::apache::mod { 'authn_anon': } - ::apache::mod { 'authn_core': } ::apache::mod { 'authn_dbm': } ::apache::mod { 'authn_socache': } ::apache::mod { 'authz_dbd': } diff --git a/manifests/mod/authn_core.pp b/manifests/mod/authn_core.pp new file mode 100644 index 0000000000..c5ce5b1070 --- /dev/null +++ b/manifests/mod/authn_core.pp @@ -0,0 +1,7 @@ +class apache::mod::authn_core( + $apache_version = $::apache::apache_version +) { + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mod { 'authn_core': } + } +} diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 77fa7e3e2c..b82eafa0de 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -677,6 +677,7 @@ # Assert that load files are placed for these mods, but no conf file. [ 'auth_basic', + 'authn_core', 'authn_file', 'authz_groupfile', 'authz_host', From 223b18bad82464d3923e15fa5b2bbc34439184d6 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 27 May 2015 08:11:04 -0700 Subject: [PATCH 0620/2267] Add ability to unittest puppet 4 --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index ecf7d9076b..742380f6b4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,5 +14,10 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + allow_failures: + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" notifications: email: false From 1919eb3d2a81809ce998bbbc7f53d6d2f18edf12 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Wed, 20 May 2015 18:55:41 +0100 Subject: [PATCH 0621/2267] Support puppetlabs-concat 2.x 2.0.0 is compatible with current 1.x usage, so permit either 1.x or 2.x to satisfy the concat dependency. Move all ensure parameters from concat::fragment to concat itself. --- .fixtures.yml | 4 +--- manifests/balancer.pp | 4 +--- manifests/balancermember.pp | 1 - manifests/init.pp | 2 +- manifests/listen.pp | 1 - manifests/namevirtualhost.pp | 1 - metadata.json | 2 +- spec/defines/vhost_spec.rb | 6 +++--- 8 files changed, 7 insertions(+), 14 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 4645a757fc..6eddf260f6 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,9 +1,7 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - concat: - repo: "git://github.com/puppetlabs/puppetlabs-concat.git" - branch: "1.2.x" + concat: "git://github.com/puppetlabs/puppetlabs-concat.git" portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 765dae6290..1c2391ebd4 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -47,6 +47,7 @@ $target = "${::apache::params::confd_dir}/balancer_${name}.conf" concat { $target: + ensure => present, owner => '0', group => '0', mode => '0644', @@ -54,7 +55,6 @@ } concat::fragment { "00-${name}-header": - ensure => present, target => $target, order => '01', content => "\n", @@ -67,14 +67,12 @@ # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": - ensure => present, target => $target, order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": - ensure => present, target => $target, order => '20', content => "\n", diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index 459081a716..c2be588804 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -46,7 +46,6 @@ ) { concat::fragment { "BalancerMember ${name}": - ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } diff --git a/manifests/init.pp b/manifests/init.pp index 22b2361aef..217890ffaa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -232,6 +232,7 @@ } concat { $ports_file: + ensure => present, owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -239,7 +240,6 @@ require => Package['httpd'], } concat::fragment { 'Apache ports header': - ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } diff --git a/manifests/listen.pp b/manifests/listen.pp index e6a8a3c767..503ee8860b 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,7 +3,6 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": - ensure => present, target => $::apache::ports_file, content => template('apache/listen.erb'), } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index f8c3a80d85..4fa8795185 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,7 +3,6 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": - ensure => present, target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } diff --git a/metadata.json b/metadata.json index e860ca4070..139a436487 100644 --- a/metadata.json +++ b/metadata.json @@ -68,6 +68,6 @@ "description": "Module for Apache configuration", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} ] } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 816fd99a1f..be3da156e9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -50,7 +50,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } @@ -77,7 +77,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } @@ -99,7 +99,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf' ) } From f71a8dec1af1f50c64a0280b633981e8d93c0409 Mon Sep 17 00:00:00 2001 From: Dave Garbus Date: Mon, 1 Jun 2015 12:40:18 -0500 Subject: [PATCH 0622/2267] Adding docs for apache::mod::geoip per puppetlabs/puppetlabs-apache#1128 --- README.md | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 087bbc8694..6022ed6e15 100644 --- a/README.md +++ b/README.md @@ -666,14 +666,44 @@ These are the default settings: ```puppet class {'apache::mod::geoip': - $enable => false, - $db_file => '/usr/share/GeoIP/GeoIP.dat', - $flag => 'Standard', - $output => 'All', + enable => false, + db_file => '/usr/share/GeoIP/GeoIP.dat', + flag => 'Standard', + output => 'All', } ``` -The parameter `db_file` can be a single directory or a hash of directories. +#####`enable` + +Boolean. Enable or Disable mod_geoip globally. Defaults to false. + +#####`db_file` + +The full path to your GeoIP database file. Defaults to `/usr/share/GeoIP/GeoIP.dat`. This parameter optionally takes an array of paths for multiple GeoIP database files. + +#####`flag` + +GeoIP Flag. Defaults to 'Standard'. + +#####`output` + +Defines which output variables to use. Defaults to 'All'. + +#####`enable_utf8` + +Boolean. Changes the output from ISO-8859-1 (Latin-1) to UTF-8. + +#####`scan_proxy_headers` + +Boolean. Enables the GeoIPScanProxyHeaders option. More information can be found [here](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives). + +#####`scan_proxy_header_field` + +Specifies which header that mod_geoip should look at to determine the client's IP address. + +#####`use_last_xforwarededfor_ip` + +Boolean. If a comma-separated list of IP addresses is found, use the last IP address for the client's IP. ####Class: `apache::mod::info` From 409ddd29eb3625e584dd9bac80f1124cc5e3734b Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 3 Jun 2015 08:09:03 -0700 Subject: [PATCH 0623/2267] Add changelog for 1.5.0 relesase --- CHANGELOG.md | 32 ++++++++++++++++++++++++++++++++ metadata.json | 8 +++++++- 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44ca14c391..6e0b1ee87e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,35 @@ +##2015-06-16 - Supported Release 1.5.0 +### Summary +This release primarily adds Suse compatibility. It also adds a handful of other +parameters for greater configuration control. + +### Features +- Now compatible with concat 1.x and 2.x +- Add `apache::lib_path` parameter +- Add `apache::service_restart` parameter +- Add `apache::vhost::geoip_enable` parameter +- Add `apache::mod::geoip` class +- Add `apache::mod::remoteip` class +- Add parameters to `apache::mod::expires` class +- Add `index_style_sheet` handling to `apache::vhost::directories` +- Add some compatibility for SLES 11 +- Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter +- Add `apache::mod::ssl::ssl_cryptodevice` parameter +- Add `apache::mod::ssl::ssl_honorcipherorder` parameter +- Add `apache::mod::userdir::options` parameter + +### Bugfixes +- Document `apache::user` parameter +- Document `apache::group` parameter +- Fix apache::dev on FreeBSD +- Fix proxy\_connect on apache >= 2.2 +- Validate log levels better +- Fix `apache::apache_name` for package and vhost +- Fix Debian Jessie mod\_prefork package name +- Fix alias module being declared even when vhost is absent +- Fix proxy\_pass\_match handling in vhost's proxy template +- Fix userdir access permissions + ##2015-04-28 - Supported Release 1.4.1 This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. diff --git a/metadata.json b/metadata.json index 139a436487..d4300066c9 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.4.1", + "version": "1.5.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -46,6 +46,12 @@ "7" ] }, + { + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "11 SP1" + ] + }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ From 2a1d700c035dba0d0f17a2c16d3e42ab0dc3c61b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 4 Jun 2015 14:10:44 -0700 Subject: [PATCH 0624/2267] Incorrect date in the changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e0b1ee87e..bfd53c5e48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -##2015-06-16 - Supported Release 1.5.0 +##2015-06-09 - Supported Release 1.5.0 ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. From 3a5894eab90d47fff925f0f4c8b5806727e64b9f Mon Sep 17 00:00:00 2001 From: Jonathan Tripathy Date: Fri, 5 Jun 2015 12:23:32 +0100 Subject: [PATCH 0625/2267] Updated travisci file to remove allow_failures for Puppet 4 --- .travis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 742380f6b4..16d694bb6e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,8 +16,5 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.6 env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" - allow_failures: - - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" notifications: email: false From e58cf4578a450ea0497f8e02b92389a7a1af2ab7 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Mon, 8 Jun 2015 21:46:52 -0700 Subject: [PATCH 0626/2267] (maint) allow specifying PUPPET_VERSION in acceptance --- spec/spec_helper_acceptance.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 1091edcaf2..66d1d7c430 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -5,7 +5,10 @@ unless ENV['RS_PROVISION'] == 'no' # This will install the latest available package on el and deb based # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { :default_action => 'gem_install' } + foss_opts = { + :default_action => 'gem_install', + :version => (ENV['PUPPET_VERSION'] || '3.8.1'), + } if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end From 1507ed260f53bd63499610b51c664d35d7a0c009 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 9 Jun 2015 13:58:32 -0700 Subject: [PATCH 0627/2267] Revert "Support puppetlabs-concat 2.x" --- .fixtures.yml | 4 +++- manifests/balancer.pp | 4 +++- manifests/balancermember.pp | 1 + manifests/init.pp | 2 +- manifests/listen.pp | 1 + manifests/namevirtualhost.pp | 1 + metadata.json | 2 +- spec/defines/vhost_spec.rb | 6 +++--- 8 files changed, 14 insertions(+), 7 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 6eddf260f6..4645a757fc 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,7 +1,9 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - concat: "git://github.com/puppetlabs/puppetlabs-concat.git" + concat: + repo: "git://github.com/puppetlabs/puppetlabs-concat.git" + branch: "1.2.x" portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 1c2391ebd4..765dae6290 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -47,7 +47,6 @@ $target = "${::apache::params::confd_dir}/balancer_${name}.conf" concat { $target: - ensure => present, owner => '0', group => '0', mode => '0644', @@ -55,6 +54,7 @@ } concat::fragment { "00-${name}-header": + ensure => present, target => $target, order => '01', content => "\n", @@ -67,12 +67,14 @@ # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": + ensure => present, target => $target, order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": + ensure => present, target => $target, order => '20', content => "\n", diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index c2be588804..459081a716 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -46,6 +46,7 @@ ) { concat::fragment { "BalancerMember ${name}": + ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } diff --git a/manifests/init.pp b/manifests/init.pp index 1dfe6b0d50..9e6da98138 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -232,7 +232,6 @@ } concat { $ports_file: - ensure => present, owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -240,6 +239,7 @@ require => Package['httpd'], } concat::fragment { 'Apache ports header': + ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } diff --git a/manifests/listen.pp b/manifests/listen.pp index 503ee8860b..e6a8a3c767 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,6 +3,7 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/listen.erb'), } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index 4fa8795185..f8c3a80d85 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,6 +3,7 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } diff --git a/metadata.json b/metadata.json index d4300066c9..71bad1d354 100644 --- a/metadata.json +++ b/metadata.json @@ -74,6 +74,6 @@ "description": "Module for Apache configuration", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} ] } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index a3ce4919f7..47c1b1f455 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -50,7 +50,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } @@ -77,7 +77,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } @@ -99,7 +99,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf' ) } From f54393e60eaec4e926eaf6cfadee729d81650130 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 9 Jun 2015 13:58:32 -0700 Subject: [PATCH 0628/2267] Revert "Support puppetlabs-concat 2.x" --- .fixtures.yml | 4 +++- manifests/balancer.pp | 4 +++- manifests/balancermember.pp | 1 + manifests/init.pp | 2 +- manifests/listen.pp | 1 + manifests/namevirtualhost.pp | 1 + metadata.json | 2 +- spec/defines/vhost_spec.rb | 6 +++--- 8 files changed, 14 insertions(+), 7 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 6eddf260f6..4645a757fc 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,7 +1,9 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - concat: "git://github.com/puppetlabs/puppetlabs-concat.git" + concat: + repo: "git://github.com/puppetlabs/puppetlabs-concat.git" + branch: "1.2.x" portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 1c2391ebd4..765dae6290 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -47,7 +47,6 @@ $target = "${::apache::params::confd_dir}/balancer_${name}.conf" concat { $target: - ensure => present, owner => '0', group => '0', mode => '0644', @@ -55,6 +54,7 @@ } concat::fragment { "00-${name}-header": + ensure => present, target => $target, order => '01', content => "\n", @@ -67,12 +67,14 @@ # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": + ensure => present, target => $target, order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": + ensure => present, target => $target, order => '20', content => "\n", diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index c2be588804..459081a716 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -46,6 +46,7 @@ ) { concat::fragment { "BalancerMember ${name}": + ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } diff --git a/manifests/init.pp b/manifests/init.pp index 1dfe6b0d50..9e6da98138 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -232,7 +232,6 @@ } concat { $ports_file: - ensure => present, owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -240,6 +239,7 @@ require => Package['httpd'], } concat::fragment { 'Apache ports header': + ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } diff --git a/manifests/listen.pp b/manifests/listen.pp index 503ee8860b..e6a8a3c767 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,6 +3,7 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/listen.erb'), } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index 4fa8795185..f8c3a80d85 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,6 +3,7 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": + ensure => present, target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } diff --git a/metadata.json b/metadata.json index d4300066c9..71bad1d354 100644 --- a/metadata.json +++ b/metadata.json @@ -74,6 +74,6 @@ "description": "Module for Apache configuration", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} ] } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index a3ce4919f7..47c1b1f455 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -50,7 +50,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } @@ -77,7 +77,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } @@ -99,7 +99,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_concat("25-rspec.example.com.conf").with( + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf' ) } From 9f1559ed4d8e8d95254c580d548dd7282079c0bd Mon Sep 17 00:00:00 2001 From: Chris Liles Date: Wed, 3 Jun 2015 14:52:13 -0700 Subject: [PATCH 0629/2267] Amazon Linux does not support systemd. Having the versioncmp makes this fail on newer versions (which do not yet support systemd). Run this on 2015.03 and you end up with an apache server that will not start. --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 0d8969ca69..637b2bbe52 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -12,7 +12,7 @@ if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) { + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !$::operatingsystem == 'Amazon' ) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From 667335f634f131132b46221afd22ab8b065dcce7 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 10 Jun 2015 11:37:50 -0700 Subject: [PATCH 0630/2267] Updated changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bfd53c5e48..7a722a8a9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,9 @@ -##2015-06-09 - Supported Release 1.5.0 +##2015-06-11 - Supported Release 1.5.0 ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. ### Features -- Now compatible with concat 1.x and 2.x - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter @@ -29,6 +28,7 @@ parameters for greater configuration control. - Fix alias module being declared even when vhost is absent - Fix proxy\_pass\_match handling in vhost's proxy template - Fix userdir access permissions +- Fix issue where the module was trying to use systemd on Amazon Linux. ##2015-04-28 - Supported Release 1.4.1 From 87cd728cdc6d65945f0948bf8421bce8f98c364b Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 10 Jun 2015 16:15:11 -0700 Subject: [PATCH 0631/2267] fixes bug introduced by PR1133 --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 637b2bbe52..9e3c2c69a7 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -12,7 +12,7 @@ if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !$::operatingsystem == 'Amazon' ) { + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From a29cf82ec7217f65b6dae523d5482a14c5c36e2c Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 11 Jun 2015 08:35:53 -0700 Subject: [PATCH 0632/2267] makes the acceptance tests more robust by ensuring selinux is disabled on all runs. Previously, selinux was disabled by the basic_spec acceptance tests, which set up the rest of the tests. However to make this more robust, we need to disable selinux from spec_helper_acceptance so that all runs get the disabling. --- spec/acceptance/basic_spec.rb | 12 ------------ spec/spec_helper_acceptance.rb | 7 +++++++ 2 files changed, 7 insertions(+), 12 deletions(-) delete mode 100644 spec/acceptance/basic_spec.rb diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb deleted file mode 100644 index 6c2b3f462f..0000000000 --- a/spec/acceptance/basic_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'disable selinux:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - it "because otherwise apache won't work" do - apply_manifest(%{ - exec { "setenforce 0": - path => "/bin:/sbin:/usr/bin:/usr/sbin", - onlyif => "which setenforce && getenforce | grep Enforcing", - } - }, :catch_failures => true) - end -end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 1091edcaf2..599cc5663e 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -42,6 +42,13 @@ end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } + + # Make sure selinux is disabled before each test or apache won't work. + if ! UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) + on host, puppet('apply', '-e', + %{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}), + { :acceptable_exit_codes => [0] } + end end end end From 4069e79b1fce1714f2966c82259e51e2344ecfbf Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 10 Jun 2015 17:03:50 -0700 Subject: [PATCH 0633/2267] Add the helper to install puppet/pe/puppet-agent --- Gemfile | 1 + spec/spec_helper_acceptance.rb | 21 ++------------------- 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index 2b1b7cd8d9..bfe64b186a 100644 --- a/Gemfile +++ b/Gemfile @@ -28,6 +28,7 @@ group :system_tests do gem 'beaker-rspec', :require => false end gem 'serverspec', :require => false + gem 'beaker-puppet_install_helper', :require => false end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 66d1d7c430..4243cd2ca9 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,25 +1,8 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' +require 'beaker/puppet_install_helper' - -unless ENV['RS_PROVISION'] == 'no' - # This will install the latest available package on el and deb based - # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { - :default_action => 'gem_install', - :version => (ENV['PUPPET_VERSION'] || '3.8.1'), - } - - if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end - - hosts.each do |host| - if host['platform'] =~ /debian/ - on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' - end - - on host, "mkdir -p #{host['distmoduledir']}" - end -end +run_puppet_install_helper UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris'] From c7ce06cac84c2c57c5fb25852f2e8573555607d0 Mon Sep 17 00:00:00 2001 From: Tobias Muellerleile Date: Thu, 21 May 2015 14:04:40 +0200 Subject: [PATCH 0634/2267] Add ssl_openssl_conf_cmd param (apache::mod::ssl and apache::vhost) --- README.md | 5 +++++ manifests/mod/ssl.pp | 2 ++ manifests/vhost.pp | 2 ++ spec/classes/mod/ssl_spec.rb | 9 +++++++++ spec/defines/vhost_spec.rb | 3 +++ templates/mod/ssl.conf.erb | 3 +++ templates/vhost/_ssl.erb | 3 +++ 7 files changed, 27 insertions(+) diff --git a/README.md b/README.md index 087bbc8694..f954533e1a 100644 --- a/README.md +++ b/README.md @@ -823,6 +823,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_cryptodevice => 'builtin', ssl_options => [ 'StdEnvVars' ], + ssl_openssl_conf_cmd => undef, ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', ssl_honorcipherorder => 'On', ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], @@ -2251,6 +2252,10 @@ An array: } ``` +#####`ssl_openssl_conf_cmd` + +Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'. + #####`ssl_proxyengine` Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 4a6b823347..9e68d21b70 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_cryptodevice = 'builtin', $ssl_options = [ 'StdEnvVars' ], + $ssl_openssl_conf_cmd = undef, $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_honorcipherorder = 'On', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], @@ -57,6 +58,7 @@ # $ssl_cipher # $ssl_honorcipherorder # $ssl_options + # $ssl_openssl_conf_cmd # $session_cache # $ssl_mutex # $ssl_random_seed_bytes diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 17f61e3132..60b5124e11 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -26,6 +26,7 @@ $ssl_verify_client = undef, $ssl_verify_depth = undef, $ssl_options = undef, + $ssl_openssl_conf_cmd = undef, $ssl_proxyengine = false, $priority = undef, $default_vhost = false, @@ -729,6 +730,7 @@ # - $ssl_verify_client # - $ssl_verify_depth # - $ssl_options + # - $ssl_openssl_conf_cmd # - $apache_version if $ssl { concat::fragment { "${name}-ssl": diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 50aa8292fe..1e8b94edca 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -136,5 +136,14 @@ end it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} end + + context 'setting ssl_openssl_conf_cmd' do + let :params do + { + :ssl_openssl_conf_cmd => 'DHParameters "foo.pem"', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$/)} + end end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 47c1b1f455..489c9b43f4 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -153,6 +153,7 @@ 'ssl_verify_client' => 'optional', 'ssl_verify_depth' => '3', 'ssl_options' => '+ExportCertData', + 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', 'ssl_proxyengine' => true, 'priority' => '30', 'default_vhost' => true, @@ -398,6 +399,8 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') } it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + :content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to contain_concat__fragment('rspec.example.com-header') } diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 933aa1fcc8..96b80b0036 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -25,4 +25,7 @@ <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> +<%- if @ssl_openssl_conf_cmd -%> + SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> +<%- end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 516992558f..c2d9413509 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -43,4 +43,7 @@ <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> <%- end -%> + <%- if @ssl_openssl_conf_cmd -%> + SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> + <%- end -%> <% end -%> From 09ce83ef037a3a3c9fba0f5cac3746fa4ddcbb5b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 4 Jun 2015 14:10:44 -0700 Subject: [PATCH 0635/2267] Incorrect date in the changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e0b1ee87e..bfd53c5e48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -##2015-06-16 - Supported Release 1.5.0 +##2015-06-09 - Supported Release 1.5.0 ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. From c054232b398605f900cf02995679b26ce7f215fa Mon Sep 17 00:00:00 2001 From: Chris Liles Date: Wed, 3 Jun 2015 14:52:13 -0700 Subject: [PATCH 0636/2267] Amazon Linux does not support systemd. Having the versioncmp makes this fail on newer versions (which do not yet support systemd). Run this on 2015.03 and you end up with an apache server that will not start. --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 0d8969ca69..637b2bbe52 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -12,7 +12,7 @@ if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) { + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !$::operatingsystem == 'Amazon' ) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From 27d7074fa7cf6f6aae083734e93e82141dce6dd2 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 10 Jun 2015 11:37:50 -0700 Subject: [PATCH 0637/2267] Updated changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bfd53c5e48..7a722a8a9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,9 @@ -##2015-06-09 - Supported Release 1.5.0 +##2015-06-11 - Supported Release 1.5.0 ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. ### Features -- Now compatible with concat 1.x and 2.x - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter @@ -29,6 +28,7 @@ parameters for greater configuration control. - Fix alias module being declared even when vhost is absent - Fix proxy\_pass\_match handling in vhost's proxy template - Fix userdir access permissions +- Fix issue where the module was trying to use systemd on Amazon Linux. ##2015-04-28 - Supported Release 1.4.1 From 4f386295d9c6783dc1737c65f200bfea1aa06cfa Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 10 Jun 2015 16:15:11 -0700 Subject: [PATCH 0638/2267] fixes bug introduced by PR1133 --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 637b2bbe52..9e3c2c69a7 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -12,7 +12,7 @@ if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !$::operatingsystem == 'Amazon' ) { + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) { ::apache::mod { 'systemd': } } ::apache::mod { 'unixd': } From 44bc7216a4501da453eb4143773e42baeb870daf Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 11 Jun 2015 08:35:53 -0700 Subject: [PATCH 0639/2267] makes the acceptance tests more robust by ensuring selinux is disabled on all runs. Previously, selinux was disabled by the basic_spec acceptance tests, which set up the rest of the tests. However to make this more robust, we need to disable selinux from spec_helper_acceptance so that all runs get the disabling. --- spec/acceptance/basic_spec.rb | 12 ------------ spec/spec_helper_acceptance.rb | 7 +++++++ 2 files changed, 7 insertions(+), 12 deletions(-) delete mode 100644 spec/acceptance/basic_spec.rb diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb deleted file mode 100644 index 6c2b3f462f..0000000000 --- a/spec/acceptance/basic_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'disable selinux:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - it "because otherwise apache won't work" do - apply_manifest(%{ - exec { "setenforce 0": - path => "/bin:/sbin:/usr/bin:/usr/sbin", - onlyif => "which setenforce && getenforce | grep Enforcing", - } - }, :catch_failures => true) - end -end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 4243cd2ca9..e93465c9cb 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -28,6 +28,13 @@ end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } + + # Make sure selinux is disabled before each test or apache won't work. + if ! UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) + on host, puppet('apply', '-e', + %{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}), + { :acceptable_exit_codes => [0] } + end end end end From 9e4f8ef9204459b6447138df52041a37b9549171 Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Thu, 18 Jun 2015 11:39:17 -0700 Subject: [PATCH 0640/2267] adding support for a filters array to apache::vhost --- README.md | 30 ++++++++++++++++++++++++++++++ manifests/vhost.pp | 18 ++++++++++++++++++ templates/vhost/_filters.erb | 10 ++++++++++ 3 files changed, 58 insertions(+) create mode 100644 templates/vhost/_filters.erb diff --git a/README.md b/README.md index 68a91e94c3..9bf0df0446 100644 --- a/README.md +++ b/README.md @@ -210,6 +210,21 @@ Starting in Apache 2.2.16, HTTPD supports [FallbackResource](https://httpd.apach } ``` +To set up a virtual host with filter rules + +```puppet + apache::vhost { 'subdomain.loc': + port => '80', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + docroot => '/var/www/html', + } +``` + Please note that the 'disabled' argument to FallbackResource is only supported since Apache 2.2.24. See a list of all [virtual host parameters](#defined-type-apachevhost). See an extensive list of [virtual host examples](#virtual-host-examples). @@ -1529,6 +1544,21 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo } ``` +#####`filters` + +[Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. + +```puppet + apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + } +``` + #####`rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 60b5124e11..09b6e14906 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -82,6 +82,7 @@ $rack_base_uris = undef, $headers = undef, $request_headers = undef, + $filters = undef, $rewrites = undef, $rewrite_base = undef, $rewrite_rule = undef, @@ -398,6 +399,13 @@ } } + # Check if mod_headers is required to process $headers/$request_headers + if $filters { + if ! defined(Class['apache::mod::filters']) { + include ::apache::mod::filters + } + } + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { if ! defined(Class['apache::mod::setenvif']) { include ::apache::mod::setenvif @@ -882,6 +890,16 @@ } } + # Template uses: + # - $filters + if $filters and ! empty($filters) { + concat::fragment { "${name}-filters": + target => "${priority_real}${filename}.conf", + order => 330, + content => template('apache/vhost/_filters.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/templates/vhost/_filters.erb b/templates/vhost/_filters.erb new file mode 100644 index 0000000000..b862597349 --- /dev/null +++ b/templates/vhost/_filters.erb @@ -0,0 +1,10 @@ +<% if @filters and ! @filters.empty? -%> + + ## Filter module rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html + <%- Array(@filters).each do |filter| -%> + <%- if filter != '' -%> + <%= filter %> + <%- end -%> + <%- end -%> +<% end -%> From 2f525f0045aaae49422b58eb273da3c2fedfd623 Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Thu, 18 Jun 2015 11:45:36 -0700 Subject: [PATCH 0641/2267] fixed mod filter name and docs --- README.md | 39 +++++++++++++++++++-------------------- manifests/vhost.pp | 4 ++-- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 9bf0df0446..cf29e07ac4 100644 --- a/README.md +++ b/README.md @@ -216,10 +216,10 @@ To set up a virtual host with filter rules apache::vhost { 'subdomain.loc': port => '80', filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], docroot => '/var/www/html', } @@ -1283,6 +1283,21 @@ Specifies if the vhost file is present or absent. Defaults to 'present'. Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'. +#####`filters` + +[Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. + +```puppet + apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + } +``` + #####`headers` Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. @@ -1543,22 +1558,6 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo ], } ``` - -#####`filters` - -[Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. - -```puppet - apache::vhost { "$::fqdn": - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - } -``` - #####`rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 09b6e14906..7debe6fc4d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -401,8 +401,8 @@ # Check if mod_headers is required to process $headers/$request_headers if $filters { - if ! defined(Class['apache::mod::filters']) { - include ::apache::mod::filters + if ! defined(Class['apache::mod::filter']) { + include ::apache::mod::filter } } From c77abfc6f40d4054c04eb2d6fd8fe27ded79fce9 Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Thu, 18 Jun 2015 11:51:22 -0700 Subject: [PATCH 0642/2267] doc updates about mod_filter for apache::vhost --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7debe6fc4d..e15ea66681 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -399,7 +399,7 @@ } } - # Check if mod_headers is required to process $headers/$request_headers + # Check if mod_filter is required to process $filters if $filters { if ! defined(Class['apache::mod::filter']) { include ::apache::mod::filter From 3aff134feadfbdd5280606064c6c2fd59360e5f5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 19 Jun 2015 11:43:00 -0700 Subject: [PATCH 0643/2267] Set obsoletes=0 on el7 to work around PUP-4497 --- spec/acceptance/mod_security_spec.rb | 12 ++++++++++++ spec/spec_helper_acceptance.rb | 1 + 2 files changed, 13 insertions(+) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 60295787e0..18de2804e1 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -18,6 +18,18 @@ pp = "class { 'epel': }" apply_manifest(pp, :catch_failures => true) end + elsif fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + it 'changes obsoletes, per PUP-4497' do + pp = <<-EOS + ini_setting { 'obsoletes': + path => '/etc/yum.conf', + section => 'main', + setting => 'obsoletes', + value => '0', + } + EOS + apply_manifest(pp, :catch_failures => true) + end end it 'succeeds in puppeting mod_security' do diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index e93465c9cb..6304c222bc 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -21,6 +21,7 @@ # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs/inifile'), { :acceptable_exit_codes => [0,1] } end # Required for manifest to make mod_pagespeed repository available if fact('osfamily') == 'Debian' From 4da8f4949977bfbbed702bb4ab6a2fbed11a9ffb Mon Sep 17 00:00:00 2001 From: Farzad FARID Date: Fri, 10 Apr 2015 00:58:32 +0200 Subject: [PATCH 0644/2267] Fix test condition for proxy directives. The _proxy.erb partial template must also be inserted when only @proxy_dest_match or @proxy_dest_match are set. --- manifests/vhost.pp | 2 +- spec/defines/vhost_spec.rb | 24 ++++++++++++++++++++++++ templates/vhost/_proxy.erb | 2 +- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 60b5124e11..976bd1f8bd 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -628,7 +628,7 @@ # - $proxy_pass_match # - $proxy_preserve_host # - $no_proxy_uris - if $proxy_dest or $proxy_pass or $proxy_pass_match { + if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", order => 140, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 489c9b43f4..325a06333e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -414,6 +414,30 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end + context 'proxy_pass_match' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'proxy_pass_match' => [ + { + 'path' => '.*', + 'url' => 'http://backend-a/', + } + ], + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyPassMatch .* http:\/\/backend-a\//).with_content(/## Proxy rules/) } + end + context 'proxy_dest_match' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'proxy_dest_match' => '/' + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(/## Proxy rules/) } + end context 'not everything can be set together...' do let :params do { diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index f290fcb764..157e2ef402 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -1,4 +1,4 @@ -<% if @proxy_dest or @proxy_pass -%> +<% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%> ## Proxy rules ProxyRequests Off From fe118fb556974701bcd35e2cb379b6ce094759d6 Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Mon, 22 Jun 2015 13:06:46 -0700 Subject: [PATCH 0645/2267] added unit test for apache::vhost support --- tests/vhost_filter.pp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 tests/vhost_filter.pp diff --git a/tests/vhost_filter.pp b/tests/vhost_filter.pp new file mode 100644 index 0000000000..15ddf42773 --- /dev/null +++ b/tests/vhost_filter.pp @@ -0,0 +1,17 @@ +# Base class. Declares default vhost on port 80 with filers. +class { 'apache': } + +# Example from README adapted. +apache::vhost { 'readme.example.net': + docroot => '/var/www/html', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], +} + From a79a581efc1837879377588274d1f04e40650230 Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Mon, 22 Jun 2015 18:17:27 -0700 Subject: [PATCH 0646/2267] typo fixed in unit test --- tests/vhost_filter.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/vhost_filter.pp b/tests/vhost_filter.pp index 15ddf42773..ab339737f9 100644 --- a/tests/vhost_filter.pp +++ b/tests/vhost_filter.pp @@ -1,4 +1,4 @@ -# Base class. Declares default vhost on port 80 with filers. +# Base class. Declares default vhost on port 80 with filters. class { 'apache': } # Example from README adapted. From 1314c27bf0ee0c1d6403b6dec88de60d570b7b3b Mon Sep 17 00:00:00 2001 From: Bryan Andrews Date: Tue, 23 Jun 2015 15:15:47 -0700 Subject: [PATCH 0647/2267] added spec test for apache::vhost filters support --- spec/defines/vhost_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 489c9b43f4..c1a1f888a9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -255,6 +255,15 @@ 'rewrite_rule' => ['^index\.html$ welcome.html'] } ], + 'filters' => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], 'rewrite_base' => '/', 'rewrite_rule' => '^index\.html$ welcome.html', 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', @@ -342,6 +351,7 @@ it { is_expected.to contain_class('apache::mod::passenger') } it { is_expected.to contain_class('apache::mod::fastcgi') } it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::filter') } it { is_expected.to contain_class('apache::mod::setenvif') } it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ 'owner' => 'root', @@ -404,6 +414,8 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-filters').with( + :content => /^\s+FilterDeclare COMPRESS$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } From 2c27798702074eccc4cdabb3d5af7d8d1d035d2f Mon Sep 17 00:00:00 2001 From: Jonathan Tripathy Date: Wed, 24 Jun 2015 14:19:19 +0100 Subject: [PATCH 0648/2267] MODULES-2148 - Readme update for timeout property. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 68a91e94c3..92f566c185 100644 --- a/README.md +++ b/README.md @@ -475,6 +475,9 @@ Determines whether the HTTPD service state is managed by Puppet . Defaults to 't Determines whether the HTTPD service restart command should be anything other than the default managed by Puppet. Defaults to undef. +#####`timeout` + +Sets the amount of seconds the server will wait for certain events before failing a request. Defaults to 120. #####`trace_enable` From f0810d29170403e13d3403028b8dcd6f426a4640 Mon Sep 17 00:00:00 2001 From: Olivier Hanesse Date: Mon, 29 Jun 2015 11:28:47 +0200 Subject: [PATCH 0649/2267] Fix: missing package for mod_geoip on Debian systems --- manifests/params.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/params.pp b/manifests/params.pp index b5d1421362..a4ad8293c7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -181,6 +181,7 @@ 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', 'nss' => 'libapache2-mod-nss', 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'libapache2-mod-passenger', From 11fc4774373776542d1eb886261f721bc804e919 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 1 Jul 2015 11:54:25 -0700 Subject: [PATCH 0650/2267] Installs net-tools on RHEL7, so that be_listening tests work --- spec/spec_helper_acceptance.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 6304c222bc..d767b1e60a 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -15,6 +15,15 @@ # Configure all nodes in nodeset c.before :suite do + # net-tools required for netstat utility being used by be_listening + if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' + pp = <<-EOS + package { 'net-tools': ensure => installed } + EOS + + apply_manifest_on(agents, pp, :catch_failures => false) + end + # Install module and dependencies hosts.each do |host| copy_module_to(host, :source => proj_root, :module_name => 'apache') From 15d513467f5a2111d0ec8a2bdb1351ef59822c52 Mon Sep 17 00:00:00 2001 From: dconry Date: Wed, 15 Jul 2015 14:14:04 -0400 Subject: [PATCH 0651/2267] Fix _proxy.erb to put multiple SetEnv Fix _proxy.erb to put multiple SetEnv directives on separate lines for ProxyMatch blocks. This was already fixed for plain ProxyPass blocks. --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 157e2ef402..29d35cae98 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -50,7 +50,7 @@ <%- end -%> <%- if proxy['setenv'] -%> <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var -%> + SetEnv <%= setenv_var %> <%- end -%> <%- end -%> From f3e861efcb19346c98e12a55dba759556375a6d5 Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 22 Jul 2015 12:40:35 +0200 Subject: [PATCH 0652/2267] add possibility to set icons_path to false so no alias will be set for it --- manifests/mod/alias.pp | 31 ++++++++++++------------------- manifests/params.pp | 8 ++++++++ 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 2f078f6456..5b59baa01d 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,27 +1,20 @@ class apache::mod::alias( $apache_version = $apache::apache_version, $icons_options = 'Indexes MultiViews', -) { - $ver24 = versioncmp($apache_version, '2.4') >= 0 + # set icons_path to false to disable the alias + $icons_path = $::apache::params::alias_icons_path, - $icons_path = $::osfamily ? { - 'debian' => '/usr/share/apache2/icons', - 'Suse' => '/usr/share/apache2/icons', - 'redhat' => $ver24 ? { - true => '/usr/share/httpd/icons', - default => '/var/www/icons', - }, - 'freebsd' => '/usr/local/www/apache24/icons', - 'gentoo' => '/usr/share/apache2/icons', - } +) { apache::mod { 'alias': } # Template uses $icons_path - file { 'alias.conf': - ensure => file, - path => "${::apache::mod_dir}/alias.conf", - content => template('apache/mod/alias.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], + if $icons_path { + file { 'alias.conf': + ensure => file, + path => "${::apache::mod_dir}/alias.conf", + content => template('apache/mod/alias.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } } } diff --git a/manifests/params.pp b/manifests/params.pp index b5d1421362..22e47f6386 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -113,6 +113,10 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' + $alias_icons_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/icons', + default => '/var/www/icons', + } $error_documents_path = $::apache::version::distrelease ? { '7' => '/usr/share/httpd/error', default => '/var/www/error' @@ -233,6 +237,7 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf' ] + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] @@ -355,6 +360,7 @@ $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache24/data' + $alias_icons_path = '/usr/local/www/apache24/icons' $error_documents_path = '/usr/local/www/apache24/error' } elsif $::osfamily == 'Gentoo' { $user = 'apache' @@ -416,6 +422,7 @@ $mime_types_config = '/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/var/www/localhost/htdocs' + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' @@ -462,6 +469,7 @@ $mime_types_config = '/etc/mime.types' $docroot = '/srv/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] From eaa0044c9a4cbf6602543f3f61f868ce088dbbb1 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 22 Jul 2015 14:09:36 -0700 Subject: [PATCH 0653/2267] fixes ordering of mod_security tests to pass on debian7 --- spec/acceptance/mod_security_spec.rb | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 18de2804e1..eaf7e1cef7 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -62,15 +62,17 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should return index page' do - shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| - expect(r.stdout).to match(/Index page/) - expect(r.exit_code).to eq(0) + describe 'should be listening on port 80' do + it 'should return index page' do + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end end - end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end end #default mod_security config From 8b00664a26728ca3556b532caa1ececa95962ed2 Mon Sep 17 00:00:00 2001 From: Ricardo Melo Date: Fri, 24 Jul 2015 13:01:32 -0400 Subject: [PATCH 0654/2267] Adding use_optional_includes parameter to vhost define. --- manifests/vhost.pp | 1 + spec/defines/vhost_spec.rb | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 920359fed0..b48906095f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -107,6 +107,7 @@ $fastcgi_socket = undef, $fastcgi_dir = undef, $additional_includes = [], + $use_optional_includes = $::apache::use_optional_includes, $apache_version = $::apache::apache_version, $allow_encoded_slashes = undef, $suexec_user_group = undef, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index b17faa36ea..dac685eb95 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -299,6 +299,7 @@ 'fastcgi_dir' => '/tmp', 'additional_includes' => '/custom/path/includes', 'apache_version' => '2.4', + 'use_optional_includes' => true, 'suexec_user_group' => 'root root', 'allow_encoded_slashes' => 'nodecode', 'passenger_app_root' => '/usr/share/myapp', From bbbe6044478799412b08921e9fb3c84164450566 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 27 Jul 2015 11:20:11 -0700 Subject: [PATCH 0655/2267] 1.6.0 prep --- CHANGELOG.md | 20 +++++++++++++++++--- metadata.json | 16 ++++++++-------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7a722a8a9c..172cdf418c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,23 @@ +##2015-07-28 - Supported Release 1.6.0 +###Summary +This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. + +####Features +- Add `scan_proxy_header_field` parameter to `apache::mod::geoip` +- Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` +- Add `filters` parameter to `apache::vhost` + +####Bugfixes +- Test updates +- Do not use systemd on Amazon Linux +- Add missing docs for `timeout` parameter (MODULES-2148) + ##2015-06-11 - Supported Release 1.5.0 -### Summary +###Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. -### Features +####Features - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter @@ -17,7 +31,7 @@ parameters for greater configuration control. - Add `apache::mod::ssl::ssl_honorcipherorder` parameter - Add `apache::mod::userdir::options` parameter -### Bugfixes +####Bugfixes - Document `apache::user` parameter - Document `apache::group` parameter - Fix apache::dev on FreeBSD diff --git a/metadata.json b/metadata.json index 71bad1d354..a0e3fc2fac 100644 --- a/metadata.json +++ b/metadata.json @@ -1,12 +1,16 @@ { "name": "puppetlabs-apache", - "version": "1.5.0", + "version": "1.6.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} + ], "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -64,16 +68,12 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.7.0 < 4.0.0" + "version_requirement": ">= 3.7.0 < 2015.3.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ], - "description": "Module for Apache configuration", - "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} - ] + "description": "Module for Apache configuration" } From a403853cded8764c64e84f3dfe6985f3da6b5a95 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Mon, 27 Jul 2015 12:20:32 -0700 Subject: [PATCH 0656/2267] update to CHANGELOG --- CHANGELOG.md | 72 ++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 172cdf418c..985194bf54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,23 +1,23 @@ -##2015-07-28 - Supported Release 1.6.0 -###Summary +## 2015-07-28 - Supported Release 1.6.0 +### Summary This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. -####Features +#### Features - Add `scan_proxy_header_field` parameter to `apache::mod::geoip` - Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` - Add `filters` parameter to `apache::vhost` -####Bugfixes +#### Bugfixes - Test updates - Do not use systemd on Amazon Linux - Add missing docs for `timeout` parameter (MODULES-2148) -##2015-06-11 - Supported Release 1.5.0 -###Summary +## 2015-06-11 - Supported Release 1.5.0 +### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. -####Features +#### Features - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter @@ -31,7 +31,7 @@ parameters for greater configuration control. - Add `apache::mod::ssl::ssl_honorcipherorder` parameter - Add `apache::mod::userdir::options` parameter -####Bugfixes +#### Bugfixes - Document `apache::user` parameter - Document `apache::group` parameter - Fix apache::dev on FreeBSD @@ -44,16 +44,16 @@ parameters for greater configuration control. - Fix userdir access permissions - Fix issue where the module was trying to use systemd on Amazon Linux. -##2015-04-28 - Supported Release 1.4.1 +## 2015-04-28 - Supported Release 1.4.1 This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. -##2015-03-17 - Supported Release 1.4.0 +## 2015-03-17 - Supported Release 1.4.0 ###Summary This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` -####Features +#### Features - New parameters to `apache` - `default_charset` - `default_type` @@ -81,7 +81,7 @@ This release fixes the issue where the docroot was still managed even if the def - Added proper array support for `require` in the `directories` parameter in `apache::vhost` - Added support for `setenv` inside proxy locations -###Bugfixes +### Bugfixes - Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) - Install required `mod_ldap` package for EL7 (MODULES-1779) - Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. @@ -91,12 +91,12 @@ This release fixes the issue where the docroot was still managed even if the def - Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` - Remove old Debian work-around that removed `passenger_extra.conf` -##2015-02-17 - Supported Release 1.3.0 -###Summary +## 2015-02-17 - Supported Release 1.3.0 +### Summary This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. -####Features +#### Features - New parameters - `apache` - `service_manage` - `use_optional_includes` @@ -131,7 +131,7 @@ This release has many new features and bugfixes, including the ability to option - Add passenger support for Debian Jessie - Add support for not having puppet restart the apache service (MODULES-1559) -####Bugfixes +#### Bugfixes - For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) - Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) - Load fcgid after unixd on RHEL7 @@ -150,12 +150,12 @@ This release has many new features and bugfixes, including the ability to option - Fix indentation in `vhost/_directories.erb` template (MODULES-1688) - Create symlinks on all distros if `vhost_enable_dir` is specified -##2014-09-30 - Supported Release 1.2.0 -###Summary +## 2014-09-30 - Supported Release 1.2.0 +### Summary This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. -####Features +#### Features - Convert apache::vhost to use concat for easier extensions - Test improvements - Synchronize files with modulesync @@ -218,7 +218,7 @@ This release features many improvements and bugfixes, including several new defi - Add apache_version parameter to apache::mod::userdir - Add apache::mod::version class -####Bugfixes +#### Bugfixes - Set osfamily defaults for wsgi_socket_prefix - Support multiple balancermembers with the same url - Validate apache::vhost::custom_fragment @@ -249,25 +249,25 @@ This release features many improvements and bugfixes, including several new defi - Fix RedirectMatch rules - Fix misleading error message in apache::version -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. -##2014-07-15 - Supported Release 1.1.1 -###Summary +## 2014-07-15 - Supported Release 1.1.1 +### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ## 2014-04-14 Supported Release 1.1.0 -###Summary +### Summary This release primarily focuses on extending the httpd 2.4 support, tested through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger 4 support, as well as several new modules and important bugfixes. -####Features +#### Features - Add support for RHEL7 and Ubuntu 14.04 - More complete apache24 support @@ -282,7 +282,7 @@ through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger - Add support for custom extensions for mod_php - Improve proxy_html support for Debian -####Bugfixes +#### Bugfixes - Remove NameVirtualHost directive for apache >= 2.4 - Order proxy_set option so it doesn't change between runs @@ -290,42 +290,42 @@ through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger - Fix missing ensure on concat::fragment resources - Fix bad dependencies in apache::mod and apache::mod::mime -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## 2014-03-04 Supported Release 1.0.1 -###Summary +### Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. -####Features -####Bugfixes -####Known Bugs +#### Features +#### Bugfixes +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## 2014-03-04 Supported Release 1.0.0 -###Summary +### Summary This is a supported release. This release introduces Apache 2.4 support for Debian and RHEL based osfamilies. -####Features +#### Features - Add apache24 support - Add rewrite_base functionality to rewrites - Updated README documentation - Add WSGIApplicationGroup and WSGIImportScript directives -####Bugfixes +#### Bugfixes - Replace mutating hashes with merge() for Puppet 3.5 - Fix WSGI import_script and mod_ssl issues on Lucid -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. @@ -507,7 +507,7 @@ worker/prefork - Fix formatting in vhost template - Fix spec tests such that they pass -##2012-05-08 Puppet Labs - 0.0.4 +## 2012-05-08 Puppet Labs - 0.0.4 * e62e362 Fix broken tests for ssl, vhost, vhost::* * 42c6363 Changes to match style guide and pass puppet-lint without error * 42bc8ba changed name => path for file resources in order to name namevar by it's name From b1a3cc18f3d07ec239b5183384c12798f83b852f Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Mon, 6 Jul 2015 16:55:53 -0400 Subject: [PATCH 0657/2267] Include full path for UserDir directive --- templates/mod/userdir.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index 9032a3acc7..83263c3d02 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -2,7 +2,7 @@ <% if @disable_root -%> UserDir disabled root <% end -%> - UserDir <%= @dir %> + UserDir <%= @home %>/*/<%= @dir %> /*/<%= @dir %>"> AllowOverride FileInfo AuthConfig Limit Indexes From 8b2e700360f2a36ce19f9b1cc56640d3014ede25 Mon Sep 17 00:00:00 2001 From: Mason Malone Date: Wed, 29 Jul 2015 09:55:50 -0400 Subject: [PATCH 0658/2267] Fix apache::mod::cgid so it can be used with the event MPM Before this, attempting to include apache::mod::cgid when using the event MPM raised the following error: Could not find resource 'Class[Apache::Mod::Worker]' for relationship on 'Class[Apache::Mod::Cgid]' --- manifests/mod/cgid.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 8946f652b9..6db6b287d1 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -2,7 +2,12 @@ case $::osfamily { 'FreeBSD': {} default: { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + if defined(Class['::apache::mod::worker']) { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + } + elsif defined(Class['::apache::mod::event']) { + Class['::apache::mod::event'] -> Class['::apache::mod::cgid'] + } } } From 4cca48fd04fc2c7986ad8bb020a233e28317c918 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Mon, 27 Jul 2015 13:42:18 -0700 Subject: [PATCH 0659/2267] fixes timing of mod_security tests for aio While running AIO tests on RHEL6, the httpd service takes a bit longer to init. Since Apache init scripts return and completes init asynchronously this causes tests to fail. Adding a short sleep here to wait for the service to init compensates for the slower init. --- spec/acceptance/mod_security_spec.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index eaf7e1cef7..67ad7d5b84 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do +describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy'))) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' @@ -47,6 +47,11 @@ class { 'apache::mod::security': } } EOS apply_manifest(pp, :catch_failures => true) + + #Need to add a short sleep here because on RHEL6 the service takes a bit longer to init + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ + sleep 5 + end end describe service(service_name) do From 4646f7be28f38f8f361a9f64408de26585ca4d41 Mon Sep 17 00:00:00 2001 From: Katharina Drexel Date: Thu, 30 Jul 2015 12:55:59 +0200 Subject: [PATCH 0660/2267] we also want to have groups with '-' like vhost-users --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 920359fed0..9018a29a1b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -149,7 +149,7 @@ # Input validation begins if $suexec_user_group { - validate_re($suexec_user_group, '^\w+ \w+$', + validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } From 9f0c303e79a88eaae59a332fa62159082b93f9b3 Mon Sep 17 00:00:00 2001 From: Soren Morton Date: Fri, 8 May 2015 20:13:29 +0000 Subject: [PATCH 0661/2267] Adding ability to enable/disable the secruleengine through a parameter --- README.md | 4 ++++ manifests/mod/security.pp | 1 + manifests/params.pp | 2 ++ templates/mod/security.conf.erb | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 44c87997ef..58da99da09 100644 --- a/README.md +++ b/README.md @@ -1079,6 +1079,10 @@ Name of package to install containing crs rules Directory to install the modsec configuration and activated rules links into +#####`modsec_secruleengine` + +Configures the rules engine. Valid vaules are On, Off, and DetectionOnly + #####`activated_rules` Array of rules from the modsec_crs_path to activate by symlinking to diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 84e55e2921..050b1bd6fa 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -2,6 +2,7 @@ $crs_package = $::apache::params::modsec_crs_package, $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, + $modsec_secruleengine = $::apache::params::modsec_secruleengine, $allowed_methods = 'GET HEAD POST OPTIONS', $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', diff --git a/manifests/params.pp b/manifests/params.pp index b5d1421362..084987a66d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -126,6 +126,7 @@ $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', @@ -210,6 +211,7 @@ $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 7597c461f6..ac28402c64 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -9,7 +9,7 @@ <%- end -%> # Default recommended configuration - SecRuleEngine On + SecRuleEngine <%= @modsec_secruleengine %> SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" From 9b7bde91968dea386b59be53f8f6b6d2e66779dd Mon Sep 17 00:00:00 2001 From: Brendan Murtagh Date: Wed, 29 Jul 2015 16:13:49 -0400 Subject: [PATCH 0662/2267] Added documentation for ForceType directive (MODULES-2152) Merge clean up. Sorry, no a git pro --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 44c87997ef..e1726c5688 100644 --- a/README.md +++ b/README.md @@ -1301,6 +1301,10 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm } ``` +#####`force_type` + +Sets the [ForceType](http://httpd.apache.org/docs/2.2/mod/core.html#forcetype) directive, to force all matching files to be served with the specified MIME content-type. + #####`headers` Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. From f87394e74838ea9e9d9e07dc22da25898e928766 Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 22 Jul 2015 12:40:35 +0200 Subject: [PATCH 0663/2267] add possibility to set icons_path to false so no alias will be set for it --- manifests/mod/alias.pp | 31 ++++++++++++------------------- manifests/params.pp | 8 ++++++++ 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 2f078f6456..5b59baa01d 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,27 +1,20 @@ class apache::mod::alias( $apache_version = $apache::apache_version, $icons_options = 'Indexes MultiViews', -) { - $ver24 = versioncmp($apache_version, '2.4') >= 0 + # set icons_path to false to disable the alias + $icons_path = $::apache::params::alias_icons_path, - $icons_path = $::osfamily ? { - 'debian' => '/usr/share/apache2/icons', - 'Suse' => '/usr/share/apache2/icons', - 'redhat' => $ver24 ? { - true => '/usr/share/httpd/icons', - default => '/var/www/icons', - }, - 'freebsd' => '/usr/local/www/apache24/icons', - 'gentoo' => '/usr/share/apache2/icons', - } +) { apache::mod { 'alias': } # Template uses $icons_path - file { 'alias.conf': - ensure => file, - path => "${::apache::mod_dir}/alias.conf", - content => template('apache/mod/alias.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], + if $icons_path { + file { 'alias.conf': + ensure => file, + path => "${::apache::mod_dir}/alias.conf", + content => template('apache/mod/alias.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } } } diff --git a/manifests/params.pp b/manifests/params.pp index b5d1421362..22e47f6386 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -113,6 +113,10 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' + $alias_icons_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/icons', + default => '/var/www/icons', + } $error_documents_path = $::apache::version::distrelease ? { '7' => '/usr/share/httpd/error', default => '/var/www/error' @@ -233,6 +237,7 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf' ] + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] @@ -355,6 +360,7 @@ $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache24/data' + $alias_icons_path = '/usr/local/www/apache24/icons' $error_documents_path = '/usr/local/www/apache24/error' } elsif $::osfamily == 'Gentoo' { $user = 'apache' @@ -416,6 +422,7 @@ $mime_types_config = '/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/var/www/localhost/htdocs' + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' @@ -462,6 +469,7 @@ $mime_types_config = '/etc/mime.types' $docroot = '/srv/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] From 90c4befeea0cadba006adf93fe5d93908159160d Mon Sep 17 00:00:00 2001 From: Katharina Drexel Date: Thu, 30 Jul 2015 12:55:59 +0200 Subject: [PATCH 0664/2267] we also want to have groups with '-' like vhost-users --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 920359fed0..9018a29a1b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -149,7 +149,7 @@ # Input validation begins if $suexec_user_group { - validate_re($suexec_user_group, '^\w+ \w+$', + validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } From 4daaa34da62eb0d4a42c2649f8dbcb3574daf974 Mon Sep 17 00:00:00 2001 From: Soren Morton Date: Fri, 8 May 2015 20:13:29 +0000 Subject: [PATCH 0665/2267] Adding ability to enable/disable the secruleengine through a parameter --- README.md | 4 ++++ manifests/mod/security.pp | 1 + manifests/params.pp | 2 ++ templates/mod/security.conf.erb | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 44c87997ef..58da99da09 100644 --- a/README.md +++ b/README.md @@ -1079,6 +1079,10 @@ Name of package to install containing crs rules Directory to install the modsec configuration and activated rules links into +#####`modsec_secruleengine` + +Configures the rules engine. Valid vaules are On, Off, and DetectionOnly + #####`activated_rules` Array of rules from the modsec_crs_path to activate by symlinking to diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 84e55e2921..050b1bd6fa 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -2,6 +2,7 @@ $crs_package = $::apache::params::modsec_crs_package, $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, + $modsec_secruleengine = $::apache::params::modsec_secruleengine, $allowed_methods = 'GET HEAD POST OPTIONS', $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', diff --git a/manifests/params.pp b/manifests/params.pp index 22e47f6386..7d88d10053 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -130,6 +130,7 @@ $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', @@ -214,6 +215,7 @@ $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 7597c461f6..ac28402c64 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -9,7 +9,7 @@ <%- end -%> # Default recommended configuration - SecRuleEngine On + SecRuleEngine <%= @modsec_secruleengine %> SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" From 11b1bd827918437b7c4dc6da200a3b36274d966c Mon Sep 17 00:00:00 2001 From: Brendan Murtagh Date: Wed, 29 Jul 2015 16:13:49 -0400 Subject: [PATCH 0666/2267] Added documentation for ForceType directive (MODULES-2152) Merge clean up. Sorry, no a git pro --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 58da99da09..0ce6402404 100644 --- a/README.md +++ b/README.md @@ -1305,6 +1305,10 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm } ``` +#####`force_type` + +Sets the [ForceType](http://httpd.apache.org/docs/2.2/mod/core.html#forcetype) directive, to force all matching files to be served with the specified MIME content-type. + #####`headers` Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. From fb4aa9b10983cd2b575fc1c78cdb510313b1bf06 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 30 Jul 2015 14:46:03 -0700 Subject: [PATCH 0667/2267] Removes ruby 1.8.7 from the travisci test matrix --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 16d694bb6e..c418ab5f2a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,8 +6,6 @@ script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake matrix: fast_finish: true include: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.1.5 From 660dda1e14edb86994d7ef49917406bd3ef68f98 Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Thu, 2 Jul 2015 15:50:31 -0700 Subject: [PATCH 0668/2267] Apache readme reorganization. Massive reorg and style edit, bringing the way we present classes, defines, and parameters in line with our established styles. Documents several undocumented parameters and default values, especially in Apache module classes. This work is incomplete; there are many more undocumented parameters and more style and formatting consistency issues to resolve. --- README.md | 3034 ++++++++++++++++++++++++------------------- README.passenger.md | 54 +- 2 files changed, 1699 insertions(+), 1389 deletions(-) diff --git a/README.md b/README.md index 0ce6402404..dd9851f96d 100644 --- a/README.md +++ b/README.md @@ -1,582 +1,1164 @@ -#apache - -####Table of Contents - -1. [Overview - What is the apache module?](#overview) -2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with apache](#setup) - * [Beginning with apache - Installation](#beginning-with-apache) - * [Configure a virtual host - Basic options for getting started](#configure-a-virtual-host) -4. [Usage - The classes and defined types available for configuration](#usage) - * [Classes and Defined Types](#classes-and-defined-types) - * [Class: apache](#class-apache) - * [Defined Type: apache::custom_config](#defined-type-apachecustom_config) - * [Class: apache::default_mods](#class-apachedefault_mods) - * [Defined Type: apache::mod](#defined-type-apachemod) - * [Classes: apache::mod::*](#classes-apachemodname) - * [Class: apache::mod::alias](#class-apachemodalias) - * [Class: apache::mod::event](#class-apachemodevent) - * [Class: apache::mod::geoip](#class-apachemodgeoip) - * [Class: apache::mod::info](#class-apachemodinfo) - * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) - * [Class: apache::mod::php](#class-apachemodphp) - * [Class: apache::mod::ssl](#class-apachemodssl) - * [Class: apache::mod::status](#class-apachemodstatus) - * [Class: apache::mod::expires](#class-apachemodexpires) - * [Class: apache::mod::wsgi](#class-apachemodwsgi) - * [Class: apache::mod::fcgid](#class-apachemodfcgid) - * [Class: apache::mod::negotiation](#class-apachemodnegotiation) - * [Class: apache::mod::deflate](#class-apachemoddeflate) - * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) - * [Class: apache::mod::security](#class-modsecurity) - * [Class: apache::mod::version](#class-apachemodversion) - * [Defined Type: apache::vhost](#defined-type-apachevhost) - * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) - * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) - * [Defined Type: apache::fastcgi::server](#defined-type-fastcgi-server) - * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) - * [Load Balancing](#load-balancing) - * [Defined Type: apache::balancer](#defined-type-apachebalancer) - * [Defined Type: apache::balancermember](#defined-type-apachebalancermember) - * [Examples - Load balancing with exported and non-exported resources](#examples) -5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) - * [Classes](#classes) - * [Public Classes](#public-classes) - * [Private Classes](#private-classes) - * [Defined Types](#defined-types) - * [Public Defined Types](#public-defined-types) - * [Private Defined Types](#private-defined-types) - * [Templates](#templates) -6. [Limitations - OS compatibility, etc.](#limitations) -7. [Development - Guide for contributing to the module](#development) - * [Contributing to the apache module](#contributing) - * [Running tests - A quick guide](#running-tests) - -##Overview - -The apache module allows you to set up virtual hosts and manage web services with minimal effort. - -##Module Description - -Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules. - -##Setup - -**What apache affects:** - -* configuration files and directories (created and written to) - * **WARNING**: Configurations that are *not* managed by Puppet will be purged. -* package/service/configuration files for Apache -* Apache modules -* virtual hosts -* listened-to ports -* `/etc/make.conf` on FreeBSD and Gentoo -* depends on module 'gentoo/puppet-portage' for Gentoo - -###Beginning with Apache - -To install Apache with the default parameters - -```puppet - class { 'apache': } -``` - -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD and Gentoo systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters - -```puppet - class { 'apache': - default_mods => false, - default_confd_files => false, - } -``` +# apache + +[Module description]: #module-description + +[Setup]: #setup +[Beginning with Apache]: #beginning-with-apache + +[Usage]: #usage +[Configuring virtual hosts]: #configuring-virtual-hosts +[Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl +[Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings +[Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors +[Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts +[Installing Apache modules]: #installing-apache-modules +[Installing arbitrary modules]: #installing-arbitrary-modules +[Installing specific modules]: #installing-specific-modules +[Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files +[Load balancing examples]: #load-balancing-examples + +[Reference]: #reference +[Public classes]: #public-classes +[Private classes]: #private-classes +[Public defines]: #public-defines +[Private defines]: #private-defines +[Templates]: #templates + +[Limitations]: #limitations + +[Development]: #development +[Contributing]: #contributing +[Running tests]: #running-tests + +[`AddDefaultCharset`]: http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset +[`add_listen`]: #add_listen +[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias +[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch +[aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html +[`AllowEncodedSlashes`]: http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes +[`apache`]: #class-apache +[`apache_version`]: #apache_version +[`apache::balancer`]: #define-apachebalancer +[`apache::balancermember`]: #define-apachebalancermember +[`apache::fastcgi::server`]: #define-apachefastcgiserver +[`apache::mod`]: #define-apachemod +[`apache::mod::`]: #classes-apachemodmodule-name +[`apache::mod::event`]: #class-apachemodevent +[`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::passenger`]: #class-apachemodpassenger +[`apache::mod::peruser`]: #class-apachemodperuser +[`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::security`]: #class-apachemodsecurity +[`apache::mod::ssl`]: #class-apachemodssl +[`apache::mod::worker`]: #class-apachemodworker +[`apache::params`]: #class-apacheparams +[`apache::version`]: #class-apacheversion +[`apache::vhost`]: #define-apachevhost +[`apache::vhost::WSGIImportScript`]: #wsgiimportscript +[Apache HTTP Server]: http://httpd.apache.org +[Apache modules]: http://httpd.apache.org/docs/current/mod/ +[array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html + +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec + +[certificate revocation list]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile +[certificate revocation list path]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath +[common gateway interface]: http://httpd.apache.org/docs/current/howto/cgi.html +[`confd_dir`]: #confd_dir +[`content`]: #content +[custom error documents]: http://httpd.apache.org/docs/current/custom-error.html +[`custom_fragment`]: #custom_fragment + +[`default_mods`]: #default_mods +[`default_ssl_crl`]: #default_ssl_crl +[`default_ssl_crl_path`]: #default_ssl_crl_path +[`default_ssl_vhost`]: #default_ssl_vhost +[`directory`]: #directory +[`DirectoryIndex`]: http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +[`docroot`]: #docroot +[`docroot_owner`]: #docroot_owner +[`docroot_group`]: #docroot_group +[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot + +[`EnableSendfile`]: http://httpd.apache.org/docs/current/mod/core.html#enablesendfile +[`ExpiresByType`]: http://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype +[enforcing mode]: http://selinuxproject.org/page/Guide/Mode +[`ensure`]: https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure +[exported resources]: http://docs.puppetlabs.com/latest/reference/lang_exported.md +[`ExtendedStatus`]: http://httpd.apache.org/docs/current/mod/core.html#extendedstatus + +[Facter]: http://docs.puppetlabs.com/facter/ +[FastCGI]: http://www.fastcgi.com/ +[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource +[`fallbackresource`]: #fallbackresource +[filter rules]: http://httpd.apache.org/docs/current/filter.html +[`filters`]: #filters +[`ForceType`]: http://httpd.apache.org/docs/current/mod/core.html#forcetype + +[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives +[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage + +[Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html + +[`IncludeOptional`]: http://httpd.apache.org/docs/current/mod/core.html#includeoptional +[`Include`]: http://httpd.apache.org/docs/current/mod/core.html#include +[interval syntax]: http://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn +[`ip`]: #ip +[`ip_based`]: #ip_based +[IP-based virtual hosts]: http://httpd.apache.org/docs/current/vhosts/ip-based.html + +[`KeepAlive`]: http://httpd.apache.org/docs/current/mod/core.html#keepalive +[`KeepAliveTimeout`]: http://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout +[`keepalive` parameter]: #keepalive +[`keepalive_timeout`]: #keepalive_timeout + +[`lib`]: #lib +[`lib_path`]: #lib_path +[`Listen`]: http://httpd.apache.org/docs/current/bind.html +[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog +[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile +[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat +[`logroot`]: #logroot +[Log security]: http://httpd.apache.org/docs/current/logs.html#security + +[`manage_user`]: #manage_user +[`manage_group`]: #manage_group +[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild +[`max_keepalive_requests`]: #max_keepalive_requests +[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers +[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads +[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml +[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads +[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html +[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ +[`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html +[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ +[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html +[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html +[`mod_negotiation`]: http://httpd.apache.org/docs/current/mod/mod_negotiation.html +[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en +[`mod_php`]: http://php.net/manual/en/book.apache.php +[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html +[`mod_proxy_balancer`]: http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html +[`mod_reqtimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_security`]: https://www.modsecurity.org/ +[`mod_ssl`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html +[`mod_status`]: http://httpd.apache.org/docs/current/mod/mod_status.html +[`mod_version`]: http://httpd.apache.org/docs/current/mod/mod_version.html +[`mod_wsgi`]: http://modwsgi.readthedocs.org/en/latest/ +[module contribution guide]: http://docs.puppetlabs.com/forge/contributing.html +[`mpm_module`]: #mpm_module +[multi-processing module]: http://httpd.apache.org/docs/current/mpm.html + +[name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html + +[open source Puppet]: http://docs.puppetlabs.com/puppet/ +[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options + +[`path`]: #path +[`Peruser`]: http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr +[`port`]: #port +[`priority`]: #defines-apachevhost +[`ProxyPass`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass +[`ProxySet`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset +[Puppet Enterprise]: http://docs.puppetlabs.com/pe/ +[Puppet Forge]: http://forge.puppetlabs.com +[Puppet Labs]: http://puppetlabs.com +[Puppet module]: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html +[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[`purge_configs`]: #purge_configs +[`purge_vhost_configs`]: #purge_vhost_configs +[Python]: https://www.python.org/ + +[Rack]: http://rack.github.io/ +[`rack_base_uris`]: #rack_base_uris +[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt +[`RequestReadTimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout +[rspec-puppet]: http://rspec-puppet.com/ + +[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias +[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch +[`scriptalias`]: #scriptalias +[SELinux]: http://selinuxproject.org/ +[`ServerAdmin`]: http://httpd.apache.org/docs/current/mod/core.html#serveradmin +[`serveraliases`]: #serveraliases +[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit +[`ServerName`]: http://httpd.apache.org/docs/current/mod/core.html#servername +[`ServerRoot`]: http://httpd.apache.org/docs/current/mod/core.html#serverroot +[`ServerTokens`]: http://httpd.apache.org/docs/current/mod/core.html#servertokens +[`ServerSignature`]: http://httpd.apache.org/docs/current/mod/core.html#serversignature +[Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart +[`source`]: #source +[SSLCARevocationCheck]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[SSL certificate key file]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile +[SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile +[SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html +[`ssl`]: #ssl +[`ssl_cert`]: #ssl_cert +[`ssl_compression`]: #ssl_compression +[`ssl_key`]: #ssl_key +[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers +[suPHP]: http://www.suphp.org/Home.html +[`suphp_addhandler`]: #suphp_addhandler +[`suphp_configpath`]: #suphp_configpath +[`suphp_engine`]: #suphp_engine +[supported operating system]: https://forge.puppetlabs.com/supported#puppet-supported-modules-compatibility-matrix + +[`ThreadLimit`]: http://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit +[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild +[`TimeOut`]: http://httpd.apache.org/docs/current/mod/core.html#timeout +[template]: http://docs.puppetlabs.com/puppet/latest/reference/lang_template.html +[`TraceEnable`]: http://httpd.apache.org/docs/current/mod/core.html#traceenable + +[`verify_config`]: #verify_config +[`vhost`]: #define-apachevhost +[`vhost_dir`]: #vhost_dir +[`virtual_docroot`]: #virtual_docroot + +[Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract +[`WSGIPythonPath`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonPath +[`WSGIPythonHome`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonHome + +#### Table of Contents + +1. [Module description - What is the apache module, and what does it do?][Module description] +2. [Setup - The basics of getting started with apache][Setup] + - [Beginning with Apache - Installation][Beginning with Apache] +3. [Usage - The classes and defined types available for configuration][Usage] + - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] + - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers] + - [Load balancing with exported and non-exported resources][Load balancing examples] +4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] + - [Public classes][] + - [Private classes][] + - [Public defines][] + - [Private defines][] + - [Templates][] +5. [Limitations - OS compatibility, etc.][Limitations] +6. [Development - Guide for contributing to the module][Development] + - [Contributing to the apache module][Contributing] + - [Running tests - A quick guide][Running tests] + +## Module description + +[Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][]. + +## Setup + +**What the apache Puppet module affects:** + +- Configuration files and directories (created and written to) + - **WARNING**: Configurations *not* managed by Puppet will be purged. +- Package/service/configuration files for Apache +- Apache modules +- Virtual hosts +- Listened-to ports +- `/etc/make.conf` on FreeBSD and Gentoo + +On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. + +**Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. + +To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to 'false'. We recommend using this only as a temporary means of saving and relocating customized configurations. + +### Beginning with Apache + +To have Puppet install Apache with the default parameters, declare the [`apache`][] class: + +~~~ puppet +class { 'apache': } +~~~ + +The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. + +You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: + +~~~ puppet +class { 'apache': + default_vhosts => false, +} +~~~ -###Configure a virtual host +## Usage -Declaring the `apache` class creates a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. +### Configuring a virtual host -```puppet - class { 'apache': } -``` +The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. -To configure a very basic, name-based virtual host +**Note**: See the [`apache::vhost`][] define's reference for a list of all virtual host parameters. -```puppet - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - } -``` +To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] define: -*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost is used. This is also true if you pass a higher priority and no names match anything else. +~~~ puppet +apache::vhost { 'vhost.example.com': + port => '80', + docroot => '/var/www/vhost', +} +~~~ -A slightly more complicated example, changes the docroot owner/group from the default 'root' +**Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] define applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to 'false', Apache still processes virtual hosts in alphabetical order. -```puppet - apache::vhost { 'second.example.com': - port => '80', - docroot => '/var/www/second', - docroot_owner => 'third', - docroot_group => 'third', - } -``` +To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: -To set up a virtual host with SSL and default SSL certificates +~~~ puppet +apache::vhost { 'user.example.com': + port => '80', + docroot => '/var/www/user', + docroot_owner => 'www-data', + docroot_group => 'www-data', +} +~~~ -```puppet - apache::vhost { 'ssl.example.com': - port => '443', - docroot => '/var/www/ssl', - ssl => true, - } -``` +#### Configuring virtual hosts with SSL -To set up a virtual host with SSL and specific SSL certificates +To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accomodate HTTPS requests: -```puppet - apache::vhost { 'fourth.example.com': - port => '443', - docroot => '/var/www/fourth', - ssl => true, - ssl_cert => '/etc/ssl/fourth.example.com.cert', - ssl_key => '/etc/ssl/fourth.example.com.key', - } -``` +~~~ puppet +apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, +} +~~~ -Virtual hosts listen on '*' by default. To listen on a specific IP address +To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: -```puppet - apache::vhost { 'subdomain.example.com': - ip => '127.0.0.1', - port => '80', - docroot => '/var/www/subdomain', - } -``` +~~~ puppet +apache::vhost { 'cert.example.com': + port => '443', + docroot => '/var/www/cert', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', +} +~~~ -To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, for example: `http://example.com.loc` to `/var/www/example.com` +To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`] defines: -```puppet - apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], - } -``` +~~~ puppet +# The non-ssl virtual host +apache::vhost { 'mix.example.com non-ssl': + servername => 'mix.example.com', + port => '80', + docroot => '/var/www/mix', +} -To set up a virtual host with suPHP +# The SSL virtual host at the same domain +apache::vhost { 'mix.example.com ssl': + servername => 'mix.example.com', + port => '443', + docroot => '/var/www/mix', + ssl => true, +} +~~~ -```puppet - apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } - } -``` +To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`] defines and redirect unencrypted requests to the virtual host with SSL enabled: -To set up a virtual host with WSGI +~~~ puppet +apache::vhost { 'redirect.example.com non-ssl': + servername => 'redirect.example.com', + port => '80', + docroot => '/var/www/redirect', + redirect_status => 'permanent', + redirect_dest => 'https://redirect.example.com/' +} -```puppet - apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_import_script => '/var/www/demo.wsgi', - wsgi_import_script_options => - { process-group => 'wsgi', application-group => '%{GLOBAL}' }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - } -``` +apache::vhost { 'redirect.example.com ssl': + servername => 'redirect.example.com', + port => '443', + docroot => '/var/www/redirect', + ssl => true, +} +~~~ -Starting in Apache 2.2.16, HTTPD supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replacement for common RewriteRules. +#### Configuring virtual host port and address bindings -```puppet - apache::vhost { 'wordpress.example.com': - port => '80', - docroot => '/var/www/wordpress', - fallbackresource => '/index.php', - } -``` +Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: -To set up a virtual host with filter rules +~~~ puppet +apache::vhost { 'ip.example.com': + ip => '127.0.0.1', + port => '80', + docroot => '/var/www/ip', +} +~~~ -```puppet - apache::vhost { 'subdomain.loc': - port => '80', - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - docroot => '/var/www/html', - } -``` +To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: + +~~~ puppet +apache::vhost { 'aliases.example.com': + serveraliases => [ + 'aliases.example.org', + 'aliases.example.net', + ], + port => '80', + docroot => '/var/www/aliases', +} +~~~ + +To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: + +~~~ puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +~~~ + +To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: + +~~~ puppet +apache::vhost { 'subdomain.loc': + port => '80', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + docroot => '/var/www/html', +} +~~~ + +#### Configuring virtual hosts for apps and processors + +To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: + +~~~ puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => [ + { 'path' => '/home/appuser/myphpapp', + 'suphp' => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +~~~ + +You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: + +~~~ puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_import_script => '/var/www/demo.wsgi', + wsgi_import_script_options => { + process-group => 'wsgi', + application-group => '%{GLOBAL}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, +} +~~~ + +Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: + +~~~ puppet +apache::vhost { 'wordpress.example.com': + port => '80', + docroot => '/var/www/wordpress', + fallbackresource => '/index.php', +} +~~~ + +**Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. + +To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: + +~~~ puppet +apache::vhost { 'cgi.example.com': + port => '80', + docroot => '/var/www/cgi', + scriptalias => '/usr/lib/cgi-bin', +} +~~~ + +To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: + +~~~ puppet +apache::vhost { 'rack.example.com': + port => '80', + docroot => '/var/www/rack', + rack_base_uris => ['/rackapp1', '/rackapp2'], +} +~~~ + +#### Configuring IP-based virtual hosts + +You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: + +~~~ puppet +apache::listen { '80': } + +apache::listen { '81': } +~~~ + +Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: + +~~~ puppet +apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, +} + +apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, +} +~~~ + +You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: + +~~~ puppet +apache::vhost { 'The first IP-based virtual host, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', +} + +apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, +} +~~~ -Please note that the 'disabled' argument to FallbackResource is only supported since Apache 2.2.24. +Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): -See a list of all [virtual host parameters](#defined-type-apachevhost). See an extensive list of [virtual host examples](#virtual-host-examples). +~~~ puppet +apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', +} + +apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', +} +~~~ + +To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to 'false' to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. + +~~~ puppet +apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, +} + +apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, +} +~~~ + +### Installing Apache modules + +There's two ways to install [Apache modules][] using the Puppet apache module: + +- Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. +- Use the [`apache::mod`][] define to [install arbitrary Apache modules][Installing arbitrary modules]. + +#### Installing specific modules + +The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::`][] class references. + +For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: + +~~~ puppet +class { 'apache::mod::ssl': } +~~~ + +[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to 'true': + +~~~ puppet +class { 'apache::mod::ssl': + ssl_compression => true, +} +~~~ + +Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. + +#### Installing arbitrary modules + +You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. + +For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: -##Usage +~~~ puppet +apache::mod { 'mod_authnz_external': } +~~~ -###Classes and Defined Types +There's several optional parameters you can specify when defining Apache modules this way. See the [define's reference][`apache::mod`] for details. -This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. +### Configuring FastCGI servers to handle PHP files + +Add the [`apache::fastcgi::server`][] define to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: + +~~~ puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +~~~ + +You can then use the [`custom_fragment`] parameter to configure the virtual host to have the FastCGI server handle the specified file type: + +~~~ puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +~~~ + +### Load balancing examples + +Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defines. + +To enable load balancing with [exported resources][], export the [`apache::balancermember`][] define from the load balancer member server: + +~~~ puppet +@@apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +~~~ -It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information. +Then, on the proxy server, create the load balancing group: -####Class: `apache` +~~~ puppet +apache::balancer { 'puppet00': } +~~~ -The apache module's primary class, `apache`, guides the basic setup of Apache on your system. +To enable load balancing without exporting resources, declare the following on the proxy server: -You can establish a default vhost in this class, the `vhost` class, or both. You can add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. +~~~ puppet +apache::balancer { 'puppet00': } + +apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], + } +~~~ + +Then declare the `apache::balancer` and `apache::balancermember` defines on the proxy server. + +If you need to use the [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: + +~~~ puppet +apache::balancer { 'puppet01': + proxy_set => { + 'stickysession' => 'JSESSIONID', + }, +} +~~~ + +## Reference + +- [**Public Classes**](#public-classes) + - [Class: apache](#class-apache) + - [Class: apache::dev](#class-apachedev) + - [Classes: apache::mod::*](#classes-apachemodname) +- [**Private Classes**](#private-classes) + - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) + - [Class: apache::default_confd_files](#class-apachedefault_confd_files) + - [Class: apache::default_mods](#class-apachedefault_mods) + - [Class: apache::package](#class-apachepackage) + - [Class: apache::params](#class-apacheparams) + - [Class: apache::service](#class-apacheservice) + - [Class: apache::version](#class-apacheversion) +- [**Public Defines**](#public-defines) + - [Define: apache::balancer](#define-apachebalancer) + - [Define: apache::balancermember](#define-apachebalancermember) + - [Define: apache::custom_config](#define-apachecustom_config) + - [Define: apache::fastcgi::server](#define-fastcgi-server) + - [Define: apache::listen](#define-apachelisten) + - [Define: apache::mod](#define-apachemod) + - [Define: apache::namevirtualhost](#define-apachenamevirtualhost) + - [Define: apache::vhost](#define-apachevhost) +- [**Private Defines**](#private-defines) + - [Define: apache::default_mods::load](#define-default_mods-load) + - [Define: apache::peruser::multiplexer](#define-apacheperusermultiplexer) + - [Define: apache::peruser::processor](#define-apacheperuserprocessor) + - [Define: apache::security::file_link](#define-apachesecurityfile_link) +- [**Templates**](#templates) + +### Public Classes + +#### Class: `apache` + +Guides the basic setup and installation of Apache on your system. + +When this class is declared with the default options, Puppet: + +- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. +- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. +- Configures the server with a default virtual host and standard port ('80') and address ('*') bindings. +- Creates a document root directory determined by your operating system, typically `/var/www`. +- Starts the Apache service. + +You can simply declare the default `apache` class: + +~~~ puppet +class { 'apache': } +~~~ + +You can establish a default virtual host in this class, by using the [`apache::vhost`][] define, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] define. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. **Parameters within `apache`:** -#####`allow_encoded_slashes` +##### `allow_encoded_slashes` -This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: 'undef', which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. -#####`apache_version` +##### `apache_version` -Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. +Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. Default: Determined by your operating system family and release via the [`apache::version`][] class. Puppet recommends against manually configuring this parameter without reason. -#####`conf_dir` +##### `conf_dir` -Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. +Sets the directory where the Apache server's main configuration file is located. Default: Depends on your operating system. -#####`confd_dir` +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd/conf` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2/conf.d' on Gentoo. +##### `conf_template` -#####`conf_template` +Defines the [template][] used for the main Apache configuration file. Default: `apache/httpd.conf.erb`. Modifying this parameter is potentially risky, as the apache Puppet module is designed to use a minimal configuration file customized by `conf.d` entries. -Overrides the template used for the main apache configuration file. Defaults to 'apache/httpd.conf.erb'. +##### `confd_dir` -*Note:* Using this parameter is potentially risky, as the module has been built for a minimal configuration file with the configuration primarily coming from conf.d/ entries. +Sets the location of the Apache server's custom configuration directory. Default: Depends on your operating system. -#####`default_charset` +- **Debian**: `/etc/apache2/conf.d` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2/conf.d` +- **Red Hat**: `/etc/httpd/conf` -If defined, the value will be set as `AddDefaultCharset` in the main configuration file. It is undefined by default. +##### `default_charset` -#####`default_confd_files` +Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: 'undef'. -Generates default set of include-able Apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with the Apache package on a given platform. +##### `default_confd_files` -#####`default_mods` +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: 'true'. -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +##### `default_mods` -Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: 'true', 'false', or an array of Apache module names. Default: 'true'. -If false, it only includes the mods required to make HTTPD work, and any other mods can be declared on their own. +If this parameter's value is 'false', Puppet only includes the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] define. -If an array, the apache module includes the array of mods listed. +If 'true', Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. -#####`default_ssl_ca` +If this parameter contains an array, Puppet instead enables all passed Apache modules. -The default certificate authority, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +##### `default_ssl_ca` -#####`default_ssl_cert` +Sets the default certificate authority for the Apache server. Default: 'undef'. -The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. +While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. -#####`default_ssl_chain` +##### `default_ssl_cert` -The default SSL chain, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +Sets the [SSL encryption][] certificate location. Default: Determined by your operating system. -#####`default_ssl_crl` +- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` +- **FreeBSD**: `/usr/local/etc/apache22/server.crt` +- **Gentoo**: `/etc/ssl/apache2/server.crt` +- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` -The default certificate revocation list to use, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +While the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. -#####`default_ssl_crl_path` +##### `default_ssl_chain` -The default certificate revocation list path, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +Sets the default [SSL chain][] location. Default: 'undef'. -#####`default_ssl_crl_check` +While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. -Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value is ignored on older versions. +##### `default_ssl_crl` -#####`default_ssl_key` +Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: 'undef'. -The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. +While this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. -#####`default_ssl_vhost` +##### `default_ssl_crl_path` -Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets up the following vhost: +Sets the server's [certificate revocation list path][], which contains your CRLs. Default: 'undef'. -```puppet - apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - } -``` +While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. + +##### `default_ssl_crl_check` + +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`] directive. Default: 'undef'. + +While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + +##### `default_ssl_key` + +Sets the [SSL certificate key file][] location. Default: Determined by your operating system. + +- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` +- **FreeBSD**: `/usr/local/etc/apache22/server.key` +- **Gentoo**: `/etc/ssl/apache2/server.key` +- **Red Hat**: `/etc/pki/tls/private/localhost.key` + +While these default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. + +##### `default_ssl_vhost` + +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: 'false'. + +If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: + +~~~ puppet +apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } +~~~ + +**Note**: SSL virtual hosts only respond to HTTPS queries. -SSL vhosts only respond to HTTPS queries. +##### `default_type` -#####`default_type` +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: 'undef'. -(Apache httpd 2.2 only) MIME content-type that will be sent if the server cannot determine a type in any other way. This directive has been deprecated in Apache httpd 2.4, and only exists there for backwards compatibility of configuration files. +##### `default_vhost` -#####`default_vhost` +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: 'true'. -Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to 'false'. -#####`docroot` +##### `docroot` -Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, '/usr/local/www/apache22/data' on FreeBSD, and '/var/www/localhost/htdocs' on Gentoo. +Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. -#####`error_documents` +- **Debian**: `/var/www` +- **FreeBSD**: `/usr/local/www/apache22/data` +- **Gentoo**: `/var/www/localhost/htdocs` +- **Red Hat**: `/var/www/html` -Enables custom error documents. Defaults to 'false'. +##### `error_documents` -#####`group` +Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: 'false'. -Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. +##### `group` -#####`httpd_dir` +Sets the group ID that owns any Apache processes spawned to answer requests. -Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. +By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to 'false'. -#####`keepalive` +**Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. -Enables persistent connections. +##### `httpd_dir` -#####`keepalive_timeout` +Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default: Determined by your operating system. -Sets the amount of time the server waits for subsequent requests on a persistent connection. Defaults to '15'. +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd` -#####`max_keepalive_requests` +##### `keepalive` -Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'Off'. -#####`lib_path` +If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. -Specifies the location where apache module files are stored. It should not be configured manually without special reason. +##### `keepalive_timeout` -#####`loadfile_name` +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. -Sets the file name for the module loadfile. Should be in the format \*.load. This can be used to set the module load order. +This parameter is only relevant if the [`keepalive` parameter][] is enabled. -#####`log_level` +##### `max_keepalive_requests` -Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. +Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. Default: '100'. -#####`log_formats` +##### `lib_path` -Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat). This is done in a Hash: +Specifies the location where [Apache module][] files are stored. Default: Depends on the operating system. -```puppet - $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -``` +- **Debian** and **Gentoo**: `/usr/lib/apache2/modules` +- **FreeBSD**: `/usr/local/libexec/apache24` +- **Red Hat**: `modules` -There are a number of predefined LogFormats in the httpd.conf that Puppet writes out: +**Note**: Do not configure this parameter manually without special reason. -```httpd +##### `loadfile_name` + +Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. + +This can be used to set the module load order. + +##### `log_level` + +Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. + +##### `log_formats` + +Define additional [`LogFormat`][] directives. Valid options: A [Hash][], such as: + +~~~ puppet +$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } +~~~ + +There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: + +~~~ httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent -``` +~~~ -If your `$log_formats` contains one of those, they will be overwritten with **your** definition. +If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. -#####`logroot` +##### `logroot` -Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo. +Changes the directory of Apache log files for the virtual host. Default: Determined by your operating system. -#####`logroot_mode` +- **Debian**: `/var/log/apache2` +- **FreeBSD**: `/var/log/apache22` +- **Gentoo**: `/var/log/apache2` +- **Red Hat**: `/var/log/httpd` -Overrides the mode the default logroot directory is set to ($::apache::logroot). Defaults to undef. Do NOT give people write access to the directory the logs are stored -in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. +##### `logroot_mode` -#####`manage_group` +Overrides the default [`logroot`][] directory's mode. Default: 'undef'. -Setting this to 'false' stops the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. +**Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. -#####`manage_user` +##### `manage_group` -Setting this to 'false' stops the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. +When 'false', stops Puppet from creating the group resource. Valid options: Boolean. Default: 'true'. -#####`mod_dir` +If you have a group created from another Puppet module that you want to use to run Apache, set this to 'false'. Without this parameter, attempting to use a previously established group results in a duplicate resource error. -Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, '/usr/local/etc/apache22/Modules' for FreeBSD, and '/etc/apache2/modules.d' on Gentoo. +##### `manage_user` -#####`mpm_module` +When 'false', stops Puppet from creating the user resource. Valid options: Boolean. Default: 'true'. -Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat, FreeBSD and Gentoo, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters: +This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. -* `apache::mod::event` -* `apache::mod::itk` -* `apache::mod::peruser` -* `apache::mod::prefork` -* `apache::mod::worker` +##### `mod_dir` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +Sets where Puppet places configuration files for your [Apache modules][]. Default: Determined by your operating system. -#####`package_ensure` +- **Debian**: `/etc/apache2/mods-available` +- **FreeBSD**: `/usr/local/etc/apache22/Modules` +- **Gentoo**: `/etc/apache2/modules.d` +- **Red Hat**: `/etc/httpd/conf.d` -Allows control over the package ensure attribute. Can be 'present','absent', or a version string. +##### `mpm_module` -#####`ports_file` +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Default: Determined by your operating system. -Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`. +- **Debian**: `worker` +- **FreeBSD, Gentoo, and Red Hat**: `prefork` -#####`purge_configs` +You must set this to 'false' to explicitly declare the following classes with custom parameters: -Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module. +- [`apache::mod::event`][] +- [`apache::mod::itk`][] +- [`apache::mod::peruser`][] +- [`apache::mod::prefork`][] +- [`apache::mod::worker`][] -#####`purge_vhost_configs` +**Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. -If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by Puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` +##### `package_ensure` -#####`sendfile` +Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. -Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'. +##### `ports_file` -#####`serveradmin` +Sets the path to the file containing Apache ports configuration. Default: `{$conf_dir}/ports.conf`. -Sets the server administrator. Defaults to 'root@localhost'. +##### `purge_configs` -#####`servername` +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. -Sets the server name. Defaults to `fqdn` provided by Facter. +Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_configs`][]. -#####`server_root` +##### `purge_vhost_configs` -Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local' on FreeBSD, and '/var/www' on Gentoo. +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_configs` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Default: same as [`purge_configs`][]. -#####`server_signature` +Setting `purge_vhost_configs` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. -Configures a trailing footer line under server-generated documents. More information about [ServerSignature](http://httpd.apache.org/docs/current/mod/core.html#serversignature). Defaults to 'On'. +##### `sendfile` -#####`server_tokens` +Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. Default: 'On'. -Controls how much information Apache sends to the browser about itself and the operating system. More information about [ServerTokens](http://httpd.apache.org/docs/current/mod/core.html#servertokens). Defaults to 'OS'. +##### `serveradmin` -#####`service_enable` +Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. Default: 'root@localhost'. -Determines whether the HTTPD service is enabled when the machine is booted. Defaults to 'true'. +##### `servername` -#####`service_ensure` +Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. -Determines whether the service should be running. Valid values are 'true', 'false', 'running', or 'stopped' when Puppet should manage the service. Any other value sets ensure to 'false' for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. +##### `server_root` -#####`service_name` +Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. Default: determined by your operating system. -Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian and Gentoo, and 'apache22' on FreeBSD. +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local` +- **Gentoo**: `/var/www` +- **Red Hat**: `/etc/httpd` -#####`service_manage` +##### `server_signature` -Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. +Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. Default: 'On'. -#####`service_restart` +##### `server_tokens` -Determines whether the HTTPD service restart command should be anything other than the default managed by Puppet. Defaults to undef. +Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Defaults to 'OS'. -#####`timeout` +##### `service_enable` -Sets the amount of seconds the server will wait for certain events before failing a request. Defaults to 120. +Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: 'true'. -#####`trace_enable` +##### `service_ensure` -Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. +Determines whether Puppet should make sure the service is running. Valid options: 'true' (equivalent to 'running'), 'false' (equivalent to 'stopped'). Default: 'running'. -#####`vhost_dir` +The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. -Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo. +##### `service_name` -#####`user` +Sets the name of the Apache service. Default: determined by your operating system. -Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. +- **Debian and Gentoo**: `apache2` +- **FreeBSD**: `apache22` +- **Red Hat**: `httpd` -#####`apache_name` +##### `service_manage` -The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. +Determines whether Puppet manages the HTTPD service's state. Default: 'true'. -####Defined Type: `apache::custom_config` +##### `service_restart` -Allows you to create custom configs for Apache. The configuration files are only added to the Apache confd dir if the file is valid. An error is raised during the Puppet run if the file is invalid and `$verify_config` is `true`. +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: 'undef', which uses the [default Puppet behavior][Service attribute restart]. -```puppet - apache::custom_config { 'test': - content => '# Test', - } -``` +##### `timeout` -**Parameters within `apache::custom_config`:** +Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Defaults to 120. -#####`ensure` +##### `trace_enable` -Specify whether the configuration file is present or absent. Defaults to 'present'. Valid values are 'present' and 'absent'. +Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. Valid options: 'Off', 'On'. Default: 'On'. -#####`confdir` +##### `vhost_dir` -The directory to place the configuration file in. Defaults to `$::apache::confd_dir`. +Changes your virtual host configuration files' location. Default: determined by your operating system. -#####`content` +- **Debian**: `/etc/apache2/sites-available` +- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` +- **Gentoo**: `/etc/apache2/vhosts.d` +- **Red Hat**: `etc/httpd/conf.d` -The content of the configuration file. Only one of `$content` and `$source` can be specified. +##### `user` -#####`priority` +Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. -The priority of the configuration file, used for ordering. Defaults to '25'. +Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: -Pass priority `false` to omit the priority prefix in file names. +- **Debian**: 'www-data' +- **FreeBSD**: 'www' +- **Gentoo** and **Red Hat**: 'apache' + +To prevent Puppet from managing the user, set the [`manage_user`][] parameter to 'false'. -#####`source` +##### `apache_name` -The source of the configuration file. Only one of `$content` and `$source` can be specified. +The name of the Apache package to install. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: -#####`verify_command` +The default value is determined by your operating system: -The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` is only used if `$verify_config` is `true`. If the `$verify_command` fails, the configuration file is deleted, the Apache service is not notified, and an error is raised during the Puppet run. +- **Debian**: 'apache2' +- **FreeBSD**: 'apache24' +- **Gentoo**: 'www-servers/apache' +- **Red Hat**: 'httpd' -#####`verify_config` +You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. -Boolean to specify whether the configuration file should be validated before the Apache service is notified. Defaults to `true`. +#### Class: `apache::dev` -####Class: `apache::default_mods` +Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`] parameter of the [`apache::params`] class based on your operating system: -Installs default Apache modules based on what OS you are running. +The default value is determined by your operating system: -```puppet - class { 'apache::default_mods': } -``` +- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions +- **FreeBSD**: 'undef'; see note below +- **Gentoo**: 'undef' +- **Red Hat**: 'httpd-devel' -####Defined Type: `apache::mod` +**Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. -Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type also installs the required packages to enable the module, if any. +#### Classes: `apache::mod::` -```puppet - apache::mod { 'rewrite': } - apache::mod { 'ldap': } -``` +Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': -####Classes: `apache::mod::[name]` +~~~ puppet +class { 'apache::mod::alias': + icons_options => 'None', +} +~~~ -There are many `apache::mod::[name]` classes within this module that can be declared using `include`: +The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. * `actions` -* `alias`(see [`apache::mod::alias`](#class-apachemodalias) below) +* `alias` (see [`apache::mod::alias`](#class-apachemodalias)) * `auth_basic` -* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) +* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas)) * `auth_kerb` * `authn_core` * `authn_file` @@ -594,11 +1176,12 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `dev` * `dir`* * `disk_cache` -* `event`(see [`apache::mod::event`](#class-apachemodevent) below) +* `event` (see [`apache::mod::event`](#class-apachemodevent)) * `expires` * `fastcgi` * `fcgid` * `filter` +* `geoip` (see [`apache::mod::geoip`][]) * `headers` * `include` * `info`* @@ -608,7 +1191,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `mime_magic`* * `negotiation` * `nss`* -* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed) below) +* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed)) * `passenger`* * `perl` * `peruser` @@ -626,562 +1209,549 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rpaf`* * `setenvif` * `security` -* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) +* `shib`* (see [`apache::mod::shib`](#class-apachemodshib)) * `speling` -* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) -* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below) +* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl)) +* `status`* (see [`apache::mod::status`](#class-apachemodstatus)) * `suphp` * `userdir`* +* `version` * `vhost_alias` * `worker`* -* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below) +* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi)) * `xsendfile` -Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters do not require any configuration or attention. +Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work. -The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. +##### Class: `apache::mod::alias` -###Class: `apache::mod::alias` +Installs and manages [`mod_alias`][]. -Installs and manages the alias module. +**Parameters within `apache::mod::alias`**: -Full Documentation for alias is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_alias.html). +* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. Default: 'Indexes MultiViews'. +* `icons_path`: Sets the local path for an `/icons/` Alias. Default: depends on your operating system. -To disable directory listing for the icons directory: -```puppet - class { 'apache::mod::alias': - icons_options => 'None', - } -``` +- **Debian**: `/usr/share/apache2/icons` +- **FreeBSD**: `/usr/local/www/apache24/icons` +- **Gentoo**: `/var/www/icons` +- **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` -####Class: `apache::mod::event` +##### Class: `apache::mod::event` -Installs and manages mpm_event module. +Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::event` and [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. -Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html). +**Parameters within `apache::mod::event`**: -To configure the event thread limit: +- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. +- `maxclients` (_Apache 2.3.12 or older_: `maxrequestworkers`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. +- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. +- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. +- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. +- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. +- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. +- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. -```puppet - class {'apache::mod::event': - $threadlimit => '128', - } -``` +##### Class: `apache::mod::auth_cas` -####Class: `apache::mod::auth_cas` +Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apache module's directives. -Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required. +The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. -Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). +**Parameters within `apache::mod::auth_cas`**: -####Class: `apache::mod::geoip` +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: 'undef'. +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: 'undef'. +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: 'undef'. +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: 'undef'. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: 'undef'. +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: 'undef'. +- `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. +- `cas_idle_timeout`: Default: 'undef'. +- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: 'undef'. +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: 'undef'. +- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: 'undef'. +- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. +- `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. -Installs and manages mod_geoip. +##### Class: `apache::mod::deflate` -Full documentation on mod_geoip is available from [MaxMind](http://dev.maxmind.com/geoip/legacy/mod_geoip2/). +Installs and configures [`mod_deflate`][]. -These are the default settings: +**Parameters within `apache::mod::deflate`:** -```puppet - class {'apache::mod::geoip': - enable => false, - db_file => '/usr/share/GeoIP/GeoIP.dat', - flag => 'Standard', - output => 'All', - } -``` +- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml' ]. +- `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } -#####`enable` +##### Class: `apache::mod::expires` -Boolean. Enable or Disable mod_geoip globally. Defaults to false. +Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration. -#####`db_file` +**Parameters within `apache::mod::expires`**: -The full path to your GeoIP database file. Defaults to `/usr/share/GeoIP/GeoIP.dat`. This parameter optionally takes an array of paths for multiple GeoIP database files. +- `expires_active`: Enables generation of `Expires` headers for a document realm. Default: 'true'. +- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. +- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. -#####`flag` +##### Class: `apache::mod::fcgid` -GeoIP Flag. Defaults to 'Standard'. +Installs and configures [`mod_fcgid`][]. -#####`output` +The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [Hash][]. For example: -Defines which output variables to use. Defaults to 'All'. +~~~ puppet +class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, +} +~~~ -#####`enable_utf8` +For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. -Boolean. Changes the output from ISO-8859-1 (Latin-1) to UTF-8. +If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. -#####`scan_proxy_headers` +~~~ puppet +include apache::mod::fcgid -Boolean. Enables the GeoIPScanProxyHeaders option. More information can be found [here](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives). +apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, +} +~~~ -#####`scan_proxy_header_field` +##### Class: `apache::mod::geoip` -Specifies which header that mod_geoip should look at to determine the client's IP address. +Installs and manages [`mod_geoip`][]. -#####`use_last_xforwarededfor_ip` +**Parameters within `apache::mod::geoip`**: -Boolean. If a comma-separated list of IP addresses is found, use the last IP address for the client's IP. +- `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. +- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: 'false'. +- `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. +- `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. +- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: 'undef'. +- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: 'undef'. +- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: 'undef'. +- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: 'undef'. -####Class: `apache::mod::info` +##### Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration. -Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html). +**Parameters within `apache::mod::info`**: -These are the default settings: +- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1'] +- `apache_version`: Default: `$::apache::apache_version`, +- `restrict_access`: Determines whether to enable access restrictions. If 'false', the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: 'true'. -```puppet - $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, - $restrict_access = true, -``` +##### Class: `apache::mod::negotiation` -To set the addresses that are allowed to access /server-info add the following: +Installs and configures [`mod_negotiation`][]. -```puppet - class {'apache::mod::info': - allow_from => [ - '10.10.36', - '10.10.38', - '127.0.0.1', - ], - } -``` +**Parameters within `apache::mod::negotiation`:** -To disable the access restrictions add the following: +- `force_language_priority`: Sets the `ForceLanguagePriority` option. Valid option: String. Default: `Prefer Fallback`. +- `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] -```puppet - class {'apache::mod::info': - restrict_access => false, - } -``` - -It is not recommended to leave this set to false though it can be very useful for testing. For this reason, you can insert this setting in your normal code to temporarily disable the restrictions like so: - -```puppet - class {'apache::mod::info': - restrict_access => false, # false disables the block below - allow_from => [ - '10.10.36', - '10.10.38', - '127.0.0.1', - ], - } -``` - -####Class: `apache::mod::pagespeed` - -Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth. - -This module does *not* manage the software repositories needed to automatically install the -mod-pagespeed-stable package. The module does however require that the package be installed, -or be installable using the system's default package provider. You should ensure that this -pre-requisite is met or declaring `apache::mod::pagespeed` causes the Puppet run to fail. - -These are the defaults: - -```puppet - class { 'apache::mod::pagespeed': - inherit_vhost_config => 'on', - filter_xhtml => false, - cache_path => '/var/cache/mod_pagespeed/', - log_dir => '/var/log/pagespeed', - memcache_servers => [], - rewrite_level => 'CoreFilters', - disable_filters => [], - enable_filters => [], - forbid_filters => [], - rewrite_deadline_per_flush_ms => 10, - additional_domains => undef, - file_cache_size_kb => 102400, - file_cache_clean_interval_ms => 3600000, - lru_cache_per_process => 1024, - lru_cache_byte_limit => 16384, - css_flatten_max_bytes => 2048, - css_inline_max_bytes => 2048, - css_image_inline_max_bytes => 2048, - image_inline_max_bytes => 2048, - js_inline_max_bytes => 2048, - css_outline_min_bytes => 3000, - js_outline_min_bytes => 3000, - inode_limit => 500000, - image_max_rewrites_at_once => 8, - num_rewrite_threads => 4, - num_expensive_rewrite_threads => 4, - collect_statistics => 'on', - statistics_logging => 'on', - allow_view_stats => [], - allow_pagespeed_console => [], - allow_pagespeed_message => [], - message_buffer_size => 100000, - additional_configuration => { } - } -``` +##### Class: `apache::mod::pagespeed` -Full documentation for mod_pagespeed is available from [Google](http://modpagespeed.com). +Installs and manages [`mod_pagespeed`], a Google module that rewrites web pages to reduce latency and bandwidth. -####Class: `apache::mod::php` +While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. -Installs and configures mod_php. The defaults are OS-dependant. +**Parameters within `apache::mod::info`**: -Overriding the package name: -```puppet - class {'::apache::mod::php': - package_name => "php54-php", - path => "${::apache::params::lib_path}/libphp54-php5.so", - } -``` +- `inherit_vhost_config`: Default: 'on'. +- `filter_xhtml`: Default: false. +- `cache_path`: Default: '/var/cache/mod_pagespeed/'. +- `log_dir`: Default: '/var/log/pagespeed'. +- `memcache_servers`: Default: []. +- `rewrite_level`: Default: 'CoreFilters'. +- `disable_filters`: Default: []. +- `enable_filters`: Default: []. +- `forbid_filters`: Default: []. +- `rewrite_deadline_per_flush_ms`: Default: 10. +- `additional_domains`: Default: undef. +- `file_cache_size_kb`: Default: 102400. +- `file_cache_clean_interval_ms`: Default: 3600000. +- `lru_cache_per_process`: Default: 1024. +- `lru_cache_byte_limit`: Default: 16384. +- `css_flatten_max_bytes`: Default: 2048. +- `css_inline_max_bytes`: Default: 2048. +- `css_image_inline_max_bytes`: Default: 2048. +- `image_inline_max_bytes`: Default: 2048. +- `js_inline_max_bytes`: Default: 2048. +- `css_outline_min_bytes`: Default: 3000. +- `js_outline_min_bytes`: Default: 3000. +- `inode_limit`: Default: 500000. +- `image_max_rewrites_at_once`: Default: 8. +- `num_rewrite_threads`: Default: 4. +- `num_expensive_rewrite_threads`: Default: 4. +- `collect_statistics`: Default: 'on'. +- `statistics_logging`: Default: 'on'. +- `allow_view_stats`: Default: []. +- `allow_pagespeed_console`: Default: []. +- `allow_pagespeed_message`: Default: []. +- `message_buffer_size`: Default: 100000. +- `additional_configuration`: Default: { }. -Overriding the default configuartion: -```puppet - class {'::apache::mod::php': - source => 'puppet:///modules/apache/my_php.conf', - } -``` +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. -or -```puppet - class {'::apache::mod::php': - template => 'apache/php.conf.erb', - } -``` +##### Class: `apache::mod::php` -or +Installs and configures [`mod_php`][]. -```puppet - class {'::apache::mod::php': - content => ' -AddHandler php5-script .php -AddType text/html .php', - } -``` -####Class: `apache::mod::shib` +**Parameters within `apache::mod::php`**: -Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). +Default values depend on your operating system. -Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances. +> **Note**: This list is incomplete. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. -####Class: `apache::mod::ssl` +- `package_name`: Names the package that installs `php_mod`. +- `path`: Defines the path to the `mod_php` shared object (`.so`) file. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. +- `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. +- `content`: Adds arbitrary content to `php.conf`. -Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: +##### Class: `apache::mod::reqtimeout` -```puppet - class { 'apache::mod::ssl': - ssl_compression => false, - ssl_cryptodevice => 'builtin', - ssl_options => [ 'StdEnvVars' ], - ssl_openssl_conf_cmd => undef, - ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_honorcipherorder => 'On', - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], - ssl_pass_phrase_dialog => 'builtin', - ssl_random_seed_bytes => '512', - ssl_sessioncachetimeout => '300', - } -``` +Installs and configures [`mod_reqtimeout`][]. -To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +**Parameters within `apache::mod::reqtimeout`**: -####Class: `apache::mod::status` +- `timeouts`: A string or [array][] that sets the [`RequestReadTimeout`][] option. Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. -Installs Apache mod_status and uses the status.conf.erb template. These are the defaults: +##### Class: `apache::mod::shib` -```puppet - class { 'apache::mod::status': - allow_from => ['127.0.0.1','::1'], - extended_status => 'On', - status_path => '/server-status', -){ +Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a web application that consumes Shibboleth SSO identities, also known as a Shibboleth Service Provider. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). +Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. - } -``` +##### Class: `apache::mod::ssl` -####Class: `apache::mod::expires` +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. -Installs Apache mod_expires and uses the expires.conf.erb template. These are the defaults: +**Parameters within `apache::mod::ssl`**: -```puppet - class { 'apache::mod::expires': - expires_active => true, - expires_default => undef, - expires_by_type => undef, -){ +- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5'. +- `ssl_compression`: Default: 'false'. +- `ssl_cryptodevice`: Default: 'builtin'. +- `ssl_honorcipherorder`: Default: 'On'. +- `ssl_openssl_conf_cmd`: Default: 'undef'. +- `ssl_options`: Default: [ 'StdEnvVars' ] +- `ssl_pass_phrase_dialog`: Default: 'builtin'. +- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. +- `ssl_random_seed_bytes`: Default: '512'. +- `ssl_sessioncachetimeout`: Default: '300'. +To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to 'true' **o**r the [`ssl`][] parameter in [`apache::vhost`][] to 'true'. - } -``` +##### Class: `apache::mod::status` -`expires_by_type` is an array of Hashes, describing a set of types and their expire times: +Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration. -```puppet - class { 'apache::mod::expires': - expires_by_type => [ - { 'text/json' => 'access plus 1 month' }, - { 'text/html' => 'access plus 1 year' }, - ] - } -``` +**Parameters within `apache::mod::status`**: -####Class: `apache::mod::wsgi` +- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. +- `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +- `status_path`: The server location of the status page. Default: '/server-status'. -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +##### Class: `apache::mod::version` -For customized parameters, which tell Apache how Python is currently configured on the operating system, +Installs [`mod_version`][] on many operating systems and Apache configurations. -```puppet - class { 'apache::mod::wsgi': - wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", - wsgi_python_home => '/path/to/venv', - wsgi_python_path => '/path/to/venv/site-packages', - } -``` - -To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides, -(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory): - -```puppet - class { 'apache::mod::wsgi': - wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", - wsgi_python_home => '/path/to/venv', - wsgi_python_path => '/path/to/venv/site-packages', - package_name => 'python27-mod_wsgi', - mod_path => 'python27-mod_wsgi.so', - } -``` +If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded. -If ``mod_path`` does not contain "/", it will be prefixed by the default module path -for your OS; otherwise, it will be used literally. +##### Class: `apache::mod::security` -More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). +Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts. -####Class: `apache::mod::fcgid` +**Parameters within `apache::mod::security`**: -Installs and configures mod_fcgid. +- `activated_rules`: An [array][] of rules from the `modsec_crs_path` to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. +- `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. +- `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' +- `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. +- `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. +${modsec_dir}/activated_rules. +- `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. +- `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. +- `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. -The class makes no effort to list all available options, but rather uses an options hash to allow for ultimate flexibility: +##### Class: `apache::mod::wsgi` -```puppet - class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', - 'SharememPath' => '/var/run/fcgid_shm', - 'AddHandler' => 'fcgid-script .fcgi', - }, - } -``` +Enables Python support via [`mod_wsgi`][]. -For a full list op options, see the [official mod_fcgid documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html). +**Parameters within `apache::mod::wsgi`**: -It is also possible to set the FcgidWrapper per directory per vhost. You must ensure the fcgid module is loaded because there is no auto loading. +- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: undef. + - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. +Otherwise, Puppet follows it literally. +- `package_name`: Names the package that installs `mod_wsgi`. Default: undef. +- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. +- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. +- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE_RUN_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. -```puppet - include apache::mod::fcgid - apache::vhost { 'example.org': - docroot => '/var/www/html', - directories => { - path => '/var/www/html', - fcgiwrapper => { - command => '/usr/local/bin/fcgiwrapper', - } - }, - } -``` +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. -See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information. +### Private Classes -####Class: `apache::mod::negotiation` +#### Class: `apache::confd::no_accf` -Installs and configures mod_negotiation. If there are not provided any -parameter, default apache mod_negotiation configuration is done. +Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4. -```puppet - class { '::apache::mod::negotiation': - force_language_priority => 'Prefer', - language_priority => [ 'es', 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo' ], - } -``` +#### Class: `apache::default_confd_files` -**Parameters within `apache::mod::negotiation`:** +Includes `conf.d` files for FreeBSD. -#####`force_language_priority` +#### Class: `apache::default_mods` -A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallback`. +Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details. -#####`language_priority` +#### Class: `apache::package` -An array of languages to set the `LanguagePriority` option of the module. +Installs and configures basic Apache packages. -####Class: `apache::mod::deflate` +#### Class: `apache::params` -Installs and configures mod_deflate. If no parameters are provided, a default configuration is applied. +Manages Apache parameters for different operating systems. -```puppet - class { '::apache::mod::deflate': - types => [ 'text/html', 'text/css' ], - notes => { - 'Input' => 'instream', - 'Ratio' => 'ratio', - }, - } -``` +#### Class: `apache::service` -#####`types` +Manages the Apache daemon. -An array of mime types to be deflated. +#### Class: `apache::version` -#####`notes` +Attempts to automatically detect the Apache version based on the operating system. -A hash where the key represents the type and the value represents the note name. +### Public Defines +#### Define: `apache::balancer` -####Class: `apache::mod::reqtimeout` +Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] define. -Installs and configures mod_reqtimeout. Defaults to recommended apache -mod_reqtimeout configuration. +Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defines for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. -```puppet - class { '::apache::mod::reqtimeout': - timeouts => ['header=20-40,MinRate=500', 'body=20,MinRate=500'], - } -``` +**Parameters within `apache::balancer`**: -####Class: `apache::mod::version` +##### `name` -This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 -about loading mod_version, as on these platforms it's already built-in. +Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. -```puppet - include '::apache::mod::version' -``` +##### `proxy_set` -#####`timeouts` +Configures key-value pairs as [`ProxySet`][] lines. Valid options: [Hash][]. Default: '{}'. -A string or an array that sets the `RequestReadTimeout` option. Defaults to -`['header=20-40,MinRate=500', 'body=20,MinRate=500']`. +##### `collect_exported` +Determines whether to use [exported resources][]. Valid options: Boolean. Default: 'true'. -####Class: `apache::mod::security` +If you statically declare all of your backend servers, set this parameter to 'false' to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. -Installs and configures mod_security. Defaults to enabled and running on all -vhosts. +To dynamically declare backend servers via exported resources collected on a central node, set this parameter to 'true' to collect the balancer member resources exported by the balancer member nodes. -```puppet - include '::apache::mod::security' -``` +If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. -#####`crs_package` +#### Define: `apache::balancermember` -Name of package to install containing crs rules +Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. -#####`modsec_dir` +**Parameters within `apache::balancermember`**: -Directory to install the modsec configuration and activated rules links into +##### `balancer_cluster` -#####`modsec_secruleengine` +**Required**. Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. -Configures the rules engine. Valid vaules are On, Off, and DetectionOnly +##### `url` -#####`activated_rules` +Specifies the URL used to contact the balancer member server. Default: 'http://${::fqdn}/'. -Array of rules from the modsec_crs_path to activate by symlinking to -${modsec_dir}/activated_rules. +##### `options` -#####`allowed_methods` +Specifies an [array][] of [options](http://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. -HTTP methods allowed by mod_security +#### Define: `apache::custom_config` -#####`content_types` +Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this define's `$verify_config` parameter is 'true', Puppet throws an error during a Puppet run. -Content-types allowed by mod_security +**Parameters within `apache::custom_config`**: -#####`restricted_extensions` +##### `ensure` -Extensions prohibited by mod_security +Specifies whether the configuration file should be present. Valid options: 'absent', 'present'. Default: 'present'. -#####`restricted_headers` +##### `confdir` -Headers restricted by mod_security +Sets the directory in which Puppet places configuration files. Default: '$::apache::confd_dir'. +##### `content` -####Defined Type: `apache::vhost` +Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. -The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. +##### `priority` -The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. -The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. +To omit the priority prefix in the configuration file's name, set this parameter to `false`. -```puppet - apache::vhost { "example.com": - docroot => '/var/www/html', - priority => '25', - } - concat::fragment { "example.com-my_custom_fragment": - target => '25-example.com.conf', - order => 11, - content => '# my custom comment', - } -``` +##### `source` -If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. +Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. -```puppet - class { 'apache': - default_vhost => false, - } -``` +##### `verify_command` + +Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. Default: `/usr/sbin/apachectl -t`. + +This parameter is only used if the [`verify_config`][] parameter's value is 'true'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. + +##### `verify_config` + +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. + +#### Define: `apache::fastcgi::server` + +Defines one or more external FastCGI servers to handle specific file types. Use this define with [`mod_fastcgi`][FastCGI]. + +**Parameters within `apache::fastcgi::server`:** + +##### `host` + +Determines the FastCGI's hostname or IP address and TCP port number (1-65535). + +##### `timeout` + +Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. -**Parameters within `apache::vhost`:** +##### `flush` -#####`access_log` +Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. +##### `faux_path` -#####`access_log_file` +Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. -Sets the `*_access.log` filename that is placed in `$logroot`. Given a vhost, example.com, it defaults to 'example.com_ssl.log' for SSL vhosts and 'example.com_access.log' for non-SSL vhosts. +##### `alias` -#####`access_log_pipe` +Internally links actions with the FastCGI server. This alias must be unique. -Specifies a pipe to send access log messages to. Defaults to 'undef'. +##### `file_type` -#####`access_log_syslog` +Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. -Sends all access log messages to syslog. Defaults to 'undef'. +#### Define: `apache::listen` -#####`access_log_format` +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '', ':', or ':'. -Specifies the use of either a LogFormat nickname or a custom format string for the access log. Defaults to 'combined'. See [these examples](http://httpd.apache.org/docs/current/mod/mod_log_config.html). +#### Define: `apache::mod` -#####`access_log_env_var` +Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. + +**Parameters within `apache::mod`**: + +##### `package` + +**Required**. Names the package Puppet uses to install the Apache module. + +##### `package_ensure` + +Determines whether Puppet ensures the Apache module should be installed. Valid options: 'absent', 'present'. Default: 'present'. + +##### `lib` + +Defines the module's shared object name. Its default value is `mod_$name.so`, and it should not be configured manually without special reason. + +##### `lib_path` + +Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. + +Don't manually set this parameter without special reason. The [`path`][] parameter overrides this value. + +##### `loadfile_name` + +Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: `$name.load`. + +##### `loadfiles` + +Specifies an [array][] of [`LoadFile`][] directives. + +##### `path` + +Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. Don't manually set this parameter without special reason. + +#### Define: `apache::namevirtualhost` + +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. + +#### Define: `apache::vhost` + +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. + +The `apache::vhost` define allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. + +The `apache::vhost` define uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the define doesn't inherently support, add a custom fragment. + +For the custom fragment's `order` parameter, the `apache::vhost` define uses multiples of 10, so any `order` that isn't a multiple of 10 should work. + +**Parameters within `apache::vhost`**: + +##### `access_log` + +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: 'true'. + +##### `access_log_env_var` Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. -#####`add_default_charset` +##### `access_log_file` + +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. + +##### `access_log_format` + +Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. Default: 'combined'. + +##### `access_log_pipe` + +Specifies a pipe where Apache sends access log messages. Default: 'undef'. + +##### `access_log_syslog` -Sets [AddDefaultCharset](http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset), a default value for the media charset, which is added to text/plain and text/html responses. +Sends all access log messages to syslog. Default: 'undef'. -#####`add_listen` +##### `add_default_charset` -Determines whether the vhost creates a Listen statement. The default value is 'true'. +Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses. -Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +##### `add_listen` -#####`use_optional_includes` +Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: 'true'. -Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'. +Setting `add_listen` to 'false' prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. -#####`additional_includes` +##### `use_optional_includes` -Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: 'false'. -#####`aliases` +##### `additional_includes` -Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or ScriptAliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Valid options: a string path or [array][] of them. Default: an empty array. -```puppet +##### `aliases` + +Passes a list of [Hashes][Hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. + +For example: + +~~~ puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', @@ -1199,102 +1769,100 @@ aliases => [ path => '/usr/share/nagios/html', }, ], -``` +~~~ -For `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` to work, each needs a corresponding context, such as `` or ``. The directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters should come before the more general ones to avoid shadowing. +For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. -*Note*: Using the `aliases` parameter is preferred over the `scriptaliases` parameter since here the order of the various alias directives among each other can be controlled precisely. Defining ScriptAliases using the `scriptaliases` parameter means *all* ScriptAlias directives will come after *all* Alias directives, which can lead to Alias directives shadowing ScriptAlias directives. This is often problematic, for example in case of Nagios. +**Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. -*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'true', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. -#####`allow_encoded_slashes` +##### `allow_encoded_slashes` -This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. -#####`block` +##### `block` -Specifies the list of things Apache blocks access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. +Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. Default: an empty [array][]. -#####`custom_fragment` +##### `custom_fragment` -Passes a string of custom configuration directives to be placed at the end of the vhost configuration. Defaults to 'undef'. +Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: 'undef'. -#####`default_vhost` +##### `default_vhost` -Sets a given `apache::vhost` as the default to serve requests that do not match any other `apache::vhost` definitions. The default value is 'false'. +Sets a given `apache::vhost` define as the default to serve requests that do not match any other `apache::vhost` defines. Default: 'false'. -#####`directories` +##### `directories` -See the [`directories` section](#parameter-directories-for-apachevhost). +See the [`directories`](#parameter-directories-for-apachevhost) section. -#####`directoryindex` +##### `directoryindex` -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. [DirectoryIndex](http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex) has more information. Defaults to 'undef'. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: 'undef'. -#####`docroot` +##### `docroot` -Provides the -[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) -directive, which identifies the directory Apache serves files from. Required. +**Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. -#####`docroot_group` +##### `docroot_group` -Sets group access to the docroot directory. Defaults to 'root'. +Sets group access to the [`docroot`][] directory. Defaults to 'root'. -#####`docroot_owner` +##### `docroot_owner` Sets individual user access to the docroot directory. Defaults to 'root'. -#####`docroot_mode` +##### `docroot_mode` Sets access permissions of the docroot directory. Defaults to 'undef'. -#####`manage_docroot` +##### `manage_docroot` Whether to manage to docroot directory at all. Defaults to 'true'. -#####`error_log` +##### `error_log` Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. -#####`error_log_file` +##### `error_log_file` Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. -#####`error_log_pipe` +##### `error_log_pipe` Specifies a pipe to send error log messages to. Defaults to 'undef'. -#####`error_log_syslog` +##### `error_log_syslog` Sends all error log messages to syslog. Defaults to 'undef'. -#####`error_documents` +##### `error_documents` A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } -``` +~~~ -#####`ensure` +##### `ensure` Specifies if the vhost file is present or absent. Defaults to 'present'. -#####`fallbackresource` +##### `fallbackresource` Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'. -#####`filters` +##### `filters` [Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. -```puppet +~~~ puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', @@ -1303,25 +1871,25 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } -``` +~~~ -#####`force_type` +##### `force_type` -Sets the [ForceType](http://httpd.apache.org/docs/2.2/mod/core.html#forcetype) directive, to force all matching files to be served with the specified MIME content-type. +Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with the specified [MIME `content-type`][]. -#####`headers` +##### `headers` Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. -#####`ip` +##### `ip` Sets the IP address the vhost listens on. Defaults to listen on all IPs. -#####`ip_based` +##### `ip_based` Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. -#####`itk` +##### `itk` Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: @@ -1335,7 +1903,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { @@ -1343,123 +1911,123 @@ Usage typically looks like: group => 'somegroup', }, } -``` +~~~ -#####`logroot` +##### `logroot` Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. -#####`$logroot_ensure` +##### `$logroot_ensure` Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'. -#####`logroot_mode` +##### `logroot_mode` Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. -#####`log_level` +##### `log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. -######`modsec_body_limit` +###### `modsec_body_limit` Configures the maximum request body size (in bytes) ModSecurity will accept for buffering -######`modsec_disable_vhost` +###### `modsec_disable_vhost` Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. -######`modsec_disable_ids` +###### `modsec_disable_ids` Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } -``` +~~~ -```puppet +~~~ puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } -``` +~~~ -######`modsec_disable_ips` +###### `modsec_disable_ips` Array of IPs to exclude from mod_security rule matching -#####`no_proxy_uris` +##### `no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). -#####`no_proxy_uris_match` +##### `no_proxy_uris_match` This directive is equivalent to `no_proxy_uris`, but takes regular expressions. -#####`proxy_preserve_host` +##### `proxy_preserve_host` Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). -#####`proxy_error_override` +##### `proxy_error_override` Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. -#####`options` +##### `options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } -``` +~~~ *Note:* If you use [`directories`](#parameter-directories-for-apachevhost), 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. -#####`override` +##### `override` Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. -#####`passenger_app_root` +##### `passenger_app_root` Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. -#####`passenger_app_env` +##### `passenger_app_env` Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. -#####`passenger_ruby` +##### `passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. -#####`passenger_min_instances` +##### `passenger_min_instances` Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run. -#####`passenger_start_timeout` +##### `passenger_start_timeout` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup. -#####`passenger_pre_start` +##### `passenger_pre_start` Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. -#####`php_flags & values` +##### `php_flags & values` Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'. -#####`php_admin_flags & values` +##### `php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'. -#####`port` +##### `port` Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. -#####`priority` +##### `priority` Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. @@ -1469,15 +2037,15 @@ If nothing matches the priority, the first name-based vhost is used. Likewise, p Pass priority `false` to omit the priority prefix in file names. -#####`proxy_dest` +##### `proxy_dest` Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. -#####`proxy_pass` +##### `proxy_pass` Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ @@ -1494,73 +2062,73 @@ apache::vhost { 'site.name.fdqn': 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, ], } -``` +~~~ `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings -#####`proxy_dest_match` +##### `proxy_dest_match` This directive is equivalent to proxy_dest, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. -#####`proxy_dest_reverse_match` +##### `proxy_dest_reverse_match` Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. -#####`proxy_pass_match` +##### `proxy_pass_match` This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. -#####`rack_base_uris` +##### `rack_base_uris` Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. -#####`redirect_dest` +##### `redirect_dest` Specifies the address to redirect to. Defaults to 'undef'. -#####`redirect_source` +##### `redirect_source` Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } -``` +~~~ -#####`redirect_status` +##### `redirect_status` Specifies the status to append to the redirect. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } -``` +~~~ -#####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` +##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } -``` +~~~ -#####`request_headers` +##### `request_headers` Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … request_headers => [ @@ -1568,23 +2136,23 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo 'unset MirrorID', ], } -``` -#####`rewrites` +~~~ +##### `rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } -``` +~~~ The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1595,11 +2163,11 @@ The parameter allows rewrite conditions that, when true, execute the associated }, ], } -``` +~~~ You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1610,11 +2178,11 @@ You can also apply multiple conditions. For instance, rewrite index.html to welc }, ], } -``` +~~~ Multiple rewrites and conditions are also possible -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1639,21 +2207,21 @@ Multiple rewrites and conditions are also possible }, ], } -``` +~~~ Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. -#####`scriptalias` +##### `scriptalias` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for example: '/usr/scripts'. Defaults to 'undef'. -#####`scriptaliases` +##### `scriptaliases` *Note*: This parameter is deprecated in favour of the `aliases` parameter. Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: -```puppet +~~~ puppet scriptaliases => [ { alias => '/myscript', @@ -1672,39 +2240,39 @@ Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAli path => '/usr/share/neatscript', }, ] -``` +~~~ The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing. -#####`serveradmin` +##### `serveradmin` Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'. -#####`serveraliases` +##### `serveraliases` Sets the [ServerAliases](http://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Defaults to '[]'. -#####`servername` +##### `servername` Sets the servername corresponding to the hostname you connect to the virtual host at. Defaults to the title of the resource. -#####`setenv` +##### `setenv` Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: -```puppet +~~~ puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } -``` +~~~ -#####`setenvif` +##### `setenvif` Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. -#####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` +##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). @@ -1716,7 +2284,7 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP -```puppet +~~~ puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -1727,17 +2295,17 @@ To set up a virtual host with suPHP 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } -``` +~~~ -#####`vhost_name` +##### `vhost_name` Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +##### `virtual_docroot` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. -```puppet +~~~ puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -1745,9 +2313,9 @@ Sets up a virtual host with a wildcard alias subdomain mapped to a directory wit docroot => '/var/www', serveraliases => ['*.loc',], } -``` +~~~ -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` +##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1765,7 +2333,7 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI -```puppet +~~~ puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -1779,7 +2347,7 @@ To set up a virtual host with WSGI wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } -``` +~~~ ####Parameter `directories` for `apache::vhost` @@ -1791,7 +2359,7 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like -```puppet +~~~ puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ @@ -1801,26 +2369,26 @@ General `directories` usage looks something like }, ], } -``` +~~~ *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } -``` +~~~ Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: -######`addhandlers` +###### `addhandlers` Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1829,13 +2397,13 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand }, ], } -``` +~~~ -######`allow` +###### `allow` Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1844,13 +2412,13 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) }, ], } -``` +~~~ -######`allow_override` +###### `allow_override` Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1859,69 +2427,69 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs }, ], } -``` +~~~ -######`auth_basic_authoritative` +###### `auth_basic_authoritative` Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. -######`auth_basic_fake` +###### `auth_basic_fake` Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. -######`auth_basic_provider` +###### `auth_basic_provider` Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. -######`auth_digest_algorithm` +###### `auth_digest_algorithm` Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. -######`auth_digest_domain` +###### `auth_digest_domain` Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. -######`auth_digest_nonce_lifetime` +###### `auth_digest_nonce_lifetime` Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. -######`auth_digest_provider` +###### `auth_digest_provider` Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. -######`auth_digest_qop` +###### `auth_digest_qop` Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. -######`auth_digest_shmem_size` +###### `auth_digest_shmem_size` Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. -######`auth_group_file` +###### `auth_group_file` Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. -######`auth_name` +###### `auth_name` Sets the value for [AuthName](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. -######`auth_require` +###### `auth_require` Sets the entity name you're requiring to allow access. Read more about [Require](http://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). -######`auth_type` +###### `auth_type` Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. -######`auth_user_file` +###### `auth_user_file` Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. -######`custom_fragment` +###### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. -```puppet +~~~ puppet apache::vhost { 'monitor': … directories => [ @@ -1942,13 +2510,13 @@ Pass a string of custom configuration directives to be placed at the end of the }, ] } -``` +~~~ -######`deny` +###### `deny` Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1957,13 +2525,13 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir }, ], } -``` +~~~ -######`error_documents` +###### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', @@ -1975,14 +2543,14 @@ An array of hashes used to override the [ErrorDocument](https://httpd.apache.org }, ], } -``` +~~~ -######`geoip_enable` +###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. -```puppet +~~~ puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ @@ -1991,13 +2559,13 @@ Note that you must declare `class {'apache::mod::geoip': }` before using this di }, ], } -``` +~~~ -######`headers` +###### `headers` Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { @@ -2005,13 +2573,13 @@ Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.htm headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } -``` +~~~ -######`index_options` +###### `index_options` Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2022,13 +2590,13 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d }, ], } -``` +~~~ -######`index_order_default` +###### `index_order_default` Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2038,13 +2606,13 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind }, ], } -``` +~~~ -######`index_style_sheet` +###### `index_style_sheet` Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2055,13 +2623,13 @@ Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoinde }, ], } -``` +~~~ -######`options` +###### `options` Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2070,13 +2638,13 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) }, ], } -``` +~~~ -######`order` +###### `order` Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2085,13 +2653,13 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum }, ], } -``` +~~~ -######`passenger_enabled` +###### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2100,24 +2668,24 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ }, ], } -``` +~~~ *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. -######`php_value` and `php_flag` +###### `php_value` and `php_flag` `php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -######`php_admin_value` and `php_admin_flag` +###### `php_admin_value` and `php_admin_flag` `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -######`satisfy` +###### `satisfy` Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2126,13 +2694,13 @@ Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.a } ], } -``` +~~~ -######`sethandler` +###### `sethandler` Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2141,13 +2709,13 @@ Sets a `SetHandler` directive as per the [Apache Core documentation](http://http } ], } -``` +~~~ -######`rewrites` +###### `rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2166,15 +2734,15 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array }, ], } -``` +~~~ ***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. -######`shib_request_setting` +###### `shib_request_setting` Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2184,17 +2752,17 @@ Allows an valid content setting to be set or altered for the application request }, ], } -``` +~~~ -######`shib_use_headers` +###### `shib_use_headers` When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -######`ssl_options` +###### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2206,13 +2774,13 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl }, ], } -``` +~~~ -######`suphp` +###### `suphp` A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2224,119 +2792,119 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w }, ], } -``` +~~~ ####SSL parameters for `apache::vhost` All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. -#####`ssl` +##### `ssl` Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. -#####`ssl_ca` +##### `ssl_ca` Specifies the SSL certificate authority. Defaults to 'undef'. -#####`ssl_cert` +##### `ssl_cert` Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo. -#####`ssl_protocol` +##### `ssl_protocol` Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. -#####`ssl_cipher` +##### `ssl_cipher` Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'HIGH:MEDIUM:!aNULL:!MD5'. -#####`ssl_honorcipherorder` +##### `ssl_honorcipherorder` Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Defaults to 'On' in the base `apache` config. -#####`ssl_certs_dir` +##### `ssl_certs_dir` Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, '/usr/local/etc/apache22' on FreeBSD, and '/etc/ssl/apache2' on Gentoo. -#####`ssl_chain` +##### `ssl_chain` Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl` +##### `ssl_crl` Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl_path` +##### `ssl_crl_path` Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl_check` +##### `ssl_crl_check` Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. -#####`ssl_key` +##### `ssl_key` Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_verify_client` +##### `ssl_verify_client` Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } -``` +~~~ -#####`ssl_verify_depth` +##### `ssl_verify_depth` Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_verify_depth => 1, } -``` +~~~ -#####`ssl_options` +##### `ssl_options` Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } -``` +~~~ An array: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_options => [ '+StrictRequire', '+ExportCertData' ], } -``` +~~~ -#####`ssl_openssl_conf_cmd` +##### `ssl_openssl_conf_cmd` Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'. -#####`ssl_proxyengine` +##### `ssl_proxyengine` Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. -####Defined Type: FastCGI Server +####Define: FastCGI Server This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. Ex: -```puppet +~~~ puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -2345,426 +2913,168 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -``` +~~~ Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. -```puppet +~~~ puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -``` +~~~ -#####`host` +##### `host` The hostname or IP address and TCP port number (1-65535) of the FastCGI server. -#####`timeout` +##### `timeout` The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. -#####`flush` +##### `flush` Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. -#####`faux_path` +##### `faux_path` `faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. -#####`alias` +##### `alias` A unique alias. This is used internally to link the action with the FastCGI server. -#####`file_type` +##### `file_type` The MIME-type of the file to be processed by the FastCGI server. -###Virtual Host Examples +### Private Defines -The apache module allows you to set up pretty much any configuration of virtual host you might need. This section addresses some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. +#### Define: `apache::peruser::multiplexer` -Configure a vhost with a server administrator +This define checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] define. -```puppet - apache::vhost { 'third.example.com': - port => '80', - docroot => '/var/www/third', - serveradmin => 'admin@example.com', - } -``` +#### Define: `apache::peruser::multiplexer` -- - - +Enables the [`Peruser`][] module for FreeBSD only. -Set up a vhost with aliased servers +#### Define: `apache::peruser::processor` -```puppet - apache::vhost { 'sixth.example.com': - serveraliases => [ - 'sixth.example.org', - 'sixth.example.net', - ], - port => '80', - docroot => '/var/www/fifth', - } -``` +Enables the [`Peruser`][] module for FreeBSD only. -- - - +#### Define: `apache::security::file_link` -Configure a vhost with a cgi-bin +Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk. -```puppet - apache::vhost { 'eleventh.example.com': - port => '80', - docroot => '/var/www/eleventh', - scriptalias => '/usr/lib/cgi-bin', - } -``` +### Templates -- - - +The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defines. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. -Set up a vhost with a rack configuration +## Limitations -```puppet - apache::vhost { 'fifteenth.example.com': - port => '80', - docroot => '/var/www/fifteenth', - rack_base_uris => ['/rackapp1', '/rackapp2'], - } -``` +### Ubuntu 10.04 -- - - +The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. -Set up a mix of SSL and non-SSL vhosts at the same domain +### RHEL/CentOS 5 -```puppet - #The non-ssl vhost - apache::vhost { 'first.example.com non-ssl': - servername => 'first.example.com', - port => '80', - docroot => '/var/www/first', - } +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. - #The SSL vhost at the same domain - apache::vhost { 'first.example.com ssl': - servername => 'first.example.com', - port => '443', - docroot => '/var/www/first', - ssl => true, - } -``` +### RHEL/CentOS 7 -- - - +The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uri`][] parameter. -Configure a vhost to redirect non-SSL connections to SSL +### General -```puppet - apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - redirect_status => 'permanent', - redirect_dest => 'https://sixteenth.example.com/' - } - apache::vhost { 'sixteenth.example.com ssl': - servername => 'sixteenth.example.com', - port => '443', - docroot => '/var/www/sixteenth', - ssl => true, - } -``` - -- - - - -Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. - -```puppet - apache::listen { '80': } - apache::listen { '81': } -``` - -Then we set up the IP-based vhosts - -```puppet - apache::vhost { 'first.example.com': - ip => '10.0.0.10', - docroot => '/var/www/first', - ip_based => true, - } - apache::vhost { 'second.example.com': - ip => '10.0.0.11', - docroot => '/var/www/second', - ip_based => true, - } -``` - -- - - - -Configure a mix of name-based and IP-based vhosts. First, we add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL - -```puppet - apache::vhost { 'The first IP-based vhost, non-ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '80', - ip_based => true, - docroot => '/var/www/first', - } - apache::vhost { 'The first IP-based vhost, ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '443', - ip_based => true, - docroot => '/var/www/first-ssl', - ssl => true, - } -``` - -Then, we add two name-based vhosts listening on 10.0.0.20 - -```puppet - apache::vhost { 'second.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/second', - } - apache::vhost { 'third.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/third', - } -``` - -If you want to add two name-based vhosts so that they answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it conflicts with the preceding IP-based vhosts. - -```puppet - apache::vhost { 'fourth.example.com': - port => '80', - docroot => '/var/www/fourth', - add_listen => false, - } - apache::vhost { 'fifth.example.com': - port => '80', - docroot => '/var/www/fifth', - add_listen => false, - } -``` - -###Load Balancing - -####Defined Type: `apache::balancer` - -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). - -One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. - -**Parameters within `apache::balancer`:** - -#####`name` - -Sets the balancer cluster's title. This parameter also sets the title of the conf.d file. - -#####`proxy_set` - -Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) lines. Accepts a hash, and defaults to '{}'. - -#####`collect_exported` - -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. - -If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. - -If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. - -If you choose not to use exported resources, all balancer members will be configured in a single Puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. - -####Defined Type: `apache::balancermember` - -Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which sets up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. - -**Parameters within `apache::balancermember`:** - -#####`name` - -Sets the title of the resource. This name also sets the name of the concat fragment. - -#####`balancer_cluster` +This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: -Sets the Apache service's instance name. This must match the name of a declared `apache::balancer` resource. Required. +- CentOS 5 and 6 +- Ubuntu 12.04 and 14.04 +- Debian 7 +- RHEL 5, 6, and 7 -#####`url` +This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. -Specifies the URL used to contact the balancer member server. Defaults to 'http://${::fqdn}/'. +### SELinux and custom paths -#####`options` +If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. -An array of [options](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#balancermember) to be specified after the URL. Accepts any key-value pairs available to [ProxyPass](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass). +You can do this with Puppet: -####Examples - -To load balance with exported resources, export the `balancermember` from the balancer member - -```puppet - @@apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009" - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], - } -``` - -Then, on the proxy server, create the balancer cluster - -```puppet - apache::balancer { 'puppet00': } -``` - -To load balance without exported resources, declare the following on the proxy - -```puppet - apache::balancer { 'puppet00': } - apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009" - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], - } -``` - -Then declare `apache::balancer` and `apache::balancermember` on the proxy server. - -If you need to use ProxySet in the balancer config - -```puppet - apache::balancer { 'puppet01': - proxy_set => {'stickysession' => 'JSESSIONID'}, - } -``` - -##Reference - -###Classes - -####Public Classes - -* [`apache`](#class-apache): Guides the basic setup of Apache. -* `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) -* [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - -####Private Classes - -* `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. -* `apache::default_confd_files`: Includes conf.d files for FreeBSD. -* `apache::default_mods`: Installs the Apache modules required to run the default configuration. -* `apache::package`: Installs and configures basic Apache packages. -* `apache::params`: Manages Apache parameters. -* `apache::service`: Manages the Apache daemon. - -###Defined Types - -####Public Defined Types - -* `apache::balancer`: Creates an Apache balancer cluster. -* `apache::balancermember`: Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). -* `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. -* `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. -* `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. - -####Private Defined Types - -* `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. -* `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. -* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk. - -###Templates - -The Apache module relies heavily on templates to enable the `vhost` and `apache::mod` defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration. - -##Limitations - -###Ubuntu 10.04 - -The `apache::vhost::WSGIImportScript` parameter creates a statement inside the VirtualHost which is unsupported on older versions of Apache, causing this to fail. This will be remedied in a future refactoring. - -###RHEL/CentOS 5 - -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. - -###RHEL/CentOS 7 - -The `apache::mod::passenger` class is untested as the repository does not have packages for EL7 yet. The fact that passenger packages aren't available also makes us unable to test the `rack_base_uri` parameter in `apache::vhost`. - -###General +~~~ puppet +exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], +} -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +package { 'policycoreutils-python': + ensure => installed, +} -The module contains support for other distributions and operating systems, such as FreeBSD, Gentoo and Amazon Linux, but is not formally tested on those and regressions can occur. +exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Class['Apache::Service'], + require => Class['apache'], +} -###SELinux and Custom Paths +class { 'apache': } -If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the context for the files yourself. +host { 'test.server': + ip => '127.0.0.1', +} -Something along the lines of: +file { '/custom/path': + ensure => directory, +} -```puppet - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], - } - package { 'policycoreutils-python': ensure => installed } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Class['Apache::Service'], - require => Class['apache'], - } - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - file { '/custom/path': ensure => directory, } - file { '/custom/path/include': ensure => present, content => '#additional_includes' } - apache::vhost { 'test.server': - docroot => '/custom/path', - additional_includes => '/custom/path/include', - } -``` +file { '/custom/path/include': + ensure => present, + content => '#additional_includes', +} -You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context. +apache::vhost { 'test.server': + docroot => '/custom/path', + additional_includes => '/custom/path/include', +} +~~~ -###FreeBSD +You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. -In order to use this module on FreeBSD, you *must* use apache24-2.4.12 (www/apache24) or newer. +### FreeBSD -##Development +In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. -###Contributing +## Development -Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. +### Contributing -We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. +[Puppet Labs][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. -Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html) +We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. -###Running tests +For more information, please read the complete [module contribution guide][]. -This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation. +### Running tests -Quickstart: +This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation. -####Ruby > 1.8.7 +#### Testing quickstart: Ruby > 1.8.7 -``` - gem install bundler - bundle install - bundle exec rake spec - bundle exec rspec spec/acceptance - RS_DEBUG=yes bundle exec rspec spec/acceptance -``` +~~~ +gem install bundler +bundle install +bundle exec rake spec +bundle exec rspec spec/acceptance +RS_DEBUG=yes bundle exec rspec spec/acceptance +~~~ -####Ruby = 1.8.7 +#### Testing quickstart: Ruby = 1.8.7 -``` - gem install bundler - bundle install --without system_tests - bundle exec rake spec -``` +~~~ +gem install bundler +bundle install --without system_tests +bundle exec rake spec +~~~ diff --git a/README.passenger.md b/README.passenger.md index 5b33d29096..7a2aada9b5 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -13,7 +13,7 @@ Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. -# Operating system support and Passenger versions +## Operating system support and Passenger versions The most important configuration directive for the Apache Passenger module is `PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or @@ -35,7 +35,7 @@ RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3. As mentioned in `README.md` there are no compatible packages available for RHEL/CentOS 5 or RHEL/CentOS 7. -## Configuration files and locations on RHEL/CentOS +### Configuration files and locations on RHEL/CentOS Notice two important points: @@ -55,7 +55,7 @@ directives as described in the remainder of this document are placed in This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu. -## Third-party and custom Passenger packages and versions +### Third-party and custom Passenger packages and versions The Passenger version distributed by the default OS packages may be too old to be useful. Newer versions may be installed via Gems, from source or from @@ -75,7 +75,7 @@ For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive should almost universally be set to `/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`. -# Parameters for `apache::mod::passenger` +## Parameters for `apache::mod::passenger` The following class parameters configure Passenger in a global, server-wide context. @@ -95,12 +95,12 @@ class { 'apache::mod::passenger': The general form is using the all lower-case version of the configuration directive, with underscores instead of CamelCase. -## Parameters used with passenger.conf +### Parameters used with passenger.conf If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. -### passenger_root +#### passenger_root The location to the Phusion Passenger root directory. This configuration option is essential to Phusion Passenger, and allows Phusion Passenger to locate its @@ -112,7 +112,7 @@ information. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt -### passenger_default_ruby +#### passenger_default_ruby This option specifies the default Ruby interpreter to use for web apps as well as for all sorts of internal Phusion Passenger helper scripts, e.g. the one @@ -126,7 +126,7 @@ set to '/usr/bin/ruby'. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby -### passenger_ruby +#### passenger_ruby This directive is the same as `passenger_default_ruby` for Passenger versions < 4.x and must be used instead of `passenger_default_ruby` for such versions. @@ -141,28 +141,28 @@ Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby -### passenger_high_performance +#### passenger_high_performance Default is `off`. When turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance -### passenger_max_pool_size +#### passenger_max_pool_size Sets the maximum number of Passenger application processes that may simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt -### passenger_pool_idle_time +#### passenger_pool_idle_time The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime -### passenger_max_requests +#### passenger_max_requests The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only @@ -170,14 +170,14 @@ shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests -### passenger_stat_throttle_rate +#### passenger_stat_throttle_rate Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt -### rack_autodetect +#### rack_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rack application. Not set by default (`undef`). Note that this directive has @@ -186,7 +186,7 @@ Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt -### rails_autodetect +#### rails_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rails application. Not set by default (`undef`). Note that this directive @@ -195,13 +195,13 @@ instead. Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt -### passenger_use_global_queue +#### passenger_use_global_queue Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. -### passenger_app_env +#### passenger_app_env Sets the global default `PassengerAppEnv` for Passenger applications. Not set by default (`undef`) and thus defaults to Passenger's built-in value of 'production'. @@ -209,43 +209,43 @@ This directive can be overridden in an `apache::vhost` resource. https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv -## Parameters used to load the module +### Parameters used to load the module Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. -### mod_package +#### mod_package Allows overriding the default package name used for the passenger module package. -### mod_package_ensure +#### mod_package_ensure Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. -### mod_id +#### mod_id Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. -### mod_lib_path +#### mod_lib_path Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. -### mod_lib +#### mod_lib Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. -### mod_path +#### mod_path Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. -# Dependencies +## Dependencies RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: @@ -256,7 +256,7 @@ order to install Passenger, specifically: Configuration of these repositories is beyond the scope of this module and is left to the user. -# Attribution +## Attribution The Passenger tuning parameters for the `apache::mod::passenger` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the @@ -268,7 +268,7 @@ PuppetLabs Apache module on GitHub. * http://www.nesi.org.nz// * https://tuakiri.ac.nz/confluence/display/Tuakiri/Home -# Copyright and License +## Copyright and License Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc From 62e1370fbfc9e7e0e1f8a2458b7f66102dcbf26c Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Fri, 31 Jul 2015 11:06:22 -0700 Subject: [PATCH 0669/2267] DOC-1493: Resolve broken links. Corrects several broken markdown links. --- README.md | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index dd9851f96d..2e457ffb9b 100644 --- a/README.md +++ b/README.md @@ -43,15 +43,21 @@ [`apache::fastcgi::server`]: #define-apachefastcgiserver [`apache::mod`]: #define-apachemod [`apache::mod::`]: #classes-apachemodmodule-name +[`apache::mod::alias`]: #class-apachemodalias +[`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::event`]: #class-apachemodevent +[`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::security`]: #class-apachemodsecurity +[`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl +[`apache::mod::status`]: #class-apachemodstatus [`apache::mod::worker`]: #class-apachemodworker +[`apache::mod::wsgi`]: #class-apachemodwsgi [`apache::params`]: #class-apacheparams [`apache::version`]: #class-apacheversion [`apache::vhost`]: #define-apachevhost @@ -74,7 +80,9 @@ [`default_ssl_crl`]: #default_ssl_crl [`default_ssl_crl_path`]: #default_ssl_crl_path [`default_ssl_vhost`]: #default_ssl_vhost +[`dev_packages`]: #dev_packages [`directory`]: #directory +[`directories`]: #parameter-directories-for-apachevhost [`DirectoryIndex`]: http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex [`docroot`]: #docroot [`docroot_owner`]: #docroot_owner @@ -192,7 +200,7 @@ [`ServerSignature`]: http://httpd.apache.org/docs/current/mod/core.html#serversignature [Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart [`source`]: #source -[SSLCARevocationCheck]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[`SSLCARevocationCheck`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck [SSL certificate key file]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile [SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile [SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html @@ -829,7 +837,7 @@ While this default value results in a functioning Apache server, you **must** up ##### `default_ssl_crl_check` -Sets the default certificate revocation check level via the [`SSLCARevocationCheck`] directive. Default: 'undef'. +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: 'undef'. While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. @@ -923,7 +931,7 @@ Limits the number of requests allowed per connection when the [`keepalive` param ##### `lib_path` -Specifies the location where [Apache module][] files are stored. Default: Depends on the operating system. +Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on the operating system. - **Debian** and **Gentoo**: `/usr/lib/apache2/modules` - **FreeBSD**: `/usr/local/libexec/apache24` @@ -1132,7 +1140,7 @@ You might need to override this if you are using a non-standard Apache package, #### Class: `apache::dev` -Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`] parameter of the [`apache::params`] class based on your operating system: +Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: The default value is determined by your operating system: @@ -1156,9 +1164,9 @@ class { 'apache::mod::alias': The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. * `actions` -* `alias` (see [`apache::mod::alias`](#class-apachemodalias)) +* `alias` (see [`apache::mod::alias`][]) * `auth_basic` -* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas)) +* `auth_cas`* (see [`apache::mod::auth_cas`][]) * `auth_kerb` * `authn_core` * `authn_file` @@ -1176,7 +1184,7 @@ The following Apache modules have supported classes, many of which allow for par * `dev` * `dir`* * `disk_cache` -* `event` (see [`apache::mod::event`](#class-apachemodevent)) +* `event` (see [`apache::mod::event`][]) * `expires` * `fastcgi` * `fcgid` @@ -1191,11 +1199,11 @@ The following Apache modules have supported classes, many of which allow for par * `mime_magic`* * `negotiation` * `nss`* -* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed)) +* `pagespeed` (see [`apache::mod::pagespeed`][]) * `passenger`* * `perl` * `peruser` -* `php` (requires [`mpm_module`](#mpm_module) set to `prefork`) +* `php` (requires [`mpm_module`][] set to `prefork`) * `prefork`* * `proxy`* * `proxy_ajp` @@ -1209,16 +1217,16 @@ The following Apache modules have supported classes, many of which allow for par * `rpaf`* * `setenvif` * `security` -* `shib`* (see [`apache::mod::shib`](#class-apachemodshib)) +* `shib`* (see [`apache::mod::shib`]) * `speling` -* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl)) -* `status`* (see [`apache::mod::status`](#class-apachemodstatus)) +* `ssl`* (see [`apache::mod::ssl`][]) +* `status`* (see [`apache::mod::status`][]) * `suphp` * `userdir`* * `version` * `vhost_alias` * `worker`* -* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi)) +* `wsgi` (see [`apache::mod::wsgi`][]) * `xsendfile` Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work. @@ -1968,15 +1976,17 @@ This directive is equivalent to `no_proxy_uris`, but takes regular expressions. ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: 'false'. + +Setting this parameter to 'true' enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. 'false' sets this option to 'Off'. ##### `proxy_error_override` -Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. +Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. ##### `options` -Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: +Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: ~~~ puppet apache::vhost { 'site.name.fdqn': @@ -1985,7 +1995,7 @@ Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) f } ~~~ -*Note:* If you use [`directories`](#parameter-directories-for-apachevhost), 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. +**Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. ##### `override` @@ -2983,7 +2993,7 @@ The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are u ### RHEL/CentOS 7 -The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uri`][] parameter. +The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. ### General From 2d4723f42a9f132c6c43c0c62dbb50fb3d6e5112 Mon Sep 17 00:00:00 2001 From: "Jacob A. Ela" Date: Wed, 13 May 2015 08:33:35 -0500 Subject: [PATCH 0670/2267] mod_passenger: allow setting PassengerSpawnMethod --- README.passenger.md | 9 +++++++++ manifests/mod/passenger.pp | 7 +++++++ spec/classes/mod/passenger_spec.rb | 12 ++++++++++++ templates/mod/passenger.conf.erb | 3 +++ 4 files changed, 31 insertions(+) diff --git a/README.passenger.md b/README.passenger.md index 7a2aada9b5..d50b3f4897 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -170,6 +170,15 @@ shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests +#### passenger_spawn_method + +Sets the method by which Ruby application processes are spawned. Default is `smart` +which caches code using the app preloader. + +Passenger >= 4.0 renamed `conservative` to `direct` and `smart-lv2` to `smart`. + +https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerSpawnMethod + #### passenger_stat_throttle_rate Sets how often Passenger performs file system checks, at most once every _x_ diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 03cce4d892..efd3486896 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -4,6 +4,7 @@ $passenger_high_performance = undef, $passenger_pool_idle_time = undef, $passenger_max_requests = undef, + $passenger_spawn_method = undef, $passenger_stat_throttle_rate = undef, $rack_autodetect = undef, $rails_autodetect = undef, @@ -21,6 +22,11 @@ $mod_id = undef, $mod_path = undef, ) { + + if $passenger_spawn_method { + validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") + } + # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': @@ -61,6 +67,7 @@ # - $passenger_min_instances # - $passenger_high_performance # - $passenger_max_requests + # - $passenger_spawn_method # - $passenger_stat_throttle_rate # - $passenger_use_global_queue # - $passenger_app_env diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 07ce358fe2..40ac749f6a 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -64,6 +64,18 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } end + describe "with passenger_spawn_method => bogus" do + let :params do + { :passenger_spawn_method => 'bogus' } + end + it { is_expected.to raise_error(Puppet::Error, /not permitted for passenger_spawn_method/) } + end + describe "with passenger_spawn_method => direct" do + let :params do + { :passenger_spawn_method => 'direct' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerSpawnMethod direct$/) } + end describe "with passenger_stat_throttle_rate => 10" do let :params do { :passenger_stat_throttle_rate => 10 } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index e50a2d636c..1af4eaaa4b 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -25,6 +25,9 @@ <%- if @passenger_max_requests -%> PassengerMaxRequests <%= @passenger_max_requests %> <%- end -%> + <%- if @passenger_spawn_method -%> + PassengerSpawnMethod <%= @passenger_spawn_method %> + <%- end -%> <%- if @passenger_stat_throttle_rate -%> PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %> <%- end -%> From eb022c68b35d42ca145973d846e3ff8ec8fc10b5 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 6 Aug 2015 10:52:01 -0700 Subject: [PATCH 0671/2267] Update README.md Closes #1172 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2e457ffb9b..802b21f3e8 100644 --- a/README.md +++ b/README.md @@ -780,7 +780,7 @@ Sets the location of the Apache server's custom configuration directory. Default - **Debian**: `/etc/apache2/conf.d` - **FreeBSD**: `/usr/local/etc/apache22` - **Gentoo**: `/etc/apache2/conf.d` -- **Red Hat**: `/etc/httpd/conf` +- **Red Hat**: `/etc/httpd/conf.d` ##### `default_charset` @@ -1111,7 +1111,7 @@ Changes your virtual host configuration files' location. Default: determined by - **Debian**: `/etc/apache2/sites-available` - **FreeBSD**: `/usr/local/etc/apache22/Vhosts` - **Gentoo**: `/etc/apache2/vhosts.d` -- **Red Hat**: `etc/httpd/conf.d` +- **Red Hat**: `/etc/httpd/conf.d` ##### `user` From e504da604dca75fc584c96c1359c8aa79d1daf9f Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Mon, 6 Jul 2015 22:40:39 -0400 Subject: [PATCH 0672/2267] mod::alias should be included when the aliases parameter is used (even without scriptaliases) --- manifests/vhost.pp | 2 +- spec/defines/vhost_spec.rb | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index af48d2f3f0..0fb37851c1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -363,7 +363,7 @@ } # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { + if ($scriptalias and $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index dac685eb95..cb8c9e84bb 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -427,6 +427,20 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end + context 'set only aliases' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'aliases' => [ + { + 'alias' => '/alias', + 'path' => '/rspec/docroot', + }, + ] + } + end + it { is_expected.to contain_class('apache::mod::alias')} + end context 'proxy_pass_match' do let :params do { From 7e4c6bc55043506140c950876f53299fb324d0b0 Mon Sep 17 00:00:00 2001 From: Jamie Cressey Date: Wed, 24 Jun 2015 11:17:20 +0100 Subject: [PATCH 0673/2267] Adding support to mod_disk_cache for >= 2.4 Adding support to mod_disk_cache for >= 2.4 --- README.md | 14 +++- manifests/mod/disk_cache.pp | 41 ++++++----- spec/classes/mod/disk_cache.rb | 111 ++++++++++++++++++++++++++++++ templates/mod/disk_cache.conf.erb | 12 ++-- 4 files changed, 153 insertions(+), 25 deletions(-) create mode 100644 spec/classes/mod/disk_cache.rb diff --git a/README.md b/README.md index 802b21f3e8..c1909782c6 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ [`apache::mod::`]: #classes-apachemodmodule-name [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas +[`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::event`]: #class-apachemodevent [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk @@ -1183,7 +1184,7 @@ The following Apache modules have supported classes, many of which allow for par * `deflate` * `dev` * `dir`* -* `disk_cache` +* `disk_cache` (see [`apache::mod::disk_cache`][]) * `event` (see [`apache::mod::event`][]) * `expires` * `fastcgi` @@ -1245,6 +1246,17 @@ Installs and manages [`mod_alias`][]. - **Gentoo**: `/var/www/icons` - **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` +####Class: `apache::mod::disk_cache` + +Installs and configures mod_disk_cache. The cache root is determined based on apache version and OS. It can be specified directly as well. + +Specifying the cache root: +```puppet + class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', + } +``` + ##### Class: `apache::mod::event` Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::event` and [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 2b9d8a9101..2f0a476fa4 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,25 +1,34 @@ -class apache::mod::disk_cache { - $cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_disk_cache', - 'redhat' => '/var/cache/mod_proxy', - 'freebsd' => '/var/cache/mod_disk_cache', - 'gentoo' => '/var/cache/apache2/mod_disk_cache', +class apache::mod::disk_cache ( + $cache_root = undef, +) { + if $cache_root { + $_cache_root = $cache_root } - - $mod_name = $::osfamily ? { - 'FreeBSD' => 'cache_disk', - default => 'disk_cache', + elsif versioncmp($::apache::apache_version, '2.4') >= 0 { + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_cache_disk', + 'redhat' => '/var/cache/httpd/proxy', + 'freebsd' => '/var/cache/mod_cache_disk', + } + } + else { + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_disk_cache', + 'redhat' => '/var/cache/mod_proxy', + 'freebsd' => '/var/cache/mod_disk_cache', + } } - if $::osfamily != 'FreeBSD' { - # FIXME: investigate why disk_cache was dependent on proxy - # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not - Class['::apache::mod::proxy'] -> Class['::apache::mod::disk_cache'] + if versioncmp($::apache::apache_version, '2.4') >= 0 { + apache::mod { 'cache_disk': } } + else { + apache::mod { 'disk_cache': } + } + Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - apache::mod { $mod_name: } - # Template uses $cache_proxy + # Template uses $_cache_root file { 'disk_cache.conf': ensure => file, path => "${::apache::mod_dir}/disk_cache.conf", diff --git a/spec/classes/mod/disk_cache.rb b/spec/classes/mod/disk_cache.rb new file mode 100644 index 0000000000..263b4cac64 --- /dev/null +++ b/spec/classes/mod/disk_cache.rb @@ -0,0 +1,111 @@ +require 'spec_helper' + +describe 'apache::mod::disk_cache', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end + + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end +end diff --git a/templates/mod/disk_cache.conf.erb b/templates/mod/disk_cache.conf.erb index 0c7e2c4b73..b1b460e522 100644 --- a/templates/mod/disk_cache.conf.erb +++ b/templates/mod/disk_cache.conf.erb @@ -1,8 +1,4 @@ - - - CacheEnable disk / - CacheRoot "<%= @cache_root %>" - CacheDirLevels 2 - CacheDirLength 1 - - +CacheEnable disk / +CacheRoot "<%= @_cache_root %>" +CacheDirLevels 2 +CacheDirLength 1 From 1bf0aba5f6c457149786878afaba525bec940118 Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Sun, 9 Aug 2015 20:23:21 -0400 Subject: [PATCH 0674/2267] load unixd before fcgid on all operating systems (see #879) --- manifests/mod/fcgid.pp | 13 +++------ spec/classes/mod/fcgid_spec.rb | 27 ++++++++++++------- .../{fcgid.conf.erb => unixd_fcgid.conf.erb} | 0 3 files changed, 21 insertions(+), 19 deletions(-) rename templates/mod/{fcgid.conf.erb => unixd_fcgid.conf.erb} (100%) diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index a143c2b434..9786670338 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,22 +1,17 @@ class apache::mod::fcgid( $options = {}, ) { - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { - $loadfile_name = 'unixd_fcgid.load' - } else { - $loadfile_name = undef - } ::apache::mod { 'fcgid': - loadfile_name => $loadfile_name + loadfile_name => 'unixd_fcgid.load', } # Template uses: # - $options - file { 'fcgid.conf': + file { 'unixd_fcgid.conf': ensure => file, - path => "${::apache::mod_dir}/fcgid.conf", - content => template('apache/mod/fcgid.conf.erb'), + path => "${::apache::mod_dir}/unixd_fcgid.conf", + content => template('apache/mod/unixd_fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index 096717d351..98953625ac 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -21,7 +21,9 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("libapache2-mod-fcgid") } end @@ -36,13 +38,15 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end describe 'without parameters' do it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("mod_fcgid") } end @@ -57,7 +61,7 @@ } end it 'should contain the correct config' do - content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content] + content = catalogue.resource('file', 'unixd_fcgid.conf').send(:parameters)[:content] expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ '', ' AddHandler fcgid-script .fcgi', @@ -89,8 +93,7 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('fcgid').with({ 'loadfile_name' => 'unixd_fcgid.load' - }) - } + }) } it { is_expected.to contain_package("mod_fcgid") } end end @@ -99,8 +102,8 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :operatingsystemmajrelease => '9', + :operatingsystemrelease => '10', + :operatingsystemmajrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -111,7 +114,9 @@ end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("www/mod_fcgid") } end @@ -130,7 +135,9 @@ end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("www-apache/mod_fcgid") } end end diff --git a/templates/mod/fcgid.conf.erb b/templates/mod/unixd_fcgid.conf.erb similarity index 100% rename from templates/mod/fcgid.conf.erb rename to templates/mod/unixd_fcgid.conf.erb From 3ff15a5e7e3fc3cc9adb7efd23c89169adde8a07 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 12 Aug 2015 15:53:43 -0700 Subject: [PATCH 0675/2267] fixes conditional in vhost aliases --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0fb37851c1..20b1aa6b91 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -363,7 +363,7 @@ } # Load mod_alias if needed and not yet loaded - if ($scriptalias and $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { + if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } From cd1102bb20bc6ed876994986f28931248fa200dd Mon Sep 17 00:00:00 2001 From: Vamegh Hedayati Date: Wed, 22 Jul 2015 11:49:47 +0100 Subject: [PATCH 0676/2267] Add support for user modifiable installation of mod_systemd and pidfile locations. default_mods.pp --> added use_systemd option, if running a custom build of apache on centos7, user modifiable boolean option provided init.pp --> added pidfile and use_systemd option both of which go to params.pp and allow these values to be set in hiera. changed all osfamily choices for conf_dir removed setting the $pidfile variable (now done in params). params.pp --> added $use_systemd, by default set to true to mimic original behaviour. added $pidfile, set to mimic exact same behaviour as used in init.pp, except now user changeable via hiera. updated documentation, to include the 2 new options. --- README.md | 64 ++++++++++++++++++++++----------------- manifests/default_mods.pp | 7 +++-- manifests/init.pp | 7 ++--- manifests/params.pp | 7 +++++ 4 files changed, 50 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index c1909782c6..769b937b8d 100644 --- a/README.md +++ b/README.md @@ -448,7 +448,7 @@ apache::vhost { 'suphp.example.com': suphp_configpath => '/etc/php5/apache2', directories => [ { 'path' => '/home/appuser/myphpapp', - 'suphp' => { + 'suphp' => { user => 'myappuser', group => 'myappgroup', }, @@ -620,7 +620,7 @@ Note that some modules have prerequisites, which are documented in their referen #### Installing arbitrary modules -You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. +You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: @@ -795,7 +795,7 @@ Determines whether Puppet generates a default set of includable Apache configura Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: 'true', 'false', or an array of Apache module names. Default: 'true'. -If this parameter's value is 'false', Puppet only includes the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] define. +If this parameter's value is 'false', Puppet only includes the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] define. If 'true', Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. @@ -803,7 +803,7 @@ If this parameter contains an array, Puppet instead enables all passed Apache mo ##### `default_ssl_ca` -Sets the default certificate authority for the Apache server. Default: 'undef'. +Sets the default certificate authority for the Apache server. Default: 'undef'. While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. @@ -820,7 +820,7 @@ While the default value results in a functioning Apache server, you **must** upd ##### `default_ssl_chain` -Sets the default [SSL chain][] location. Default: 'undef'. +Sets the default [SSL chain][] location. Default: 'undef'. While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. @@ -832,7 +832,7 @@ While this default value results in a functioning Apache server, you **must** up ##### `default_ssl_crl_path` -Sets the server's [certificate revocation list path][], which contains your CRLs. Default: 'undef'. +Sets the server's [certificate revocation list path][], which contains your CRLs. Default: 'undef'. While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. @@ -857,7 +857,7 @@ While these default values result in a functioning Apache server, you **must** u ##### `default_ssl_vhost` -Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: 'false'. +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: 'false'. If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: @@ -880,7 +880,7 @@ _Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot ot ##### `default_vhost` -Configures a default virtual host when the class is declared. Valid options: Boolean. Default: 'true'. +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: 'true'. To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to 'false'. @@ -899,7 +899,7 @@ Determines whether to enable [custom error documents][] on the Apache server. Va ##### `group` -Sets the group ID that owns any Apache processes spawned to answer requests. +Sets the group ID that owns any Apache processes spawned to answer requests. By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to 'false'. @@ -922,7 +922,7 @@ If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parame ##### `keepalive_timeout` -Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. This parameter is only relevant if the [`keepalive` parameter][] is enabled. @@ -942,7 +942,7 @@ Specifies the location where [Apache module][Apache modules] files are stored. D ##### `loadfile_name` -Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. +Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. This can be used to set the module load order. @@ -980,13 +980,13 @@ Changes the directory of Apache log files for the virtual host. Default: Determi ##### `logroot_mode` -Overrides the default [`logroot`][] directory's mode. Default: 'undef'. +Overrides the default [`logroot`][] directory's mode. Default: 'undef'. **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. ##### `manage_group` -When 'false', stops Puppet from creating the group resource. Valid options: Boolean. Default: 'true'. +When 'false', stops Puppet from creating the group resource. Valid options: Boolean. Default: 'true'. If you have a group created from another Puppet module that you want to use to run Apache, set this to 'false'. Without this parameter, attempting to use a previously established group results in a duplicate resource error. @@ -1026,13 +1026,17 @@ You must set this to 'false' to explicitly declare the following classes with cu Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. +##### `pidfile` + +Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Defaults to 'run/httpd.pid' on RedHat, '/var/run/httpd.pid on FreeBSD and '\${APACHE_PID_FILE}' on Debian. + ##### `ports_file` Sets the path to the file containing Apache ports configuration. Default: `{$conf_dir}/ports.conf`. ##### `purge_configs` -Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_configs`][]. @@ -1079,7 +1083,7 @@ Determines whether Puppet enables the Apache HTTPD service when the system is bo Determines whether Puppet should make sure the service is running. Valid options: 'true' (equivalent to 'running'), 'false' (equivalent to 'stopped'). Default: 'running'. -The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. +The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. ##### `service_name` @@ -1105,6 +1109,10 @@ Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apach Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +##### `use_systemd` + +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom built rpms. This can either be 'true' or 'false, defaults to 'true'. + ##### `vhost_dir` Changes your virtual host configuration files' location. Default: determined by your operating system. @@ -1116,7 +1124,7 @@ Changes your virtual host configuration files' location. Default: determined by ##### `user` -Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. +Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: @@ -1146,7 +1154,7 @@ Installs Apache development libraries. By default, the package name is defined b The default value is determined by your operating system: - **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions -- **FreeBSD**: 'undef'; see note below +- **FreeBSD**: 'undef'; see note below - **Gentoo**: 'undef' - **Red Hat**: 'httpd-devel' @@ -1428,7 +1436,7 @@ The class's parameters correspond to the module's directives. See the [module's ##### Class: `apache::mod::php` -Installs and configures [`mod_php`][]. +Installs and configures [`mod_php`][]. **Parameters within `apache::mod::php`**: @@ -1438,7 +1446,7 @@ Default values depend on your operating system. - `package_name`: Names the package that installs `php_mod`. - `path`: Defines the path to the `mod_php` shared object (`.so`) file. -- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. - `content`: Adds arbitrary content to `php.conf`. @@ -1458,7 +1466,7 @@ Defining this class enables Shibboleth-specific parameters in `apache::vhost` in ##### Class: `apache::mod::ssl` -Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. **Parameters within `apache::mod::ssl`**: @@ -1619,7 +1627,7 @@ Sets the configuration file's content. The `content` and [`source`][] parameters ##### `priority` -Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. To omit the priority prefix in the configuration file's name, set this parameter to `false`. @@ -1675,7 +1683,7 @@ Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directo Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. -**Parameters within `apache::mod`**: +**Parameters within `apache::mod`**: ##### `package` @@ -1691,7 +1699,7 @@ Defines the module's shared object name. Its default value is `mod_$name.so`, an ##### `lib_path` -Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. +Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. Don't manually set this parameter without special reason. The [`path`][] parameter overrides this value. @@ -1717,7 +1725,7 @@ The Apache module allows a lot of flexibility in the setup and configuration of The `apache::vhost` define allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. -The `apache::vhost` define uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the define doesn't inherently support, add a custom fragment. +The `apache::vhost` define uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the define doesn't inherently support, add a custom fragment. For the custom fragment's `order` parameter, the `apache::vhost` define uses multiples of 10, so any `order` that isn't a multiple of 10 should work. @@ -1799,7 +1807,7 @@ If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'tru ##### `allow_encoded_slashes` -Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. ##### `block` @@ -1988,7 +1996,7 @@ This directive is equivalent to `no_proxy_uris`, but takes regular expressions. ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: 'false'. +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: 'false'. Setting this parameter to 'true' enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. 'false' sets this option to 'Off'. @@ -3052,8 +3060,8 @@ file { '/custom/path': ensure => directory, } -file { '/custom/path/include': - ensure => present, +file { '/custom/path/include': + ensure => present, content => '#additional_includes', } diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 9e3c2c69a7..1c3820bf09 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -1,7 +1,8 @@ class apache::default_mods ( $all = true, $mods = undef, - $apache_version = $::apache::apache_version + $apache_version = $::apache::apache_version, + $use_systemd = $::apache::use_systemd, ) { # These are modules required to run the default configuration. # They are not configurable at this time, so we just include @@ -13,7 +14,9 @@ # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) { - ::apache::mod { 'systemd': } + if ($use_systemd) { + ::apache::mod { 'systemd': } + } } ::apache::mod { 'unixd': } } diff --git a/manifests/init.pp b/manifests/init.pp index 9e6da98138..5f02bfd61f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -52,6 +52,7 @@ $lib_path = $::apache::params::lib_path, $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, + $pidfile = $::apache::params::pidfile, $manage_user = true, $manage_group = true, $user = $::apache::params::user, @@ -72,6 +73,7 @@ $allow_encoded_slashes = undef, $package_ensure = 'installed', $use_optional_includes = $::apache::params::use_optional_includes, + $use_systemd = $::apache::params::use_systemd, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -247,24 +249,20 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { - $pidfile = 'run/httpd.pid' $error_log = 'error_log' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { - $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } 'gentoo': { - $pidfile = '/run/apache2.pid' $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/var/www/localhost/cgi-bin' @@ -282,7 +280,6 @@ } } 'Suse': { - $pidfile = '/var/run/httpd2.pid' $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' diff --git a/manifests/params.pp b/manifests/params.pp index 63a338ba9c..6a26128eaa 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -29,6 +29,9 @@ $log_level = 'warn' $use_optional_includes = false + # should we use systemd module? + $use_systemd = true + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' } else { @@ -50,6 +53,7 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = 'run/httpd.pid' $logroot = '/var/log/httpd' $logroot_mode = undef $lib_path = 'modules' @@ -170,6 +174,7 @@ $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'apache2.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = "\${APACHE_PID_FILE}" $logroot = '/var/log/apache2' $logroot_mode = undef $lib_path = '/usr/lib/apache2/modules' @@ -316,6 +321,7 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd.pid' $logroot = '/var/log/apache24' $logroot_mode = undef $lib_path = '/usr/local/libexec/apache24' @@ -443,6 +449,7 @@ $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' $logroot_mode = undef $lib_path = '/usr/lib64/apache2-prefork/' From d4dbc720c69e4a92384bb492cc78a3f82db81c78 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 13 Aug 2015 13:23:03 -0700 Subject: [PATCH 0677/2267] corrects mod_cgid worker/event defaults --- manifests/mod/cgid.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 6db6b287d1..4094c3281a 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -2,11 +2,10 @@ case $::osfamily { 'FreeBSD': {} default: { - if defined(Class['::apache::mod::worker']) { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] - } - elsif defined(Class['::apache::mod::event']) { + if defined(Class['::apache::mod::event']) { Class['::apache::mod::event'] -> Class['::apache::mod::cgid'] + } else { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] } } } From ea54cf0e46d585596b6e83f714b0b34a07d5caeb Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Mon, 17 Aug 2015 01:02:43 +0200 Subject: [PATCH 0678/2267] The purge_vhost_configs parameter is actually called purge_vhost_dir --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 769b937b8d..6ddc2e91be 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ [Puppet module]: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html [Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp [`purge_configs`]: #purge_configs -[`purge_vhost_configs`]: #purge_vhost_configs +[`purge_vhost_dir`]: #purge_vhost_dir [Python]: https://www.python.org/ [Rack]: http://rack.github.io/ @@ -1038,13 +1038,13 @@ Sets the path to the file containing Apache ports configuration. Default: `{$con Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. -Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_configs`][]. +Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. -##### `purge_vhost_configs` +##### `purge_vhost_dir` -If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_configs` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Default: same as [`purge_configs`][]. +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Default: same as [`purge_configs`][]. -Setting `purge_vhost_configs` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. +Setting `purge_vhost_dir` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. ##### `sendfile` From d245182d0b13faaecfd7cc45589a6e26f05ff41c Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Tue, 18 Aug 2015 16:46:09 -0500 Subject: [PATCH 0679/2267] Add ListenBacklog for mod worker (MODULES-2432) This change adds the ListenBacklog option for the worker module. --- manifests/mod/worker.pp | 56 +++++++++++++++++++++++++++++++++ spec/classes/mod/worker_spec.rb | 5 ++- templates/mod/worker.conf.erb | 1 + 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 25925f8073..2e6a6421b2 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -1,3 +1,57 @@ +# == Class: apache::mod::worker +# +# +# === Parameters +# +# [*startservers*] +# (optional) The number of child server processes created on startup +# Defaults is '2' +# +# [*maxclients*] +# (optional) The max number of simultaneous requests that will be served. +# This is the old name and is still supported. The new name is +# MaxRequestWorkers as of 2.3.13. +# Default is '150' +# +# [*minsparethreads*] +# (optional) Minimum number of idle threads to handle request spikes. +# Default is '25' +# +# [*maxsparethreads*] +# (optional) Maximum number of idle threads. +# Default is '75' +# +# [*threadsperchild*] +# (optional) The number of threads created by each child process. +# Default is '25' +# +# [*maxrequestsperchild*] +# (optional) Limit on the number of connectiojns an individual child server +# process will handle. This is the old name and is still supported. The new +# name is MaxConnectionsPerChild as of 2.3.9+. +# Default is '0' +# +# [*serverlimit*] +# (optional) With worker, use this directive only if your MaxRequestWorkers +# and ThreadsPerChild settings require more than 16 server processes +# (default). Do not set the value of this directive any higher than the +# number of server processes required by what you may want for +# MaxRequestWorkers and ThreadsPerChild. +# Default is '25' +# +# [*threadlimit*] +# (optional) This directive sets the maximum configured value for +# ThreadsPerChild for the lifetime of the Apache httpd process. +# Default is '64' +# +# [*listenbacklog*] +# (optional) Maximum length of the queue of pending connections. +# Defaults is '511' +# +# [*apache_version*] +# (optional) +# Default is $::apache::apache_version +# class apache::mod::worker ( $startservers = '2', $maxclients = '150', @@ -7,6 +61,7 @@ $maxrequestsperchild = '0', $serverlimit = '25', $threadlimit = '64', + $listenbacklog = '511', $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { @@ -36,6 +91,7 @@ # - $maxrequestsperchild # - $serverlimit # - $threadLimit + # - $listenbacklog file { "${::apache::mod_dir}/worker.conf": ensure => file, content => template('apache/mod/worker.conf.erb'), diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 38a79aeb26..9d0d8e5e01 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -157,6 +157,7 @@ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) } + it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*511/) } end context 'setting params' do @@ -169,7 +170,8 @@ :maxsparethreads => 14, :threadsperchild => 15, :maxrequestsperchild => 16, - :threadlimit => 17 + :threadlimit => 17, + :listenbacklog => 8, } end it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^$/) } @@ -181,6 +183,7 @@ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) } + it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*8/) } end end end diff --git a/templates/mod/worker.conf.erb b/templates/mod/worker.conf.erb index 597e05f8d5..ad2bc44610 100644 --- a/templates/mod/worker.conf.erb +++ b/templates/mod/worker.conf.erb @@ -7,4 +7,5 @@ ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> From b2f842c9c03e86de855422827954fbb9e4471b87 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Tue, 18 Aug 2015 13:21:19 +0200 Subject: [PATCH 0680/2267] (MODULES-2458) Support for mod_auth_mellon. mod_auth_melon is an authentication module for apache. Configurations such as the following are now supported. ```puppet class{'apache': default_mods => false, default_confd_files => false, default_vhost => false, } class{'apache::mod::auth_mellon': mellon_cache_size => 101 } apache::vhost{$::fqdn: docroot => '/var/www/html', port => 443, ssl => true, ssl_key => "/etc/certs/${::fqdn}.key", ssl_cert => "/etc/certs/${::fqdn}.cert", directories => [ { path => '/', provider => 'directory', mellon_enable => 'info', mellon_merge_env_vars => 'On', mellon_endpoint_path => '/mellon', mellon_sp_private_key_file => "/etc/certs/${::fqdn}.key", mellon_sp_cert_file => "/etc/certs/${::fqdn}.cert", mellon_idp_metadata_file => "/etc/httpd/conf.d/mellon/FederationMetadata.xml", mellon_set_env_no_prefix => { "user" => "http://schemas.xmlsoap.org/claims/UPN", "ADFS_GROUP" => "http://schemas.xmlsoap.org/claims/Group", "ADFS_EMAIL" => "http://schemas.xmlsoap.org/claims/EmailAddress"}, mellon_user => 'ADFS_LOGIN', }, { path => '/protected', provider => 'location', auth_type => 'Mellon', auth_require => 'valid-user', mellon_enable => 'auth', mellon_cond => ['ADFS_LOGIN straylen [MAP]'] }, ] } ``` --- README.md | 86 +++++++++++++++++++++++++++ manifests/mod/auth_mellon.pp | 24 ++++++++ manifests/params.pp | 11 ++++ spec/classes/mod/auth_mellon_spec.rb | 87 ++++++++++++++++++++++++++++ templates/mod/auth_mellon.conf.erb | 21 +++++++ templates/vhost/_directories.erb | 31 ++++++++++ 6 files changed, 260 insertions(+) create mode 100644 manifests/mod/auth_mellon.pp create mode 100644 spec/classes/mod/auth_mellon_spec.rb create mode 100644 templates/mod/auth_mellon.conf.erb diff --git a/README.md b/README.md index 769b937b8d..ac0e4c1616 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ [`apache::mod::`]: #classes-apachemodmodule-name [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas +[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::event`]: #class-apachemodevent [`apache::mod::geoip`]: #class-apachemodgeoip @@ -142,6 +143,7 @@ [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas [`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ +[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ @@ -1176,6 +1178,7 @@ The following Apache modules have supported classes, many of which allow for par * `alias` (see [`apache::mod::alias`][]) * `auth_basic` * `auth_cas`* (see [`apache::mod::auth_cas`][]) +* `auth_mellon`* (see [`apache::mod::auth_mellon`][]) * `auth_kerb` * `authn_core` * `authn_file` @@ -1303,6 +1306,26 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. +##### Class: `apache::mod::auth_mellon` + +Installs and manages [`mod_auth_mellon`][]. It's parameters share names with the Apache module's directives. + +~~~puppet +class{'apache::mod::auth_mellon': + mellon_cache_size => 101 +} +~~~ + +**Parameters within `apache::mod::auth_mellon`**: + +- `mellon_cache_size`: Size in megabytes of mellon cache. +- `mellon_cache_entry_size`: Maximum size for single session. +- `mellon_lock_file`: Location of lock file. +- `mellon_post_directory`: Full path where post requests are saved. +- `mellon_post_ttl`: Time to keep post requests. +- `mellon_post_size`: Maximum size of post requests. +- `mellon_post_count`: Maxmum number of post requests. + ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. @@ -2655,6 +2678,69 @@ Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoinde } ~~~ +###### `mellon_enable` + +Sets the [MellonEnable](https://github.com/UNINETT/mod_auth_mellon) to enable auth_melon on a location. + +~~~ puppet +apache::vhost{'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/', + provider => 'directory', + mellon_enable => 'info', + mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, + mellon_endpoint_path => '/mellon', + mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress'}, + mellon_user => 'ADFS_LOGIN' + }, + { path => '/protected', + provider => 'location', + mellon_enable => 'auth', + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'] + } + ] +} + +###### `mellon_cond` + +Sets the [MellonCond](https://github.com/UNINETT/mod_auth_mellon) is an array of mellon conditions that must +be met to grant access. + + +###### `mellon_endpoint_path` + +Sets the [MellonEndpointPath](https://github.com/UNINETT/mod_auth_mellon) to set melon endpoint path. + +###### `mellon_idp_metadata_file` + +Sets the [MellonIDPMetadataFile](https://github.com/UNINETT/mod_auth_mellon) location of idp metadata file. + +###### `mellon_saml_rsponse_dump` + +Sets the [MellonSamlRepsponseDump](https://github.com/UNINETT/mod_auth_mellon) to enable debug of SAML. + +###### `mellon_set_env_no_prefix` + +Sets the [MellonSetEnvNoPrefix](https://github.com/UNINETT/mod_auth_mellon) is a hash of attribute names to map +to environment variables. + + +###### `mellon_sp_private_key_file` + +Sets the [MellonSPPrivateKeyFile](https://github.com/UNINETT/mod_auth_mellon) private key location of service provider. + +###### `mellon_sp_cert_file` + +Sets the [MellonSPCertFile](https://github.com/UNINETT/mod_auth_mellon) public key location of service provider. + +###### `mellon_user` + +Sets the [MellonUser](https://github.com/UNINETT/mod_auth_mellon) attribute we should use for the username. + ###### `options` Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. diff --git a/manifests/mod/auth_mellon.pp b/manifests/mod/auth_mellon.pp new file mode 100644 index 0000000000..79f6ffebb2 --- /dev/null +++ b/manifests/mod/auth_mellon.pp @@ -0,0 +1,24 @@ +class apache::mod::auth_mellon ( + $mellon_cache_size = $::apache::params::mellon_cache_size, + $mellon_lock_file = $::apache::params::mellon_lock_file, + $mellon_post_directory = $::apache::params::mellon_post_directory, + $mellon_cache_entry_size = undef, + $mellon_post_ttl = undef, + $mellon_post_size = undef, + $mellon_post_count = undef +) { + + ::apache::mod { 'auth_mellon': } + + # Template uses + # - All variables beginning with mellon_ + file { 'auth_mellon.conf': + ensure => file, + path => "${::apache::mod_dir}/auth_mellon.conf", + content => template('apache/mod/auth_mellon.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Class['Apache::Service'], + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 6a26128eaa..5c5233ccdb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -75,6 +75,7 @@ $mod_packages = { 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', + 'auth_mellon' => 'mod_auth_mellon', 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', default => 'mod_authz_ldap', @@ -131,6 +132,9 @@ $wsgi_socket_prefix = undef } $cas_cookie_path = '/var/cache/mod_auth_cas/' + $mellon_lock_file = '/run/mod_auth_mellon/lock' + $mellon_cache_size = 100 + $mellon_post_directory = undef $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' @@ -188,6 +192,7 @@ $mod_packages = { 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', @@ -218,6 +223,9 @@ $mime_types_config = '/etc/mime.types' $docroot = '/var/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/' $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' @@ -479,6 +487,9 @@ $mime_types_config = '/etc/mime.types' $docroot = '/srv/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = undef $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] diff --git a/spec/classes/mod/auth_mellon_spec.rb b/spec/classes/mod/auth_mellon_spec.rb new file mode 100644 index 0000000000..f022e48108 --- /dev/null +++ b/spec/classes/mod/auth_mellon_spec.rb @@ -0,0 +1,87 @@ +describe 'apache::mod::auth_mellon', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('libapache2-mod-auth-mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end + + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('mod_auth_mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end + end +end diff --git a/templates/mod/auth_mellon.conf.erb b/templates/mod/auth_mellon.conf.erb new file mode 100644 index 0000000000..e36a733907 --- /dev/null +++ b/templates/mod/auth_mellon.conf.erb @@ -0,0 +1,21 @@ +<%- if @mellon_cache_size -%> +MellonCacheSize <%= @mellon_cache_size %> +<%- end -%> +<%- if @mellon_cache_entry_size -%> +MellonCacheEntrySize <%= @mellon_cache_entry_size %> +<%- end -%> +<%- if @mellon_lock_file -%> +MellonLockFile "<%= @mellon_lock_file %>" +<%- end -%> +<%- if @mellon_post_directory -%> +MellonPostDirectory "<%= @mellon_post_directory %>" +<%- end -%> +<%- if @mellon_post_ttl -%> +MellonPostTTL <%= @mellon_post_ttl %> +<%- end -%> +<%- if @mellon_post_size -%> +MellonPostSize <%= @mellon_post_size %> +<%- end -%> +<%- if @mellon_post_count -%> +MellonPostCount <%= @mellon_post_count %> +<%- end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 529d9bdffa..189bd57701 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -252,6 +252,37 @@ ShibUseHeaders <%= directory['shib_use_headers'] %> <%- end -%> <%- end -%> + <%- if directory['mellon_enable'] -%> + MellonEnable "<%= directory['mellon_enable'] %>" + <%- if directory['mellon_endpoint_path'] -%> + MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>" + <%- end -%> + <%- if directory['mellon_sp_private_key_file'] -%> + MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_cert_file'] -%> + MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" + <%- end -%> + <%- if directory['mellon_idp_metadata_file'] -%> + MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_set_env_no_prefix'] -%> + <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%> + MellonSetEnvNoPrefix "<%= key %>" "<%= value %>" + <%- end -%> + <%- end -%> + <%- if directory['mellon_user'] -%> + MellonUser "<%= directory['mellon_user'] %>" + <%- end -%> + <%- if directory['mellon_saml_response_dump'] -%> + MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>" + <%- end -%> + <%- if directory['mellon_cond'] -%> + <%- Array(directory['mellon_cond']).each do |cond| -%> + MellonCond <%= cond %> + <%- end -%> + <%- end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 3b5e4db1c5cb9194b757c7ca4a3f30f79e7103e5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 24 Aug 2015 14:50:23 -0700 Subject: [PATCH 0681/2267] MODULES-2439 - ProxyPassMatch parameters were ending up on a newline --- spec/defines/vhost_spec.rb | 3 ++- templates/vhost/_proxy.erb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index cb8c9e84bb..5dce3f748b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -449,12 +449,13 @@ { 'path' => '.*', 'url' => 'http://backend-a/', + 'params' => { 'timeout' => 300 }, } ], } end it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - /ProxyPassMatch .* http:\/\/backend-a\//).with_content(/## Proxy rules/) } + /ProxyPassMatch .* http:\/\/backend-a\/ timeout=300/).with_content(/## Proxy rules/) } end context 'proxy_dest_match' do let :params do diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 29d35cae98..71512fdba2 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -33,7 +33,7 @@ <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> - ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> <%- end -%> From 059b92b9403a555984734b988b7352adbbf7b602 Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Tue, 18 Aug 2015 23:37:43 +0200 Subject: [PATCH 0682/2267] Catch that mod_authz_default has been removed in Apache 2.4 Having it in the server config will prevent the server from starting as the module file cannot be found. --- manifests/mod/authz_default.pp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/manifests/mod/authz_default.pp b/manifests/mod/authz_default.pp index 23edd9b5ac..e457774ae5 100644 --- a/manifests/mod/authz_default.pp +++ b/manifests/mod/authz_default.pp @@ -1,3 +1,9 @@ -class apache::mod::authz_default { - ::apache::mod { 'authz_default': } +class apache::mod::authz_default( + $apache_version = $::apache::apache_version +) { + if versioncmp($apache_version, '2.4') >= 0 { + warning('apache::mod::authz_default has been removed in Apache 2.4') + } else { + ::apache::mod { 'authz_default': } + } } From 7cf4b96f7806c9960ffd002b6c9f4a6cc8720800 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Wed, 12 Aug 2015 14:44:45 +0200 Subject: [PATCH 0683/2267] Support the mod_proxy ProxyPassReverseCookiePath directive --- README.md | 3 +++ spec/defines/vhost_spec.rb | 14 ++++++++++---- templates/vhost/_proxy.erb | 5 +++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9cfde923ed..58e8e03ebf 100644 --- a/README.md +++ b/README.md @@ -2113,11 +2113,14 @@ apache::vhost { 'site.name.fdqn': 'keywords' => ['nocanon', 'interpolate'] }, { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, + { 'path' => '/g', 'url' => 'http://backend-g/', + 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}], }, ], } ~~~ `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath. `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 5dce3f748b..3b9a6fdbd9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -210,10 +210,14 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'params' => { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'reverse_cookies' => [{ + 'path' => '/a', + 'url' => 'http://backend-a/', + }], + 'params' => { 'retry' => '0', 'timeout' => '5' }, @@ -403,6 +407,8 @@ /SetEnv proxy-nokeepalive 1/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /noquery interpolate/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 71512fdba2..3f94af9112 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -18,6 +18,11 @@ <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> <%- end %> > + <%- if not proxy['reverse_cookies'].nil? -%> + <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- end -%> <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> <%- else -%> From 6e05f67d5732cf6beee9a7cc77c52830137fbce2 Mon Sep 17 00:00:00 2001 From: Holt Wilkins Date: Fri, 21 Aug 2015 18:19:52 +1000 Subject: [PATCH 0684/2267] Add support for the Apache SSLProxyMachineCertificateFile directive which allows the apache reverse proxy to use a client certificate to authenticate to its upstream --- README.md | 11 +++++++++++ manifests/vhost.pp | 2 ++ templates/vhost/_ssl.erb | 3 +++ 3 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 769b937b8d..a1de3d734f 100644 --- a/README.md +++ b/README.md @@ -2898,6 +2898,17 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# } ~~~ +##### `ssl_proxy_machine_cert` + +Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Defaults to 'undef'. + +~~~ puppet + apache::vhost { 'sample.example.net': + … + ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', + } +~~~ + ##### `ssl_options` Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 20b1aa6b91..c44bba5891 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -25,6 +25,7 @@ $ssl_honorcipherorder = undef, $ssl_verify_client = undef, $ssl_verify_depth = undef, + $ssl_proxy_machine_cert = undef, $ssl_options = undef, $ssl_openssl_conf_cmd = undef, $ssl_proxyengine = false, @@ -738,6 +739,7 @@ # - $ssl_honorcipherorder # - $ssl_verify_client # - $ssl_verify_depth + # - $ssl_proxy_machine_cert # - $ssl_options # - $ssl_openssl_conf_cmd # - $apache_version diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index c2d9413509..e99b739a67 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -40,6 +40,9 @@ <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> <%- end -%> + <%- if @ssl_proxy_machine_cert -%> + SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" + <%- end -%> <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> <%- end -%> From be089859927b99237de02a821a6f786c722c326e Mon Sep 17 00:00:00 2001 From: Niklas Grossmann Date: Wed, 2 Sep 2015 15:12:37 +0200 Subject: [PATCH 0685/2267] MODULES-2513 mod::ssl fails on SLES Add SLES/Suse support to mod::ssl. --- manifests/mod/ssl.pp | 17 +++++++++++------ spec/classes/mod/ssl_spec.rb | 16 ++++++++++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 9e68d21b70..475f233a50 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -12,12 +12,6 @@ $apache_version = $::apache::apache_version, $package_name = undef, ) { - $session_cache = $::osfamily ? { - 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", - 'redhat' => '/var/cache/mod_ssl/scache(512000)', - 'freebsd' => '/var/run/ssl_scache(512000)', - 'gentoo' => '/var/run/ssl_scache(512000)', - } case $::osfamily { 'debian': { @@ -38,11 +32,22 @@ 'gentoo': { $ssl_mutex = 'default' } + 'Suse': { + $ssl_mutex = 'default' + } default: { fail("Unsupported osfamily ${::osfamily}") } } + $session_cache = $::osfamily ? { + 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", + 'redhat' => '/var/cache/mod_ssl/scache(512000)', + 'freebsd' => '/var/run/ssl_scache(512000)', + 'gentoo' => '/var/run/ssl_scache(512000)', + 'Suse' => '/var/lib/apache2/ssl_scache(512000)' + } + ::apache::mod { 'ssl': package => $package_name, } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 1e8b94edca..0fd813d7e1 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -100,6 +100,22 @@ it { is_expected.to contain_apache__mod('ssl') } end + context 'on a Suse OS' do + let :facts do + { + :osfamily => 'Suse', + :operatingsystem => 'SLES', + :operatingsystemrelease => '11.2', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + end # Template config doesn't vary by distro context "on all distros" do let :facts do From 2311945635b113afb6f367a288df563fd2b1abc5 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Fri, 4 Sep 2015 11:07:19 +0200 Subject: [PATCH 0686/2267] Fix mellon docs formatting --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d95ac6b534..dc1eb18c7e 100644 --- a/README.md +++ b/README.md @@ -2707,6 +2707,7 @@ apache::vhost{'sample.example.net': } ] } +~~~ ###### `mellon_cond` From a221fdcb6d1963b4dfbfb1468fce13fea07f5d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20POIROUX?= Date: Mon, 7 Sep 2015 15:25:04 +0200 Subject: [PATCH 0687/2267] Deflate "application/json" by default Hello, How can I customize the "types" of "deflate " while using " default_mods " ? I need to deflate "application/json". JSON is a common text resource types on the web which should be served with HTTP compression: https://zoompf.com/blog/2012/02/lose-the-wait-http-compression Thks --- manifests/mod/deflate.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 9b8d43621c..0748a54e57 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -3,7 +3,8 @@ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', - 'application/rss+xml' + 'application/rss+xml', + 'application/json' ], $notes = { 'Input' => 'instream', From f11f5f77ab67268ec39a07e4d42d28790f766dba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20POIROUX?= Date: Tue, 8 Sep 2015 12:24:17 +0200 Subject: [PATCH 0688/2267] Added application/json on default DEFLATE configuration --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dc1eb18c7e..b6af020e65 100644 --- a/README.md +++ b/README.md @@ -1332,7 +1332,7 @@ Installs and configures [`mod_deflate`][]. **Parameters within `apache::mod::deflate`:** -- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml' ]. +- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. - `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } ##### Class: `apache::mod::expires` From 9367580e2dc72df792fdafc48c5a9c94d7725a59 Mon Sep 17 00:00:00 2001 From: Aaron Russell Date: Fri, 3 Jul 2015 09:48:50 -0400 Subject: [PATCH 0689/2267] (MODULES-2188) Add support for PassengerBaseURI in Apache This adds a varaible and template block for using PassengerBaseURI in the vhost --- README.md | 4 ++++ manifests/vhost.pp | 16 ++++++++++++++++ spec/defines/vhost_spec.rb | 1 + templates/vhost/_passenger_base_uris.erb | 7 +++++++ tests/vhost.pp | 8 ++++++++ 5 files changed, 36 insertions(+) create mode 100644 templates/vhost/_passenger_base_uris.erb diff --git a/README.md b/README.md index 769b937b8d..ff4ce0007b 100644 --- a/README.md +++ b/README.md @@ -2114,6 +2114,10 @@ This directive is equivalent to proxy_pass, but takes regular expressions, see [ Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +#####`passenger_base_uris` + +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Defaults to 'undef'. + ##### `redirect_dest` Specifies the address to redirect to. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 20b1aa6b91..1c72242688 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -80,6 +80,7 @@ $redirectmatch_regexp = undef, $redirectmatch_dest = undef, $rack_base_uris = undef, + $passenger_base_uris = undef, $headers = undef, $request_headers = undef, $filters = undef, @@ -386,6 +387,11 @@ } } + # Load mod_passenger if needed and not yet loaded + if $passenger_base_uris { + include ::apache::mod::passenger + } + # Load mod_fastci if needed and not yet loaded if $fastcgi_server and $fastcgi_socket { if ! defined(Class['apache::mod::fastcgi']) { @@ -655,6 +661,16 @@ } } + # Template uses: + # - $passenger_base_uris + if $passenger_base_uris { + concat::fragment { "${name}-passenger_uris": + target => "${priority_real}${filename}.conf", + order => 155, + content => template('apache/vhost/_passenger_base_uris.erb'), + } + } + # Template uses: # - $redirect_source # - $redirect_dest diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index cb8c9e84bb..82301c4efb 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -248,6 +248,7 @@ 'redirectmatch_regexp' => ['\.git$'], 'redirectmatch_dest' => ['http://www.example.com'], 'rack_base_uris' => ['/rackapp1'], + 'passenger_base_uris' => ['/passengerapp1'], 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', 'request_headers' => ['append MirrorID "mirror 12"'], 'rewrites' => [ diff --git a/templates/vhost/_passenger_base_uris.erb b/templates/vhost/_passenger_base_uris.erb new file mode 100644 index 0000000000..f3ef5aa0a5 --- /dev/null +++ b/templates/vhost/_passenger_base_uris.erb @@ -0,0 +1,7 @@ +<% if @passenger_base_uris -%> + + ## Enable passenger base uris +<% Array(@passenger_base_uris).each do |uri| -%> + PassengerBaseURI <%= uri %> +<% end -%> +<% end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index a46b677846..0cf8da75c4 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -141,6 +141,7 @@ rack_base_uris => ['/rackapp1', '/rackapp2'], } + # Vhost to redirect non-ssl to ssl apache::vhost { 'sixteenth.example.com non-ssl': servername => 'sixteenth.example.com', @@ -251,3 +252,10 @@ access_log_env_var => 'admin', } +# Vhost with a passenger_base configuration +apache::vhost { 'twentysecond.example.com': + port => '80', + docroot => '/var/www/twentysecond', + rack_base_uris => ['/passengerapp1', '/passengerapp2'], +} + From 49fed02c87da035d9cd85aafe115b7ed447d92ca Mon Sep 17 00:00:00 2001 From: Edmund Craske Date: Mon, 14 Sep 2015 13:29:36 +0100 Subject: [PATCH 0690/2267] Fix typo of MPM_PREFORK Was unsetting 'MPM_PERFORK', so 'MPM_PREFORK' would not have been unset correctly. --- manifests/package.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index 728b26010e..5c59f2546d 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -17,11 +17,11 @@ } 'worker': { $set = 'MPM_WORKER' - $unset = 'MPM_PERFORK MPM_EVENT' + $unset = 'MPM_PREFORK MPM_EVENT' } 'event': { $set = 'MPM_EVENT' - $unset = 'MPM_PERFORK MPM_WORKER' + $unset = 'MPM_PREFORK MPM_WORKER' } 'itk': { $set = undef From bf948c05e253b43ed0bae1ca36868af4af617860 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Fri, 14 Aug 2015 13:07:35 +0200 Subject: [PATCH 0691/2267] (MODULES-2419) - Add mod_auth_kerb parameters to vhost. https://tickets.puppetlabs.com/browse/MODULES-2419 The following kerberos parameters can be set within a vhost. KrbMethodNegotiate KrbMethodK5Passwd KrbAuthoritative KrbAuthRealms Krb5Keytab KrbLocalUserMapping Reference for mod_auth_kerb: http://modauthkerb.sourceforge.net/configure.html https://bugzilla.redhat.com/show_bug.cgi?id=970678 --- README.md | 45 ++++++++++++++++++++++++++++++++++ manifests/vhost.pp | 28 +++++++++++++++++++++ spec/defines/vhost_spec.rb | 17 +++++++++++++ templates/vhost/_auth_kerb.erb | 23 +++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 templates/vhost/_auth_kerb.erb diff --git a/README.md b/README.md index b6af020e65..fdc4c97765 100644 --- a/README.md +++ b/README.md @@ -1964,6 +1964,51 @@ Usage typically looks like: } ~~~ +##### `auth_kerb` + +Enable mod_auth_kerb parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. + +Usage typically looks like: + +~~~ puppet + apache::vhost {'sample.example.net': + auth_kerb => true, + krb_method_negotiate => 'on', + krb_auth_realms => ['EXAMPLE.ORG'], + krb_local_user_mapping => 'on', + directories => { + path => '/var/www/html', + auth_name => 'Kerberos Login', + auth_type => 'Kerberos', + auth_require => 'valid-user', + } + } +~~~ + +##### `krb_method_negotiate` + +To enable or disable the use of the Negotiate method. Defaults is 'on' + +##### `krb_method_k5passwd` + +To enable or disable the use of password based authentication for Kerberos v5. Default is 'on' + +##### `krb_authoritative` + +If set to off this directive allow authentication controls to be pass on to another modules. Default is 'on' + +##### `krb_auth_realms` + +Specifies an array Kerberos realm(s) to be used for authentication. Default is [] + +##### `krb_5keytab` + +Location of the Kerberos V5 keytab file. Not set by default. + +##### `krb_local_user_mapping` + +Strips @REALM from username for further use. Not set by default. + ##### `logroot` Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index c44bba5891..027e490796 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -123,6 +123,13 @@ $modsec_disable_ids = undef, $modsec_disable_ips = undef, $modsec_body_limit = undef, + $auth_kerb = false, + $krb_method_negotiate = 'on', + $krb_method_k5passwd = 'on', + $krb_authoritative = 'on', + $krb_auth_realms = [], + $krb_5keytab = undef, + $krb_local_user_mapping = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -213,6 +220,7 @@ validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") } + validate_bool($auth_kerb) # Input validation ends if $ssl and $ensure == 'present' { @@ -221,6 +229,10 @@ include ::apache::mod::mime } + if $auth_kerb and $ensure == 'present' { + include ::apache::mod::auth_kerb + } + if $virtual_docroot { include ::apache::mod::vhost_alias } @@ -751,6 +763,22 @@ } } + # Template uses: + # - $auth_kerb + # - $krb_method_negotiate + # - $krb_method_k5passwd + # - $krb_authoritative + # - $krb_auth_realms + # - $krb_5keytab + # - $krb_local_user_mapping + if $auth_kerb { + concat::fragment { "${name}-auth_kerb": + target => "${priority_real}${filename}.conf", + order => 210, + content => template('apache/vhost/_auth_kerb.erb'), + } + } + # Template uses: # - $suphp_engine # - $suphp_addhandler diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3b9a6fdbd9..8d6ced9d4a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -313,6 +313,13 @@ 'passenger_start_timeout' => '600', 'passenger_pre_start' => 'http://localhost/myapp', 'add_default_charset' => 'UTF-8', + 'auth_kerb' => true, + 'krb_method_negotiate' => 'off', + 'krb_method_k5passwd' => 'off', + 'krb_authoritative' => 'off', + 'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'], + 'krb_5keytab' => '/tmp/keytab5', + 'krb_local_user_mapping' => 'off', } end let :facts do @@ -432,6 +439,16 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbMethodNegotiate\soff$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbAuthoritative\soff$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+Krb5Keytab\s\/tmp\/keytab5$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbLocalUserMapping\soff$/)} end context 'set only aliases' do let :params do diff --git a/templates/vhost/_auth_kerb.erb b/templates/vhost/_auth_kerb.erb new file mode 100644 index 0000000000..9179ee8b2a --- /dev/null +++ b/templates/vhost/_auth_kerb.erb @@ -0,0 +1,23 @@ +<% if @auth_kerb -%> + + ## Kerberos directives + <%- if @krb_method_negotiate -%> + KrbMethodNegotiate <%= @krb_method_negotiate %> + <%- end -%> + <%- if @krb_method_k5passwd -%> + KrbMethodK5Passwd <%= @krb_method_k5passwd %> + <%- end -%> + <%- if @krb_authoritative -%> + KrbAuthoritative <%= @krb_authoritative %> + <%- end -%> + <%- if @krb_auth_realms and @krb_auth_realms.length >= 1 -%> + KrbAuthRealms <%= @krb_auth_realms.join(' ') %> + <%- end -%> + <%- if @krb_5keytab -%> + Krb5Keytab <%= @krb_5keytab %> + <%- end -%> + <%- if @krb_local_user_mapping -%> + KrbLocalUserMapping <%= @krb_local_user_mapping -%> + <%- end -%> + +<% end -%> From 05613d7f0979237f176778c0fa6ebfb9cc10f8c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCssel?= Date: Mon, 21 Sep 2015 16:13:37 +0200 Subject: [PATCH 0692/2267] also install mod_authn_alias as default mod in debian for apache < 2.4 --- manifests/default_mods.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 1c3820bf09..a1d2c89ef3 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -42,6 +42,9 @@ 'debian': { include ::apache::mod::authn_core include ::apache::mod::reqtimeout + if versioncmp($apache_version, '2.4') < 0 { + ::apache::mod { 'authn_alias': } + } } 'redhat': { include ::apache::mod::actions From 2ab10465fee10c150f3f8f98c74730ad7b8d3d24 Mon Sep 17 00:00:00 2001 From: Athanasios Douitsis Date: Tue, 22 Sep 2015 15:14:05 +0300 Subject: [PATCH 0693/2267] Fix erroneous example in README.md Fix error regarding the shib_request_settings setting for a vhost directory. Also, fix value of said attribute to a hash instead of a string. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a4eb4d4ae..925ba5ae01 100644 --- a/README.md +++ b/README.md @@ -2916,7 +2916,7 @@ Allows an valid content setting to be set or altered for the application request docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', - shib_require_setting => 'requiresession 1', + shib_request_settings => { 'requiresession' => 'On' }, shib_use_headers => 'On', }, ], From 99daf49c2fa0149a50d996f51cf49ece01e315a4 Mon Sep 17 00:00:00 2001 From: Freddy Spierenburg Date: Tue, 22 Sep 2015 18:22:00 +0200 Subject: [PATCH 0694/2267] MODULES-2613 Small style cleanup to templates/vhost/_additional_includes.erb The file templates/vhost/_additional_includes.erb can use a small cleanup (IMHO). Without this commit the includes are not nicely indented in line with the comment and the rest of the configuration file. This commit fixes that. --- templates/vhost/_additional_includes.erb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_additional_includes.erb b/templates/vhost/_additional_includes.erb index aa9f0fe351..a07bb81125 100644 --- a/templates/vhost/_additional_includes.erb +++ b/templates/vhost/_additional_includes.erb @@ -2,9 +2,8 @@ ## Load additional static includes <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> -IncludeOptional "<%= include %>" + IncludeOptional "<%= include %>" <%- else -%> -Include "<%= include %>" + Include "<%= include %>" <%- end -%> - <% end -%> From 10d632b99b3f84f7f70421a64c62bdbb72f2d824 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Wed, 23 Sep 2015 15:26:15 +0200 Subject: [PATCH 0695/2267] (MODULES-2616) Optionally set LimitRequestFieldSize on an apache::vhost Support setting of LimitRequestFieldSize on a vhost. ```puppet apache::vhost{'foo': limit_request_field_size => 1234 } ``` by default value is unset. http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize https://tickets.puppetlabs.com/browse/MODULES-2616 --- README.md | 4 ++++ manifests/vhost.pp | 14 ++++++++++++++ spec/defines/vhost_spec.rb | 4 ++++ templates/vhost/_limits.erb | 5 +++++ 4 files changed, 27 insertions(+) create mode 100644 templates/vhost/_limits.erb diff --git a/README.md b/README.md index 925ba5ae01..1f69c825b1 100644 --- a/README.md +++ b/README.md @@ -2009,6 +2009,10 @@ Location of the Kerberos V5 keytab file. Not set by default. Strips @REALM from username for further use. Not set by default. +##### `limit_request_field_size` + +[Limits](http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize) the size of the HTTP request header allowed from the client. Default is 'undef'. + ##### `logroot` Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 42a3a373b2..25530bccb8 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -131,6 +131,7 @@ $krb_auth_realms = [], $krb_5keytab = undef, $krb_local_user_mapping = undef, + $limit_request_field_size = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -222,6 +223,10 @@ } validate_bool($auth_kerb) + + if $limit_request_field_size { + validate_integer($limit_request_field_size) + } # Input validation ends if $ssl and $ensure == 'present' { @@ -946,6 +951,15 @@ content => template('apache/vhost/_filters.erb'), } } + # Template uses: + # - $limit_request_field_size + if $limit_request_field_size { + concat::fragment { "${name}-limits": + target => "${priority_real}${filename}.conf", + order => 330, + content => template('apache/vhost/_limits.erb'), + } + } # Template uses no variables concat::fragment { "${name}-file_footer": diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 713d8726da..03140931fc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -321,6 +321,7 @@ 'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'], 'krb_5keytab' => '/tmp/keytab5', 'krb_local_user_mapping' => 'off', + 'limit_request_field_size' => '54321', } end let :facts do @@ -450,6 +451,8 @@ :content => /^\s+Krb5Keytab\s\/tmp\/keytab5$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbLocalUserMapping\soff$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-limits').with( + :content => /^\s+LimitRequestFieldSize\s54321$/)} end context 'set only aliases' do let :params do @@ -601,6 +604,7 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-limits') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end end diff --git a/templates/vhost/_limits.erb b/templates/vhost/_limits.erb new file mode 100644 index 0000000000..0bd56db353 --- /dev/null +++ b/templates/vhost/_limits.erb @@ -0,0 +1,5 @@ + + ## Limit Request Values +<% if @limit_request_field_size -%> + LimitRequestFieldSize <%= @limit_request_field_size %> +<% end -%> From 7a67ab19c0a65617654145a1f683f40c28a14386 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 24 Sep 2015 06:03:24 -0600 Subject: [PATCH 0696/2267] add SecUploadDir parameter to support file uploads with mod_security --- templates/mod/security.conf.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index ac28402c64..7b2da76135 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -59,10 +59,13 @@ SecAuditLog /var/log/apache2/modsec_audit.log SecTmpDir /var/cache/modsecurity SecDataDir /var/cache/modsecurity + SecUploadDir /var/cache/modsecurity <% else -%> SecDebugLog /var/log/httpd/modsec_debug.log SecAuditLog /var/log/httpd/modsec_audit.log SecTmpDir /var/lib/mod_security SecDataDir /var/lib/mod_security + SecUploadDir /var/lib/mod_security <% end -%> + SecUploadKeepFiles Off From e2b6bcfee0a0e9f9a1eef57eb44d3ca315e3b37e Mon Sep 17 00:00:00 2001 From: Mark Jeffcoat Date: Thu, 24 Sep 2015 16:15:29 -0500 Subject: [PATCH 0697/2267] Correct typo in default_vhost => false example. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1f69c825b1..f720c4202a 100644 --- a/README.md +++ b/README.md @@ -289,7 +289,7 @@ You can customize parameters when declaring the `apache` class. For instance, th ~~~ puppet class { 'apache': - default_vhosts => false, + default_vhost => false, } ~~~ From 2ad38d913ede0e35897c70b863f2c50a1b4a29e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Mon, 31 Aug 2015 18:43:02 +0200 Subject: [PATCH 0698/2267] Add an option to configure PassengerLogFile PassengerLogFile (available since 5.0.5) allows us to configure a separate file where (all) applications running under passenger will send their stdout/stderr to. This is helpful in reducing noise when trying to parse httpd's error log --- README.md | 4 ++++ manifests/mod/passenger.pp | 5 +++++ spec/classes/mod/passenger_spec.rb | 6 ++++++ templates/mod/passenger.conf.erb | 3 +++ 4 files changed, 18 insertions(+) diff --git a/README.md b/README.md index f720c4202a..a56b8597b6 100644 --- a/README.md +++ b/README.md @@ -2101,6 +2101,10 @@ Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guid Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. +##### `passenger_log_file` + +By default Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can have those messages logged to a different file instead. n.b.: This option is only available since Passenger 5.0.5 + ##### `passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index efd3486896..4f7cb7f04a 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -15,6 +15,7 @@ $passenger_min_instances = undef, $passenger_use_global_queue = undef, $passenger_app_env = undef, + $passenger_log_file = undef, $mod_package = undef, $mod_package_ensure = undef, $mod_lib = undef, @@ -26,6 +27,9 @@ if $passenger_spawn_method { validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") } + if $passenger_log_file { + validate_absolute_path($passenger_log_file) + } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { @@ -70,6 +74,7 @@ # - $passenger_spawn_method # - $passenger_stat_throttle_rate # - $passenger_use_global_queue + # - $passenger_log_file # - $passenger_app_env # - $rack_autodetect # - $rails_autodetect diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 40ac749f6a..c438241e06 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -118,6 +118,12 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerAppEnv foo$/) } end + describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do + let :params do + { :passenger_log_file => '/var/log/apache2/passenger.log' } + end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile /var/log/apache2/passenger.log$}) } + end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 1af4eaaa4b..9bd13c22ac 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -43,4 +43,7 @@ <%- if @passenger_app_env -%> PassengerAppEnv <%= @passenger_app_env %> <%- end -%> + <%- if @passenger_log_file -%> + PassengerLogFile <%= @passenger_log_file %> + <%- end -%> From b68b6aead3552617df74d72e031ebdb236ebd48b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Mon, 28 Sep 2015 15:00:31 +0200 Subject: [PATCH 0699/2267] the passenger documentation has moved. follow it. also, remove the wildly out-dated README.passenger.md --- README.md | 12 +- README.passenger.md | 296 -------------------------------------------- 2 files changed, 6 insertions(+), 302 deletions(-) delete mode 100644 README.passenger.md diff --git a/README.md b/README.md index a56b8597b6..e571bc51eb 100644 --- a/README.md +++ b/README.md @@ -2095,11 +2095,11 @@ Sets the overrides for the specified virtual host. Accepts an array of [AllowOve ##### `passenger_app_root` -Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. +Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. ##### `passenger_app_env` -Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. +Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. ##### `passenger_log_file` @@ -2107,19 +2107,19 @@ By default Passenger log messages are written to the Apache global error log. Wi ##### `passenger_ruby` -Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. +Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby) on this virtual host, the Ruby interpreter to use for the application. ##### `passenger_min_instances` -Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run. +Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. ##### `passenger_start_timeout` -Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup. +Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. ##### `passenger_pre_start` -Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. +Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required. ##### `php_flags & values` diff --git a/README.passenger.md b/README.passenger.md deleted file mode 100644 index d50b3f4897..0000000000 --- a/README.passenger.md +++ /dev/null @@ -1,296 +0,0 @@ -# Passenger - -Just enabling the Passenger module is insufficient for the use of Passenger in -production. Passenger should be tunable to better fit the environment in which -it is run while being aware of the resources it required. - -To this end the Apache passenger module has been modified to apply system wide -Passenger tuning declarations to `passenger.conf`. Declarations specific to a -virtual host should be passed through when defining a `vhost` (e.g. -`rack_base_uris` parameter on the `apache::vhost` type, check `README.md`). - -Also, general apache module loading parameters can be supplied to enable using -a customized passenger module in place of a default-package-based version of -the module. - -## Operating system support and Passenger versions - -The most important configuration directive for the Apache Passenger module is -`PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or -4.x) and on the operating system package from which the Apache Passenger module -is installed. - -The following table summarises the current *default versions* and -`PassengerRoot` settings for the operating systems supported by -puppetlabs-apache: - -OS | Passenger version | `PassengerRoot` ----------------- | ------------------ | ---------------- -Debian 7 | 3.0.13 | /usr -Debian 8 | 4.0.53 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini -Ubuntu 12.04 | 2.2.11 | /usr -Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini -RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21 - -As mentioned in `README.md` there are no compatible packages available for -RHEL/CentOS 5 or RHEL/CentOS 7. - -### Configuration files and locations on RHEL/CentOS - -Notice two important points: - -1. The Passenger version packaged in the EPEL repositories may change over time. -2. The value of `PassengerRoot` depends on the Passenger version installed. - -To prevent the puppetlabs-apache module from having to keep up with these -package versions the Passenger configuration files installed by the -packages are left untouched by this module. All configuration is placed in an -extra configuration file managed by puppetlabs-apache. - -This means '/etc/httpd/conf.d/passenger.conf' is installed by the -`mod_passenger` package and contains correct values for `PassengerRoot` and -`PassengerRuby`. Puppet will ignore this file. Additional configuration -directives as described in the remainder of this document are placed in -'/etc/httpd/conf.d/passenger_extra.conf', managed by Puppet. - -This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu. - -### Third-party and custom Passenger packages and versions - -The Passenger version distributed by the default OS packages may be too old to -be useful. Newer versions may be installed via Gems, from source or from -third-party OS packages. - -Most notably the Passenger developers officially provide Debian packages for a -variety of Debian and Ubuntu releases in the [Passenger APT -repository](https://oss-binaries.phusionpassenger.com/apt/passenger). Read more -about [installing these packages in the offical user -guide](http://www.modrails.com/documentation/Users%20guide%20Apache.html#install_on_debian_ubuntu). - -If you install custom Passenger packages and newer version make sure to set the -directives `PassengerRoot`, `PassengerRuby` and/or `PassengerDefaultRuby` -correctly, or Passenger and Apache will fail to function properly. - -For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive -should almost universally be set to -`/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`. - -## Parameters for `apache::mod::passenger` - -The following class parameters configure Passenger in a global, server-wide -context. - -Example: - -```puppet -class { 'apache::mod::passenger': - passenger_root => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', - passenger_default_ruby => '/usr/bin/ruby1.9.3', - passenger_high_performance => 'on', - rails_autodetect => 'off', - mod_lib_path => '/usr/lib/apache2/custom_modules', -} -``` - -The general form is using the all lower-case version of the configuration -directive, with underscores instead of CamelCase. - -### Parameters used with passenger.conf - -If you pass a default value to `apache::mod::passenger` it will be ignored and -not passed through to the configuration file. - -#### passenger_root - -The location to the Phusion Passenger root directory. This configuration option -is essential to Phusion Passenger, and allows Phusion Passenger to locate its -own data files. - -The default depends on the Passenger version and the means of installation. See -the above section on operating system support, versions and packages for more -information. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt - -#### passenger_default_ruby - -This option specifies the default Ruby interpreter to use for web apps as well -as for all sorts of internal Phusion Passenger helper scripts, e.g. the one -used by PassengerPreStart. - -This directive was introduced in Passenger 4.0.0 and will not work in versions -< 4.x. Do not set this parameter if your Passenger version is older than 4.0.0. - -Defaults to `undef` for all operating systems except Ubuntu 14.04, where it is -set to '/usr/bin/ruby'. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby - -#### passenger_ruby - -This directive is the same as `passenger_default_ruby` for Passenger versions -< 4.x and must be used instead of `passenger_default_ruby` for such versions. - -It makes no sense to set `PassengerRuby` for Passenger >= 4.x. That -directive should only be used to override the value of `PassengerDefaultRuby` -on a non-global context, i.e. in ``, ``, `` -and so on. - -Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu -14.04, where it is set to `undef`. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby - -#### passenger_high_performance - -Default is `off`. When turned `on` Passenger runs in a higher performance mode -that can be less compatible with other Apache modules. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance - -#### passenger_max_pool_size - -Sets the maximum number of Passenger application processes that may -simultaneously run. The default value is 6. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt - -#### passenger_pool_idle_time - -The maximum number of seconds a Passenger Application process will be allowed -to remain idle before being shut down. The default value is 300. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime - -#### passenger_max_requests - -The maximum number of request a Passenger application will process before being -restarted. The default value is 0, which indicates that a process will only -shut down if the Pool Idle Time (see above) expires. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests - -#### passenger_spawn_method - -Sets the method by which Ruby application processes are spawned. Default is `smart` -which caches code using the app preloader. - -Passenger >= 4.0 renamed `conservative` to `direct` and `smart-lv2` to `smart`. - -https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerSpawnMethod - -#### passenger_stat_throttle_rate - -Sets how often Passenger performs file system checks, at most once every _x_ -seconds. Default is 0, which means the checks are performed with every request. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt - -#### rack_autodetect - -Should Passenger automatically detect if the document root of a virtual host is -a Rack application. Not set by default (`undef`). Note that this directive has -been removed in Passenger 4.0.0 and `PassengerEnabled` should be used instead. -Use this directive only on Passenger < 4.x. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt - -#### rails_autodetect - -Should Passenger automatically detect if the document root of a virtual host is -a Rails application. Not set by default (`undef`). Note that this directive -has been removed in Passenger 4.0.0 and `PassengerEnabled` should be used -instead. Use this directive only on Passenger < 4.x. - -http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt - -#### passenger_use_global_queue - -Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is -the default in Passenger 4.x and the versions >= 4.x have disabled this -configuration option altogether. Use with caution. - -#### passenger_app_env - -Sets the global default `PassengerAppEnv` for Passenger applications. Not set by -default (`undef`) and thus defaults to Passenger's built-in value of 'production'. -This directive can be overridden in an `apache::vhost` resource. - -https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv - -### Parameters used to load the module - -Unlike the tuning parameters specified above, the following parameters are only -used when loading customized passenger modules. - -#### mod_package - -Allows overriding the default package name used for the passenger module -package. - -#### mod_package_ensure - -Allows overriding the package installation setting used by puppet when -installing the passenger module. The default is 'present'. - -#### mod_id - -Allows overriding the value used by apache to identify the passenger module. -The default is 'passenger_module'. - -#### mod_lib_path - -Allows overriding the directory path used by apache when loading the passenger -module. The default is the value of `$apache::params::lib_path`. - -#### mod_lib - -Allows overriding the library file name used by apache when loading the -passenger module. The default is 'mod_passenger.so'. - -#### mod_path - -Allows overriding the full path to the library file used by apache when loading -the passenger module. The default is the concatenation of the `mod_lib_path` -and `mod_lib` parameters. - -## Dependencies - -RedHat-based systems will need to configure additional package repositories in -order to install Passenger, specifically: - -* [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL) -* [Phusion Passenger](http://passenger.stealthymonkeys.com) - -Configuration of these repositories is beyond the scope of this module and is -left to the user. - -## Attribution - -The Passenger tuning parameters for the `apache::mod::passenger` Puppet class -was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the -NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the -PuppetLabs Apache module on GitHub. - -* https://github.com/puppetlabs/puppetlabs-apache -* https://github.com/nesi/puppetlabs-apache -* http://www.nesi.org.nz// -* https://tuakiri.ac.nz/confluence/display/Tuakiri/Home - -## Copyright and License - -Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc - -Puppet Labs can be contacted at: info@puppetlabs.com - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. From 1a981c7d048d410662bf256eea233015b9b3613f Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Wed, 30 Sep 2015 13:52:47 +0200 Subject: [PATCH 0700/2267] (MODULES-2649) Allow SetOutputFilter to be set on a directory. e.g ```puppet apache::vhost{'abc.example.org': directories => [ { path => '/path/to/filtered', set_output_filter => 'puppetdb-filter', }, ], } ``` * https://tickets.puppetlabs.com/browse/MODULES-2649 * http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter --- README.md | 15 +++++++++++++++ spec/defines/vhost_spec.rb | 5 +++++ templates/vhost/_directories.erb | 3 +++ 3 files changed, 23 insertions(+) diff --git a/README.md b/README.md index f720c4202a..e9cf59eee6 100644 --- a/README.md +++ b/README.md @@ -2884,6 +2884,21 @@ Sets a `SetHandler` directive as per the [Apache Core documentation](http://http } ~~~ +###### `set_output_filter` + +Sets a `SetOutputFilter` directive as per [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). An example: + +~~~ puppet + apache::vhost{ 'filter.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + set_output_filter => puppetdb-strip-resource-params, + }, + ], + } +~~~ + ###### `rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 03140931fc..6fd59f9157 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -190,6 +190,9 @@ 'index_options' => ['FancyIndexing'], 'index_style_sheet' => '/styles/style.css', }, + { 'path' => '/var/www/files/output_filtered', + 'set_output_filter' => 'output_filter', + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -399,6 +402,8 @@ :content => /^\s+IndexStyleSheet\s'\/styles\/style\.css'$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+DirectoryIndex\sdisabled$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+SetOutputFilter\soutput_filter$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 189bd57701..bcb958601a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -239,6 +239,9 @@ SetEnv <%= setenv %> <%- end -%> <%- end -%> + <%- if directory['set_output_filter'] -%> + SetOutputFilter <%= directory['set_output_filter'] %> + <%- end -%> <%- if @shibboleth_enabled -%> <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> ShibRequireSession <%= directory['shib_require_session'] %> From a59015bb12b556b17b33068902a4b005bffc6b08 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Fri, 25 Sep 2015 10:13:49 +0200 Subject: [PATCH 0701/2267] (MODULES-2647) Optinally set parameters for mod_ext_filter module Permits the * ExtFilterDefine to be set multiple times on a server. * ExtFilterOptions to be set on a directory context. ```puppet class{'apache': default_mods => false, directories => [ { path => '/var/www/filter', ext_filter_options => 'LogStderr Onfail=abort', }, ], } class{'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } ``` * https://tickets.puppetlabs.com/browse/MODULES-2647 * http://httpd.apache.org/docs/current/mod/mod_ext_filter.html --- README.md | 36 ++++++++++++++++ manifests/default_mods.pp | 2 +- manifests/mod/ext_filter.pp | 24 +++++++++++ spec/classes/mod/ext_filter_spec.rb | 66 +++++++++++++++++++++++++++++ templates/mod/ext_filter.conf.erb | 6 +++ templates/vhost/_directories.erb | 3 ++ 6 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 manifests/mod/ext_filter.pp create mode 100644 spec/classes/mod/ext_filter_spec.rb create mode 100644 templates/mod/ext_filter.conf.erb diff --git a/README.md b/README.md index e9cf59eee6..76eab50a48 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::event`]: #class-apachemodevent +[`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk [`apache::mod::passenger`]: #class-apachemodpassenger @@ -145,6 +146,7 @@ [`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_ext_filter`]: http://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html @@ -1198,6 +1200,7 @@ The following Apache modules have supported classes, many of which allow for par * `disk_cache` (see [`apache::mod::disk_cache`][]) * `event` (see [`apache::mod::event`][]) * `expires` +* `ext_filter` (see [`apache::mod::ext_filter`][]) * `fastcgi` * `fcgid` * `filter` @@ -1345,6 +1348,23 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate - `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. - `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. +##### Class: `apache::mod::ext_filter` + +Installs and configures [`mod_ext_filter`][]. + +~~~ puppet +class{'apache::mod::ext_filter': + ext_filter_define => { + 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', + 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', + }, +} +~~~ + +**Parameters within `apache::mod::ext_filter`**: + +- `ext_filter_define`: A hash of filter names and their parameters. Default: undef. + ##### Class: `apache::mod::fcgid` Installs and configures [`mod_fcgid`][]. @@ -2654,6 +2674,22 @@ An array of hashes used to override the [ErrorDocument](https://httpd.apache.org } ~~~ +###### `ext_filter_options` + +Sets the [ExtFilterOptions](http://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. +Note that you must delcare `class {'apache::mod::ext_filter': }` before using this directive. + +~~~ puppet + apache::vhost{ 'filter.example.org': + docroot => '/var/www/filter', + directories => [ + { path => '/var/www/filter', + ext_filter_options => 'LogStderr Onfail=abort', + }, + ], + } +~~~ + ###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index a1d2c89ef3..fd057d113f 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -50,6 +50,7 @@ include ::apache::mod::actions include ::apache::mod::authn_core include ::apache::mod::cache + include ::apache::mod::ext_filter include ::apache::mod::mime include ::apache::mod::mime_magic include ::apache::mod::rewrite @@ -63,7 +64,6 @@ ::apache::mod { 'authz_dbm': } ::apache::mod { 'authz_owner': } ::apache::mod { 'expires': } - ::apache::mod { 'ext_filter': } ::apache::mod { 'include': } ::apache::mod { 'logio': } ::apache::mod { 'substitute': } diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp new file mode 100644 index 0000000000..b78abb6071 --- /dev/null +++ b/manifests/mod/ext_filter.pp @@ -0,0 +1,24 @@ +class apache::mod::ext_filter( + $ext_filter_define = undef +) { + + if $ext_filter_define { + validate_hash($ext_filter_define) + } + + ::apache::mod { 'ext_filter': } + + # Template uses + # -$ext_filter_define + + if $ext_filter_define { + file { 'ext_filter.conf': + ensure => file, + path => "${::apache::mod_dir}/ext_filter.conf", + content => template('apache/mod/ext_filter.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Class['Apache::Service'], + } + } +} diff --git a/spec/classes/mod/ext_filter_spec.rb b/spec/classes/mod/ext_filter_spec.rb new file mode 100644 index 0000000000..afa71c1083 --- /dev/null +++ b/spec/classes/mod/ext_filter_spec.rb @@ -0,0 +1,66 @@ +describe 'apache::mod::ext_filter', :type => :class do + let :pre_condition do + 'class { "apache": + default_mods => false, + }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { is_expected.to contain_apache__mod('ext_filter') } + it { is_expected.not_to contain_file('ext_filter.conf') } + end + describe 'with parameters' do + let :params do + { :ext_filter_define => {'filtA' => 'input=A output=B', + 'filtB' => 'input=C cmd="C"' }, + } + end + it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtA\s+input=A output=B$/) } + it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtB\s+input=C cmd="C"$/) } + end + + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { is_expected.to contain_apache__mod('ext_filter') } + it { is_expected.not_to contain_file('ext_filter.conf') } + end + describe 'with parameters' do + let :params do + { :ext_filter_define => {'filtA' => 'input=A output=B', + 'filtB' => 'input=C cmd="C"' }, + } + end + it { is_expected.to contain_file('ext_filter.conf').with_path('/etc/httpd/conf.d/ext_filter.conf') } + it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtA\s+input=A output=B$/) } + it { is_expected.to contain_file('ext_filter.conf').with_content(/^ExtFilterDefine\s+filtB\s+input=C cmd="C"$/) } + end + end +end diff --git a/templates/mod/ext_filter.conf.erb b/templates/mod/ext_filter.conf.erb new file mode 100644 index 0000000000..67f98fd4c7 --- /dev/null +++ b/templates/mod/ext_filter.conf.erb @@ -0,0 +1,6 @@ +# mod_ext_filter definitions +<%- if @ext_filter_define.length >= 1 -%> +<%- @ext_filter_define.keys.sort.each do |name| -%> +ExtFilterDefine <%= name %> <%= @ext_filter_define[name] %> +<%- end -%> +<%- end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index bcb958601a..df6b6615e4 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -198,6 +198,9 @@ ExpiresByType <%= rule %> <%- end -%> <%- end -%> + <%- if directory['ext_filter_options'] -%> + ExtFilterOptions <%= directory['ext_filter_options'] %> + <%- end -%> <%- if directory['force_type'] -%> ForceType <%= directory['force_type'] %> <%- end -%> From e500a5582e1b31996e14f4588ba656527cd1d1e7 Mon Sep 17 00:00:00 2001 From: orthographic-pedant Date: Wed, 30 Sep 2015 13:19:05 -0400 Subject: [PATCH 0702/2267] Fixed typographical error, changed accomodate to accommodate in README. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 76eab50a48..a5012f4db9 100644 --- a/README.md +++ b/README.md @@ -327,7 +327,7 @@ apache::vhost { 'user.example.com': #### Configuring virtual hosts with SSL -To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accomodate HTTPS requests: +To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: ~~~ puppet apache::vhost { 'ssl.example.com': From 8447589abcec675f3ee57e6607861e937e850877 Mon Sep 17 00:00:00 2001 From: Bruno Furtado Date: Wed, 30 Sep 2015 18:40:16 +0100 Subject: [PATCH 0703/2267] Change SSLProtocol in apache::vhost to be space separated --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index e99b739a67..3a76bd45de 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -26,7 +26,7 @@ SSLProxyEngine On <%- end -%> <%- if @ssl_protocol -%> - SSLProtocol <%= @ssl_protocol %> + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <%- end -%> <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %> From d57816b90b9639a5213794b3a408f7aa4d679ea5 Mon Sep 17 00:00:00 2001 From: Bruno Furtado Date: Thu, 1 Oct 2015 13:16:57 +0100 Subject: [PATCH 0704/2267] Added support for both string and array on ssl_protocol for apache::vhost --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 3a76bd45de..a3d76fb13e 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -26,7 +26,7 @@ SSLProxyEngine On <%- end -%> <%- if @ssl_protocol -%> - SSLProtocol <%= @ssl_protocol.compact.join(' ') %> + SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> <%- end -%> <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %> From 445d4367ddd076109ce36c95bf69d08de72beaa6 Mon Sep 17 00:00:00 2001 From: Tobias Brox Date: Thu, 8 Oct 2015 16:41:27 +0200 Subject: [PATCH 0705/2267] RC4 is deprecated, ref https://community.qualys.com/blogs/securitylabs/2013/09/17/updated-ssltls-deployment-best-practices-deprecate-rc4 - usage will downgrade the SSL rating from A to B on their rating service at https://www.ssllabs.com/ssltest/ --- README.md | 2 +- manifests/mod/ssl.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a5012f4db9..3a36c2efff 100644 --- a/README.md +++ b/README.md @@ -1513,7 +1513,7 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t **Parameters within `apache::mod::ssl`**: -- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5'. +- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. - `ssl_compression`: Default: 'false'. - `ssl_cryptodevice`: Default: 'builtin'. - `ssl_honorcipherorder`: Default: 'On'. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 475f233a50..a653badeda 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -3,7 +3,7 @@ $ssl_cryptodevice = 'builtin', $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', $ssl_honorcipherorder = 'On', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', From 4c87d22f47b0d89dc69496947c8deab841ae4d25 Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Sun, 4 Oct 2015 12:39:58 +0200 Subject: [PATCH 0706/2267] Add option to configure the include pattern for the vhost_enable dir --- README.md | 10 ++++++++++ manifests/init.pp | 1 + manifests/params.pp | 2 ++ templates/httpd.conf.erb | 4 ++-- 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3a36c2efff..5066caac99 100644 --- a/README.md +++ b/README.md @@ -1126,6 +1126,16 @@ Changes your virtual host configuration files' location. Default: determined by - **Gentoo**: `/etc/apache2/vhosts.d` - **Red Hat**: `/etc/httpd/conf.d` +##### `vhost_include_pattern` + +Defines the pattern for files included from the `vhost_dir`. This defaults to '*', also for BC with previous versions of this module. + +However, you may want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (from version +control systems, editor backups or the like) are *not* included in your server configuration. + +A value of '*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending +in '.conf'. + ##### `user` Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. diff --git a/manifests/init.pp b/manifests/init.pp index 5f02bfd61f..873b42ef47 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -46,6 +46,7 @@ $confd_dir = $::apache::params::confd_dir, $vhost_dir = $::apache::params::vhost_dir, $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $vhost_include_pattern = $::apache::params::vhost_include_pattern, $mod_dir = $::apache::params::mod_dir, $mod_enable_dir = $::apache::params::mod_enable_dir, $mpm_module = $::apache::params::mpm_module, diff --git a/manifests/params.pp b/manifests/params.pp index 5c5233ccdb..a2ab7382c6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,6 +32,8 @@ # should we use systemd module? $use_systemd = true + $vhost_include_pattern = '*' + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' } else { diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 8664a43e4d..e0d16e1229 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -85,9 +85,9 @@ Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @vhost_load_dir %>/*" +IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" <%- else -%> -Include "<%= @vhost_load_dir %>/*" +Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" <%- end -%> <% end -%> From f57f7f75e5324f3ab857ad05c29fad4a5ea0354a Mon Sep 17 00:00:00 2001 From: Yehuda Katz Date: Thu, 8 Oct 2015 20:02:00 -0400 Subject: [PATCH 0707/2267] (MODULES-2120) Allow empty docroot README.md updated If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. --- README.md | 3 +++ manifests/vhost.pp | 20 ++++++++++++++------ templates/vhost/_docroot.erb | 2 +- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5066caac99..762689d07b 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,7 @@ [`logroot`]: #logroot [Log security]: http://httpd.apache.org/docs/current/logs.html#security +[`manage_docroot`]: #manage_docroot [`manage_user`]: #manage_user [`manage_group`]: #manage_group [`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild @@ -1886,6 +1887,8 @@ Sets the list of resources to look for when a client requests an index of the di **Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. +If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. + ##### `docroot_group` Sets group access to the [`docroot`][] directory. Defaults to 'root'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 25530bccb8..36d425ef13 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -227,6 +227,12 @@ if $limit_request_field_size { validate_integer($limit_request_field_size) } + + # Validate the docroot as a string if: + # - $manage_docroot is true + if $manage_docroot { + validate_string($docroot) + } # Input validation ends if $ssl and $ensure == 'present' { @@ -271,7 +277,7 @@ # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources - if ! defined(File[$docroot]) and $manage_docroot { + if $manage_docroot and $docroot and ! defined(File[$docroot]) { file { $docroot: ensure => directory, owner => $docroot_owner, @@ -443,7 +449,7 @@ fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") } $_directories = $directories - } else { + } elsif $docroot { $_directory = { provider => 'directory', path => $docroot, @@ -518,10 +524,12 @@ # Template uses: # - $virtual_docroot # - $docroot - concat::fragment { "${name}-docroot": - target => "${priority_real}${filename}.conf", - order => 10, - content => template('apache/vhost/_docroot.erb'), + if $docroot { + concat::fragment { "${name}-docroot": + target => "${priority_real}${filename}.conf", + order => 10, + content => template('apache/vhost/_docroot.erb'), + } } # Template uses: diff --git a/templates/vhost/_docroot.erb b/templates/vhost/_docroot.erb index 6039fa63cf..b67998b4b4 100644 --- a/templates/vhost/_docroot.erb +++ b/templates/vhost/_docroot.erb @@ -2,6 +2,6 @@ ## Vhost docroot <% if @virtual_docroot -%> VirtualDocumentRoot "<%= @virtual_docroot %>" -<% else -%> +<% elsif @docroot -%> DocumentRoot "<%= @docroot %>" <% end -%> From 9d8efecc1e8baa65d20f11457791ff65d7b8ed56 Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Thu, 8 Oct 2015 23:55:50 +0200 Subject: [PATCH 0708/2267] Install all modules before adding custom configs The problem is that we have defines (apache::custom_config and apache::mod) on both sides so we cannot easily reference the one side from the other (when we want to avoid the <||> syntax). So, we use an anchor as the reference point and make things happen before or after that. --- manifests/custom_config.pp | 3 ++- manifests/init.pp | 4 ++++ manifests/mod.pp | 2 ++ spec/defines/custom_config_spec.rb | 8 ++++---- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index ceb1fd077a..7ce755b35c 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -49,12 +49,13 @@ } if $ensure == 'present' and $verify_config { - exec { "service notify for ${name}": + exec { "syntax verification for ${name}": command => $verify_command, subscribe => File["apache_${name}"], refreshonly => true, notify => Class['Apache::Service'], before => Exec["remove ${name} if invalid"], + require => Anchor['::apache::modules_set_up'] } exec { "remove ${name} if invalid": diff --git a/manifests/init.pp b/manifests/init.pp index 873b42ef47..7baa65713c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -381,4 +381,8 @@ manage_docroot => $default_ssl_vhost, } } + + # This anchor can be used as a reference point for things that need to happen *after* + # all modules have been put in place. + anchor { '::apache::modules_set_up': } } diff --git a/manifests/mod.pp b/manifests/mod.pp index 920114a7c7..abdbfcbed5 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -162,4 +162,6 @@ } } } + + Apache::Mod[$name] -> Anchor['::apache::modules_set_up'] } diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index a5efd15a2f..7d566b0716 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -26,7 +26,7 @@ 'content' => '# Test', } end - it { is_expected.to contain_exec("service notify for rspec").with({ + it { is_expected.to contain_exec("syntax verification for rspec").with({ 'refreshonly' => 'true', 'subscribe' => 'File[apache_rspec]', 'command' => '/usr/sbin/apachectl -t', @@ -56,7 +56,7 @@ 'verify_command' => '/bin/true', } end - it { is_expected.to contain_exec("service notify for rspec").with({ + it { is_expected.to contain_exec("syntax verification for rspec").with({ 'command' => '/bin/true', }) } @@ -80,7 +80,7 @@ 'verify_config' => false, } end - it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('syntax verification for rspec') } it { is_expected.to_not contain_exec('remove rspec if invalid') } it { is_expected.to contain_file('apache_rspec').with({ 'notify' => 'Class[Apache::Service]' @@ -93,7 +93,7 @@ 'ensure' => 'absent' } end - it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('syntax verification for rspec') } it { is_expected.to_not contain_exec('remove rspec if invalid') } it { is_expected.to contain_file('apache_rspec').with({ 'ensure' => 'absent', From bb5b27ee2757d312b60873245a0f333ff4bc8ed5 Mon Sep 17 00:00:00 2001 From: Bruno Furtado Date: Sun, 11 Oct 2015 21:33:40 +0100 Subject: [PATCH 0709/2267] Added tests and updated docs for string and array support on ssl_protocol for apache::vhost. --- README.md | 2 +- spec/acceptance/vhost_spec.rb | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 76eab50a48..ff5ecb0485 100644 --- a/README.md +++ b/README.md @@ -3036,7 +3036,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce ##### `ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. ##### `ssl_cipher` diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b5d51e91f4..dd6d03cd19 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1339,4 +1339,31 @@ class { 'apache': } it { is_expected.to be_file } end end + + describe 'SSLProtocol directive' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.server': + docroot => '/tmp', + ssl_protocol => ['All', '-SSLv2'], + } + apache::vhost { 'test2.server': + docroot => '/tmp', + ssl_protocol => 'All -SSLv2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLProtocol All -SSLv2' } + end + + describe file("#{$vhost_dir}/25-test2.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLProtocol All -SSLv2' } + end + end end From b63aac22781cc9cafe33aea9c300f2e36890f643 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 13 Oct 2015 16:08:54 +0100 Subject: [PATCH 0710/2267] (MAINT) add a small test for no-docroot-mode --- spec/defines/vhost_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6fd59f9157..2964e9b280 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -612,6 +612,16 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-limits') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end + context 'when not setting nor managing the docroot' do + let :params do + { + 'docroot' => false, + 'manage_docroot' => false, + } + end + it { is_expected.to compile } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') } + end end describe 'access logs' do let :facts do From 680f3a9ff04e4d7f057942d72a8834a9be205ad2 Mon Sep 17 00:00:00 2001 From: Damon Conway Date: Tue, 6 Oct 2015 12:22:37 -0700 Subject: [PATCH 0711/2267] (MODULES-2673) Adding dev_packages to apache class. Allows use of httpd24u-devel from the IUS repo. Adding documentation to README for dev_packages param to the apache class. Adding include apache::dev to example for dev_packages param. --- README.md | 14 ++++++++++++++ manifests/dev.pp | 2 +- manifests/init.pp | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a5012f4db9..4f43961768 100644 --- a/README.md +++ b/README.md @@ -888,6 +888,20 @@ Configures a default virtual host when the class is declared. Valid options: Boo To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to 'false'. +##### `dev_packages` + +Configures a specific dev package to use. Valid options: String. Default: 'OS default httpd dev package'. + +Example for using httpd 2.4 from the IUS yum repo: + +~~~ puppet +include ::apache::dev +class { 'apache': + apache_name => 'httpd24u', + dev_packages => 'httpd24u-devel', +} +~~~ + ##### `docroot` Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. diff --git a/manifests/dev.pp b/manifests/dev.pp index b1947e9344..fdebf59f55 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -1,6 +1,6 @@ class apache::dev { include ::apache::params - $packages = $::apache::params::dev_packages + $packages = $::apache::dev_packages if $packages { # FreeBSD doesn't have dev packages to install package { $packages: ensure => present, diff --git a/manifests/init.pp b/manifests/init.pp index 5f02bfd61f..2361c5457b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,6 +28,7 @@ $default_ssl_crl = undef, $default_ssl_crl_check = undef, $default_type = 'none', + $dev_packages = $::apache::params::dev_packages, $ip = undef, $service_enable = true, $service_manage = true, From 94b2f0f8dc97a66ee62184edaaf25bb5c1ba0221 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 14 Oct 2015 17:57:12 +0100 Subject: [PATCH 0712/2267] (MODULES-2680) fix default nodeset to actually work Centos boxes prior to 6.6 cannot connect to fedoraproject's mirror, because of SSL issues. --- spec/acceptance/nodesets/centos-59-x64.yml | 10 ---------- spec/acceptance/nodesets/centos-64-x64-pe.yml | 12 ------------ spec/acceptance/nodesets/centos-64-x64.yml | 11 ----------- spec/acceptance/nodesets/centos-65-x64.yml | 10 ---------- spec/acceptance/nodesets/default.yml | 5 ++--- 5 files changed, 2 insertions(+), 46 deletions(-) delete mode 100644 spec/acceptance/nodesets/centos-59-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-65-x64.yml diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml deleted file mode 100644 index 2ad90b86aa..0000000000 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-59-x64: - roles: - - master - platform: el-5-x86_64 - box : centos-59-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml deleted file mode 100644 index 7d9242f1b9..0000000000 --- a/spec/acceptance/nodesets/centos-64-x64-pe.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - - database - - dashboard - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: pe diff --git a/spec/acceptance/nodesets/centos-64-x64.yml b/spec/acceptance/nodesets/centos-64-x64.yml deleted file mode 100644 index ce47212a8c..0000000000 --- a/spec/acceptance/nodesets/centos-64-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml deleted file mode 100644 index 4e2cb809e8..0000000000 --- a/spec/acceptance/nodesets/centos-65-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-65-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-65-x64-vbox436-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml index ce47212a8c..00e141d092 100644 --- a/spec/acceptance/nodesets/default.yml +++ b/spec/acceptance/nodesets/default.yml @@ -1,10 +1,9 @@ HOSTS: - centos-64-x64: + centos-66-x64: roles: - master platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + box : puppetlabs/centos-6.6-64-nocm hypervisor : vagrant CONFIG: log_level: debug From 1d46f7b6573e6d0ebbe269fa7006575f8087bbc4 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 14 Oct 2015 17:58:04 +0100 Subject: [PATCH 0713/2267] (MODULES-2655) fix acceptance tests to correctly detect SELinux $::selinux can be a string that says "false", but evaluates to `true` in the `if`. --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/class_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 4c6fa7f56d..c46a220432 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -358,7 +358,7 @@ class { 'apache': describe 'setup' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux { + if $::osfamily == 'RedHat' and "$::selinux" == "true" { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 0a7d67bbb0..0cf1c36f90 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -45,7 +45,7 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux { + if $::osfamily == 'RedHat' and "$::selinux" == "true" { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index dd6d03cd19..6ca7c350e1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1287,7 +1287,7 @@ class { 'apache::mod::fastcgi': } describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux { + if $::osfamily == 'RedHat' and "$::selinux" == "true" { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', From 72df6f3c6dbe992b60ffcb15ccb0c720ee1f7b0a Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 14 Oct 2015 20:05:24 +0100 Subject: [PATCH 0714/2267] (MODULES-2655) Fix acceptance testing for SSLProtocol behaviour for real --- spec/acceptance/vhost_spec.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 6ca7c350e1..e903b38d82 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1345,11 +1345,13 @@ class { 'apache': } pp = <<-EOS class { 'apache': } apache::vhost { 'test.server': - docroot => '/tmp', + docroot => '/tmp', + ssl => true, ssl_protocol => ['All', '-SSLv2'], } apache::vhost { 'test2.server': - docroot => '/tmp', + docroot => '/tmp', + ssl => true, ssl_protocol => 'All -SSLv2', } EOS @@ -1358,12 +1360,12 @@ class { 'apache': } describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } - it { is_expected.to contain 'SSLProtocol All -SSLv2' } + it { is_expected.to contain 'SSLProtocol *All -SSLv2' } end describe file("#{$vhost_dir}/25-test2.server.conf") do it { is_expected.to be_file } - it { is_expected.to contain 'SSLProtocol All -SSLv2' } + it { is_expected.to contain 'SSLProtocol *All -SSLv2' } end end end From f10e309f40ff5f3ed1cb2f199edd56bbc72c28c4 Mon Sep 17 00:00:00 2001 From: wickedOne Date: Fri, 16 Oct 2015 08:39:42 +0200 Subject: [PATCH 0715/2267] RewriteLock support added ability to define a RewriteLock file in the httpd.conf for apache version 2.2 --- manifests/init.pp | 1 + templates/httpd.conf.erb | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 5db9e90c7d..de6472f9ed 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -55,6 +55,7 @@ $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, $pidfile = $::apache::params::pidfile, + $rewrite_lock = false, $manage_user = true, $manage_group = true, $user = $::apache::params::user, diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index e0d16e1229..6fb9892442 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -11,6 +11,10 @@ KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> +<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> +RewriteLock <%= @rewrite_lock %> +<%- end -%> + User <%= @user %> Group <%= @group %> From d38cc4d48f1ab1c027bfd44ac9574fbda2e00196 Mon Sep 17 00:00:00 2001 From: wickedOne Date: Fri, 16 Oct 2015 12:46:52 +0200 Subject: [PATCH 0716/2267] added rewrite lock tests and doc --- README.md | 8 +++++++- manifests/init.pp | 7 ++++++- spec/classes/apache_spec.rb | 39 +++++++++++++++++++++++++++++++++---- 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 51d2f5dad7..8abaa58197 100644 --- a/README.md +++ b/README.md @@ -1065,6 +1065,12 @@ If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parame Setting `purge_vhost_dir` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. +##### `rewrite_lock` + +Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your vhost. Default: 'undef'. + +This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. + ##### `sendfile` Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. Default: 'On'. @@ -2023,7 +2029,7 @@ Usage typically looks like: krb_method_negotiate => 'on', krb_auth_realms => ['EXAMPLE.ORG'], krb_local_user_mapping => 'on', - directories => { + directories => { path => '/var/www/html', auth_name => 'Kerberos Login', auth_type => 'Kerberos', diff --git a/manifests/init.pp b/manifests/init.pp index de6472f9ed..d894e324fc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -55,7 +55,7 @@ $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, $pidfile = $::apache::params::pidfile, - $rewrite_lock = false, + $rewrite_lock = undef, $manage_user = true, $manage_group = true, $user = $::apache::params::user, @@ -297,6 +297,10 @@ default => false } + if $rewrite_lock { + validate_absolute_path($rewrite_lock) + } + # Template uses: # - $pidfile # - $user @@ -318,6 +322,7 @@ # - $server_tokens # - $server_signature # - $trace_enable + # - $rewrite_lock file { "${::apache::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index b82eafa0de..0f4d0c5baa 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -156,23 +156,23 @@ :apache_version => '2.2', } end - + context "when default_type => 'none'" do let :params do { :default_type => 'none' } end - + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} } end context "when default_type => 'text/plain'" do let :params do { :default_type => 'text/plain' } end - + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} } end end - + context "with Apache version >= 2.4" do let :params do { @@ -388,6 +388,37 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + :rewrite_lock => '/var/lock/subsys/rewrite-lock' + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^RewriteLock /var/lock/subsys/rewrite-lock$} } + end + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2' + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + :rewrite_lock => '/var/lock/subsys/rewrite-lock' + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } + end + context "when specifying slash encoding behaviour" do let :params do { :allow_encoded_slashes => 'nodecode' } From e226ba8c340acd9eb6f5e887d9958205ba9fb221 Mon Sep 17 00:00:00 2001 From: Mason Malone Date: Wed, 21 Oct 2015 13:03:20 -0400 Subject: [PATCH 0717/2267] Fix ordering issue with conf_file and ports_file The httpd.conf.erb template explicitly includes the $ports_file, but the resource that uses that template doesn't have a dependency on $ports_file. This means it's possible for a declaration of the apache::custom_config resource to get run between when $conf_file is written and $ports_file is written. This will cause syntax verification via "apachectl -t" to always fail, causing the custom_config to be removed if the $verify_config flag is set to "true". Example: ==> ops: Notice: /Stage[main]/Jci_nagios::Server/Apache::Custom_config[cgid]/Exec[service notify for cgid]/returns: httpd: Syntax error on line 37 of /etc/httpd/conf/httpd.conf: Could not open configuration file /etc/httpd/conf/ports.conf: No such file or directory ==> ops: Error: /Stage[main]/Jci_nagios::Server/Apache::Custom_config[cgid]/Exec[service notify for cgid]: Failed to call refresh: /usr/sbin/apachectl -t returned 1 instead of one of [0] ==> ops: Error: /Stage[main]/Jci_nagios::Server/Apache::Custom_config[cgid]/Exec[service notify for cgid]: /usr/sbin/apachectl -t returned 1 instead of one of [0] ==> ops: Notice: /Stage[main]/Jci_nagios::Server/Apache::Custom_config[cgid]/Exec[remove cgid if invalid]: Triggered 'refresh' from 1 events I wrote a test that reproduces this behavior by using ordering arrows to force apache::custom_config to run before $ports_file is written. This is rather artificial, but I wasn't able to get this is happen "naturally" in the test environment. Take my word for it that it's possible. --- manifests/init.pp | 2 +- spec/acceptance/custom_config_spec.rb | 21 +++++++++++++++++++++ spec/classes/apache_spec.rb | 2 +- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index d894e324fc..6aaa57cacb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -327,7 +327,7 @@ ensure => file, content => template($conf_template), notify => Class['Apache::Service'], - require => Package['httpd'], + require => [Package['httpd'], File[$ports_file]], } # preserve back-wards compatibility to the times when default_mods was diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index 8b59f703fb..4bfd02f8d6 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -52,4 +52,25 @@ class { 'apache': } it { is_expected.to be_file } end end + + describe 'custom_config only applied after configs are written' do + it 'applies in the right order' do + pp = <<-EOS + class { 'apache': } + + apache::custom_config { 'ordering_test': + content => '# just a comment', + } + + # Try to wedge the apache::custom_config call between when httpd.conf is written and + # ports.conf is written. This should trigger a dependency cycle + File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> File["#{$ports_file}"] + EOS + expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Failed to apply catalog: Found 1 dependency cycle/i) + end + + describe file("#{$confd_dir}/25-ordering_test.conf") do + it { is_expected.not_to be_file } + end + end end diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 0f4d0c5baa..60c03495ea 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -480,7 +480,7 @@ it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( 'ensure' => 'file', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' + 'require' => ['Package[httpd]', 'File[/etc/httpd/conf/ports.conf]'], ) } end From a686d99566e3133cc1801e5aa20abe97700903cf Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 23 Oct 2015 15:17:47 +0100 Subject: [PATCH 0718/2267] reduce constraints on regex to fix pe tests --- spec/acceptance/custom_config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index 4bfd02f8d6..d4526e801d 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -66,7 +66,7 @@ class { 'apache': } # ports.conf is written. This should trigger a dependency cycle File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> File["#{$ports_file}"] EOS - expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Failed to apply catalog: Found 1 dependency cycle/i) + expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Found 1 dependency cycle/i) end describe file("#{$confd_dir}/25-ordering_test.conf") do From fcc4d43f46ee2a0d835b7bbf1ba90387eabf3719 Mon Sep 17 00:00:00 2001 From: abednarik Date: Wed, 28 Oct 2015 12:10:47 -0300 Subject: [PATCH 0719/2267] (MODULES-2651) Default document root update for Ubuntu 14.04 and Debian 8 For security reasons Debian changes default docroot to /var/www/html. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730372 --- README.md | 2 +- manifests/params.pp | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8abaa58197..5089cfc946 100644 --- a/README.md +++ b/README.md @@ -907,7 +907,7 @@ class { 'apache': Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. -- **Debian**: `/var/www` +- **Debian**: `/var/www/html` - **FreeBSD**: `/usr/local/www/apache22/data` - **Gentoo**: `/var/www/localhost/htdocs` - **Red Hat**: `/var/www/html` diff --git a/manifests/params.pp b/manifests/params.pp index a2ab7382c6..36d2815fac 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -223,7 +223,11 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' - $docroot = '/var/www' + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { + $docroot = '/var/www/html' + } else { + $docroot = '/var/www' + } $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' $mellon_lock_file = undef $mellon_cache_size = undef From c492b2b8094ef3d3cb51bfa43b3b386a1fbf0c70 Mon Sep 17 00:00:00 2001 From: Benedikt Bock Date: Wed, 14 Oct 2015 17:42:17 +0200 Subject: [PATCH 0720/2267] Allow multiple IP addresses per vhost To make a vhost reachable over 2 IP addresses we need to configure 2 similar vhosts which differ in the IP address. This change allows to use an array of IPs. --- README.md | 10 ++++++ manifests/vhost.pp | 12 ++++---- spec/acceptance/vhost_spec.rb | 53 ++++++++++++++++++++++++++++++++ spec/defines/vhost_spec.rb | 34 ++++++++++++++++++++ templates/vhost/_file_header.erb | 2 +- 5 files changed, 104 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 5066caac99..2f405c6c93 100644 --- a/README.md +++ b/README.md @@ -399,6 +399,16 @@ apache::vhost { 'ip.example.com': } ~~~ +It is also possible to configure more than one IP address per vhost by using an array of IP addresses for the [`ip`][] parameter: + +~~~ puppet +apache::vhost { 'ip.example.com': + ip => ['127.0.0.1','169.254.1.1'], + port => '80', + docroot => '/var/www/ip', +} +~~~ + To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: ~~~ puppet diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 25530bccb8..43739c966f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -339,8 +339,8 @@ if $ip { if $port { - $listen_addr_port = "${ip}:${port}" - $nvh_addr_port = "${ip}:${port}" + $listen_addr_port = suffix(any2array($ip),":${port}") + $nvh_addr_port = suffix(any2array($ip),":${port}") } else { $listen_addr_port = undef $nvh_addr_port = $ip @@ -364,13 +364,13 @@ if $ip and defined(Apache::Listen["${port}"]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } - if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { "${listen_addr_port}": } + if $listen_addr_port and $ensure == 'present' { + ensure_resource('apache::listen', $listen_addr_port) } } if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { - ::apache::namevirtualhost { $nvh_addr_port: } + if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { + ensure_resource('apache::namevirtualhost', $nvh_addr_port) } } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b5d51e91f4..5c967209cf 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -190,6 +190,59 @@ class { 'apache': } end end + context 'new vhost with multiple IP addresses on port 80' do + it 'should configure one apache vhost with 2 ip addresses' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::vhost { 'example.com': + port => '80', + ip => ['127.0.0.1','::1'], + ip_based => true, + docroot => '/var/www/html', + } + host { 'ipv4.example.com': ip => '127.0.0.1', } + host { 'ipv6.example.com': ip => '::1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Hello from vhost\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{$vhost_dir}/25-example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName example.com" } + end + + describe file($ports_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 127.0.0.1:80' } + it { is_expected.to contain 'Listen ::1:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } + it { is_expected.not_to contain 'NameVirtualHost ::1:80' } + end + + it 'should answer to ipv4.example.com' do + shell("/usr/bin/curl ipv4.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + + it 'should answer to ipv6.example.com' do + shell("/usr/bin/curl ipv6.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + end + context 'apache_directories' do describe 'readme example, adapted' do it 'should configure a vhost with Files' do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6fd59f9157..0a86963364 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -459,6 +459,40 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-limits').with( :content => /^\s+LimitRequestFieldSize\s54321$/)} end + context 'vhost with multiple ip addresses' do + let :params do + { + 'port' => '80', + 'ip' => ['127.0.0.1','::1'], + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen ::1:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost ::1:80') } + end context 'set only aliases' do let :params do { diff --git a/templates/vhost/_file_header.erb b/templates/vhost/_file_header.erb index e6f2f95e76..9350781d6f 100644 --- a/templates/vhost/_file_header.erb +++ b/templates/vhost/_file_header.erb @@ -3,7 +3,7 @@ # Managed by Puppet # ************************************ -> +> ServerName <%= @servername %> <% if @serveradmin -%> ServerAdmin <%= @serveradmin %> From eb660a6c65270715f4b0f039b8b42bf70fad88c9 Mon Sep 17 00:00:00 2001 From: Damon Conway Date: Mon, 19 Oct 2015 16:14:10 -0700 Subject: [PATCH 0721/2267] (MODULES-2756) Adding include ::apache so mkdir exec works properly --- manifests/mod/deflate.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 0748a54e57..d771209673 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -12,6 +12,7 @@ 'Ratio' => 'ratio' } ) { + include ::apache ::apache::mod { 'deflate': } file { 'deflate.conf': From 6fde679c37b44be6d5b5b7d058969ddce6009ae4 Mon Sep 17 00:00:00 2001 From: abednarik Date: Wed, 28 Oct 2015 23:25:38 -0300 Subject: [PATCH 0722/2267] (MODULES-2651) Default document root update for Ubuntu 14.04 and Debian 8 Added test cases for Debian 8 and Ubuntu 14.04 --- spec/classes/apache_spec.rb | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 60c03495ea..a766764527 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -235,6 +235,18 @@ end end + context "8" do + let :facts do + super().merge({ + :lsbdistcodename => 'jessie', + :operatingsystemrelease => '8' + }) + end + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + end context "on Ubuntu" do let :facts do super().merge({ @@ -242,6 +254,18 @@ }) end + context "14.04" do + let :facts do + super().merge({ + :lsbdistrelease => '14.04', + :operatingsystemrelease => '14.04' + }) + end + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + end context "13.10" do let :facts do super().merge({ From 633f10dd848d4f764b4ee174eb0bef98d9b9dead Mon Sep 17 00:00:00 2001 From: Doug Knight Date: Thu, 22 Oct 2015 11:08:09 -0800 Subject: [PATCH 0723/2267] add ability to overide file name generation in custom_config --- README.md | 4 ++++ manifests/custom_config.pp | 23 ++++++++++++++--------- spec/acceptance/custom_config_spec.rb | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 8abaa58197..22dcae6a72 100644 --- a/README.md +++ b/README.md @@ -1699,6 +1699,10 @@ Sets the directory in which Puppet places configuration files. Default: '$::apac Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. +##### `filename` + +Sets the name of the file under `confdir` in which Puppet stores the configuration. The default behavior is to generate the file name from the `priority` parameter and the resource name. + ##### `priority` Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 7ce755b35c..d93c468920 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -7,6 +7,7 @@ $source = undef, $verify_command = $::apache::params::verify_command, $verify_config = true, + $filename = undef, ) { if $content and $source { @@ -23,15 +24,19 @@ validate_bool($verify_config) - if $priority { - $priority_prefix = "${priority}-" + if $filename { + $_filename = $filename } else { - $priority_prefix = '' - } + if $priority { + $priority_prefix = "${priority}-" + } else { + $priority_prefix = '' + } - ## Apache include does not always work with spaces in the filename - $filename_middle = regsubst($name, ' ', '_', 'G') - $filename = "${priority_prefix}${filename_middle}.conf" + ## Apache include does not always work with spaces in the filename + $filename_middle = regsubst($name, ' ', '_', 'G') + $_filename = "${priority_prefix}${filename_middle}.conf" + } if ! $verify_config or $ensure == 'absent' { $notifies = Class['Apache::Service'] @@ -41,7 +46,7 @@ file { "apache_${name}": ensure => $ensure, - path => "${confdir}/${filename}", + path => "${confdir}/${_filename}", content => $content, source => $source, require => Package['httpd'], @@ -59,7 +64,7 @@ } exec { "remove ${name} if invalid": - command => "/bin/rm ${confdir}/${filename}", + command => "/bin/rm ${confdir}/${_filename}", unless => $verify_command, subscribe => File["apache_${name}"], refreshonly => true, diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index d4526e801d..683e6b648b 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -36,6 +36,24 @@ class { 'apache': } end end + context 'with a custom filename' do + it 'should store content in the described file' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'filename_test': + filename => 'custom_filename', + content => '# just another comment', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$confd_dir}/custom_filename") do + it { is_expected.to contain '# just another comment' } + end + end + describe 'custom_config without priority prefix' do it 'applies cleanly' do pp = <<-EOS From b63ea4ca653ee9335882557c199158f22888cd7a Mon Sep 17 00:00:00 2001 From: Damon Conway Date: Wed, 28 Oct 2015 10:28:54 -0700 Subject: [PATCH 0724/2267] (MODULES-2757) Adding if around ServerName in template Adding feature to README --- README.md | 2 ++ templates/vhost/_file_header.erb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 2953d8aba4..fbf56e00dc 100644 --- a/README.md +++ b/README.md @@ -1093,6 +1093,8 @@ Sets the Apache server administrator's contact information via Apache's [`Server Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. +Setting to false will not set ServerName at all. + ##### `server_root` Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. Default: determined by your operating system. diff --git a/templates/vhost/_file_header.erb b/templates/vhost/_file_header.erb index 9350781d6f..5fd636a1e9 100644 --- a/templates/vhost/_file_header.erb +++ b/templates/vhost/_file_header.erb @@ -4,7 +4,9 @@ # ************************************ > +<% if @servername -%> ServerName <%= @servername %> +<% end -%> <% if @serveradmin -%> ServerAdmin <%= @serveradmin %> <% end -%> From cc3e55a97ce4a0c89ffd6ffc5729ba695ddc25bd Mon Sep 17 00:00:00 2001 From: prabin5 Date: Fri, 23 Oct 2015 18:19:22 -0400 Subject: [PATCH 0725/2267] Update mime.conf.erb to support dynamic AddHandler AddType AddOutputFilter --- manifests/init.pp | 1 + manifests/mod/mime.pp | 1 + manifests/params.pp | 13 +++++++++++++ spec/acceptance/mod_mime_spec.rb | 3 +++ templates/mod/mime.conf.erb | 8 +++++--- 5 files changed, 23 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 6aaa57cacb..5a865b761d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -77,6 +77,7 @@ $package_ensure = 'installed', $use_optional_includes = $::apache::params::use_optional_includes, $use_systemd = $::apache::params::use_systemd, + $mime_types_additional = $::apache::params::mime_types_additional, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index 86000d1679..ace7663df1 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -1,6 +1,7 @@ class apache::mod::mime ( $mime_support_package = $::apache::params::mime_support_package, $mime_types_config = $::apache::params::mime_types_config, + $mime_types_additional = $::apache::mime_types_additional, ) { apache::mod { 'mime': } # Template uses $mime_types_config diff --git a/manifests/params.pp b/manifests/params.pp index a2ab7382c6..b0f22652fb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -29,6 +29,19 @@ $log_level = 'warn' $use_optional_includes = false + # Default mime types settings + $mime_types_additional = { + 'AddHandler' => { + 'type-map' => 'var' + }, + 'AddType' => { + 'type-map' => '.shtml' + }, + 'AddOutputFilter' => { + 'INCLUDES' => '.shtml' + }, + } + # should we use systemd module? $use_systemd = true diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index d1886c4bde..78f73f53b5 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -32,6 +32,9 @@ class { 'apache': } describe file("#{mod_dir}/mime.conf") do it { is_expected.to contain "AddType application/x-compress .Z" } + it { is_expected.to contain "AddHandler type-map var\n" } + it { is_expected.to contain "AddType type-map .shtml\n" } + it { is_expected.to contain "AddOutputFilter INCLUDES .shtml\n" } end end end diff --git a/templates/mod/mime.conf.erb b/templates/mod/mime.conf.erb index a69a424a6a..8101cf031f 100644 --- a/templates/mod/mime.conf.erb +++ b/templates/mod/mime.conf.erb @@ -31,6 +31,8 @@ AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw -AddHandler type-map var -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml +<%- @mime_types_additional.sort.each do |add_mime, config| -%> + <%- config.each do |type, extension| %> +<%= add_mime %> <%= type %> <%= extension%> + <%- end -%> +<% end %> From 55cc3b4e8f4bc859a1255cb57be2c7923005d822 Mon Sep 17 00:00:00 2001 From: Benedikt Bock Date: Sun, 1 Nov 2015 19:33:23 +0100 Subject: [PATCH 0726/2267] (MODULES-2764) Enclose IPv6 addresses in square brackets The apache module does enclose IPv6 addresses in square brackets as apache recommends Apache 2.2: https://httpd.apache.org/docs/2.2/en/bind.html https://httpd.apache.org/docs/2.2/en/mod/core.html#virtualhost https://httpd.apache.org/docs/2.2/en/mod/core.html#namevirtualhost Apache 2.4: https://httpd.apache.org/docs/2.4/en/bind.html https://httpd.apache.org/docs/2.4/en/mod/core.html#virtualhost added some tests for the custom function enclose_ipv6 --- lib/puppet/parser/functions/enclose_ipv6.rb | 38 +++++++++++ manifests/vhost.pp | 9 +-- spec/acceptance/vhost_spec.rb | 50 +++++++++++++- spec/defines/vhost_spec.rb | 40 +++++++++++- .../parser/functions/enclose_ipv6_spec.rb | 65 +++++++++++++++++++ 5 files changed, 192 insertions(+), 10 deletions(-) create mode 100644 lib/puppet/parser/functions/enclose_ipv6.rb create mode 100644 spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb diff --git a/lib/puppet/parser/functions/enclose_ipv6.rb b/lib/puppet/parser/functions/enclose_ipv6.rb new file mode 100644 index 0000000000..7b064b6a0c --- /dev/null +++ b/lib/puppet/parser/functions/enclose_ipv6.rb @@ -0,0 +1,38 @@ +# +# enclose_ipv6.rb +# + +module Puppet::Parser::Functions + newfunction(:enclose_ipv6, :type => :rvalue, :doc => <<-EOS +Takes an array of ip addresses and encloses the ipv6 addresses with square brackets. + EOS + ) do |arguments| + + require 'ipaddr' + + if (arguments.size != 1) then + raise(Puppet::ParseError, "enclose_ipv6(): Wrong number of arguments "+ + "given #{arguments.size} for 1") + end + unless arguments[0].is_a?(String) or arguments[0].is_a?(Array) then + raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument type "+ + "given #{arguments[0].class} expected String or Array") + end + + input = [arguments[0]].flatten.compact + result = [] + + input.each do |val| + begin + ip = IPAddr.new(val) + rescue ArgumentError + raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ + "given #{val} is not an ip address.") + end + val = "[#{ip.to_s}]" if ip.ipv6? + result = [result,val] + end + + return result.flatten.compact + end +end diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4556015e02..172d961090 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -344,12 +344,13 @@ } if $ip { + $_ip = enclose_ipv6($ip) if $port { - $listen_addr_port = suffix(any2array($ip),":${port}") - $nvh_addr_port = suffix(any2array($ip),":${port}") + $listen_addr_port = suffix(any2array($_ip),":${port}") + $nvh_addr_port = suffix(any2array($_ip),":${port}") } else { $listen_addr_port = undef - $nvh_addr_port = $ip + $nvh_addr_port = $_ip if ! $servername and ! $ip_based { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") } @@ -798,7 +799,7 @@ # - $krb_method_k5passwd # - $krb_authoritative # - $krb_auth_realms - # - $krb_5keytab + # - $krb_5keytab # - $krb_local_user_mapping if $auth_kerb { concat::fragment { "${name}-auth_kerb": diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 37ac83a0ae..77c019f128 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -218,16 +218,16 @@ class { 'apache': end describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } + it { is_expected.to contain '' } it { is_expected.to contain "ServerName example.com" } end describe file($ports_file) do it { is_expected.to be_file } it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen ::1:80' } + it { is_expected.to contain 'Listen [::1]:80' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost ::1:80' } + it { is_expected.not_to contain 'NameVirtualHost [::1]:80' } end it 'should answer to ipv4.example.com' do @@ -243,6 +243,50 @@ class { 'apache': end end + context 'new vhost with IPv6 address on port 80' do + it 'should configure one apache vhost with an ipv6 address' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::vhost { 'example.com': + port => '80', + ip => '::1', + ip_based => true, + docroot => '/var/www/html', + } + host { 'ipv6.example.com': ip => '::1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Hello from vhost\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{$vhost_dir}/25-example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName example.com" } + end + + describe file($ports_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'Listen [::1]:80' } + it { is_expected.not_to contain 'NameVirtualHost [::1]:80' } + end + + it 'should answer to ipv6.example.com' do + shell("/usr/bin/curl ipv6.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + end + context 'apache_directories' do describe 'readme example, adapted' do it 'should configure a vhost with Files' do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f092f41341..7d62d92be4 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -487,12 +487,46 @@ it { is_expected.to compile } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - :content => /[.\/m]*[.\/m]*$/ ) } + :content => /[.\/m]*[.\/m]*$/ ) } it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen ::1:80') } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.to_not contain_concat__fragment('NameVirtualHost ::1:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } end + + context 'vhost with ipv6 address' do + let :params do + { + 'port' => '80', + 'ip' => '::1', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } + end + context 'set only aliases' do let :params do { diff --git a/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb b/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb new file mode 100644 index 0000000000..508f62aea4 --- /dev/null +++ b/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb @@ -0,0 +1,65 @@ +#! /usr/bin/env ruby -S rspec +require 'spec_helper' + +describe "the enclose_ipv6 function" do + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it "should exist" do + expect(Puppet::Parser::Functions.function("enclose_ipv6")).to eq("function_enclose_ipv6") + end + + it "should raise a ParseError if there is less than 1 arguments" do + expect { scope.function_enclose_ipv6([]) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError if there is more than 1 arguments" do + expect { scope.function_enclose_ipv6(['argument1','argument2']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError when given garbage" do + expect { scope.function_enclose_ipv6(['garbage']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError when given something else than a string or an array" do + expect { scope.function_enclose_ipv6([['1' => '127.0.0.1']]) }.to( raise_error(Puppet::ParseError) ) + end + + it "should not raise a ParseError when given a single ip string" do + expect { scope.function_enclose_ipv6(['127.0.0.1']) }.to_not raise_error + end + + it "should not raise a ParseError when given an array of ip strings" do + expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1']]) }.to_not raise_error + end + + it "should not raise a ParseError when given differently notations of ip addresses" do + expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::1]']]) }.to_not raise_error + end + + it "should raise a ParseError when given a wrong ipv4 address" do + expect { scope.function_enclose_ipv6(['127..0.0.1']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError when given a ipv4 address with square brackets" do + expect { scope.function_enclose_ipv6(['[127.0.0.1]']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should raise a ParseError when given a wrong ipv6 address" do + expect { scope.function_enclose_ipv6(['fe80:::1']) }.to( raise_error(Puppet::ParseError) ) + end + + it "should embrace ipv6 adresses within an array of ip addresses" do + result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::1]']]) + expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::1]'])) + end + + it "should embrace a single ipv6 adresse" do + result = scope.function_enclose_ipv6(['fe80::1']) + expect(result).to(eq(['[fe80::1]'])) + end + + it "should not embrace a single ipv4 adresse" do + result = scope.function_enclose_ipv6(['127.0.0.1']) + expect(result).to(eq(['127.0.0.1'])) + end +end From cc443e96e3ca7d0eeda9b76145df681e2882e402 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 4 Nov 2015 14:07:50 +0000 Subject: [PATCH 0727/2267] removing an over complicated test case --- spec/acceptance/mod_passenger_spec.rb | 110 -------------------------- 1 file changed, 110 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 7b2d0da9af..5af9113e5c 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -194,115 +194,5 @@ class { 'apache::mod::passenger': } end end - - when 'RedHat' - # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 - unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') - - if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - pending('test passenger - RHEL7 packages don\'t exist') - else - context "default passenger config" do - it 'succeeds in puppeting passenger' do - pp = <<-EOS - /* EPEL and passenger repositories */ - class { 'epel': } - exec { 'passenger.repo GPG key': - command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - } - file { 'passenger.repo GPG key': - ensure => file, - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => Exec['passenger.repo GPG key'], - } - epel::rpm_gpg_key { 'passenger.stealthymonkeys.com': - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => [ - Class['epel'], - File['passenger.repo GPG key'], - ] - } - $releasever_string = $operatingsystem ? { - 'Scientific' => '6', - default => '$releasever', - } - yumrepo { 'passenger': - baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" , - descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger", - enabled => 1, - gpgcheck => 1, - gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors', - require => [ - Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'], - ], - } - /* apache and mod_passenger */ - class { 'apache': - require => [ - Class['epel'], - ], - } - class { 'apache::mod::passenger': - require => [ - Yumrepo['passenger'] - ], - } - #{pp_rackapp} - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe service(service_name) do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end - - describe file(conf_file) do - it { is_expected.to contain "PassengerRoot #{passenger_root}" } - it { is_expected.to contain "PassengerRuby #{passenger_ruby}" } - it { is_expected.to contain "PassengerTempDir #{passenger_tempdir}" } - end - - describe file(load_file) do - it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } - end - - it 'should output status via passenger-memory-stats' do - shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| - expect(r.stdout).to match(/Apache processes/) - expect(r.stdout).to match(/Nginx processes/) - expect(r.stdout).to match(/Passenger processes/) - expect(r.stdout).to match(/### Processes: [0-9]+/) - expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) - - expect(r.exit_code).to eq(0) - end - end - - it 'should output status via passenger-status' do - shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| - # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ - - r.exit_code.should == 0 - end - end - - it 'should answer to passenger.example.com' do - shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello world<\/b>$/ - r.exit_code.should == 0 - end - end - end - end - end end end From 846b77bf7da0ad4cf76121996bfc540def20af1a Mon Sep 17 00:00:00 2001 From: Benedikt Bock Date: Fri, 6 Nov 2015 14:13:37 +0100 Subject: [PATCH 0728/2267] Ruby 2.0 introduces IPAddr::InvalidAddressError --- lib/puppet/parser/functions/enclose_ipv6.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/puppet/parser/functions/enclose_ipv6.rb b/lib/puppet/parser/functions/enclose_ipv6.rb index 7b064b6a0c..968bd723ed 100644 --- a/lib/puppet/parser/functions/enclose_ipv6.rb +++ b/lib/puppet/parser/functions/enclose_ipv6.rb @@ -10,6 +10,11 @@ module Puppet::Parser::Functions require 'ipaddr' + rescuable_exceptions = [ ArgumentError ] + if defined?(IPAddr::InvalidAddressError) + rescuable_exceptions << IPAddr::InvalidAddressError + end + if (arguments.size != 1) then raise(Puppet::ParseError, "enclose_ipv6(): Wrong number of arguments "+ "given #{arguments.size} for 1") @@ -25,7 +30,7 @@ module Puppet::Parser::Functions input.each do |val| begin ip = IPAddr.new(val) - rescue ArgumentError + rescue *rescuable_exceptions raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ "given #{val} is not an ip address.") end From e54b1adf2d73323b83316f45df748a37c818ea95 Mon Sep 17 00:00:00 2001 From: Olivier Hanesse Date: Mon, 9 Nov 2015 15:07:27 +0100 Subject: [PATCH 0729/2267] Fix typo about dynamic AddHandler/AddType Last commit about dynamic AddHandler/AddType introduces a little typo The "right" syntax should be : AddType text/html .shtml --- manifests/params.pp | 2 +- spec/acceptance/mod_mime_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 285f440d41..9e8cad39b4 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -35,7 +35,7 @@ 'type-map' => 'var' }, 'AddType' => { - 'type-map' => '.shtml' + 'text/html' => '.shtml' }, 'AddOutputFilter' => { 'INCLUDES' => '.shtml' diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index 78f73f53b5..89b3c800fa 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -33,7 +33,7 @@ class { 'apache': } describe file("#{mod_dir}/mime.conf") do it { is_expected.to contain "AddType application/x-compress .Z" } it { is_expected.to contain "AddHandler type-map var\n" } - it { is_expected.to contain "AddType type-map .shtml\n" } + it { is_expected.to contain "AddType text/html .shtml\n" } it { is_expected.to contain "AddOutputFilter INCLUDES .shtml\n" } end end From 0feea4f62eb3139188d939cea279e7625dc0591a Mon Sep 17 00:00:00 2001 From: Olivier Hanesse Date: Mon, 9 Nov 2015 16:37:09 +0100 Subject: [PATCH 0730/2267] Add missing parameters in mod_auth_kerb According to the http://modauthkerb.sourceforge.net/configure.html webpage, the following parameters are missing. --- README.md | 12 ++++++++++++ manifests/vhost.pp | 3 +++ spec/defines/vhost_spec.rb | 6 ++++++ templates/vhost/_auth_kerb.erb | 11 ++++++++++- 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fbf56e00dc..340cd2d787 100644 --- a/README.md +++ b/README.md @@ -2074,6 +2074,18 @@ Location of the Kerberos V5 keytab file. Not set by default. Strips @REALM from username for further use. Not set by default. +##### `krb_verify_kdc` + +This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default is 'on' + +##### `krb_servicename` + +Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default is 'HTTP' + +##### `krb_save_credentials` + +This option enables credential saving functionality. Default is 'off' + ##### `limit_request_field_size` [Limits](http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize) the size of the HTTP request header allowed from the client. Default is 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4556015e02..537465ce3f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -131,6 +131,9 @@ $krb_auth_realms = [], $krb_5keytab = undef, $krb_local_user_mapping = undef, + $krb_verify_kdc = 'on', + $krb_servicename = 'HTTP', + $krb_save_credentials = 'off', $limit_request_field_size = undef, ) { # The base class must be included first because it is used by parameter defaults diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f092f41341..7bcfb0f677 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -456,6 +456,12 @@ :content => /^\s+Krb5Keytab\s\/tmp\/keytab5$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbLocalUserMapping\soff$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbServiceName\sHTTP$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbSaveCredentials\soff$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( + :content => /^\s+KrbVerifyKDC\son$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-limits').with( :content => /^\s+LimitRequestFieldSize\s54321$/)} end diff --git a/templates/vhost/_auth_kerb.erb b/templates/vhost/_auth_kerb.erb index 9179ee8b2a..97f4c1fc69 100644 --- a/templates/vhost/_auth_kerb.erb +++ b/templates/vhost/_auth_kerb.erb @@ -17,7 +17,16 @@ Krb5Keytab <%= @krb_5keytab %> <%- end -%> <%- if @krb_local_user_mapping -%> - KrbLocalUserMapping <%= @krb_local_user_mapping -%> + KrbLocalUserMapping <%= @krb_local_user_mapping %> + <%- end -%> + <%- if @krb_verify_kdc -%> + KrbVerifyKDC <%= @krb_verify_kdc %> + <%- end -%> + <%- if @krb_servicename -%> + KrbServiceName <%= @krb_servicename %> + <%- end -%> + <%- if @krb_save_credentials -%> + KrbSaveCredentials <%= @krb_save_credentials -%> <%- end -%> <% end -%> From 0fe758857f5cd9e17869f353f0f4984669bd2841 Mon Sep 17 00:00:00 2001 From: Alex Harvey Date: Wed, 11 Nov 2015 18:00:33 +1100 Subject: [PATCH 0731/2267] (MODULES-2811) Add missing helper lines to spec files --- spec/classes/mod/auth_mellon_spec.rb | 2 ++ spec/classes/mod/ext_filter_spec.rb | 2 ++ spec/classes/mod/info_spec.rb | 2 ++ spec/classes/mod/shib_spec.rb | 2 ++ spec/unit/provider/a2mod/gentoo_spec.rb | 2 -- spec/unit/puppet/parser/functions/bool2httpd_spec.rb | 1 - 6 files changed, 8 insertions(+), 3 deletions(-) diff --git a/spec/classes/mod/auth_mellon_spec.rb b/spec/classes/mod/auth_mellon_spec.rb index f022e48108..4fac1c3e86 100644 --- a/spec/classes/mod/auth_mellon_spec.rb +++ b/spec/classes/mod/auth_mellon_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::auth_mellon', :type => :class do let :pre_condition do 'include apache' diff --git a/spec/classes/mod/ext_filter_spec.rb b/spec/classes/mod/ext_filter_spec.rb index afa71c1083..ed61db9f20 100644 --- a/spec/classes/mod/ext_filter_spec.rb +++ b/spec/classes/mod/ext_filter_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::ext_filter', :type => :class do let :pre_condition do 'class { "apache": diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index b444bc0037..8ecbcdd2a3 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + # This function is called inside the OS specific contexts def general_info_specs_22 it { is_expected.to contain_apache__mod('info') } diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb index 0254d4c3c6..11193b2766 100644 --- a/spec/classes/mod/shib_spec.rb +++ b/spec/classes/mod/shib_spec.rb @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::shib', :type => :class do let :pre_condition do 'include apache' diff --git a/spec/unit/provider/a2mod/gentoo_spec.rb b/spec/unit/provider/a2mod/gentoo_spec.rb index 78f902bf72..e472745e92 100644 --- a/spec/unit/provider/a2mod/gentoo_spec.rb +++ b/spec/unit/provider/a2mod/gentoo_spec.rb @@ -1,5 +1,3 @@ -#!/usr/bin/env rspec - require 'spec_helper' provider_class = Puppet::Type.type(:a2mod).provider(:gentoo) diff --git a/spec/unit/puppet/parser/functions/bool2httpd_spec.rb b/spec/unit/puppet/parser/functions/bool2httpd_spec.rb index b0bcbb6220..19d35e5922 100644 --- a/spec/unit/puppet/parser/functions/bool2httpd_spec.rb +++ b/spec/unit/puppet/parser/functions/bool2httpd_spec.rb @@ -1,4 +1,3 @@ -#! /usr/bin/env ruby -S rspec require 'spec_helper' describe "the bool2httpd function" do From b74fdf5a95bc2a7cc0f17c1e45311be656006afb Mon Sep 17 00:00:00 2001 From: Alex Harvey Date: Wed, 11 Nov 2015 18:22:36 +1100 Subject: [PATCH 0732/2267] (MODULES-2812) Fix deprecation warning in service_spec.rb --- spec/classes/service_spec.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 4c851385cd..f53937a7ff 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -126,9 +126,7 @@ 'service_manage' => false } end - it 'should not manage the httpd service' do - subject.should_not contain_service('httpd') - end + it { is_expected.not_to contain_service('httpd') } end context "on a FreeBSD 5 OS" do From 678c02aa8bfd132f5c5dfa1086b6f5d48721e57b Mon Sep 17 00:00:00 2001 From: Alex Harvey Date: Wed, 11 Nov 2015 18:28:44 +1100 Subject: [PATCH 0733/2267] (MODULES-2813) Fix deprecation warning in spec_helper.rb --- spec/spec_helper.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 65379ee38a..475b72c07b 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,8 +1,6 @@ require 'puppetlabs_spec_helper/module_spec_helper' RSpec.configure do |c| - c.treat_symbols_as_metadata_keys_with_true_values = true - c.before :each do # Ensure that we don't accidentally cache facts and environment # between test cases. From 1bfb80975273ab95f8085fb2440d5cf278661c6d Mon Sep 17 00:00:00 2001 From: rexcze Date: Wed, 11 Nov 2015 16:45:48 +0100 Subject: [PATCH 0734/2267] Add support for changing mod_nss listen port --- manifests/mod/nss.pp | 3 ++- templates/mod/nss.conf.erb | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index 132b41b3f6..d275cc493e 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -1,7 +1,8 @@ class apache::mod::nss ( $transfer_log = "${::apache::params::logroot}/access.log", $error_log = "${::apache::params::logroot}/error.log", - $passwd_file = undef + $passwd_file = undef, + $port = 8443, ) { include ::apache::mod::mime diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb index a5c81752f3..22762ccac7 100644 --- a/templates/mod/nss.conf.erb +++ b/templates/mod/nss.conf.erb @@ -17,7 +17,7 @@ # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two # Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443" # -Listen 8443 +Listen <%= @port %> ## ## SSL Global Context @@ -84,7 +84,7 @@ NSSRequireSafeNegotiation off ## SSL Virtual Host Context ## - +> # General setup for the virtual host #DocumentRoot "/etc/httpd/htdocs" From a9bf898738d579811530ea7a4958b6e740eabe4a Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 12 Nov 2015 12:07:12 +0000 Subject: [PATCH 0735/2267] removing redhat passenger tests, for now --- spec/acceptance/vhost_spec.rb | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 37ac83a0ae..2d3b834747 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1058,40 +1058,6 @@ class { 'apache': } end end - # Passenger isn't even in EPEL on el-5 - if default['platform'] !~ /^el-5/ - if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - pending('Since we don\'t have passenger on RHEL7 rack_base_uris tests will fail') - else - describe 'rack_base_uris' do - if fact('osfamily') == 'RedHat' - it 'adds epel' do - pp = "class { 'epel': }" - apply_manifest(pp, :catch_failures => true) - end - end - - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'RackBaseURI /test' } - end - end - end - end - - describe 'request_headers' do it 'applies cleanly' do pp = <<-EOS From b9b9565170308a0a3d04577a37c88fa743f5a96e Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 13 Nov 2015 15:00:59 +0000 Subject: [PATCH 0736/2267] updating the test to use ipv4 addresses --- spec/acceptance/vhost_spec.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 2d3b834747..c4a34b1f1c 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -198,12 +198,12 @@ class { 'apache': } apache::vhost { 'example.com': port => '80', - ip => ['127.0.0.1','::1'], + ip => ['127.0.0.1','127.0.0.2'], ip_based => true, docroot => '/var/www/html', } host { 'ipv4.example.com': ip => '127.0.0.1', } - host { 'ipv6.example.com': ip => '::1', } + host { 'ipv6.example.com': ip => '127.0.0.2', } file { '/var/www/html/index.html': ensure => file, content => "Hello from vhost\\n", @@ -218,16 +218,16 @@ class { 'apache': end describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } + it { is_expected.to contain '' } it { is_expected.to contain "ServerName example.com" } end describe file($ports_file) do it { is_expected.to be_file } it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen ::1:80' } + it { is_expected.to contain 'Listen 127.0.0.2:80' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost ::1:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } end it 'should answer to ipv4.example.com' do From bfcf6cc066fd041750ef30fc7c45b4cdffa4e814 Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 30 Oct 2015 17:53:02 +0000 Subject: [PATCH 0737/2267] 1.7.0 release prep --- CHANGELOG.md | 48 ++++++++++++++++++++ README.md | 4 ++ {tests => examples}/apache.pp | 0 {tests => examples}/dev.pp | 0 {tests => examples}/init.pp | 0 {tests => examples}/mod_load_params.pp | 0 {tests => examples}/mods.pp | 0 {tests => examples}/mods_custom.pp | 0 {tests => examples}/php.pp | 0 {tests => examples}/vhost.pp | 0 {tests => examples}/vhost_directories.pp | 0 {tests => examples}/vhost_filter.pp | 4 +- {tests => examples}/vhost_ip_based.pp | 0 {tests => examples}/vhost_proxypass.pp | 0 {tests => examples}/vhost_ssl.pp | 0 {tests => examples}/vhosts_without_listen.pp | 0 metadata.json | 2 +- 17 files changed, 55 insertions(+), 3 deletions(-) rename {tests => examples}/apache.pp (100%) rename {tests => examples}/dev.pp (100%) rename {tests => examples}/init.pp (100%) rename {tests => examples}/mod_load_params.pp (100%) rename {tests => examples}/mods.pp (100%) rename {tests => examples}/mods_custom.pp (100%) rename {tests => examples}/php.pp (100%) rename {tests => examples}/vhost.pp (100%) rename {tests => examples}/vhost_directories.pp (100%) rename {tests => examples}/vhost_filter.pp (90%) rename {tests => examples}/vhost_ip_based.pp (100%) rename {tests => examples}/vhost_proxypass.pp (100%) rename {tests => examples}/vhost_ssl.pp (100%) rename {tests => examples}/vhosts_without_listen.pp (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 985194bf54..fb33a13633 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,51 @@ +## 2015-11-17 - Supported Release 1.7.0 +### Summary +This release includes many new features and bugfixes. There are test, documentation and misc improvements. + +#### Features +- allow groups with - like vhost-users +- ability to enable/disable the secruleengine through a parameter +- add mod_auth_kerb parameters to vhost +- client auth for reverse proxy +- support for mod_auth_mellon +- change SSLProtocol in apache::vhost to be space separated +- RewriteLock support + +#### Bugfixes +- fix apache::mod::cgid so it can be used with the event MPM +- load unixd before fcgid on all operating systems +- fixes conditional in vhost aliases +- corrects mod_cgid worker/event defaults +- ProxyPassMatch parameters were ending up on a newline +- catch that mod_authz_default has been removed in Apache 2.4 +- mod::ssl fails on SLES +- fix typo of MPM_PREFORK for FreeBSD package install +- install all modules before adding custom configs +- fix acceptance testing for SSLProtocol behaviour for real +- fix ordering issue with conf_file and ports_file + +#### Known Issues +- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues. + +#### Improvements +- added docs for forcetype directive +- removes ruby 1.8.7 from the travisci test matrix +- readme reorganisation, minor fixups +- support the mod_proxy ProxyPassReverseCookiePath directive +- the purge_vhost_configs parameter is actually called purge_vhost_dir +- add ListenBacklog for mod worker +- deflate application/json by default +- install mod_authn_alias as default mod in debian for apache < 2.4 +- optionally set LimitRequestFieldSize on an apache::vhost +- add SecUploadDir parameter to support file uploads with mod_security +- optionally set parameters for mod_ext_filter module +- allow SetOutputFilter to be set on a directory +- RC4 is deprecated +- allow empty docroot +- add option to configure the include pattern for the vhost_enable dir +- allow multiple IP addresses per vhost +- default document root update for Ubuntu 14.04 and Debian 8 + ## 2015-07-28 - Supported Release 1.6.0 ### Summary This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. diff --git a/README.md b/README.md index 2953d8aba4..8601939aa1 100644 --- a/README.md +++ b/README.md @@ -3259,6 +3259,10 @@ The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside t The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. +### RHEL/CentOS 6 + +The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. + ### RHEL/CentOS 7 The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. diff --git a/tests/apache.pp b/examples/apache.pp similarity index 100% rename from tests/apache.pp rename to examples/apache.pp diff --git a/tests/dev.pp b/examples/dev.pp similarity index 100% rename from tests/dev.pp rename to examples/dev.pp diff --git a/tests/init.pp b/examples/init.pp similarity index 100% rename from tests/init.pp rename to examples/init.pp diff --git a/tests/mod_load_params.pp b/examples/mod_load_params.pp similarity index 100% rename from tests/mod_load_params.pp rename to examples/mod_load_params.pp diff --git a/tests/mods.pp b/examples/mods.pp similarity index 100% rename from tests/mods.pp rename to examples/mods.pp diff --git a/tests/mods_custom.pp b/examples/mods_custom.pp similarity index 100% rename from tests/mods_custom.pp rename to examples/mods_custom.pp diff --git a/tests/php.pp b/examples/php.pp similarity index 100% rename from tests/php.pp rename to examples/php.pp diff --git a/tests/vhost.pp b/examples/vhost.pp similarity index 100% rename from tests/vhost.pp rename to examples/vhost.pp diff --git a/tests/vhost_directories.pp b/examples/vhost_directories.pp similarity index 100% rename from tests/vhost_directories.pp rename to examples/vhost_directories.pp diff --git a/tests/vhost_filter.pp b/examples/vhost_filter.pp similarity index 90% rename from tests/vhost_filter.pp rename to examples/vhost_filter.pp index ab339737f9..ca1a8bbe03 100644 --- a/tests/vhost_filter.pp +++ b/examples/vhost_filter.pp @@ -3,8 +3,8 @@ # Example from README adapted. apache::vhost { 'readme.example.net': - docroot => '/var/www/html', - filters => [ + docroot => '/var/www/html', + filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', diff --git a/tests/vhost_ip_based.pp b/examples/vhost_ip_based.pp similarity index 100% rename from tests/vhost_ip_based.pp rename to examples/vhost_ip_based.pp diff --git a/tests/vhost_proxypass.pp b/examples/vhost_proxypass.pp similarity index 100% rename from tests/vhost_proxypass.pp rename to examples/vhost_proxypass.pp diff --git a/tests/vhost_ssl.pp b/examples/vhost_ssl.pp similarity index 100% rename from tests/vhost_ssl.pp rename to examples/vhost_ssl.pp diff --git a/tests/vhosts_without_listen.pp b/examples/vhosts_without_listen.pp similarity index 100% rename from tests/vhosts_without_listen.pp rename to examples/vhosts_without_listen.pp diff --git a/metadata.json b/metadata.json index a0e3fc2fac..f06e6d529c 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.6.0", + "version": "1.7.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 8dc87f961f4d6e031ae3b7d0c5fa34abea59d0ae Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Mon, 16 Nov 2015 17:32:48 -0800 Subject: [PATCH 0738/2267] (docs) Fix issues with the 1.7.0 readme. Fixes several typos and links, and reorganizes the `apache::mod::auth_mellon`, `mellon_enable`, and `auth_kerb` sections, and document missing default values. --- README.md | 850 +++++++++++++++++++++----------------------- README.passenger.md | 2 +- 2 files changed, 411 insertions(+), 441 deletions(-) diff --git a/README.md b/README.md index 8601939aa1..15565edfbe 100644 --- a/README.md +++ b/README.md @@ -144,8 +144,11 @@ [`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html [`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html +[`mod_cache_disk`]: https://httpd.apache.org/docs/current/mod/mod_cache_disk.html [`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: http://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html @@ -1301,16 +1304,22 @@ Installs and manages [`mod_alias`][]. - **Gentoo**: `/var/www/icons` - **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` -####Class: `apache::mod::disk_cache` +#### Class: `apache::mod::disk_cache` -Installs and configures mod_disk_cache. The cache root is determined based on apache version and OS. It can be specified directly as well. +Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: -Specifying the cache root: -```puppet - class {'::apache::mod::disk_cache': - cache_root => '/path/to/cache', - } -``` +- **Debian**: `/var/cache/apache2/mod_cache_disk` +- **FreeBSD**: `/var/cache/mod_cache_disk` +- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy` +- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy` + +You can specify the cache root by passing a path as a string to the `cache_root` parameter. + +~~~ puppet +class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', +} +~~~ ##### Class: `apache::mod::event` @@ -1352,29 +1361,29 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe ##### Class: `apache::mod::auth_mellon` -Installs and manages [`mod_auth_mellon`][]. It's parameters share names with the Apache module's directives. +Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. -~~~puppet -class{'apache::mod::auth_mellon': - mellon_cache_size => 101 +~~~ puppet +class{ 'apache::mod::auth_mellon': + mellon_cache_size => 101, } ~~~ **Parameters within `apache::mod::auth_mellon`**: -- `mellon_cache_size`: Size in megabytes of mellon cache. -- `mellon_cache_entry_size`: Maximum size for single session. -- `mellon_lock_file`: Location of lock file. -- `mellon_post_directory`: Full path where post requests are saved. -- `mellon_post_ttl`: Time to keep post requests. -- `mellon_post_size`: Maximum size of post requests. -- `mellon_post_count`: Maxmum number of post requests. +- `mellon_cache_entry_size`: Maximum size for a single session. Default: 'undef'. +- `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. +- `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. +- `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' +- `mellon_post_ttl`: Time to keep post requests. Default: 'undef'. +- `mellon_post_size`: Maximum size of post requests. Default: 'undef'. +- `mellon_post_count`: Maximum number of post requests. Default: 'undef'. ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. -**Parameters within `apache::mod::deflate`:** +**Parameters within `apache::mod::deflate`**: - `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. - `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } @@ -1394,7 +1403,7 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Installs and configures [`mod_ext_filter`][]. ~~~ puppet -class{'apache::mod::ext_filter': +class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', @@ -1410,7 +1419,7 @@ class{'apache::mod::ext_filter': Installs and configures [`mod_fcgid`][]. -The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [Hash][]. For example: +The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: ~~~ puppet class { 'apache::mod::fcgid': @@ -1530,7 +1539,7 @@ Default values depend on your operating system. - `package_name`: Names the package that installs `php_mod`. - `path`: Defines the path to the `mod_php` shared object (`.so`) file. -- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` path. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. - `content`: Adds arbitrary content to `php.conf`. @@ -2018,59 +2027,44 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} ~~~ ##### `auth_kerb` -Enable mod_auth_kerb parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. Usage typically looks like: ~~~ puppet - apache::vhost {'sample.example.net': - auth_kerb => true, - krb_method_negotiate => 'on', - krb_auth_realms => ['EXAMPLE.ORG'], - krb_local_user_mapping => 'on', - directories => { - path => '/var/www/html', - auth_name => 'Kerberos Login', - auth_type => 'Kerberos', - auth_require => 'valid-user', - } - } +apache::vhost { 'sample.example.net': + auth_kerb => true, + krb_method_negotiate => 'on', + krb_auth_realms => ['EXAMPLE.ORG'], + krb_local_user_mapping => 'on', + directories => { + path => '/var/www/html', + auth_name => 'Kerberos Login', + auth_type => 'Kerberos', + auth_require => 'valid-user', + }, +} ~~~ -##### `krb_method_negotiate` - -To enable or disable the use of the Negotiate method. Defaults is 'on' - -##### `krb_method_k5passwd` - -To enable or disable the use of password based authentication for Kerberos v5. Default is 'on' - -##### `krb_authoritative` - -If set to off this directive allow authentication controls to be pass on to another modules. Default is 'on' +Related parameters follow the names of `mod_auth_kerb` directives: -##### `krb_auth_realms` - -Specifies an array Kerberos realm(s) to be used for authentication. Default is [] - -##### `krb_5keytab` - -Location of the Kerberos V5 keytab file. Not set by default. - -##### `krb_local_user_mapping` - -Strips @REALM from username for further use. Not set by default. +- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. +- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. +- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. +- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: `[]`. +- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. +- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. ##### `limit_request_field_size` @@ -2265,11 +2259,11 @@ Specifies the address to redirect to. Defaults to 'undef'. Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirect_source => ['/images','/downloads'], - redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], - } +apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], +} ~~~ ##### `redirect_status` @@ -2277,10 +2271,10 @@ Specifies the source URIs that redirect to the destination specified in `redirec Specifies the status to append to the redirect. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirect_status => ['temp','permanent'], - } +apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], +} ~~~ ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` @@ -2288,12 +2282,12 @@ Specifies the status to append to the redirect. Defaults to 'undef'. Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirectmatch_status => ['404','404'], - redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], - redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], - } +apache::vhost { 'site.name.fdqn': + … + redirectmatch_status => ['404','404'], + redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], +} ~~~ ##### `request_headers` @@ -2301,13 +2295,13 @@ Determines which server status should be raised for a given regular expression a Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - request_headers => [ - 'append MirrorID "mirror 12"', - 'unset MirrorID', - ], - } +apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', + ], +} ~~~ ##### `rewrites` @@ -2316,69 +2310,69 @@ Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be For example, you can specify that anyone trying to access index.html is served welcome.html ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] +} ~~~ The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'redirect IE', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} ~~~ You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} ~~~ Multiple rewrites and conditions are also possible ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - { - comment => 'Internet Explorer', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ /index.IE.html [L]'], - }, - { - rewrite_base => /apps/, - rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], - }, - { comment => 'Rewrite to lower case', - rewrite_cond => ['%{REQUEST_URI} [A-Z]'], - rewrite_map => ['lc int:tolower'], - rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + { + rewrite_base => /apps/, + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + }, + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + }, + ], +} ~~~ Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. @@ -2389,32 +2383,32 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for exa ##### `scriptaliases` -*Note*: This parameter is deprecated in favour of the `aliases` parameter. +**Note**: This parameter is deprecated in favor of the `aliases` parameter. -Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). ~~~ puppet - scriptaliases => [ - { - alias => '/myscript', - path => '/usr/share/myscript', - }, - { - aliasmatch => '^/foo(.*)', - path => '/usr/share/fooscripts$1', - }, - { - aliasmatch => '^/bar/(.*)', - path => '/usr/share/bar/wrapper.sh/$1', - }, - { - alias => '/neatscript', - path => '/usr/share/neatscript', - }, - ] +scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, +] ~~~ -The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing. +The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. ##### `serveradmin` @@ -2435,9 +2429,9 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: ~~~ puppet - apache::vhost { 'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], - } +apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], +} ~~~ ##### `setenvif` @@ -2457,16 +2451,16 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP ~~~ puppet - apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } - } +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } +} ~~~ ##### `vhost_name` @@ -2478,13 +2472,13 @@ Enables name-based virtual hosting. If no IP is passed to the virtual host, but Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ~~~ puppet - apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot' => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], - } +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot' => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} ~~~ ##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` @@ -2506,22 +2500,22 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI ~~~ puppet - apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => - { processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - wsgi_chunked_request => 'On', - } +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => + { processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', +} ~~~ -####Parameter `directories` for `apache::vhost` +#### Parameter `directories` for `apache::vhost` The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. @@ -2532,15 +2526,15 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like ~~~ puppet - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' - }, - ], - } +apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all', + }, + ], +} ~~~ *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. @@ -2548,9 +2542,9 @@ General `directories` usage looks something like Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', handler => value } ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', handler => value } ], } ~~~ @@ -2561,14 +2555,14 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], + }, + ], +} ~~~ ###### `allow` @@ -2576,14 +2570,14 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, + ], +} ~~~ ###### `allow_override` @@ -2591,14 +2585,14 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, + ], +} ~~~ ###### `auth_basic_authoritative` @@ -2704,33 +2698,33 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ~~~ puppet - apache::vhost { 'sample.example.net': - directories => [ - { path => '/srv/www', - error_documents => [ - { 'error_code' => '503', - 'document' => '/service-unavail', - }, - ], +apache::vhost { 'sample.example.net': + directories => [ + { path => '/srv/www', + error_documents => [ + { 'error_code' => '503', + 'document' => '/service-unavail', }, ], - } + }, + ], +} ~~~ ###### `ext_filter_options` -Sets the [ExtFilterOptions](http://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. -Note that you must delcare `class {'apache::mod::ext_filter': }` before using this directive. +Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. +Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. ~~~ puppet - apache::vhost{ 'filter.example.org': - docroot => '/var/www/filter', - directories => [ - { path => '/var/www/filter', - ext_filter_options => 'LogStderr Onfail=abort', - }, - ], - } +apache::vhost { 'filter.example.org': + docroot => '/var/www/filter', + directories => [ + { path => '/var/www/filter', + ext_filter_options => 'LogStderr Onfail=abort', + }, + ], +} ~~~ ###### `geoip_enable` @@ -2739,14 +2733,14 @@ Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configura Note that you must declare `class {'apache::mod::geoip': }` before using this directive. ~~~ puppet - apache::vhost { 'first.example.com': - docroot => '/var/www/first', - directories => [ - { path => '/var/www/first', - geoip_enable => true, - }, - ], - } +apache::vhost { 'first.example.com': + docroot => '/var/www/first', + directories => [ + { path => '/var/www/first', + geoip_enable => true, + }, + ], +} ~~~ ###### `headers` @@ -2754,13 +2748,13 @@ Note that you must declare `class {'apache::mod::geoip': }` before using this di Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => { - path => '/path/to/directory', - headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - }, - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => { + path => '/path/to/directory', + headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + }, +} ~~~ ###### `index_options` @@ -2768,58 +2762,58 @@ Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.htm Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + }, + ], +} ~~~ ###### `index_order_default` -Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. +Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - index_order_default => ['Descending', 'Date'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + index_order_default => ['Descending', 'Date'], + }, + ], +} ~~~ ###### `index_style_sheet` -Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. +Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['FancyIndexing'], - index_style_sheet => '/styles/style.css', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], +} ~~~ ###### `mellon_enable` -Sets the [MellonEnable](https://github.com/UNINETT/mod_auth_mellon) to enable auth_melon on a location. +Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_melon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. ~~~ puppet -apache::vhost{'sample.example.net': - docroot => '/path/to/directory', +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', directories => [ { path => '/', provider => 'directory', @@ -2827,69 +2821,45 @@ apache::vhost{'sample.example.net': mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, mellon_endpoint_path => '/mellon', mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', - 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress'}, - mellon_user => 'ADFS_LOGIN' + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, + mellon_user => 'ADFS_LOGIN', }, - { path => '/protected', - provider => 'location', + { path => '/protected', + provider => 'location', mellon_enable => 'auth', - auth_type => 'Mellon', - auth_require => 'valid-user', - mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'] - } + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], + }, ] } ~~~ -###### `mellon_cond` - -Sets the [MellonCond](https://github.com/UNINETT/mod_auth_mellon) is an array of mellon conditions that must -be met to grant access. - - -###### `mellon_endpoint_path` - -Sets the [MellonEndpointPath](https://github.com/UNINETT/mod_auth_mellon) to set melon endpoint path. - -###### `mellon_idp_metadata_file` - -Sets the [MellonIDPMetadataFile](https://github.com/UNINETT/mod_auth_mellon) location of idp metadata file. - -###### `mellon_saml_rsponse_dump` +Related parameters follow the names of `mod_auth_melon` directives: -Sets the [MellonSamlRepsponseDump](https://github.com/UNINETT/mod_auth_mellon) to enable debug of SAML. - -###### `mellon_set_env_no_prefix` - -Sets the [MellonSetEnvNoPrefix](https://github.com/UNINETT/mod_auth_mellon) is a hash of attribute names to map +- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_melon`] directive for each item in the array. +- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_melon`] to set the mellon endpoint path. +- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_melon`] location of the IDP metadata file. +- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_melon`] directive to enable debug of SAML. +- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_melon`] directive to a hash of attribute names to map to environment variables. - - -###### `mellon_sp_private_key_file` - -Sets the [MellonSPPrivateKeyFile](https://github.com/UNINETT/mod_auth_mellon) private key location of service provider. - -###### `mellon_sp_cert_file` - -Sets the [MellonSPCertFile](https://github.com/UNINETT/mod_auth_mellon) public key location of service provider. - -###### `mellon_user` - -Sets the [MellonUser](https://github.com/UNINETT/mod_auth_mellon) attribute we should use for the username. +- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_melon`] directive for the private key location of the service provider. +- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_melon`] directive for the public key location of the service provider. +- `mellon_user`: Sets the [MellonUser][`mod_auth_melon`] attribute to use for the username. ###### `options` -Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. +Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + }, + ], +} ~~~ ###### `order` @@ -2897,32 +2867,32 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + }, + ], +} ~~~ ###### `passenger_enabled` -Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. +Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - passenger_enabled => 'on', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, + ], +} ~~~ -*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. +**Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. ###### `php_value` and `php_flag` @@ -2935,47 +2905,47 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ###### `satisfy` -Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', - } - ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', } + ], +} ~~~ ###### `sethandler` -Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: +Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', - } - ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', } + ], +} ~~~ ###### `set_output_filter` -Sets a `SetOutputFilter` directive as per [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). An example: +Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). ~~~ puppet - apache::vhost{ 'filter.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - set_output_filter => puppetdb-strip-resource-params, - }, - ], - } +apache::vhost{ 'filter.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + set_output_filter => puppetdb-strip-resource-params, + }, + ], +} ~~~ ###### `rewrites` @@ -2983,64 +2953,64 @@ Sets a `SetOutputFilter` directive as per [Apache Core documentation](http://htt Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - rewrites => [ { comment => 'Permalink Rewrites', - rewrite_base => '/' - }, - { rewrite_rule => [ '^index\.php$ - [L]' ] - }, - { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - rewrite_rule => [ '. /index.php [L]' ], - } - ], - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], +} ~~~ -***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. +***Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. ###### `shib_request_setting` -Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - shib_request_settings => { 'requiresession' => 'On' }, - shib_use_headers => 'On', - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_request_settings => { 'requiresession' => 'On' }, + shib_use_headers => 'On', + }, + ], +} ~~~ ###### `shib_use_headers` -When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ###### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', - }, - { path => '/path/to/different/dir', - ssl_options => [ '-StdEnvVars', '+ExportCertData'], - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + ssl_options => '+ExportCertData', + }, + { path => '/path/to/different/dir', + ssl_options => [ '-StdEnvVars', '+ExportCertData'], + }, + ], +} ~~~ ###### `suphp` @@ -3048,20 +3018,20 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', - }, - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + suphp => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} ~~~ -####SSL parameters for `apache::vhost` +#### SSL parameters for `apache::vhost` All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. diff --git a/README.passenger.md b/README.passenger.md index d50b3f4897..c16c5a4a45 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -172,7 +172,7 @@ http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRe #### passenger_spawn_method -Sets the method by which Ruby application processes are spawned. Default is `smart` +Sets the method by which Ruby application processes are spawned. Default is 'smart', which caches code using the app preloader. Passenger >= 4.0 renamed `conservative` to `direct` and `smart-lv2` to `smart`. From f35a65d1f531eb78bafe9cd4be883c3322553073 Mon Sep 17 00:00:00 2001 From: Robert Vargason Date: Wed, 18 Nov 2015 12:14:49 +0100 Subject: [PATCH 0739/2267] Leave require directive unmanaged Instead to default require to 'Require all granted' if no 'require' parameter is set for a directory, leave require unmanaged in apache 2.4 if needed. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. --- README.md | 29 ++++++++++++++ spec/defines/vhost_spec.rb | 67 ++++++++++++++++++++++++++++++++ templates/vhost/_directories.erb | 4 +- 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 32ac2cbea2..86c1d9c9b3 100644 --- a/README.md +++ b/README.md @@ -2951,6 +2951,35 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). +###### `require` + + +Sets a `Require` directive as per the [Apache Authz documentation](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. + +~~~ puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'IP 10.17.42.23', + } + ], + } +~~~ + +If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. + +~~~ puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'unmanaged', + } + ], + } +~~~ + ###### `satisfy` Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 76dc950574..3f53472543 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -978,5 +978,72 @@ let :facts do default_facts end it { expect { is_expected.to compile }.to raise_error } end + context 'default of require all granted' do + let :params do + { + 'docroot' => '/var/www/foo', + 'directories' => [ + { + 'path' => '/var/www/foo/files', + 'provider' => 'files', + }, + ], + + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.19.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_file('25-rspec.example.com.conf') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all granted$/ ) } + end + context 'require unmanaged' do + let :params do + { + 'docroot' => '/var/www/foo', + 'directories' => [ + { + 'path' => '/var/www/foo', + 'require' => 'unmanaged', + }, + ], + + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.19.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_file('25-rspec.example.com.conf') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all granted$/ ) + } + end end end diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index df6b6615e4..b1475513c9 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -57,7 +57,7 @@ <%- end -%> <%- end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - <%- if directory['require'] and directory['require'] != '' -%> + <%- if directory['require'] && directory['require'] != '' && directory['require'] !~ /unmanaged/i -%> <%- Array(directory['require']).each do |req| -%> Require <%= req %> <%- end -%> @@ -65,7 +65,7 @@ <%- if directory['auth_require'] -%> Require <%= directory['auth_require'] %> <%- end -%> - <%- if !(directory['require'] and directory['require'] != '') && !(directory['auth_require']) -%> + <%- if !(directory['require'] && directory['require'] != '') && directory['require'] !~ /unmanaged/i && !(directory['auth_require']) -%> Require all granted <%- end -%> <%- else -%> From da972b98455631a101884e09c448c8c966ee27ac Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Wed, 18 Nov 2015 15:34:49 +0100 Subject: [PATCH 0740/2267] (MODULES-2834) Support SSLProxyCheckPeerCN and SSLProxyCheckPeerName settings Allows SSLProxyCheckPeerCN and SSLProxyCheckPeerName to be set on an SSL enabled vhost. ```puppet apache::vhost{'foo': ssl_proxy_check_peer_cn => 'on', ssl_proxy_check_peer_name => 'on' } ``` results in ``` SSLProxyCheckPeerCN on SSLProxyCheckPeerName on ``` apache configuration with in a vhost. * https://tickets.puppetlabs.com/browse/MODULES-2834 * http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn * http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername --- README.md | 9 +++++++++ manifests/vhost.pp | 12 ++++++++++++ spec/defines/vhost_spec.rb | 7 +++++++ templates/vhost/_ssl.erb | 6 ++++++ 4 files changed, 34 insertions(+) diff --git a/README.md b/README.md index 32ac2cbea2..dfdd8fe872 100644 --- a/README.md +++ b/README.md @@ -3164,6 +3164,15 @@ Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/m } ~~~ +##### `ssl_proxy_check_peer_cn` + +Sets the [SSLProxyMachinePeerCN](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. + + +##### `ssl_proxy_check_peer_name` + +Sets the [SSLProxyMachinePeerName](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. + ##### `ssl_options` Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e2725b8aea..2b7c50f48c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -25,6 +25,8 @@ $ssl_honorcipherorder = undef, $ssl_verify_client = undef, $ssl_verify_depth = undef, + $ssl_proxy_check_peer_cn = undef, + $ssl_proxy_check_peer_name = undef, $ssl_proxy_machine_cert = undef, $ssl_options = undef, $ssl_openssl_conf_cmd = undef, @@ -236,6 +238,14 @@ if $manage_docroot { validate_string($docroot) } + + if $ssl_proxy_check_peer_cn { + validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") + } + if $ssl_proxy_check_peer_name { + validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.") + } + # Input validation ends if $ssl and $ensure == 'present' { @@ -784,6 +794,8 @@ # - $ssl_honorcipherorder # - $ssl_verify_client # - $ssl_verify_depth + # - $ssl_proxy_check_peer_cn + # - $ssl_proxy_check_peer_name # - $ssl_proxy_machine_cert # - $ssl_options # - $ssl_openssl_conf_cmd diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 76dc950574..c5c14ea53f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -154,7 +154,10 @@ 'ssl_verify_depth' => '3', 'ssl_options' => '+ExportCertData', 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', + 'ssl_proxy_check_peer_cn' => 'on', + 'ssl_proxy_check_peer_name' => 'on', 'ssl_proxyengine' => true, + 'priority' => '30', 'default_vhost' => true, 'servername' => 'example.com', @@ -432,6 +435,10 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( :content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + :content => /^\s+SSLProxyCheckPeerCN\s+on$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to contain_concat__fragment('rspec.example.com-header') } diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index a3d76fb13e..aaadebdbc1 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -40,6 +40,12 @@ <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> <%- end -%> + <%- if @ssl_proxy_check_peer_cn -%> + SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> + <%- end -%> + <%- if @ssl_proxy_check_peer_name -%> + SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> + <%- end -%> <%- if @ssl_proxy_machine_cert -%> SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" <%- end -%> From f98838a297f4a2563da4bf6128d1d6f57ae6a567 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 4 Nov 2015 14:07:50 +0000 Subject: [PATCH 0741/2267] removing an over complicated test case --- spec/acceptance/mod_passenger_spec.rb | 110 -------------------------- 1 file changed, 110 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 7b2d0da9af..5af9113e5c 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -194,115 +194,5 @@ class { 'apache::mod::passenger': } end end - - when 'RedHat' - # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 - unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') - - if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - pending('test passenger - RHEL7 packages don\'t exist') - else - context "default passenger config" do - it 'succeeds in puppeting passenger' do - pp = <<-EOS - /* EPEL and passenger repositories */ - class { 'epel': } - exec { 'passenger.repo GPG key': - command => '/usr/bin/curl -o /etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - creates => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - } - file { 'passenger.repo GPG key': - ensure => file, - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => Exec['passenger.repo GPG key'], - } - epel::rpm_gpg_key { 'passenger.stealthymonkeys.com': - path => '/etc/yum.repos.d/RPM-GPG-KEY-stealthymonkeys.asc', - require => [ - Class['epel'], - File['passenger.repo GPG key'], - ] - } - $releasever_string = $operatingsystem ? { - 'Scientific' => '6', - default => '$releasever', - } - yumrepo { 'passenger': - baseurl => "http://passenger.stealthymonkeys.com/rhel/${releasever_string}/\\$basearch" , - descr => "Red Hat Enterprise ${releasever_string} - Phusion Passenger", - enabled => 1, - gpgcheck => 1, - gpgkey => 'http://passenger.stealthymonkeys.com/RPM-GPG-KEY-stealthymonkeys.asc', - mirrorlist => 'http://passenger.stealthymonkeys.com/rhel/mirrors', - require => [ - Epel::Rpm_gpg_key['passenger.stealthymonkeys.com'], - ], - } - /* apache and mod_passenger */ - class { 'apache': - require => [ - Class['epel'], - ], - } - class { 'apache::mod::passenger': - require => [ - Yumrepo['passenger'] - ], - } - #{pp_rackapp} - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe service(service_name) do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end - - describe file(conf_file) do - it { is_expected.to contain "PassengerRoot #{passenger_root}" } - it { is_expected.to contain "PassengerRuby #{passenger_ruby}" } - it { is_expected.to contain "PassengerTempDir #{passenger_tempdir}" } - end - - describe file(load_file) do - it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } - end - - it 'should output status via passenger-memory-stats' do - shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| - expect(r.stdout).to match(/Apache processes/) - expect(r.stdout).to match(/Nginx processes/) - expect(r.stdout).to match(/Passenger processes/) - expect(r.stdout).to match(/### Processes: [0-9]+/) - expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) - - expect(r.exit_code).to eq(0) - end - end - - it 'should output status via passenger-status' do - shell("PASSENGER_TMPDIR=/var/run/rubygem-passenger /usr/bin/passenger-status") do |r| - # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ - - r.exit_code.should == 0 - end - end - - it 'should answer to passenger.example.com' do - shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello world<\/b>$/ - r.exit_code.should == 0 - end - end - end - end - end end end From eb6f4a03a6ce397c2530f01187e101ad504573bf Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 12 Nov 2015 12:07:12 +0000 Subject: [PATCH 0742/2267] removing redhat passenger tests, for now --- spec/acceptance/vhost_spec.rb | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 77c019f128..36a0eb2acd 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1102,40 +1102,6 @@ class { 'apache': } end end - # Passenger isn't even in EPEL on el-5 - if default['platform'] !~ /^el-5/ - if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - pending('Since we don\'t have passenger on RHEL7 rack_base_uris tests will fail') - else - describe 'rack_base_uris' do - if fact('osfamily') == 'RedHat' - it 'adds epel' do - pp = "class { 'epel': }" - apply_manifest(pp, :catch_failures => true) - end - end - - it 'applies cleanly' do - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'RackBaseURI /test' } - end - end - end - end - - describe 'request_headers' do it 'applies cleanly' do pp = <<-EOS From 9ff42c171596baf8c1db71adc38ca388468df1c2 Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 13 Nov 2015 15:00:59 +0000 Subject: [PATCH 0743/2267] updating the test to use ipv4 addresses --- spec/acceptance/vhost_spec.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 36a0eb2acd..5fa91d5dc7 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -198,12 +198,12 @@ class { 'apache': } apache::vhost { 'example.com': port => '80', - ip => ['127.0.0.1','::1'], + ip => ['127.0.0.1','127.0.0.2'], ip_based => true, docroot => '/var/www/html', } host { 'ipv4.example.com': ip => '127.0.0.1', } - host { 'ipv6.example.com': ip => '::1', } + host { 'ipv6.example.com': ip => '127.0.0.2', } file { '/var/www/html/index.html': ensure => file, content => "Hello from vhost\\n", @@ -218,16 +218,16 @@ class { 'apache': end describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } + it { is_expected.to contain '' } it { is_expected.to contain "ServerName example.com" } end describe file($ports_file) do it { is_expected.to be_file } it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen [::1]:80' } + it { is_expected.to contain 'Listen 127.0.0.2:80' } it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost [::1]:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } end it 'should answer to ipv4.example.com' do From 57d995d749c8f1c26bbe7dbce547363165254d4d Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 30 Oct 2015 17:53:02 +0000 Subject: [PATCH 0744/2267] 1.7.0 release prep --- CHANGELOG.md | 48 ++++++++++++++++++++ README.md | 4 ++ {tests => examples}/apache.pp | 0 {tests => examples}/dev.pp | 0 {tests => examples}/init.pp | 0 {tests => examples}/mod_load_params.pp | 0 {tests => examples}/mods.pp | 0 {tests => examples}/mods_custom.pp | 0 {tests => examples}/php.pp | 0 {tests => examples}/vhost.pp | 0 {tests => examples}/vhost_directories.pp | 0 {tests => examples}/vhost_filter.pp | 4 +- {tests => examples}/vhost_ip_based.pp | 0 {tests => examples}/vhost_proxypass.pp | 0 {tests => examples}/vhost_ssl.pp | 0 {tests => examples}/vhosts_without_listen.pp | 0 metadata.json | 2 +- 17 files changed, 55 insertions(+), 3 deletions(-) rename {tests => examples}/apache.pp (100%) rename {tests => examples}/dev.pp (100%) rename {tests => examples}/init.pp (100%) rename {tests => examples}/mod_load_params.pp (100%) rename {tests => examples}/mods.pp (100%) rename {tests => examples}/mods_custom.pp (100%) rename {tests => examples}/php.pp (100%) rename {tests => examples}/vhost.pp (100%) rename {tests => examples}/vhost_directories.pp (100%) rename {tests => examples}/vhost_filter.pp (90%) rename {tests => examples}/vhost_ip_based.pp (100%) rename {tests => examples}/vhost_proxypass.pp (100%) rename {tests => examples}/vhost_ssl.pp (100%) rename {tests => examples}/vhosts_without_listen.pp (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index 985194bf54..fb33a13633 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,51 @@ +## 2015-11-17 - Supported Release 1.7.0 +### Summary +This release includes many new features and bugfixes. There are test, documentation and misc improvements. + +#### Features +- allow groups with - like vhost-users +- ability to enable/disable the secruleengine through a parameter +- add mod_auth_kerb parameters to vhost +- client auth for reverse proxy +- support for mod_auth_mellon +- change SSLProtocol in apache::vhost to be space separated +- RewriteLock support + +#### Bugfixes +- fix apache::mod::cgid so it can be used with the event MPM +- load unixd before fcgid on all operating systems +- fixes conditional in vhost aliases +- corrects mod_cgid worker/event defaults +- ProxyPassMatch parameters were ending up on a newline +- catch that mod_authz_default has been removed in Apache 2.4 +- mod::ssl fails on SLES +- fix typo of MPM_PREFORK for FreeBSD package install +- install all modules before adding custom configs +- fix acceptance testing for SSLProtocol behaviour for real +- fix ordering issue with conf_file and ports_file + +#### Known Issues +- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues. + +#### Improvements +- added docs for forcetype directive +- removes ruby 1.8.7 from the travisci test matrix +- readme reorganisation, minor fixups +- support the mod_proxy ProxyPassReverseCookiePath directive +- the purge_vhost_configs parameter is actually called purge_vhost_dir +- add ListenBacklog for mod worker +- deflate application/json by default +- install mod_authn_alias as default mod in debian for apache < 2.4 +- optionally set LimitRequestFieldSize on an apache::vhost +- add SecUploadDir parameter to support file uploads with mod_security +- optionally set parameters for mod_ext_filter module +- allow SetOutputFilter to be set on a directory +- RC4 is deprecated +- allow empty docroot +- add option to configure the include pattern for the vhost_enable dir +- allow multiple IP addresses per vhost +- default document root update for Ubuntu 14.04 and Debian 8 + ## 2015-07-28 - Supported Release 1.6.0 ### Summary This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. diff --git a/README.md b/README.md index 86c1d9c9b3..67a2f12301 100644 --- a/README.md +++ b/README.md @@ -3306,6 +3306,10 @@ The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside t The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. +### RHEL/CentOS 6 + +The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. + ### RHEL/CentOS 7 The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. diff --git a/tests/apache.pp b/examples/apache.pp similarity index 100% rename from tests/apache.pp rename to examples/apache.pp diff --git a/tests/dev.pp b/examples/dev.pp similarity index 100% rename from tests/dev.pp rename to examples/dev.pp diff --git a/tests/init.pp b/examples/init.pp similarity index 100% rename from tests/init.pp rename to examples/init.pp diff --git a/tests/mod_load_params.pp b/examples/mod_load_params.pp similarity index 100% rename from tests/mod_load_params.pp rename to examples/mod_load_params.pp diff --git a/tests/mods.pp b/examples/mods.pp similarity index 100% rename from tests/mods.pp rename to examples/mods.pp diff --git a/tests/mods_custom.pp b/examples/mods_custom.pp similarity index 100% rename from tests/mods_custom.pp rename to examples/mods_custom.pp diff --git a/tests/php.pp b/examples/php.pp similarity index 100% rename from tests/php.pp rename to examples/php.pp diff --git a/tests/vhost.pp b/examples/vhost.pp similarity index 100% rename from tests/vhost.pp rename to examples/vhost.pp diff --git a/tests/vhost_directories.pp b/examples/vhost_directories.pp similarity index 100% rename from tests/vhost_directories.pp rename to examples/vhost_directories.pp diff --git a/tests/vhost_filter.pp b/examples/vhost_filter.pp similarity index 90% rename from tests/vhost_filter.pp rename to examples/vhost_filter.pp index ab339737f9..ca1a8bbe03 100644 --- a/tests/vhost_filter.pp +++ b/examples/vhost_filter.pp @@ -3,8 +3,8 @@ # Example from README adapted. apache::vhost { 'readme.example.net': - docroot => '/var/www/html', - filters => [ + docroot => '/var/www/html', + filters => [ 'FilterDeclare COMPRESS', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', diff --git a/tests/vhost_ip_based.pp b/examples/vhost_ip_based.pp similarity index 100% rename from tests/vhost_ip_based.pp rename to examples/vhost_ip_based.pp diff --git a/tests/vhost_proxypass.pp b/examples/vhost_proxypass.pp similarity index 100% rename from tests/vhost_proxypass.pp rename to examples/vhost_proxypass.pp diff --git a/tests/vhost_ssl.pp b/examples/vhost_ssl.pp similarity index 100% rename from tests/vhost_ssl.pp rename to examples/vhost_ssl.pp diff --git a/tests/vhosts_without_listen.pp b/examples/vhosts_without_listen.pp similarity index 100% rename from tests/vhosts_without_listen.pp rename to examples/vhosts_without_listen.pp diff --git a/metadata.json b/metadata.json index a0e3fc2fac..f06e6d529c 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.6.0", + "version": "1.7.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From ea1202f270ff0452b89fbbd7d68d14b255ba8de6 Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Mon, 16 Nov 2015 17:32:48 -0800 Subject: [PATCH 0745/2267] (docs) Fix issues with the 1.7.0 readme. Fixes several typos and links, and reorganizes the `apache::mod::auth_mellon`, `mellon_enable`, and `auth_kerb` sections, and document missing default values. --- README.md | 850 ++++++++++++++++++++++++++---------------------------- 1 file changed, 410 insertions(+), 440 deletions(-) diff --git a/README.md b/README.md index 67a2f12301..279754a08f 100644 --- a/README.md +++ b/README.md @@ -144,8 +144,11 @@ [`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html [`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html +[`mod_cache_disk`]: https://httpd.apache.org/docs/current/mod/mod_cache_disk.html [`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: http://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html @@ -1303,16 +1306,22 @@ Installs and manages [`mod_alias`][]. - **Gentoo**: `/var/www/icons` - **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` -####Class: `apache::mod::disk_cache` +#### Class: `apache::mod::disk_cache` -Installs and configures mod_disk_cache. The cache root is determined based on apache version and OS. It can be specified directly as well. +Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: -Specifying the cache root: -```puppet - class {'::apache::mod::disk_cache': - cache_root => '/path/to/cache', - } -``` +- **Debian**: `/var/cache/apache2/mod_cache_disk` +- **FreeBSD**: `/var/cache/mod_cache_disk` +- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy` +- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy` + +You can specify the cache root by passing a path as a string to the `cache_root` parameter. + +~~~ puppet +class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', +} +~~~ ##### Class: `apache::mod::event` @@ -1354,29 +1363,29 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe ##### Class: `apache::mod::auth_mellon` -Installs and manages [`mod_auth_mellon`][]. It's parameters share names with the Apache module's directives. +Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. -~~~puppet -class{'apache::mod::auth_mellon': - mellon_cache_size => 101 +~~~ puppet +class{ 'apache::mod::auth_mellon': + mellon_cache_size => 101, } ~~~ **Parameters within `apache::mod::auth_mellon`**: -- `mellon_cache_size`: Size in megabytes of mellon cache. -- `mellon_cache_entry_size`: Maximum size for single session. -- `mellon_lock_file`: Location of lock file. -- `mellon_post_directory`: Full path where post requests are saved. -- `mellon_post_ttl`: Time to keep post requests. -- `mellon_post_size`: Maximum size of post requests. -- `mellon_post_count`: Maxmum number of post requests. +- `mellon_cache_entry_size`: Maximum size for a single session. Default: 'undef'. +- `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. +- `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. +- `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' +- `mellon_post_ttl`: Time to keep post requests. Default: 'undef'. +- `mellon_post_size`: Maximum size of post requests. Default: 'undef'. +- `mellon_post_count`: Maximum number of post requests. Default: 'undef'. ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. -**Parameters within `apache::mod::deflate`:** +**Parameters within `apache::mod::deflate`**: - `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. - `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } @@ -1396,7 +1405,7 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Installs and configures [`mod_ext_filter`][]. ~~~ puppet -class{'apache::mod::ext_filter': +class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', @@ -1412,7 +1421,7 @@ class{'apache::mod::ext_filter': Installs and configures [`mod_fcgid`][]. -The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [Hash][]. For example: +The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: ~~~ puppet class { 'apache::mod::fcgid': @@ -1532,7 +1541,7 @@ Default values depend on your operating system. - `package_name`: Names the package that installs `php_mod`. - `path`: Defines the path to the `mod_php` shared object (`.so`) file. -- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` path. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. - `content`: Adds arbitrary content to `php.conf`. @@ -2020,59 +2029,44 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} ~~~ ##### `auth_kerb` -Enable mod_auth_kerb parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. Usage typically looks like: ~~~ puppet - apache::vhost {'sample.example.net': - auth_kerb => true, - krb_method_negotiate => 'on', - krb_auth_realms => ['EXAMPLE.ORG'], - krb_local_user_mapping => 'on', - directories => { - path => '/var/www/html', - auth_name => 'Kerberos Login', - auth_type => 'Kerberos', - auth_require => 'valid-user', - } - } +apache::vhost { 'sample.example.net': + auth_kerb => true, + krb_method_negotiate => 'on', + krb_auth_realms => ['EXAMPLE.ORG'], + krb_local_user_mapping => 'on', + directories => { + path => '/var/www/html', + auth_name => 'Kerberos Login', + auth_type => 'Kerberos', + auth_require => 'valid-user', + }, +} ~~~ -##### `krb_method_negotiate` - -To enable or disable the use of the Negotiate method. Defaults is 'on' - -##### `krb_method_k5passwd` - -To enable or disable the use of password based authentication for Kerberos v5. Default is 'on' - -##### `krb_authoritative` - -If set to off this directive allow authentication controls to be pass on to another modules. Default is 'on' - -##### `krb_auth_realms` +Related parameters follow the names of `mod_auth_kerb` directives: -Specifies an array Kerberos realm(s) to be used for authentication. Default is [] - -##### `krb_5keytab` - -Location of the Kerberos V5 keytab file. Not set by default. - -##### `krb_local_user_mapping` - -Strips @REALM from username for further use. Not set by default. +- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. +- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. +- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. +- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: `[]`. +- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. +- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. ##### `krb_verify_kdc` @@ -2283,11 +2277,11 @@ Specifies the address to redirect to. Defaults to 'undef'. Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirect_source => ['/images','/downloads'], - redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], - } +apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], +} ~~~ ##### `redirect_status` @@ -2295,10 +2289,10 @@ Specifies the source URIs that redirect to the destination specified in `redirec Specifies the status to append to the redirect. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirect_status => ['temp','permanent'], - } +apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], +} ~~~ ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` @@ -2306,12 +2300,12 @@ Specifies the status to append to the redirect. Defaults to 'undef'. Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - redirectmatch_status => ['404','404'], - redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], - redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], - } +apache::vhost { 'site.name.fdqn': + … + redirectmatch_status => ['404','404'], + redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], +} ~~~ ##### `request_headers` @@ -2319,13 +2313,13 @@ Determines which server status should be raised for a given regular expression a Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - request_headers => [ - 'append MirrorID "mirror 12"', - 'unset MirrorID', - ], - } +apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', + ], +} ~~~ ##### `rewrites` @@ -2334,69 +2328,69 @@ Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be For example, you can specify that anyone trying to access index.html is served welcome.html ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] +} ~~~ The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'redirect IE', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} ~~~ You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} ~~~ Multiple rewrites and conditions are also possible ~~~ puppet - apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - { - comment => 'Internet Explorer', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ /index.IE.html [L]'], - }, - { - rewrite_base => /apps/, - rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], - }, - { comment => 'Rewrite to lower case', - rewrite_cond => ['%{REQUEST_URI} [A-Z]'], - rewrite_map => ['lc int:tolower'], - rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], - }, - ], - } +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + { + rewrite_base => /apps/, + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + }, + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + }, + ], +} ~~~ Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. @@ -2407,32 +2401,32 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for exa ##### `scriptaliases` -*Note*: This parameter is deprecated in favour of the `aliases` parameter. +**Note**: This parameter is deprecated in favor of the `aliases` parameter. -Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). ~~~ puppet - scriptaliases => [ - { - alias => '/myscript', - path => '/usr/share/myscript', - }, - { - aliasmatch => '^/foo(.*)', - path => '/usr/share/fooscripts$1', - }, - { - aliasmatch => '^/bar/(.*)', - path => '/usr/share/bar/wrapper.sh/$1', - }, - { - alias => '/neatscript', - path => '/usr/share/neatscript', - }, - ] +scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, +] ~~~ -The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing. +The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. ##### `serveradmin` @@ -2453,9 +2447,9 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: ~~~ puppet - apache::vhost { 'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], - } +apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], +} ~~~ ##### `setenvif` @@ -2475,16 +2469,16 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP ~~~ puppet - apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } - } +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } +} ~~~ ##### `vhost_name` @@ -2496,13 +2490,13 @@ Enables name-based virtual hosting. If no IP is passed to the virtual host, but Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ~~~ puppet - apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot' => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], - } +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot' => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} ~~~ ##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` @@ -2524,22 +2518,22 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI ~~~ puppet - apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => - { processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - wsgi_chunked_request => 'On', - } +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => + { processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', +} ~~~ -####Parameter `directories` for `apache::vhost` +#### Parameter `directories` for `apache::vhost` The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. @@ -2550,15 +2544,15 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like ~~~ puppet - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' - }, - ], - } +apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all', + }, + ], +} ~~~ *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. @@ -2566,9 +2560,9 @@ General `directories` usage looks something like Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', handler => value } ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', handler => value } ], } ~~~ @@ -2579,14 +2573,14 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], + }, + ], +} ~~~ ###### `allow` @@ -2594,14 +2588,14 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, + ], +} ~~~ ###### `allow_override` @@ -2609,14 +2603,14 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, + ], +} ~~~ ###### `auth_basic_authoritative` @@ -2722,33 +2716,33 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ~~~ puppet - apache::vhost { 'sample.example.net': - directories => [ - { path => '/srv/www', - error_documents => [ - { 'error_code' => '503', - 'document' => '/service-unavail', - }, - ], +apache::vhost { 'sample.example.net': + directories => [ + { path => '/srv/www', + error_documents => [ + { 'error_code' => '503', + 'document' => '/service-unavail', }, ], - } + }, + ], +} ~~~ ###### `ext_filter_options` -Sets the [ExtFilterOptions](http://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. -Note that you must delcare `class {'apache::mod::ext_filter': }` before using this directive. +Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. +Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. ~~~ puppet - apache::vhost{ 'filter.example.org': - docroot => '/var/www/filter', - directories => [ - { path => '/var/www/filter', - ext_filter_options => 'LogStderr Onfail=abort', - }, - ], - } +apache::vhost { 'filter.example.org': + docroot => '/var/www/filter', + directories => [ + { path => '/var/www/filter', + ext_filter_options => 'LogStderr Onfail=abort', + }, + ], +} ~~~ ###### `geoip_enable` @@ -2757,14 +2751,14 @@ Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configura Note that you must declare `class {'apache::mod::geoip': }` before using this directive. ~~~ puppet - apache::vhost { 'first.example.com': - docroot => '/var/www/first', - directories => [ - { path => '/var/www/first', - geoip_enable => true, - }, - ], - } +apache::vhost { 'first.example.com': + docroot => '/var/www/first', + directories => [ + { path => '/var/www/first', + geoip_enable => true, + }, + ], +} ~~~ ###### `headers` @@ -2772,13 +2766,13 @@ Note that you must declare `class {'apache::mod::geoip': }` before using this di Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => { - path => '/path/to/directory', - headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - }, - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => { + path => '/path/to/directory', + headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + }, +} ~~~ ###### `index_options` @@ -2786,58 +2780,58 @@ Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.htm Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + }, + ], +} ~~~ ###### `index_order_default` -Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. +Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - index_order_default => ['Descending', 'Date'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + index_order_default => ['Descending', 'Date'], + }, + ], +} ~~~ ###### `index_style_sheet` -Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. +Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['FancyIndexing'], - index_style_sheet => '/styles/style.css', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], +} ~~~ ###### `mellon_enable` -Sets the [MellonEnable](https://github.com/UNINETT/mod_auth_mellon) to enable auth_melon on a location. +Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_melon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. ~~~ puppet -apache::vhost{'sample.example.net': - docroot => '/path/to/directory', +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', directories => [ { path => '/', provider => 'directory', @@ -2845,69 +2839,45 @@ apache::vhost{'sample.example.net': mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, mellon_endpoint_path => '/mellon', mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', - 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress'}, - mellon_user => 'ADFS_LOGIN' + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, + mellon_user => 'ADFS_LOGIN', }, - { path => '/protected', - provider => 'location', + { path => '/protected', + provider => 'location', mellon_enable => 'auth', - auth_type => 'Mellon', - auth_require => 'valid-user', - mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'] - } + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], + }, ] } ~~~ -###### `mellon_cond` +Related parameters follow the names of `mod_auth_melon` directives: -Sets the [MellonCond](https://github.com/UNINETT/mod_auth_mellon) is an array of mellon conditions that must -be met to grant access. - - -###### `mellon_endpoint_path` - -Sets the [MellonEndpointPath](https://github.com/UNINETT/mod_auth_mellon) to set melon endpoint path. - -###### `mellon_idp_metadata_file` - -Sets the [MellonIDPMetadataFile](https://github.com/UNINETT/mod_auth_mellon) location of idp metadata file. - -###### `mellon_saml_rsponse_dump` - -Sets the [MellonSamlRepsponseDump](https://github.com/UNINETT/mod_auth_mellon) to enable debug of SAML. - -###### `mellon_set_env_no_prefix` - -Sets the [MellonSetEnvNoPrefix](https://github.com/UNINETT/mod_auth_mellon) is a hash of attribute names to map +- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_melon`] directive for each item in the array. +- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_melon`] to set the mellon endpoint path. +- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_melon`] location of the IDP metadata file. +- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_melon`] directive to enable debug of SAML. +- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_melon`] directive to a hash of attribute names to map to environment variables. - - -###### `mellon_sp_private_key_file` - -Sets the [MellonSPPrivateKeyFile](https://github.com/UNINETT/mod_auth_mellon) private key location of service provider. - -###### `mellon_sp_cert_file` - -Sets the [MellonSPCertFile](https://github.com/UNINETT/mod_auth_mellon) public key location of service provider. - -###### `mellon_user` - -Sets the [MellonUser](https://github.com/UNINETT/mod_auth_mellon) attribute we should use for the username. +- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_melon`] directive for the private key location of the service provider. +- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_melon`] directive for the public key location of the service provider. +- `mellon_user`: Sets the [MellonUser][`mod_auth_melon`] attribute to use for the username. ###### `options` -Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. +Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + }, + ], +} ~~~ ###### `order` @@ -2915,32 +2885,32 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + }, + ], +} ~~~ ###### `passenger_enabled` -Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. +Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - passenger_enabled => 'on', - }, - ], - } +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, + ], +} ~~~ -*Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. +**Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. ###### `php_value` and `php_flag` @@ -2982,47 +2952,47 @@ If `require` is set to `unmanaged` it will not be set at all. This is useful for ###### `satisfy` -Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', - } - ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', } + ], +} ~~~ ###### `sethandler` -Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: +Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). ~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', - } - ], +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', } + ], +} ~~~ ###### `set_output_filter` -Sets a `SetOutputFilter` directive as per [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). An example: +Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). ~~~ puppet - apache::vhost{ 'filter.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - set_output_filter => puppetdb-strip-resource-params, - }, - ], - } +apache::vhost{ 'filter.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + set_output_filter => puppetdb-strip-resource-params, + }, + ], +} ~~~ ###### `rewrites` @@ -3030,64 +3000,64 @@ Sets a `SetOutputFilter` directive as per [Apache Core documentation](http://htt Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - rewrites => [ { comment => 'Permalink Rewrites', - rewrite_base => '/' - }, - { rewrite_rule => [ '^index\.php$ - [L]' ] - }, - { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - rewrite_rule => [ '. /index.php [L]' ], - } - ], - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], +} ~~~ -***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. +***Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. ###### `shib_request_setting` -Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - shib_request_settings => { 'requiresession' => 'On' }, - shib_use_headers => 'On', - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_request_settings => { 'requiresession' => 'On' }, + shib_use_headers => 'On', + }, + ], +} ~~~ ###### `shib_use_headers` -When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ###### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', - }, - { path => '/path/to/different/dir', - ssl_options => [ '-StdEnvVars', '+ExportCertData'], - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + ssl_options => '+ExportCertData', + }, + { path => '/path/to/different/dir', + ssl_options => [ '-StdEnvVars', '+ExportCertData'], + }, + ], +} ~~~ ###### `suphp` @@ -3095,20 +3065,20 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. ~~~ puppet - apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', - }, - }, - ], - } +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + suphp => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} ~~~ -####SSL parameters for `apache::vhost` +#### SSL parameters for `apache::vhost` All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. From 064aeb64eef4a7219b157fbe8f65ab4420616115 Mon Sep 17 00:00:00 2001 From: Luke Bigum Date: Fri, 13 Nov 2015 14:40:13 +0000 Subject: [PATCH 0746/2267] Added support for LDAPTrustedGlobalCert option to apache::mod::ldap fixed misnamed heading documentation for apache::mod::ldap fixed hyperlinks fixed hyperlinks --- README.md | 21 +++++++++- manifests/mod/ldap.pp | 7 +++- spec/classes/mod/ldap_spec.rb | 78 +++++++++++++++++++++++++++++++++++ templates/mod/ldap.conf.erb | 3 ++ 4 files changed, 107 insertions(+), 2 deletions(-) create mode 100644 spec/classes/mod/ldap_spec.rb diff --git a/README.md b/README.md index 32ac2cbea2..5847fc1221 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ [`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::ldap`]: #class-apachemodldap [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork @@ -151,6 +152,7 @@ [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html +[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html [`mod_negotiation`]: http://httpd.apache.org/docs/current/mod/mod_negotiation.html [`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en @@ -1467,6 +1469,23 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of - `apache_version`: Default: `$::apache::apache_version`, - `restrict_access`: Determines whether to enable access restrictions. If 'false', the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: 'true'. +##### Class: `apache::mod::ldap` + +Installs and configures [`mod_ldap`][]. Allows you to modify the +[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/2.2/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: + +~~~puppet +class { 'apache::mod::ldap': + ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt' + ldap_trusted_global_cert_type => 'CA_DER', +} +~~~ + +**Parameters within `apache::mod::ldap`:** + +- `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. +- `ldap_trusted_global_cert_type`: The global trust certificate format. Defaults to 'CA_BASE64'. + ##### Class: `apache::mod::negotiation` Installs and configures [`mod_negotiation`][]. @@ -1482,7 +1501,7 @@ Installs and manages [`mod_pagespeed`], a Google module that rewrites web pages While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. -**Parameters within `apache::mod::info`**: +**Parameters within `apache::mod::pagespeed`**: - `inherit_vhost_config`: Default: 'on'. - `filter_xhtml`: Default: false. diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index fbd56d539a..d084186717 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,6 +1,11 @@ class apache::mod::ldap ( - $apache_version = $::apache::apache_version, + $apache_version = $::apache::apache_version, + $ldap_trusted_global_cert_file = undef, + $ldap_trusted_global_cert_type = 'CA_BASE64', ){ + if ($ldap_trusted_global_cert_file) { + validate_string($ldap_trusted_global_cert_type) + } ::apache::mod { 'ldap': } # Template uses $apache_version file { 'ldap.conf': diff --git a/spec/classes/mod/ldap_spec.rb b/spec/classes/mod/ldap_spec.rb new file mode 100644 index 0000000000..2b82d8d1bb --- /dev/null +++ b/spec/classes/mod/ldap_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'apache::mod::ldap', :type => :class do + let :pre_condition do + 'include apache' + end + + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('ldap') } + + context 'default ldap_trusted_global_cert_file' do + it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } + end + + context 'ldap_trusted_global_cert_file param' do + let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } + end + + context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do + let(:params) {{ + :ldap_trusted_global_cert_file => 'ca.pem', + :ldap_trusted_global_cert_type => 'CA_DER' + }} + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + end + end #Debian + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('ldap') } + + context 'default ldap_trusted_global_cert_file' do + it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } + end + + context 'ldap_trusted_global_cert_file param' do + let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } + end + + context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do + let(:params) {{ + :ldap_trusted_global_cert_file => 'ca.pem', + :ldap_trusted_global_cert_type => 'CA_DER' + }} + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + end + end # Redhat +end diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb index 0019776175..fbb4b92136 100644 --- a/templates/mod/ldap.conf.erb +++ b/templates/mod/ldap.conf.erb @@ -9,3 +9,6 @@ Satisfy all <%- end -%> +<% if @ldap_trusted_global_cert_file -%> +LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %> +<% end -%> From eb3f397aba7d85e7ace09c6e8ed94b5228b25cf7 Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Mon, 23 Nov 2015 11:56:39 +0000 Subject: [PATCH 0747/2267] 1.7.1 release --- CHANGELOG.md | 5 +++++ metadata.json | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb33a13633..50ad0db538 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +## Supported Release 1.7.1 +###Summary + +Small release for support of newer Puppet versions. + ## 2015-11-17 - Supported Release 1.7.0 ### Summary This release includes many new features and bugfixes. There are test, documentation and misc improvements. diff --git a/metadata.json b/metadata.json index f06e6d529c..85e6889497 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.7.0", + "version": "1.7.1", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -68,7 +68,7 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.7.0 < 2015.3.0" + "version_requirement": ">= 3.7.0 < 2015.4.0" }, { "name": "puppet", From 9c2aa42c778041d003193b5a1c030a639f378d91 Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Tue, 24 Nov 2015 15:19:37 +0000 Subject: [PATCH 0748/2267] Improved changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50ad0db538..737aa4553b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ## Supported Release 1.7.1 ###Summary -Small release for support of newer Puppet versions. +Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. ## 2015-11-17 - Supported Release 1.7.0 ### Summary From d51a86aee8fa9de9cab35aa8d213d69ba17b4407 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 26 Nov 2015 17:29:53 +0000 Subject: [PATCH 0749/2267] (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration --- README.md | 2 +- spec/classes/mod/pagespeed_spec.rb | 11 ++++++++++- templates/mod/pagespeed.conf.erb | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 293a6c02ba..8172c25b17 100644 --- a/README.md +++ b/README.md @@ -1544,7 +1544,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d - `allow_pagespeed_console`: Default: []. - `allow_pagespeed_message`: Default: []. - `message_buffer_size`: Default: 100000. -- `additional_configuration`: Default: { }. +- `additional_configuration`: Default: { }. A hash of directive/value pairs or an array of lines to insert at the end of the pagespeed configuration. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index c3f5a41447..44c60053e0 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -21,7 +21,16 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('pagespeed') } it { is_expected.to contain_package("mod-pagespeed-stable") } - it { is_expected.to contain_file('pagespeed.conf') } + + context "when setting additional_configuration to a Hash" do + let :params do { :additional_configuration => { 'Key' => 'Value' } } end + it { is_expected.to contain_file('pagespeed.conf').with_content /Key Value/ } + end + + context "when setting additional_configuration to an Array" do + let :params do { :additional_configuration => [ 'Key Value' ] } end + it { is_expected.to contain_file('pagespeed.conf').with_content /Key Value/ } + end end context "on a RedHat OS" do diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index a1b6f117a4..1f54c12f81 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -93,6 +93,10 @@ ModPagespeedMessageBufferSize <%= @message_buffer_size %> SetHandler mod_pagespeed_message +<% if @additional_configuration.is_a? Array -%> +<%= @additional_configuration.join('\n') %> +<% else -%> <% @additional_configuration.each_pair do |key, value| -%> <%= key %> <%= value %> <% end -%> +<% end -%> From 50b8ffe05c99057815a08d26c43dccec0dff9526 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 26 Nov 2015 17:30:04 +0000 Subject: [PATCH 0750/2267] (MAINT) whitespace cleanup --- README.md | 2 +- templates/mod/pagespeed.conf.erb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8172c25b17..ceaa975e92 100644 --- a/README.md +++ b/README.md @@ -1310,7 +1310,7 @@ Installs and manages [`mod_alias`][]. #### Class: `apache::mod::disk_cache` -Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: +Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: - **Debian**: `/var/cache/apache2/mod_cache_disk` - **FreeBSD**: `/var/cache/mod_cache_disk` diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index 1f54c12f81..051cf5bedb 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -7,7 +7,7 @@ AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml <% end -%> ModPagespeedFileCachePath "<%= @cache_path %>" ModPagespeedLogDir "<%= @log_dir %>" - + <% @memcache_servers.each do |server| -%> ModPagespeedMemcachedServers <%= server %> <% end -%> @@ -17,7 +17,7 @@ ModPagespeedRewriteLevel <%= @rewrite_level -%> <% @disable_filters.each do |filter| -%> ModPagespeedDisableFilters <%= filter %> <% end -%> - + <% @enable_filters.each do |filter| -%> ModPagespeedEnableFilters <%= filter %> <% end -%> From ddb6e4f81dd573a282e95028d2e220d564cc6ecd Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 26 Nov 2015 17:59:09 +0000 Subject: [PATCH 0751/2267] (MODULES-2682) Update Apache Configuration to use FilesMatch instead of AddHandler for PHP Files. The issue with this is that the extension handling behaviour of apache is not well known by most php developers, and many php scripts are open to security issues if this configuration is used (most commonly these scripts handle upload forms which white list image extensions). For example foo.php.jpg will be handled by php. Many distro's no longer use AddHandler in their default config: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf. The PHP manual also recommends avoiding it: http://php.net/manual/en/install.unix.apache2.php#example-20 This is based on Alejandro Bednarik's original fix, I added proper regex escaping, and a changelog entry. All bugs are mine. --- CHANGELOG.md | 11 +++++++++++ spec/classes/mod/php_spec.rb | 2 +- templates/mod/php5.conf.erb | 5 +++-- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb33a13633..2f7a39786a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## UNRELEASED +### Summary + +TODO + +### + +#### Security + +* apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. + ## 2015-11-17 - Supported Release 1.7.0 ### Summary This release includes many new features and bugfixes. There are test, documentation and misc improvements. diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 246b3bbd49..6814b8a8f1 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -88,7 +88,7 @@ let :params do { :extensions => ['.php','.php5']} end - it { is_expected.to contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } + it { is_expected.to contain_file("php5.conf").with_content(Regexp.new(Regexp.escape(''))) } end context "with specific version" do let :pre_condition do diff --git a/templates/mod/php5.conf.erb b/templates/mod/php5.conf.erb index 44df2ae066..3fd1000390 100644 --- a/templates/mod/php5.conf.erb +++ b/templates/mod/php5.conf.erb @@ -14,8 +14,9 @@ # # Cause the PHP interpreter to handle files with a .php extension. # -AddHandler php5-script <%= @extensions.flatten.compact.join(' ') %> -AddType text/html .php +)$"> + SetHandler php5-script + # # Add index.php to the list of files that will be served as directory From 4f5a6b4c17f0dc0d6536b112dd887725fa53e86f Mon Sep 17 00:00:00 2001 From: abednarik Date: Wed, 4 Nov 2015 12:56:16 -0300 Subject: [PATCH 0752/2267] (MODULES-2773) Duplicate Entries in Spec Files Small update to fix 2 warnings due to some duplicate entries. --- spec/classes/dev_spec.rb | 1 - spec/classes/mod/passenger_spec.rb | 1 - 2 files changed, 2 deletions(-) diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index eb3d76593a..933d677031 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -77,7 +77,6 @@ :osfamily => 'Gentoo', :operatingsystem => 'Gentoo', :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', :is_pe => false, :concat_basedir => '/foo', :id => 'root', diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index c438241e06..34dcc5c6f3 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -14,7 +14,6 @@ :lsbdistcodename => 'squeeze', :operatingsystem => 'Debian', :id => 'root', - :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :is_pe => false, } From 574b74f3cf1320b8a485c40f20f0edd70d758c43 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Mon, 30 Nov 2015 14:54:40 +0000 Subject: [PATCH 0753/2267] (MODULES-2682, FM-3919) Use more FilesMatch FilesMatch and AddHandler do not interact correctly, which caused the fcgi tests to (correctly) complain about php-cgi not being started for the fcgi configuration. Using FilesMatch in all cases addresses both the original security issue (better) and leads to correct resolution of handlers again. --- templates/mod/fastcgi.conf.erb | 4 +++- templates/vhost/_directories.erb | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/templates/mod/fastcgi.conf.erb b/templates/mod/fastcgi.conf.erb index 8d94a23614..93c8d86ab0 100644 --- a/templates/mod/fastcgi.conf.erb +++ b/templates/mod/fastcgi.conf.erb @@ -1,6 +1,8 @@ # The Fastcgi Apache module configuration file is being # managed by Puppet and changes will be overwritten. - AddHandler fastcgi-script .fcgi + + SetHandler fastcgi-script + FastCgiIpcDir "<%= @fastcgi_lib_path %>" diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index b1475513c9..c95fda5a15 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -106,7 +106,9 @@ <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> - AddHandler <%= addhandler['handler'] %> <%= Array(addhandler['extensions']).join(' ') %> + )$"> + SetHandler <%= addhandler['handler'] %> + <%- end -%> <%- end -%> <%- if directory['sethandler'] and directory['sethandler'] != '' -%> From 7465f0f12cc55cbf1a793064651a5fbd316c0659 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 1 Dec 2015 13:46:40 +0000 Subject: [PATCH 0754/2267] (MAINT) remove merge conflicts from mergeback --- README.md | 48 ------------------------------------------------ 1 file changed, 48 deletions(-) diff --git a/README.md b/README.md index 84cd2f36ab..ceaa975e92 100644 --- a/README.md +++ b/README.md @@ -1310,11 +1310,7 @@ Installs and manages [`mod_alias`][]. #### Class: `apache::mod::disk_cache` -<<<<<<< HEAD Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: -======= -Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: ->>>>>>> upstream/1.7.x - **Debian**: `/var/cache/apache2/mod_cache_disk` - **FreeBSD**: `/var/cache/mod_cache_disk` @@ -2087,7 +2083,6 @@ apache::vhost { 'sample.example.net': ~~~ Related parameters follow the names of `mod_auth_kerb` directives: -<<<<<<< HEAD - `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. - `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. @@ -2107,15 +2102,6 @@ Specifies the service name that will be used by Apache for authentication. Corre ##### `krb_save_credentials` This option enables credential saving functionality. Default is 'off' -======= - -- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. -- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. -- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. -- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: `[]`. -- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. -- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. ->>>>>>> upstream/1.7.x ##### `limit_request_field_size` @@ -2960,7 +2946,6 @@ apache::vhost { 'sample.example.net': ###### `require` -<<<<<<< HEAD Sets a `Require` directive as per the [Apache Authz documentation](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. @@ -2972,22 +2957,9 @@ Sets a `Require` directive as per the [Apache Authz documentation](http://httpd. require => 'IP 10.17.42.23', } ], -======= -Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. - -~~~ puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', ->>>>>>> upstream/1.7.x } - ], -} ~~~ -<<<<<<< HEAD If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. ~~~ puppet @@ -2998,26 +2970,11 @@ If `require` is set to `unmanaged` it will not be set at all. This is useful for require => 'unmanaged', } ], -======= -###### `sethandler` - -Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). - -~~~ puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', ->>>>>>> upstream/1.7.x } - ], -} ~~~ ###### `satisfy` -<<<<<<< HEAD Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. ~~~ puppet @@ -3051,11 +3008,6 @@ apache::vhost { 'sample.example.net': Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). ~~~ puppet -======= -Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). - -~~~ puppet ->>>>>>> upstream/1.7.x apache::vhost{ 'filter.example.net': docroot => '/path/to/directory', directories => [ From 32b70e69ef3cf648c3570edf4472f026a6a128bb Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 1 Dec 2015 14:18:27 +0000 Subject: [PATCH 0755/2267] (MAINT) rip out unused UNSUPPORTED_PLATFORMS test flagging The underlying use-case for this pattern is meanwhile adressed by other means and the pattern itself is not applied consistently across all tests. Therefore this rips it out completely. --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/apache_ssl_spec.rb | 2 +- spec/acceptance/class_spec.rb | 2 +- spec/acceptance/custom_config_spec.rb | 2 +- spec/acceptance/default_mods_spec.rb | 2 +- spec/acceptance/itk_spec.rb | 2 +- spec/acceptance/mod_fcgid_spec.rb | 4 +- spec/acceptance/mod_mime_spec.rb | 2 +- spec/acceptance/mod_negotiation_spec.rb | 2 +- spec/acceptance/mod_pagespeed_spec.rb | 2 +- spec/acceptance/mod_passenger_spec.rb | 2 +- spec/acceptance/mod_php_spec.rb | 2 +- spec/acceptance/mod_proxy_html_spec.rb | 2 +- spec/acceptance/mod_security_spec.rb | 2 +- spec/acceptance/mod_suphp_spec.rb | 56 ++++++------ spec/acceptance/prefork_worker_spec.rb | 4 +- spec/acceptance/service_spec.rb | 2 +- spec/acceptance/unsupported_spec.rb | 13 --- spec/acceptance/vhost_spec.rb | 100 +++++++++++----------- spec/spec_helper_acceptance.rb | 26 +++--- 20 files changed, 109 insertions(+), 122 deletions(-) delete mode 100644 spec/acceptance/unsupported_spec.rb diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index c46a220432..b82527115f 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache parameters', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache parameters' do # Currently this test only does something on FreeBSD. describe 'default_confd_files => false' do diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index f8023fa240..ccf65c7273 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -8,7 +8,7 @@ vhostd = '/etc/apache2/sites-available' end -describe 'apache ssl', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache ssl' do describe 'ssl parameters' do it 'runs without error' do diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 0cf1c36f90..47b0d36fa0 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache class' do case fact('osfamily') when 'RedHat' package_name = 'httpd' diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index 683e6b648b..fe73d111bd 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::custom_config define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::custom_config define' do context 'invalid config' do it 'should not add the config' do pp = <<-EOS diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 0199f180b3..c2d6a8c26d 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -15,7 +15,7 @@ servicename = 'apache2' end -describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::default_mods class' do describe 'no default mods' do # Using puppet_apply as a helper it 'should apply with no errors' do diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index 2dde8f407e..a1ab4bede0 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -10,7 +10,7 @@ service_name = :skip end -describe 'apache::mod::itk class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or service_name.equal? :skip do +describe 'apache::mod::itk class', :unless => service_name.equal? :skip do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index e99a7f299e..647f0128e4 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do - context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do +describe 'apache::mod::fcgid class', :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') or (fact('operatingsystem') != 'OracleLinux' and fact('operatingsystemmajrelease') != '7') do + context "default fcgid config" do it 'succeeds in puppeting fcgid' do pp = <<-EOS class { 'epel': } # mod_fcgid lives in epel diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index 89b3c800fa..e47360b5e0 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::mime class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::mime class' do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index a44edbf268..48eb896b67 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::negotiation class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::negotiation class' do case fact('osfamily') when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 5fa342e9ae..f8060a167e 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::pagespeed class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::pagespeed class' do case fact('osfamily') when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 5af9113e5c..df9cd9e13e 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::passenger class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::passenger class' do case fact('osfamily') when 'Debian' service_name = 'apache2' diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 502ec1ddcd..a42f523738 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::php class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::php class' do case fact('osfamily') when 'Debian' vhost_dir = '/etc/apache2/sites-enabled' diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index e456000890..840ea563f1 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::proxy_html class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::proxy_html class' do case fact('osfamily') when 'Debian' service_name = 'apache2' diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 67ad7d5b84..4fcf0f551b 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy'))) do +describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 33f57fba6c..da2c6042e1 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -1,11 +1,9 @@ require 'spec_helper_acceptance' -describe 'apache::mod::suphp class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('operatingsystem') - when 'Ubuntu' - context "default suphp config" do - it 'succeeds in puppeting suphp' do - pp = <<-EOS +describe 'apache::mod::suphp class', :if => fact('operatingsystem') == 'Ubuntu' do + context "default suphp config" do + it 'succeeds in puppeting suphp' do + pp = <<-EOS class { 'apache': mpm_module => 'prefork', } @@ -24,32 +22,32 @@ class { 'apache': } class { 'apache::mod::php': } class { 'apache::mod::suphp': } - EOS - apply_manifest(pp, :catch_failures => true) - end + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service('apache2') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('apache2') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'should answer to suphp.example.com' do - timeout = 0 - loop do - r = shell('curl suphp.example.com:80') - timeout += 1 - break if r.stdout =~ /^daemon$/ - if timeout > 40 - expect(timeout < 40).to be true - break - end - sleep(1) - end - shell("/usr/bin/curl suphp.example.com:80") do |r| - expect(r.stdout).to match(/^daemon$/) - expect(r.exit_code).to eq(0) - end + it 'should answer to suphp.example.com' do + timeout = 0 + loop do + r = shell('curl suphp.example.com:80') + timeout += 1 + break if r.stdout =~ /^daemon$/ + if timeout > 40 + expect(timeout < 40).to be true + break end + sleep(1) end + shell("/usr/bin/curl suphp.example.com:80") do |r| + expect(r.stdout).to match(/^daemon$/) + expect(r.exit_code).to eq(0) + end + end + end end diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 0ac27232d3..234b6acefb 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -36,7 +36,7 @@ class { 'apache': end end -describe 'apache::mod::worker class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::worker class' do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do @@ -58,7 +58,7 @@ class { 'apache': end end -describe 'apache::mod::prefork class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::prefork class' do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do diff --git a/spec/acceptance/service_spec.rb b/spec/acceptance/service_spec.rb index b51ca386f0..c3124c8461 100644 --- a/spec/acceptance/service_spec.rb +++ b/spec/acceptance/service_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::service class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::service class' do describe 'adding dependencies in between the base class and service class' do it 'should work with no errors' do pp = <<-EOS diff --git a/spec/acceptance/unsupported_spec.rb b/spec/acceptance/unsupported_spec.rb deleted file mode 100644 index 085845dbfc..0000000000 --- a/spec/acceptance/unsupported_spec.rb +++ /dev/null @@ -1,13 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'unsupported distributions and OSes', :if => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - it 'should fail' do - pp = <<-EOS - class { 'apache': } - apache::vhost { 'test.lan': - docroot => '/var/www', - } - EOS - expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/unsupported/i) - end -end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 5fa91d5dc7..02df7be89a 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::vhost define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::vhost define' do context 'no default vhosts' do it 'should create no default vhosts' do pp = <<-EOS @@ -505,8 +505,8 @@ class { 'apache': } case fact('lsbdistcodename') when 'precise', 'wheezy' - context 'vhost fallbackresource example' do - it 'should configure a vhost with Fallbackresource' do + context 'vhost FallbackResource example' do + it 'should configure a vhost with FallbackResource' do pp = <<-EOS class { 'apache': } apache::vhost { 'fallback.example.net': @@ -1232,54 +1232,58 @@ class { 'apache': } end describe 'wsgi' do - it 'import_script applies cleanly' do - pp = <<-EOS - class { 'apache': } - class { 'apache::mod::wsgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => {processes => '2'}, - wsgi_process_group => 'nobody', - wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_pass_authorization => 'On', - } - EOS - apply_manifest(pp, :catch_failures => true) + context 'on lucid', :if => fact('lsbdistcodename') == 'lucid' do + it 'import_script applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::wsgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => {processes => '2'}, + wsgi_process_group => 'nobody', + wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', + } + EOS + apply_manifest(pp, :catch_failures => true) + end end - it 'import_script applies cleanly', :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do - pp = <<-EOS - class { 'apache': } - class { 'apache::mod::wsgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => {processes => '2'}, - wsgi_import_script => '/test1', - wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, - wsgi_process_group => 'nobody', - wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', - } - EOS - apply_manifest(pp, :catch_failures => true) - end + context 'on everything but lucid', :unless => fact('lsbdistcodename') == 'lucid' do + it 'import_script applies cleanly' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::wsgi': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => {processes => '2'}, + wsgi_import_script => '/test1', + wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, + wsgi_process_group => 'nobody', + wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', + wsgi_chunked_request => 'On', + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do - it { is_expected.to be_file } - it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } - it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } - it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } - it { is_expected.to contain 'WSGIProcessGroup nobody' } - it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } - it { is_expected.to contain 'WSGIPassAuthorization On' } - it { is_expected.to contain 'WSGIChunkedRequest On' } + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } + it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } + it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } + it { is_expected.to contain 'WSGIProcessGroup nobody' } + it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } + it { is_expected.to contain 'WSGIPassAuthorization On' } + it { is_expected.to contain 'WSGIChunkedRequest On' } + end end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index d767b1e60a..b47434659e 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -4,8 +4,6 @@ run_puppet_install_helper -UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris'] - RSpec.configure do |c| # Project root proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) @@ -27,24 +25,24 @@ # Install module and dependencies hosts.each do |host| copy_module_to(host, :source => proj_root, :module_name => 'apache') + + on host, puppet('module','install','puppetlabs-stdlib') + on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force') + # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' - on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','puppetlabs/inifile'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','stahnma/epel') + on host, puppet('module','install','puppetlabs/inifile') end + # Required for manifest to make mod_pagespeed repository available if fact('osfamily') == 'Debian' - on host, puppet('module','install','puppetlabs-apt', '--version 1.8.0', '--force'), { :acceptable_exit_codes => [0,1] } - end - on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } - - # Make sure selinux is disabled before each test or apache won't work. - if ! UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) - on host, puppet('apply', '-e', - %{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}), - { :acceptable_exit_codes => [0] } + on host, puppet('module','install','puppetlabs-apt', '--version 1.8.0', '--force') end + + # Make sure selinux is disabled so the tests work. + on host, puppet('apply', '-e', + %{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}) end end end From a8cd52b77e3e2fd495f57edf9b3440f740dcbabf Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 1 Dec 2015 14:32:03 +0000 Subject: [PATCH 0756/2267] (MAINT) sort out IPv6 tests that doen't apply to old Ubuntu systems --- spec/acceptance/vhost_spec.rb | 14 +++++++------- spec/spec_helper_acceptance.rb | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 02df7be89a..552318c204 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -202,8 +202,8 @@ class { 'apache': ip_based => true, docroot => '/var/www/html', } - host { 'ipv4.example.com': ip => '127.0.0.1', } - host { 'ipv6.example.com': ip => '127.0.0.2', } + host { 'host1.example.com': ip => '127.0.0.1', } + host { 'host2.example.com': ip => '127.0.0.2', } file { '/var/www/html/index.html': ensure => file, content => "Hello from vhost\\n", @@ -230,20 +230,20 @@ class { 'apache': it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } end - it 'should answer to ipv4.example.com' do - shell("/usr/bin/curl ipv4.example.com:80", {:acceptable_exit_codes => 0}) do |r| + it 'should answer to host1.example.com' do + shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end - it 'should answer to ipv6.example.com' do - shell("/usr/bin/curl ipv6.example.com:80", {:acceptable_exit_codes => 0}) do |r| + it 'should answer to host2.example.com' do + shell("/usr/bin/curl host2.example.com:80", {:acceptable_exit_codes => 0}) do |r| expect(r.stdout).to eq("Hello from vhost\n") end end end - context 'new vhost with IPv6 address on port 80' do + context 'new vhost with IPv6 address on port 80', :ipv6 do it 'should configure one apache vhost with an ipv6 address' do pp = <<-EOS class { 'apache': diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index b47434659e..7c01bc1760 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -5,6 +5,11 @@ run_puppet_install_helper RSpec.configure do |c| + # apache on Ubuntu 10.04 and 12.04 doesn't like IPv6 VirtualHosts, so we skip ipv6 tests on those systems + unless fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04') + c.filter_run_including :ipv6 => true + end + # Project root proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) From 2392dd58b1c44f5c7715e43829bd0761d740fc1d Mon Sep 17 00:00:00 2001 From: Jakub Bittner Date: Tue, 1 Dec 2015 15:54:36 +0100 Subject: [PATCH 0757/2267] changed typo After changing variable nss_port to port in manifest file I did not changed port variable on "VirtualHost" line. Fixed --- templates/mod/nss.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb index 22762ccac7..b6ea504877 100644 --- a/templates/mod/nss.conf.erb +++ b/templates/mod/nss.conf.erb @@ -84,7 +84,7 @@ NSSRequireSafeNegotiation off ## SSL Virtual Host Context ## -> +> # General setup for the virtual host #DocumentRoot "/etc/httpd/htdocs" From 4c386e482c698171a8b41ecba39cda22697f6f7d Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 1 Dec 2015 17:45:04 +0000 Subject: [PATCH 0758/2267] (MAINT) fix syntax errors and the filter config --- spec/acceptance/itk_spec.rb | 5 +---- spec/acceptance/mod_fcgid_spec.rb | 2 +- spec/spec_helper_acceptance.rb | 4 ++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index a1ab4bede0..13fb817c91 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -5,12 +5,9 @@ service_name = 'apache2' when 'FreeBSD' service_name = 'apache24' -else - # Not implemented yet - service_name = :skip end -describe 'apache::mod::itk class', :unless => service_name.equal? :skip do +describe 'apache::mod::itk class', :if => service_name do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 647f0128e4..8f01053fc6 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') or (fact('operatingsystem') != 'OracleLinux' and fact('operatingsystemmajrelease') != '7') do +describe 'apache::mod::fcgid class', :if => ((fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') or (fact('operatingsystem') != 'OracleLinux' and fact('operatingsystemmajrelease') != '7')) do context "default fcgid config" do it 'succeeds in puppeting fcgid' do pp = <<-EOS diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 7c01bc1760..715ea1f6bf 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -6,8 +6,8 @@ RSpec.configure do |c| # apache on Ubuntu 10.04 and 12.04 doesn't like IPv6 VirtualHosts, so we skip ipv6 tests on those systems - unless fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04') - c.filter_run_including :ipv6 => true + if fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04') + c.filter_run_excluding :ipv6 => true end # Project root From 776d32e8a1d4f630d54835daeee66d2d11a4f303 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 1 Dec 2015 16:34:00 -0700 Subject: [PATCH 0759/2267] (MAINT) Fix conditional flag on mod_fcgid test. --- spec/acceptance/mod_fcgid_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 8f01053fc6..ce3b5b5b27 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :if => ((fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') or (fact('operatingsystem') != 'OracleLinux' and fact('operatingsystemmajrelease') != '7')) do +describe 'apache::mod::fcgid class', :if => ((fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') and !(fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do context "default fcgid config" do it 'succeeds in puppeting fcgid' do pp = <<-EOS From 1fb2b8af2e3e9f7b3f5ff280c47bc90c01c65edc Mon Sep 17 00:00:00 2001 From: Christian Kaenzig Date: Wed, 25 Nov 2015 15:52:02 +0100 Subject: [PATCH 0760/2267] Set SSLProxy directives even if ssl is false RewriteRules and ProxyPass directives can require SSLProxy* configurations even if SSLEngine is not enabled. --- manifests/vhost.pp | 17 +++++++++++++---- spec/defines/vhost_spec.rb | 20 ++++++++++++++++++-- templates/vhost/_ssl.erb | 12 ------------ templates/vhost/_sslproxy.erb | 14 ++++++++++++++ 4 files changed, 45 insertions(+), 18 deletions(-) create mode 100644 templates/vhost/_sslproxy.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 2b7c50f48c..0827e881b2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -788,15 +788,11 @@ # - $ssl_crl_path # - $ssl_crl # - $ssl_crl_check - # - $ssl_proxyengine # - $ssl_protocol # - $ssl_cipher # - $ssl_honorcipherorder # - $ssl_verify_client # - $ssl_verify_depth - # - $ssl_proxy_check_peer_cn - # - $ssl_proxy_check_peer_name - # - $ssl_proxy_machine_cert # - $ssl_options # - $ssl_openssl_conf_cmd # - $apache_version @@ -808,6 +804,19 @@ } } + # Template uses: + # - $ssl_proxyengine + # - $ssl_proxy_check_peer_cn + # - $ssl_proxy_check_peer_name + # - $ssl_proxy_machine_cert + if $ssl_proxyengine { + concat::fragment { "${name}-sslproxy": + target => "${priority_real}${filename}.conf", + order => 210, + content => template('apache/vhost/_sslproxy.erb'), + } + } + # Template uses: # - $auth_kerb # - $krb_method_negotiate diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9e68424c68..f1f2d4f74f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -435,9 +435,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( :content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + :content => /^\s+SSLProxyEngine On$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyCheckPeerCN\s+on$/ ) } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } @@ -681,6 +684,7 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-sslproxy') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') } @@ -703,6 +707,18 @@ it { is_expected.to compile } it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') } end + context 'ssl_proxyengine without ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => false, + 'ssl_proxyengine' => true, + } + end + it { is_expected.to compile } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } + end end describe 'access logs' do let :facts do diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index aaadebdbc1..797435cc19 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -22,9 +22,6 @@ <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> SSLCARevocationCheck "<%= @ssl_crl_check %>" <%- end -%> - <%- if @ssl_proxyengine -%> - SSLProxyEngine On - <%- end -%> <%- if @ssl_protocol -%> SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> <%- end -%> @@ -40,15 +37,6 @@ <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> <%- end -%> - <%- if @ssl_proxy_check_peer_cn -%> - SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> - <%- end -%> - <%- if @ssl_proxy_check_peer_name -%> - SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> - <%- end -%> - <%- if @ssl_proxy_machine_cert -%> - SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" - <%- end -%> <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> <%- end -%> diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb new file mode 100644 index 0000000000..e58d52d0ba --- /dev/null +++ b/templates/vhost/_sslproxy.erb @@ -0,0 +1,14 @@ +<% if @ssl_proxyengine -%> + + # SSL Proxy directives + SSLProxyEngine On + <%- if @ssl_proxy_check_peer_cn -%> + SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> + <%- end -%> + <%- if @ssl_proxy_check_peer_name -%> + SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> + <%- end -%> + <%- if @ssl_proxy_machine_cert -%> + SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" + <%- end -%> +<% end -%> From a6c6f10e6325c6c8266cf06ae17d81dd3c309acf Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 2 Dec 2015 15:28:52 +0000 Subject: [PATCH 0761/2267] (MODULES-2200) fix itk configuration on Ubuntu After uncovering the issues with this code with the last commits, this now fixes the code to actually configure the ITK MPM. --- manifests/mod/itk.pp | 11 +++++++++++ manifests/mpm.pp | 30 +++++++++++++++++++++--------- spec/acceptance/itk_spec.rb | 9 +++++---- spec/classes/mod/itk_spec.rb | 8 ++++++++ 4 files changed, 45 insertions(+), 13 deletions(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 2be7d832db..fb293ab289 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -17,6 +17,17 @@ if defined(Class['apache::mod::prefork']) { fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') } + } else { + # prefork is a requirement for itk in 2.4; except on FreeBSD, which is special + if $::osfamily == 'FreeBSD' { + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + } + } else { + if ! defined(Class['apache::mod::prefork']) { + fail('apache::mod::prefork is a prerequisite for apache::mod::itk, please arrange for it to be included.') + } + } } if defined(Class['apache::mod::worker']) { fail('May not include both apache::mod::itk and apache::mod::worker on the same node') diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 9e77349454..e89c6f6034 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -47,14 +47,26 @@ } if $mpm == 'itk' { - file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so" - } + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so", + require => Package['httpd'], + before => Class['apache::service'], + } } } - if versioncmp($apache_version, '2.4') < 0 { + if $mpm == 'itk' and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '14.04' { + # workaround https://bugs.launchpad.net/ubuntu/+source/mpm-itk/+bug/1286882 + exec { + '/usr/sbin/a2dismod mpm_event': + onlyif => '/usr/bin/test -e /etc/apache2/mods-enabled/mpm_event.load', + require => Package['httpd'], + before => Package['apache2-mpm-itk'], + } + } + + if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' { package { "apache2-mpm-${mpm}": ensure => present, } @@ -87,10 +99,10 @@ } if $mpm == 'itk' { - file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so" - } + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } } } diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index 13fb817c91..84339d7535 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -12,14 +12,15 @@ # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - class { 'apache': - mpm_module => 'itk', - } + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::itk': } EOS # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + apply_manifest(pp, :catch_changes => true) end end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 1644408761..cd2e6c67a7 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -37,6 +37,10 @@ end context "with Apache version >= 2.4" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do { :apache_version => '2.4', @@ -52,6 +56,10 @@ end end context "on a FreeBSD OS" do + let :pre_condition do + 'class { "apache": mpm_module => false, }' + end + let :facts do { :osfamily => 'FreeBSD', From 89b7caae8a459daa17e77b0bdb2623ea8660a15e Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 2 Dec 2015 16:08:56 +0000 Subject: [PATCH 0762/2267] (MODULES-2865) fix $mpm_module logic for 'false' --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5a865b761d..c5eedd8afa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -92,7 +92,7 @@ default => '(event|itk|prefork|worker)' } - if $mpm_module { + if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans validate_re($mpm_module, $valid_mpms_re) } @@ -346,7 +346,7 @@ class { '::apache::default_confd_files': all => $default_confd_files } - if $mpm_module { + if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans class { "::apache::mod::${mpm_module}": } } From c341d8a860f88e2e6353f9aa3a2683c9a3ce15ab Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 2 Dec 2015 16:21:17 -0700 Subject: [PATCH 0763/2267] Fixes ITK validation for Gentoo. --- manifests/mod/itk.pp | 4 ++-- manifests/mpm.pp | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index fb293ab289..990f853eaf 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -18,8 +18,8 @@ fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') } } else { - # prefork is a requirement for itk in 2.4; except on FreeBSD, which is special - if $::osfamily == 'FreeBSD' { + # prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special + if $::osfamily =~ /^(FreeBSD|Gentoo)/ { if defined(Class['apache::mod::prefork']) { fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index e89c6f6034..557d083093 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -77,6 +77,9 @@ mpm_module => $mpm } } + 'gentoo': { + # so we don't fail + } 'redhat': { # so we don't fail } From 878157f4d46b31684e6c5f136c0a52041e0eb18b Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 3 Dec 2015 16:11:21 +0000 Subject: [PATCH 0764/2267] (MAINT) fixup another edge-case of ITK installation found by CI --- manifests/mpm.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 557d083093..6d5abe522f 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -69,6 +69,7 @@ if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' { package { "apache2-mpm-${mpm}": ensure => present, + before => File[$::apache::mod_dir], } } } From cd37e613d405c45607a34d9ea232cdeaaf134ad2 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Fri, 4 Dec 2015 16:32:10 +0000 Subject: [PATCH 0765/2267] (MAINT) depend on the right mod dir to restore idempotency --- manifests/mpm.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 6d5abe522f..1535409101 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -69,7 +69,11 @@ if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' { package { "apache2-mpm-${mpm}": ensure => present, - before => File[$::apache::mod_dir], + } + if $::apache::mod_enable_dir { + Package["apache2-mpm-${mpm}"] { + before => File[$::apache::mod_enable_dir], + } } } } From c9f6606ac4ca0c2f23d06146bae7e2e05eec4be8 Mon Sep 17 00:00:00 2001 From: Klavs Klavsen Date: Tue, 8 Dec 2015 10:32:51 +0100 Subject: [PATCH 0766/2267] enable setting LimitRequestFieldSize globally as it does not actually work to increase it, inside a vhost --- manifests/init.pp | 1 + templates/httpd.conf.erb | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index c5eedd8afa..bb50d0b2e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -63,6 +63,7 @@ $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $::apache::params::max_keepalive_requests, + $limitreqfieldsize = '8190', $logroot = $::apache::params::logroot, $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 6fb9892442..cc6998b9b9 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -10,6 +10,7 @@ Timeout <%= @timeout %> KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> +LimitRequestFieldSize <%= @limitreqfieldsize %> <%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> RewriteLock <%= @rewrite_lock %> From e0f6eb0a1284f663b455500bed3752181e76f19c Mon Sep 17 00:00:00 2001 From: Klavs Klavsen Date: Wed, 9 Dec 2015 09:30:39 +0100 Subject: [PATCH 0767/2267] remove vhost LimitRequestFieldSize option and add rspec test for new option. --- README.md | 5 +---- manifests/vhost.pp | 14 -------------- spec/acceptance/apache_parameters_spec.rb | 14 ++++++++++++++ spec/defines/vhost_spec.rb | 5 +---- templates/vhost/_limits.erb | 5 ----- 5 files changed, 16 insertions(+), 27 deletions(-) delete mode 100644 templates/vhost/_limits.erb diff --git a/README.md b/README.md index df2a038507..4243496c65 100644 --- a/README.md +++ b/README.md @@ -124,6 +124,7 @@ [`KeepAliveTimeout`]: http://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout [`keepalive` parameter]: #keepalive [`keepalive_timeout`]: #keepalive_timeout +[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize [`lib`]: #lib [`lib_path`]: #lib_path @@ -2103,10 +2104,6 @@ Specifies the service name that will be used by Apache for authentication. Corre This option enables credential saving functionality. Default is 'off' -##### `limit_request_field_size` - -[Limits](http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestfieldsize) the size of the HTTP request header allowed from the client. Default is 'undef'. - ##### `logroot` Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0827e881b2..a87df2c1c6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -136,7 +136,6 @@ $krb_verify_kdc = 'on', $krb_servicename = 'HTTP', $krb_save_credentials = 'off', - $limit_request_field_size = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -229,10 +228,6 @@ validate_bool($auth_kerb) - if $limit_request_field_size { - validate_integer($limit_request_field_size) - } - # Validate the docroot as a string if: # - $manage_docroot is true if $manage_docroot { @@ -984,15 +979,6 @@ content => template('apache/vhost/_filters.erb'), } } - # Template uses: - # - $limit_request_field_size - if $limit_request_field_size { - concat::fragment { "${name}-limits": - target => "${priority_real}${filename}.conf", - order => 330, - content => template('apache/vhost/_limits.erb'), - } - } # Template uses no variables concat::fragment { "${name}-file_footer": diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index b82527115f..00e486fb64 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -354,6 +354,20 @@ class { 'apache': end end + describe 'limitrequestfieldsize' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': limitreqfieldsize => '16830' }" + apply_manifest(pp, :catch_failures => true) + end + end + + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'LimitRequestFieldSize 16830' } + end + end + describe 'logging' do describe 'setup' do it 'applies cleanly' do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index f1f2d4f74f..9dd563a9c6 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -326,8 +326,7 @@ 'krb_authoritative' => 'off', 'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'], 'krb_5keytab' => '/tmp/keytab5', - 'krb_local_user_mapping' => 'off', - 'limit_request_field_size' => '54321', + 'krb_local_user_mapping' => 'off' } end let :facts do @@ -472,8 +471,6 @@ :content => /^\s+KrbSaveCredentials\soff$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbVerifyKDC\son$/)} - it { is_expected.to contain_concat__fragment('rspec.example.com-limits').with( - :content => /^\s+LimitRequestFieldSize\s54321$/)} end context 'vhost with multiple ip addresses' do let :params do diff --git a/templates/vhost/_limits.erb b/templates/vhost/_limits.erb deleted file mode 100644 index 0bd56db353..0000000000 --- a/templates/vhost/_limits.erb +++ /dev/null @@ -1,5 +0,0 @@ - - ## Limit Request Values -<% if @limit_request_field_size -%> - LimitRequestFieldSize <%= @limit_request_field_size %> -<% end -%> From 893e02dbb1a41e038a3fae6116aae475527b5b69 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 9 Dec 2015 14:16:48 +0000 Subject: [PATCH 0768/2267] (MAINT) fixup ITK tests for older debian-based releases --- spec/acceptance/itk_spec.rb | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index 84339d7535..b222a86220 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -3,20 +3,37 @@ case fact('osfamily') when 'Debian' service_name = 'apache2' + majrelease = fact('operatingsystemmajrelease') + if [ '6', '7', '10.04', '12.04'].contains(majrelease) + variant = :itk_only + else + variant = :prefork + end when 'FreeBSD' service_name = 'apache24' + majrelease = fact('operatingsystemmajrelease') + variant = :prefork end describe 'apache::mod::itk class', :if => service_name do describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do - pp = <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::itk': } - EOS + pp = case variant + when :prefork + <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::itk': } + EOS + when :itk_only + <<-EOS + class { 'apache': + mpm_module => 'itk', + } + EOS + end # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) From 751fc24078c24f8ad1b2c33faef4d1eacc533f52 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 9 Dec 2015 18:46:29 +0000 Subject: [PATCH 0769/2267] (MAINT) fix "typo" in last commit --- spec/acceptance/itk_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index b222a86220..c220a70f88 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -4,7 +4,7 @@ when 'Debian' service_name = 'apache2' majrelease = fact('operatingsystemmajrelease') - if [ '6', '7', '10.04', '12.04'].contains(majrelease) + if [ '6', '7', '10.04', '12.04'].include?(majrelease) variant = :itk_only else variant = :prefork From b9f630a60811694916ecf8758103d4bca2ac6038 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Thu, 19 Nov 2015 14:30:36 -0500 Subject: [PATCH 0770/2267] Add ::apache::vhost::custom Here we are adding a thin wrapper to apache::custom_config but setting default specific to the vhost apache folder. Signed-off-by: Paul Belanger --- README.md | 22 +++++++ manifests/vhost.pp | 2 + manifests/vhost/custom.pp | 37 ++++++++++++ spec/defines/vhost_custom_spec.rb | 99 +++++++++++++++++++++++++++++++ 4 files changed, 160 insertions(+) create mode 100644 manifests/vhost/custom.pp create mode 100644 spec/defines/vhost_custom_spec.rb diff --git a/README.md b/README.md index 279754a08f..41556562ee 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ [`apache::params`]: #class-apacheparams [`apache::version`]: #class-apacheversion [`apache::vhost`]: #define-apachevhost +[`apache::vhost::custom`]: #define-apachevhostcustom [`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTP Server]: http://httpd.apache.org [Apache modules]: http://httpd.apache.org/docs/current/mod/ @@ -740,6 +741,7 @@ apache::balancer { 'puppet01': - [Define: apache::mod](#define-apachemod) - [Define: apache::namevirtualhost](#define-apachenamevirtualhost) - [Define: apache::vhost](#define-apachevhost) + - [Define: apache::vhost::custom](#define-apachevhostcustom) - [**Private Defines**](#private-defines) - [Define: apache::default_mods::load](#define-default_mods-load) - [Define: apache::peruser::multiplexer](#define-apacheperusermultiplexer) @@ -3244,6 +3246,26 @@ A unique alias. This is used internally to link the action with the FastCGI serv The MIME-type of the file to be processed by the FastCGI server. +#### Define: `apache::vhost::custom` + +The `apache::vhost::custom` is a thin wrapper to the `apache::custom_config`` +define. We are simply overriding some of the default settings specifc to the +vhost directory in Apache. + +**Parameters within `apache::vhost::custom`**: + +##### `content` + +Sets the configuration file's content. + +##### `ensure` + +Specifies if the vhost file is present or absent. Defaults to 'present'. + +##### `priority` + +Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. + ### Private Defines #### Define: `apache::peruser::multiplexer` diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e2725b8aea..341d6ad14e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -497,6 +497,8 @@ require => Package['httpd'], notify => Class['apache::service'], } + # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and + # needs to be converted into something generic. if $::apache::vhost_enable_dir { $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp new file mode 100644 index 0000000000..d85e4d091b --- /dev/null +++ b/manifests/vhost/custom.pp @@ -0,0 +1,37 @@ +# See README.md for usage information +define apache::vhost::custom( + $content, + $ensure = 'present', + $priority = '25', +) { + include ::apache + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + + ::apache::custom_config { $filename: + ensure => $ensure, + confdir => $::apache::vhost_dir, + content => $content, + priority => $priority, + } + + # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to + # converted into something generic. + if $::apache::vhost_enable_dir { + $vhost_symlink_ensure = $ensure ? { + present => link, + default => $ensure, + } + + file { "${priority}-${filename}.conf symlink": + ensure => $vhost_symlink_ensure, + path => "${::apache::vhost_enable_dir}/${priority}-${filename}.conf", + target => "${::apache::vhost_dir}/${priority}-${filename}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => Apache::Custom_config[$filename], + } + } +} diff --git a/spec/defines/vhost_custom_spec.rb b/spec/defines/vhost_custom_spec.rb new file mode 100644 index 0000000000..804be86b80 --- /dev/null +++ b/spec/defines/vhost_custom_spec.rb @@ -0,0 +1,99 @@ +require 'spec_helper' + +describe 'apache::vhost::custom', :type => :define do + let :title do + 'rspec.example.com' + end + let :default_params do + { + :content => 'foobar' + } + end + describe 'os-dependent items' do + context "on RedHat based systems" do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystem => 'RedHat', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do default_params end + let :facts do default_facts end + end + context "on Debian based systems" do + let :default_facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do default_params end + let :facts do default_facts end + it { is_expected.to contain_file("apache_rspec.example.com").with( + :ensure => 'present', + :content => 'foobar', + :path => '/etc/apache2/sites-available/25-rspec.example.com.conf', + ) } + it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with( + :ensure => 'link', + :path => '/etc/apache2/sites-enabled/25-rspec.example.com.conf', + :target => '/etc/apache2/sites-available/25-rspec.example.com.conf' + ) } + end + context "on FreeBSD systems" do + let :default_facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystem => 'FreeBSD', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do default_params end + let :facts do default_facts end + it { is_expected.to contain_file("apache_rspec.example.com").with( + :ensure => 'present', + :content => 'foobar', + :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf', + ) } + end + context "on Gentoo systems" do + let :default_facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + let :params do default_params end + let :facts do default_facts end + it { is_expected.to contain_file("apache_rspec.example.com").with( + :ensure => 'present', + :content => 'foobar', + :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf', + ) } + end + end +end From 4a24c1cf5890a4ae50d76994eaae8c7f9f810117 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 15 Dec 2015 10:13:33 -0500 Subject: [PATCH 0771/2267] Make sure snake-oil certs are installed for beaker Signed-off-by: Paul Belanger --- spec/spec_helper_acceptance.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 715ea1f6bf..6bfdefd714 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -27,6 +27,11 @@ apply_manifest_on(agents, pp, :catch_failures => false) end + if fact('osfamily') == 'Debian' + # Make sure snake-oil certs are installed. + shell 'apt-get install -y ssl-cert' + end + # Install module and dependencies hosts.each do |host| copy_module_to(host, :source => proj_root, :module_name => 'apache') From 6bd03a7a2b606bd83ea3521b34235bcccaa667b5 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 15 Dec 2015 11:39:17 -0500 Subject: [PATCH 0772/2267] Add note about fastcgi usage libapache2-mod-fastcgi exists only in multiverse for Ubuntu, so warn the user they need to enable it. Signed-off-by: Paul Belanger --- README.md | 2 ++ spec/acceptance/vhost_spec.rb | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 5c0f81655a..57ba525bfa 100644 --- a/README.md +++ b/README.md @@ -3228,6 +3228,8 @@ Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/cu This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. +** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository. + Ex: ~~~ puppet diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 552318c204..a51ab58223 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1330,6 +1330,13 @@ class { 'apache': } describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS + if ($::operatingsystem == 'Ubuntu' and versioncpm($::operatingsystemrelease, '10.04' >= 0)) { + include ::apt + apt::ppa { 'multiverse': + before => Class['Apache::Mod::Fastcgi'], + } + } + class { 'apache': } class { 'apache::mod::fastcgi': } host { 'test.server': ip => '127.0.0.1' } From af214ea39edca965c1ba481f6287759e63112afd Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 15 Dec 2015 14:23:32 -0500 Subject: [PATCH 0773/2267] Fix syntax error with versioncmp Signed-off-by: Paul Belanger --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index a51ab58223..5d0294130e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1330,7 +1330,7 @@ class { 'apache': } describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS - if ($::operatingsystem == 'Ubuntu' and versioncpm($::operatingsystemrelease, '10.04' >= 0)) { + if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '10.04') >= 0 { include ::apt apt::ppa { 'multiverse': before => Class['Apache::Mod::Fastcgi'], From 924511e1b1ceef79cd06a4833f883534dd48c125 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Tue, 15 Dec 2015 22:40:44 +0100 Subject: [PATCH 0774/2267] fix validation error when empty array is passed as rewrites parameter Manifest compilation fails when an empty array is passed as rewrites parameter to vhost defined type. This commit makes the code to compile nicely. --- manifests/vhost.pp | 4 +++- spec/defines/vhost_spec.rb | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7e48317a8d..99ce02c58d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -158,7 +158,9 @@ validate_bool($ssl_proxyengine) if $rewrites { validate_array($rewrites) - validate_hash($rewrites[0]) + unless empty($rewrites) { + validate_hash($rewrites[0]) + } } # Input validation begins diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9dd563a9c6..4ac727ea9b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -776,6 +776,18 @@ end end # access logs describe 'validation' do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end context 'bad ensure' do let :params do { @@ -876,6 +888,16 @@ let :facts do default_facts end it { expect { is_expected.to compile }.to raise_error } end + context 'empty rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => [], + } + end + let :facts do default_facts end + it { is_expected.to compile } + end context 'bad suexec_user_group' do let :params do { From 530adf44da90a5d7438f13fa797afddc0da60ac6 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 15 Dec 2015 16:41:24 -0500 Subject: [PATCH 0775/2267] Skip fastcgi acceptance testing for Centos 7 Since we don't have any packaging for it. Signed-off-by: Paul Belanger --- spec/acceptance/vhost_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 5d0294130e..a1fae93b76 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1326,7 +1326,8 @@ class { 'apache': } end # So what does this work on? - if default['platform'] !~ /^(debian-(6|7)|el-(5|6|7))/ + # Skip Centos-7 not fastcgi packaging + if default['platform'] !~ /^(debian-(6|7)|el-(5|6))/ describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS From aae1a6664efc200640eccd203db6831dd57f8d71 Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Tue, 15 Dec 2015 17:56:26 -0500 Subject: [PATCH 0776/2267] Limit fastcgi testing to Debian osfamily Signed-off-by: Paul Belanger --- spec/acceptance/vhost_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index a1fae93b76..322769afba 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1325,9 +1325,9 @@ class { 'apache': } end end - # So what does this work on? - # Skip Centos-7 not fastcgi packaging - if default['platform'] !~ /^(debian-(6|7)|el-(5|6))/ + # Limit testing to Debian, since Centos does not have fastcgi package. + case fact('osfamily') + when 'Debian' describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS From 2e15018dd24d74c78a50a9483cf39b791f3ff7ec Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 16 Dec 2015 16:42:09 -0700 Subject: [PATCH 0777/2267] (maint) fixes the fastcgi test for debian and older ubuntu releases --- spec/acceptance/vhost_spec.rb | 41 +++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 322769afba..adfa683968 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1331,10 +1331,43 @@ class { 'apache': } describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS - if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '10.04') >= 0 { + unless $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '12.04') >= 0 { + $_os = $::operatingsystem + + if $_os == 'Ubuntu' { + $_location = "http://archive.ubuntu.com/" + $_security_location = "http://archive.ubuntu.com/" + $_release = $::lsbdistcodename + $_release_security = "${_release}-security" + $_repos = "main universe multiverse" + } else { + $_location = "http://httpredir.debian.org/debian/" + $_security_location = "http://security.debian.org/" + $_release = $::lsbdistcodename + $_release_security = "${_release}/updates" + $_repos = "main contrib non-free" + } + include ::apt - apt::ppa { 'multiverse': - before => Class['Apache::Mod::Fastcgi'], + apt::source { "${_os}_${_release}": + location => $_location, + release => $_release, + repos => $_repos, + include_src => false, + } + + apt::source { "${_os}_${_release}-updates": + location => $_location, + release => "${_release}-updates", + repos => $_repos, + include_src => false, + } + + apt::source { "${_os}_${_release}-security": + location => $_security_location, + release => $_release_security, + repos => $_repos, + include_src => false, } } @@ -1348,7 +1381,7 @@ class { 'apache::mod::fastcgi': } fastcgi_dir => '/tmp/fast', } EOS - apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_failures => true, :acceptable_exit_codes => [0, 2]) end describe file("#{$vhost_dir}/25-test.server.conf") do From 407af7b70d90ef2897d062bf00ca11f78cd25608 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Thu, 17 Dec 2015 18:40:33 +0100 Subject: [PATCH 0778/2267] Support proxy provider for vhost directories This simple commmit adds the ability to use a proxy provider for directories. http://httpd.apache.org/docs/current/sections.html My use case is to have a section to apply directives to all my proxies definitions. --- README.md | 2 +- spec/defines/vhost_spec.rb | 6 ++++++ templates/vhost/_directories.erb | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57ba525bfa..31068f44eb 100644 --- a/README.md +++ b/README.md @@ -2561,7 +2561,7 @@ The `directories` parameter within the `apache::vhost` class passes an array of The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. General `directories` usage looks something like diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9dd563a9c6..b0800abe42 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -187,6 +187,10 @@ 'provider' => 'files', 'require' => 'all granted', }, + { + 'path' => '*', + 'provider' => 'proxy', + }, { 'path' => '/var/www/files/indexed_directory', 'directoryindex' => 'disabled', 'options' => ['Indexes','FollowSymLinks','MultiViews'], @@ -390,6 +394,8 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require valid-user$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index c95fda5a15..49a9bd9011 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -17,7 +17,7 @@ <%- end -%> <%- end -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files|proxy)') -%> <%- if /^(.*)match$/ =~ directory['provider'] -%> <%- provider = $1.capitalize + 'Match' -%> <%- else -%> From e90496f9671333eec2ffb1eeb1afe7bbdfc27059 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 17 Dec 2015 15:28:29 -0700 Subject: [PATCH 0779/2267] (maint) fixes fastcgi tests on ubuntu lucid --- spec/acceptance/vhost_spec.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index adfa683968..9d5306b282 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1370,7 +1370,12 @@ class { 'apache': } include_src => false, } } + EOS + + #apt-get update may not run clean here. Should be OK. + apply_manifest(pp, :catch_failures => false) + pp2 = <<-EOS class { 'apache': } class { 'apache::mod::fastcgi': } host { 'test.server': ip => '127.0.0.1' } @@ -1381,7 +1386,7 @@ class { 'apache::mod::fastcgi': } fastcgi_dir => '/tmp/fast', } EOS - apply_manifest(pp, :catch_failures => true, :acceptable_exit_codes => [0, 2]) + apply_manifest(pp2, :catch_failures => true, :acceptable_exit_codes => [0, 2]) end describe file("#{$vhost_dir}/25-test.server.conf") do From e6837d8a5e8f481295fe1a45d9d1a6bd950c4028 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Fri, 18 Dec 2015 12:52:26 +0300 Subject: [PATCH 0780/2267] Add X-Forwarded-For into log_formats defaults In order to log the X-Forwarded-For client ip address or the real client ip address add LogFormats default directive. --- templates/httpd.conf.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index cc6998b9b9..9c854cfc31 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -77,6 +77,9 @@ LogFormat "%{Referer}i -> %U" referer <% unless @log_formats.has_key?('agent') -%> LogFormat "%{User-agent}i" agent <% end -%> +<% unless @log_formats.has_key?('forwarded') -%> +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded +<% end -%> <% if @log_formats and !@log_formats.empty? -%> <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> From 1dfc02d9036e501570aebabc8d02945073e33a6d Mon Sep 17 00:00:00 2001 From: wolfgang hotwagner Date: Wed, 4 Nov 2015 23:12:42 +0100 Subject: [PATCH 0781/2267] Added support for modsecurity parameter SecPcreMatchLimit and SecPcreMatchLimitRecursion fixed default variables for secpcrematchlimit(recursion) in params.pp added documentation for SecPcreMatchLimit and SecPcreMatchLimitRecursion. also changed the default value to 1500(its modsecurity's default value) removed modsec_-prefix from variable names --- README.md | 2 ++ manifests/mod/security.pp | 4 ++++ manifests/params.pp | 4 ++++ templates/mod/security.conf.erb | 4 ++-- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57ba525bfa..aeef9705d4 100644 --- a/README.md +++ b/README.md @@ -1631,6 +1631,8 @@ ${modsec_dir}/activated_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. - `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. +- `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' +- `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' ##### Class: `apache::mod::wsgi` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 050b1bd6fa..c4b8c6407f 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -3,6 +3,8 @@ $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $secpcrematchlimit = $::apache::params::secpcrematchlimit, + $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, $allowed_methods = 'GET HEAD POST OPTIONS', $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', @@ -32,6 +34,8 @@ # Template uses: # - $modsec_dir + # - secpcrematchlimit + # - secpcrematchlimitrecursion file { 'security.conf': ensure => file, content => template('apache/mod/security.conf.erb'), diff --git a/manifests/params.pp b/manifests/params.pp index 9e8cad39b4..6aba3f56f3 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -153,6 +153,8 @@ $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' + $secpcrematchlimit = 1500 + $secpcrematchlimitrecursion = 1500 $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', @@ -248,6 +250,8 @@ $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' + $secpcrematchlimit = 1500 + $secpcrematchlimitrecursion = 1500 $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 7b2da76135..a71f5887d1 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -37,8 +37,8 @@ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" - SecPcreMatchLimit 1000 - SecPcreMatchLimitRecursion 1000 + SecPcreMatchLimit <%= @secpcrematchlimit %> + SecPcreMatchLimitRecursion <%= @secpcrematchlimitrecursion %> SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" From 6b8aa3ae30d5033b88d57eae622a8bfef91f1bf8 Mon Sep 17 00:00:00 2001 From: Devin Christensen Date: Thu, 17 Dec 2015 13:35:00 -0700 Subject: [PATCH 0782/2267] Put headers and request headers before proxy --- manifests/vhost.pp | 68 +++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 99ce02c58d..9ce9a91f4d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -676,6 +676,26 @@ } } + # Template uses: + # - $headers + if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => "${priority_real}${filename}.conf", + order => 140, + content => template('apache/vhost/_header.erb'), + } + } + + # Template uses: + # - $request_headers + if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => "${priority_real}${filename}.conf", + order => 150, + content => template('apache/vhost/_requestheader.erb'), + } + } + # Template uses: # - $proxy_dest # - $proxy_pass @@ -685,7 +705,7 @@ if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", - order => 140, + order => 160, content => template('apache/vhost/_proxy.erb'), } } @@ -695,7 +715,7 @@ if $rack_base_uris { concat::fragment { "${name}-rack": target => "${priority_real}${filename}.conf", - order => 150, + order => 170, content => template('apache/vhost/_rack.erb'), } } @@ -705,7 +725,7 @@ if $passenger_base_uris { concat::fragment { "${name}-passenger_uris": target => "${priority_real}${filename}.conf", - order => 155, + order => 175, content => template('apache/vhost/_passenger_base_uris.erb'), } } @@ -726,7 +746,7 @@ if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}${filename}.conf", - order => 160, + order => 180, content => template('apache/vhost/_redirect.erb'), } } @@ -740,7 +760,7 @@ if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": target => "${priority_real}${filename}.conf", - order => 170, + order => 190, content => template('apache/vhost/_rewrite.erb'), } } @@ -751,7 +771,7 @@ if ( $scriptalias or $scriptaliases != [] ) { concat::fragment { "${name}-scriptalias": target => "${priority_real}${filename}.conf", - order => 180, + order => 200, content => template('apache/vhost/_scriptalias.erb'), } } @@ -761,7 +781,7 @@ if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": target => "${priority_real}${filename}.conf", - order => 190, + order => 210, content => template('apache/vhost/_serveralias.erb'), } } @@ -772,7 +792,7 @@ if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { concat::fragment { "${name}-setenv": target => "${priority_real}${filename}.conf", - order => 200, + order => 220, content => template('apache/vhost/_setenv.erb'), } } @@ -798,7 +818,7 @@ if $ssl { concat::fragment { "${name}-ssl": target => "${priority_real}${filename}.conf", - order => 210, + order => 230, content => template('apache/vhost/_ssl.erb'), } } @@ -811,7 +831,7 @@ if $ssl_proxyengine { concat::fragment { "${name}-sslproxy": target => "${priority_real}${filename}.conf", - order => 210, + order => 230, content => template('apache/vhost/_sslproxy.erb'), } } @@ -827,7 +847,7 @@ if $auth_kerb { concat::fragment { "${name}-auth_kerb": target => "${priority_real}${filename}.conf", - order => 210, + order => 230, content => template('apache/vhost/_auth_kerb.erb'), } } @@ -839,7 +859,7 @@ if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": target => "${priority_real}${filename}.conf", - order => 220, + order => 240, content => template('apache/vhost/_suphp.erb'), } } @@ -850,7 +870,7 @@ if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { concat::fragment { "${name}-php": target => "${priority_real}${filename}.conf", - order => 220, + order => 240, content => template('apache/vhost/_php.erb'), } } @@ -860,29 +880,9 @@ # - $php_admin_flags if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": - target => "${priority_real}${filename}.conf", - order => 230, - content => template('apache/vhost/_php_admin.erb'), - } - } - - # Template uses: - # - $headers - if $headers and ! empty($headers) { - concat::fragment { "${name}-header": - target => "${priority_real}${filename}.conf", - order => 240, - content => template('apache/vhost/_header.erb'), - } - } - - # Template uses: - # - $request_headers - if $request_headers and ! empty($request_headers) { - concat::fragment { "${name}-requestheader": target => "${priority_real}${filename}.conf", order => 250, - content => template('apache/vhost/_requestheader.erb'), + content => template('apache/vhost/_php_admin.erb'), } } From f001dfb231f41aac73d97a7878eb29c9e4880c24 Mon Sep 17 00:00:00 2001 From: Onur Cem Celebi Date: Tue, 22 Dec 2015 17:54:08 +0100 Subject: [PATCH 0783/2267] Support ProxPassReverseCookieDomain directive (mod_proxy) --- README.md | 4 ++-- spec/defines/vhost_spec.rb | 16 ++++++++++++---- templates/vhost/_proxy.erb | 7 ++++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 57ba525bfa..bd879ed59f 100644 --- a/README.md +++ b/README.md @@ -2260,13 +2260,13 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, { 'path' => '/g', 'url' => 'http://backend-g/', - 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}], }, + 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, ], } ~~~ `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. -`reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath. +`reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath and/or ProxyPassReverseCookieDomain. `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9dd563a9c6..0096e06029 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -219,10 +219,16 @@ 'path' => '/a', 'url' => 'http://backend-a/', 'keywords' => ['noquery', 'interpolate'], - 'reverse_cookies' => [{ - 'path' => '/a', - 'url' => 'http://backend-a/', - }], + 'reverse_cookies' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + }, + { + 'domain' => 'foo', + 'url' => 'http://foo', + } + ], 'params' => { 'retry' => '0', 'timeout' => '5' @@ -425,6 +431,8 @@ /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 3f94af9112..9e9c05170f 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -20,7 +20,12 @@ > <%- if not proxy['reverse_cookies'].nil? -%> <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> - ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- if reverse_cookies['path'] -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- if reverse_cookies['domain'] -%> + ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> + <%- end -%> <%- end -%> <%- end -%> <%- if proxy['reverse_urls'].nil? -%> From 7db484aacbebba67a879b195d83bfc604c619daf Mon Sep 17 00:00:00 2001 From: Onur Cem Celebi Date: Fri, 18 Dec 2015 08:55:43 +0100 Subject: [PATCH 0784/2267] Add ProxyPreserveHost off mode explicitly --- templates/vhost/_proxy.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 3f94af9112..c34153b4e9 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -5,6 +5,8 @@ <%- end -%> <% if @proxy_preserve_host -%> ProxyPreserveHost On +<% else -%> + ProxyPreserveHost Off <%- end -%> <% if @proxy_error_override -%> ProxyErrorOverride On From 0ab0e393f0e7254bc28f69b624cf212f120a254c Mon Sep 17 00:00:00 2001 From: Onur Cem Celebi Date: Fri, 18 Dec 2015 08:14:41 +0100 Subject: [PATCH 0785/2267] Support the mod_ssl SSLProxyVerify directive --- README.md | 4 ++++ manifests/vhost.pp | 6 ++++++ spec/defines/vhost_spec.rb | 1 + templates/vhost/_sslproxy.erb | 3 +++ 4 files changed, 14 insertions(+) diff --git a/README.md b/README.md index 57ba525bfa..49ef133f49 100644 --- a/README.md +++ b/README.md @@ -3174,6 +3174,10 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# } ~~~ +##### `ssl_proxy_verify` + +Sets the [SSLProxyVerify](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Defaults to 'undef'. + ##### `ssl_proxy_machine_cert` Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Defaults to 'undef'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7e48317a8d..21abb13fbe 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -25,6 +25,7 @@ $ssl_honorcipherorder = undef, $ssl_verify_client = undef, $ssl_verify_depth = undef, + $ssl_proxy_verify = undef, $ssl_proxy_check_peer_cn = undef, $ssl_proxy_check_peer_name = undef, $ssl_proxy_machine_cert = undef, @@ -234,6 +235,10 @@ validate_string($docroot) } + if $ssl_proxy_verify { + validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.") + } + if $ssl_proxy_check_peer_cn { validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") } @@ -803,6 +808,7 @@ # Template uses: # - $ssl_proxyengine + # - $ssl_proxy_verify # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name # - $ssl_proxy_machine_cert diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9dd563a9c6..edc87d12c7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -154,6 +154,7 @@ 'ssl_verify_depth' => '3', 'ssl_options' => '+ExportCertData', 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', + 'ssl_proxy_verify' => 'require', 'ssl_proxy_check_peer_cn' => 'on', 'ssl_proxy_check_peer_name' => 'on', 'ssl_proxyengine' => true, diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index e58d52d0ba..568d9d1d0d 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -2,6 +2,9 @@ # SSL Proxy directives SSLProxyEngine On + <%- if @ssl_proxy_verify -%> + SSLProxyVerify <%= @ssl_proxy_verify %> + <%- end -%> <%- if @ssl_proxy_check_peer_cn -%> SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> <%- end -%> From e825422b0080e66b32cd05ed51b5ccae69325c74 Mon Sep 17 00:00:00 2001 From: Jason Hancock Date: Thu, 17 Dec 2015 10:41:15 -0800 Subject: [PATCH 0786/2267] EL7 uses conf.modules.d directory for modules. This is briefly mentioned in [MODULES-1734](https://tickets.puppetlabs.com/browse/MODULES-1734), but the EL7 uses the conf.modules.d directory for module configuration. Also cleaned up some of the acceptance tests to use the common config in `version.rb` to DRY --- manifests/params.pp | 5 +++- spec/acceptance/apache_ssl_spec.rb | 11 ++------- spec/acceptance/class_spec.rb | 22 ++++------------- spec/acceptance/default_mods_spec.rb | 30 +++++++---------------- spec/acceptance/mod_dav_svn_spec.rb | 15 ++++-------- spec/acceptance/mod_deflate_spec.rb | 20 +++------------- spec/acceptance/mod_mime_spec.rb | 20 +++------------- spec/acceptance/mod_negotiation_spec.rb | 32 ++++++------------------- spec/acceptance/mod_pagespeed_spec.rb | 23 ++---------------- spec/acceptance/mod_passenger_spec.rb | 14 +++++------ spec/acceptance/mod_php_spec.rb | 32 ++++++------------------- spec/acceptance/mod_proxy_html_spec.rb | 14 ++--------- spec/acceptance/mod_security_spec.rb | 30 ++++++++--------------- spec/acceptance/prefork_worker_spec.rb | 18 ++++---------- spec/acceptance/version.rb | 3 ++- spec/classes/mod/security_spec.rb | 2 +- 16 files changed, 70 insertions(+), 221 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 9e8cad39b4..ab6c0d1e83 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -62,7 +62,10 @@ $server_root = '/etc/httpd' $conf_dir = "${httpd_dir}/conf" $confd_dir = "${httpd_dir}/conf.d" - $mod_dir = "${httpd_dir}/conf.d" + $mod_dir = $::apache::version::distrelease ? { + '7' => "${httpd_dir}/conf.modules.d", + default => "${httpd_dir}/conf.d", + } $mod_enable_dir = undef $vhost_dir = "${httpd_dir}/conf.d" $vhost_enable_dir = undef diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index ccf65c7273..254a3c35a2 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -1,13 +1,6 @@ require 'spec_helper_acceptance' require_relative './version.rb' -case fact('osfamily') -when 'RedHat' - vhostd = '/etc/httpd/conf.d' -when 'Debian' - vhostd = '/etc/apache2/sites-available' -end - describe 'apache ssl' do describe 'ssl parameters' do @@ -28,7 +21,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file("#{vhostd}/15-default-ssl.conf") do + describe file("#{$vhost_dir}/15-default-ssl.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } @@ -74,7 +67,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) end - describe file("#{vhostd}/25-test_ssl.conf") do + describe file("#{$vhost_dir}/25-test_ssl.conf") do it { is_expected.to be_file } it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 47b0d36fa0..0e797b61d8 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -1,21 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache class' do - case fact('osfamily') - when 'RedHat' - package_name = 'httpd' - service_name = 'httpd' - when 'Debian' - package_name = 'apache2' - service_name = 'apache2' - when 'FreeBSD' - package_name = 'apache24' - service_name = 'apache24' - when 'Gentoo' - package_name = 'www-servers/apache' - service_name = 'apache2' - end - context 'default parameters' do it 'should work with no errors' do pp = <<-EOS @@ -27,11 +13,11 @@ class { 'apache': } expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - describe package(package_name) do + describe package($package_name) do it { is_expected.to be_installed } end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end @@ -80,7 +66,7 @@ class { 'apache': apply_manifest(pp, :catch_changes => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index c2d6a8c26d..8cfc531b1d 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -1,19 +1,5 @@ require 'spec_helper_acceptance' - -case fact('osfamily') -when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - servicename = 'httpd' -when 'Debian' - mod_dir = '/etc/apache2/mods-available' - servicename = 'apache2' -when 'FreeBSD' - mod_dir = '/usr/local/etc/apache24/Modules' - servicename = 'apache24' -when 'Gentoo' - mod_dir = '/etc/apache2/modules.d' - servicename = 'apache2' -end +require_relative './version.rb' describe 'apache::default_mods class' do describe 'no default mods' do @@ -30,7 +16,7 @@ class { 'apache': expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } end end @@ -56,12 +42,12 @@ class { 'apache': end # Are these the same? - describe service(servicename) do + describe service($service_name) do it { is_expected.not_to be_running } end - describe "service #{servicename}" do + describe "service #{$service_name}" do it 'should not be running' do - shell("pidof #{servicename}", {:acceptable_exit_codes => 1}) + shell("pidof #{$service_name}", {:acceptable_exit_codes => 1}) end end end @@ -94,7 +80,7 @@ class { 'apache': expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } end end @@ -112,11 +98,11 @@ class { 'apache': default_mods => false } expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } end - describe file("#{mod_dir}/zz_auth_basic.load") do + describe file("#{$mod_dir}/zz_auth_basic.load") do it { is_expected.to be_file } end end diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 10c9b77d75..e4092d03a1 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -1,22 +1,17 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do case fact('osfamily') when 'Debian' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' end when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' authz_svn_load_file = 'dav_svn_authz_svn.load' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' authz_svn_load_file = 'dav_svn_authz_svn.load' end @@ -29,12 +24,12 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/dav_svn.load") do + describe file("#{$mod_dir}/dav_svn.load") do it { is_expected.to contain "LoadModule dav_svn_module" } end end @@ -50,12 +45,12 @@ class { 'apache::mod::dav_svn': apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/#{authz_svn_load_file}") do + describe file("#{$mod_dir}/#{authz_svn_load_file}") do it { is_expected.to contain "LoadModule authz_svn_module" } end end diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index 3b505bdbfd..c1ee4d3848 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -1,21 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::deflate class' do - case fact('osfamily') - when 'Debian' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - when 'FreeBSD' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' - when 'Gentoo' - mod_dir = '/etc/apache2/modules.d' - service_name = 'apache2' - end - context "default deflate config" do it 'succeeds in puppeting deflate' do pp= <<-EOS @@ -25,12 +11,12 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/deflate.conf") do + describe file("#{$mod_dir}/deflate.conf") do it { is_expected.to contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" } it { is_expected.to contain "AddOutputFilterByType DEFLATE text/css" } it { is_expected.to contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" } diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index e47360b5e0..ead76adc17 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -1,21 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::mime class' do - case fact('osfamily') - when 'Debian' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - when 'FreeBSD' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' - when 'Gentoo' - mod_dir = '/etc/apache2/modules.d' - service_name = 'apache2' - end - context "default mime config" do it 'succeeds in puppeting mime' do pp= <<-EOS @@ -25,12 +11,12 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/mime.conf") do + describe file("#{$mod_dir}/mime.conf") do it { is_expected.to contain "AddType application/x-compress .Z" } it { is_expected.to contain "AddHandler type-map var\n" } it { is_expected.to contain "AddType text/html .shtml\n" } diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 48eb896b67..142b412ade 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -1,25 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::negotiation class' do - case fact('osfamily') - when 'Debian' - vhost_dir = '/etc/apache2/sites-enabled' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - when 'RedHat' - vhost_dir = '/etc/httpd/conf.d' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache24/Vhosts' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' - when 'Gentoo' - vhost_dir = '/etc/apache2/vhosts.d' - mod_dir = '/etc/apache2/modules.d' - service_name = 'apache2' - end - context "default negotiation config" do it 'succeeds in puppeting negotiation' do pp= <<-EOS @@ -29,12 +11,12 @@ class { '::apache::mod::negotiation': } apply_manifest(pp, :catch_failures => true) end - describe file("#{mod_dir}/negotiation.conf") do + describe file("#{$mod_dir}/negotiation.conf") do it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW ForceLanguagePriority Prefer Fallback" } end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -51,11 +33,11 @@ class { '::apache::mod::negotiation': apply_manifest(pp, :catch_failures => true) end - describe file("#{mod_dir}/negotiation.conf") do + describe file("#{$mod_dir}/negotiation.conf") do it { should contain "ForceLanguagePriority Prefer" } end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end @@ -72,11 +54,11 @@ class { '::apache::mod::negotiation': apply_manifest(pp, :catch_failures => true) end - describe file("#{mod_dir}/negotiation.conf") do + describe file("#{$mod_dir}/negotiation.conf") do it { should contain "LanguagePriority en es" } end - describe service(service_name) do + describe service($service_name) do it { should be_enabled } it { should be_running } end diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index f8060a167e..ab50a54d0e 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,25 +1,6 @@ require 'spec_helper_acceptance' describe 'apache::mod::pagespeed class' do - case fact('osfamily') - when 'Debian' - vhost_dir = '/etc/apache2/sites-enabled' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - when 'RedHat' - vhost_dir = '/etc/httpd/conf.d' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache24/Vhosts' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' - when 'Gentoo' - vhost_dir = '/etc/apache2/vhosts.d' - mod_dir = '/etc/apache2/modules.d' - service_name = 'apache2' - end - context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS @@ -66,12 +47,12 @@ class { 'apache::mod::pagespeed': apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/pagespeed.conf") do + describe file("#{$mod_dir}/pagespeed.conf") do it { is_expected.to contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } it { is_expected.to contain "ModPagespeedEnableFilters remove_comments" } it { is_expected.to contain "ModPagespeedDisableFilters extend_cache" } diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index df9cd9e13e..88c8aff329 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -1,12 +1,12 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::passenger class' do case fact('osfamily') when 'Debian' - service_name = 'apache2' mod_dir = '/etc/apache2/mods-available/' - conf_file = "#{mod_dir}passenger.conf" - load_file = "#{mod_dir}zpassenger.load" + conf_file = "#{$mod_dir}/passenger.conf" + load_file = "#{$mod_dir}/zpassenger.load" case fact('operatingsystem') when 'Ubuntu' @@ -46,10 +46,8 @@ rackapp_user = 'www-data' rackapp_group = 'www-data' when 'RedHat' - service_name = 'httpd' - mod_dir = '/etc/httpd/conf.d/' - conf_file = "#{mod_dir}passenger.conf" - load_file = "#{mod_dir}zpassenger.load" + conf_file = "#{$mod_dir}/passenger.conf" + load_file = "#{$mod_dir}/zpassenger.load" # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1' passenger_ruby = '/usr/bin/ruby' @@ -98,7 +96,7 @@ class { 'apache::mod::passenger': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index a42f523738..a5529851fb 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,25 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::php class' do - case fact('osfamily') - when 'Debian' - vhost_dir = '/etc/apache2/sites-enabled' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - when 'RedHat' - vhost_dir = '/etc/httpd/conf.d' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache24/Vhosts' - mod_dir = '/usr/local/etc/apache24/Modules' - service_name = 'apache24' - when 'Gentoo' - vhost_dir = '/etc/apache2/vhosts.d' - mod_dir = '/etc/apache2/modules.d' - service_name = 'apache2' - end - context "default php config" do it 'succeeds in puppeting php' do pp= <<-EOS @@ -40,12 +22,12 @@ class { 'apache::mod::php': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/php5.conf") do + describe file("#{$mod_dir}/php5.conf") do it { is_expected.to contain "DirectoryIndex index.php" } end @@ -83,12 +65,12 @@ class { 'apache::mod::php': apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{vhost_dir}/25-php.example.com.conf") do + describe file("#{$vhost_dir}/25-php.example.com.conf") do it { is_expected.to contain " php_flag display_errors on" } it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" } it { is_expected.to contain " php_admin_flag engine on" } @@ -116,7 +98,7 @@ class {'apache::mod::php': apply_manifest(pp, :catch_failures => true) end - describe file("#{mod_dir}/php5.conf") do + describe file("#{$mod_dir}/php5.conf") do it { should contain "# somecontent" } end end @@ -135,7 +117,7 @@ class {'apache::mod::php': apply_manifest(pp, :catch_failures => true) end - describe file("#{mod_dir}/php5.conf") do + describe file("#{$mod_dir}/php5.conf") do it { should contain "# somecontent" } end end diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index 840ea563f1..3e11586917 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -1,17 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::proxy_html class' do - case fact('osfamily') - when 'Debian' - service_name = 'apache2' - when 'RedHat' - service_name = 'httpd' - when 'FreeBSD' - service_name = 'apache24' - when 'Gentoo' - service_name = 'apache2' - end - context "default proxy_html config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do @@ -33,7 +23,7 @@ class { 'apache::mod::proxy_html': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 4fcf0f551b..75f4175881 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,17 +1,7 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) do - case fact('osfamily') - when 'Debian' - mod_dir = '/etc/apache2/mods-available' - service_name = 'apache2' - package_name = 'apache2' - when 'RedHat' - mod_dir = '/etc/httpd/conf.d' - service_name = 'httpd' - package_name = 'httpd' - end - context "default mod_security config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do @@ -54,16 +44,16 @@ class { 'apache::mod::security': } end end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe package(package_name) do + describe package($package_name) do it { is_expected.to be_installed } end - describe file("#{mod_dir}/security.conf") do + describe file("#{$mod_dir}/security.conf") do it { is_expected.to contain "mod_security2.c" } end @@ -100,12 +90,12 @@ class { 'apache::mod::security': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/security.conf") do + describe file("#{$mod_dir}/security.conf") do it { is_expected.to contain "mod_security2.c" } end @@ -152,12 +142,12 @@ class { 'apache::mod::security': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/security.conf") do + describe file("#{$mod_dir}/security.conf") do it { is_expected.to contain "mod_security2.c" } end @@ -208,12 +198,12 @@ class { 'apache::mod::security': } apply_manifest(pp, :catch_failures => true) end - describe service(service_name) do + describe service($service_name) do it { is_expected.to be_enabled } it { is_expected.to be_running } end - describe file("#{mod_dir}/security.conf") do + describe file("#{$mod_dir}/security.conf") do it { is_expected.to contain "mod_security2.c" } end diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 234b6acefb..7ba13950d5 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -1,15 +1,5 @@ require 'spec_helper_acceptance' - -case fact('osfamily') -when 'RedHat' - servicename = 'httpd' -when 'Debian' - servicename = 'apache2' -when 'FreeBSD' - servicename = 'apache24' -when 'Gentoo' - servicename = 'apache2' -end +require_relative './version.rb' case fact('osfamily') when 'FreeBSD' @@ -29,7 +19,7 @@ class { 'apache': end end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } it { is_expected.to be_enabled } end @@ -52,7 +42,7 @@ class { 'apache': end end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } it { is_expected.to be_enabled } end @@ -74,7 +64,7 @@ class { 'apache': end end - describe service(servicename) do + describe service($service_name) do it { is_expected.to be_running } it { is_expected.to be_enabled } end diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 117e23d9fe..88cf509b7b 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -5,7 +5,6 @@ case _osfamily when 'RedHat' $confd_dir = '/etc/httpd/conf.d' - $mod_dir = '/etc/httpd/conf.d' $conf_file = '/etc/httpd/conf/httpd.conf' $ports_file = '/etc/httpd/conf/ports.conf' $vhost_dir = '/etc/httpd/conf.d' @@ -19,8 +18,10 @@ if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7) $apache_version = '2.4' + $mod_dir = '/etc/httpd/conf.modules.d' else $apache_version = '2.2' + $mod_dir = '/etc/httpd/conf.d' end when 'Debian' $confd_dir = '/etc/apache2/conf.d' diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 93f751ee4e..ba0bb2f711 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -28,7 +28,7 @@ ) } it { should contain_package('mod_security_crs') } it { should contain_file('security.conf').with( - :path => '/etc/httpd/conf.d/security.conf' + :path => '/etc/httpd/conf.modules.d/security.conf' ) } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', From 12b695ab82c9a344e87d3f73b4dae1864cb90dac Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Thu, 24 Dec 2015 21:18:04 -0500 Subject: [PATCH 0787/2267] the custom fragment needs to be indented two spaces so that it lines up with the rest of the configuration --- templates/vhost/_custom_fragment.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_custom_fragment.erb b/templates/vhost/_custom_fragment.erb index 973964655e..35c264adb9 100644 --- a/templates/vhost/_custom_fragment.erb +++ b/templates/vhost/_custom_fragment.erb @@ -1,5 +1,5 @@ <% if @custom_fragment -%> ## Custom fragment -<%= @custom_fragment %> + <%= @custom_fragment %> <% end -%> From 19e3ee61e8a1a0ab5d6b0288038b6750ad4c8b7f Mon Sep 17 00:00:00 2001 From: Peter Slootweg Date: Wed, 6 Jan 2016 09:43:34 +0100 Subject: [PATCH 0788/2267] (#2948) ensure order of ProxyPass and ProxyPassMatch parameters change iteration over hash elements from 'each_pair' to sorted keys. As the order of hash elements is not specified, and might be different every run, sorted keys ensure that the order of ProxyPass and ProxyPassMatch parameters are the same every time. --- templates/vhost/_proxy.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 16a889cb4c..4a918373da 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -14,7 +14,7 @@ <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> - <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> <%- end -%> <%- end -%> <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> @@ -47,7 +47,7 @@ <% [@proxy_pass_match].flatten.compact.each do |proxy| %> ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> - <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> <%- end -%> <%- end -%> <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> From 2e6cd7aad53a6e9db97c618fa0a432fc3182574c Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Fri, 1 Jan 2016 12:54:48 -0500 Subject: [PATCH 0789/2267] Support itk on redhat --- manifests/mod/itk.pp | 20 +++++++++++++++ spec/acceptance/itk_spec.rb | 10 +++++++- spec/classes/mod/itk_spec.rb | 49 ++++++++++++++++++++++++++++++++++++ spec/classes/mod/php_spec.rb | 10 +++++--- 4 files changed, 85 insertions(+), 4 deletions(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 990f853eaf..6f07966755 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -54,6 +54,26 @@ } case $::osfamily { + 'redhat': { + package { 'httpd-itk': + ensure => present, + } + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mpm{ 'itk': + apache_version => $apache_version, + } + } + else { + file_line { '/etc/sysconfig/httpd itk enable': + ensure => present, + path => '/etc/sysconfig/httpd', + line => 'HTTPD=/usr/sbin/httpd.itk', + match => '#?HTTPD=/usr/sbin/httpd.itk', + require => Package['httpd'], + notify => Class['apache::service'], + } + } + } 'debian', 'freebsd': { apache::mpm{ 'itk': apache_version => $apache_version, diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index c220a70f88..dbc8b6251b 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -4,7 +4,15 @@ when 'Debian' service_name = 'apache2' majrelease = fact('operatingsystemmajrelease') - if [ '6', '7', '10.04', '12.04'].include?(majrelease) + if ['6', '7', '10.04', '12.04'].include?(majrelease) + variant = :itk_only + else + variant = :prefork + end +when 'RedHat' + service_name = 'httpd' + majrelease = fact('operatingsystemmajrelease') + if ['5', '6'].include?(majrelease) variant = :itk_only else variant = :prefork diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index cd2e6c67a7..27369f1443 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -55,6 +55,55 @@ it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } end end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('itk') } + it { is_expected.to contain_file("/etc/httpd/conf.d/itk.conf").with_ensure('file') } + it { is_expected.to contain_package("httpd-itk") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_file_line("/etc/sysconfig/httpd itk enable").with({ + 'require' => 'Package[httpd]', + }) + } + end + + context "with Apache version >= 2.4" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_file("/etc/httpd/conf.d/itk.load").with({ + 'ensure' => 'file', + 'content' => "LoadModule mpm_itk_module modules/mod_mpm_itk.so\n" + }) + } + end + end context "on a FreeBSD OS" do let :pre_condition do 'class { "apache": mpm_module => false, }' diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 6814b8a8f1..3aaa3d329b 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -117,9 +117,13 @@ let :pre_condition do 'class { "apache": mpm_module => itk, }' end - it 'should raise an error' do - expect { expect(subject).to contain_class("apache::mod::itk") }.to raise_error Puppet::Error, /Unsupported osfamily RedHat/ - end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::itk") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("php") } + it { is_expected.to contain_file("php5.load").with( + :content => "LoadModule php5_module modules/libphp5.so\n" + ) } end end describe "on a FreeBSD OS" do From db5b0bfb09959622ea1c6cc299b58057b94c588f Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Fri, 8 Jan 2016 09:27:18 -0700 Subject: [PATCH 0790/2267] MODULES-2956: Enable options within location block on proxy_match --- README.md | 8 +++++--- spec/defines/vhost_spec.rb | 12 ++++++++++++ templates/vhost/_proxy.erb | 5 +++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b0ea212a41..fb4451021f 100644 --- a/README.md +++ b/README.md @@ -2242,7 +2242,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ ##### `proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters and location options can be added as an array. ~~~ puppet apache::vhost { 'site.name.fdqn': @@ -2251,6 +2251,8 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, + { 'path' => '/c', 'url' => 'http://backend-a/c', + 'options' => {'Require'=>'valid-user', 'AuthType'=>'Kerberos', 'AuthName'=>'Kerberos Login'}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', @@ -3190,12 +3192,12 @@ Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/m ~~~ ##### `ssl_proxy_check_peer_cn` - + Sets the [SSLProxyMachinePeerCN](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. ##### `ssl_proxy_check_peer_name` - + Sets the [SSLProxyMachinePeerName](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. ##### `ssl_options` diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 98d70239a8..40d93a0eea 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -238,6 +238,11 @@ 'retry' => '0', 'timeout' => '5' }, + 'options' => { + 'Require' =>'valid-user', + 'AuthType' =>'Kerberos', + 'AuthName' =>'"Kerberos Login"' + }, 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'], } ], @@ -440,6 +445,13 @@ /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /Require valid-user/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /AuthType Kerberos/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /AuthName "Kerberos Login"/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 4a918373da..6eb0c3c9a8 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -42,6 +42,11 @@ SetEnv <%= setenv_var %> <%- end -%> <%- end -%> + <%- if proxy['options'] -%> + <%- proxy['options'].keys.sort.each do |key| -%> + <%= key %> <%= proxy['options'][key] %> + <%- end -%> + <%- end -%> <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> From 4ae775a3662f668deaf6a972db48947b0fa3bafb Mon Sep 17 00:00:00 2001 From: Craig Holyoak Date: Tue, 8 Dec 2015 08:21:16 +1000 Subject: [PATCH 0791/2267] Fix paths and packages for the shib2 module on Debian pre Jessie --- manifests/params.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 9e8cad39b4..644f6788f2 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -221,13 +221,20 @@ 'python' => 'libapache2-mod-python', 'rpaf' => 'libapache2-mod-rpaf', 'security' => 'libapache2-modsecurity', + 'shib2' => 'libapache2-mod-shib2', 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', 'shib2' => 'libapache2-mod-shib2', } + if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 { + $shib2_lib = 'mod_shib_22.so' + } else { + $shib2_lib = 'mod_shib2.so' + } $mod_libs = { - 'php5' => 'libphp5.so', + 'php5' => 'libphp5.so', + 'shib2' => $shib2_lib } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' From 9dd474b760178fe42c7e568999099c1c87eab2c1 Mon Sep 17 00:00:00 2001 From: tphoney Date: Mon, 11 Jan 2016 12:57:04 +0000 Subject: [PATCH 0792/2267] fix ordering of catalogue for redhat 7 --- manifests/mod/security.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 050b1bd6fa..4571e2fd29 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -26,7 +26,7 @@ if $crs_package { package { $crs_package: ensure => 'latest', - before => File['security.conf'], + before => File[$::apache::confd_dir], } } From cf92e835bbdd4066fe0527398911904b3fc76aa0 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Mon, 11 Jan 2016 18:39:37 +0300 Subject: [PATCH 0793/2267] Update docs for predefined LogFormats Add missed predefined "forwarded" log format into docs. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fb4451021f..9b1074beb1 100644 --- a/README.md +++ b/README.md @@ -1002,6 +1002,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combine LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded ~~~ If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. From d9034acf0040bb237fdc85eda29575a62d659c6d Mon Sep 17 00:00:00 2001 From: Ryan Kennedy Date: Mon, 11 Jan 2016 11:19:11 -0800 Subject: [PATCH 0794/2267] Fixing error in Amazon $operatingsystem comparison --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index c343a4d2b0..28692001c0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -52,7 +52,7 @@ } else { $verify_command = '/usr/sbin/apachectl -t' } - if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { + if $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ { $user = 'apache' $group = 'apache' $root_group = 'root' From b1d20042f02931a05c64a29fd47c9078f6c0ab43 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Tue, 12 Jan 2016 13:03:43 +0100 Subject: [PATCH 0795/2267] Add some mod::passenger documentation. --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9b1074beb1..1caf8ae2a7 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html [`mod_negotiation`]: http://httpd.apache.org/docs/current/mod/mod_negotiation.html [`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en +[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ [`mod_php`]: http://php.net/manual/en/book.apache.php [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html [`mod_proxy_balancer`]: http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html @@ -1267,7 +1268,7 @@ The following Apache modules have supported classes, many of which allow for par * `negotiation` * `nss`* * `pagespeed` (see [`apache::mod::pagespeed`][]) -* `passenger`* +* `passenger`* (see [`apache::mod::passenger`][]) * `perl` * `peruser` * `php` (requires [`mpm_module`][] set to `prefork`) @@ -1482,6 +1483,17 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of - `apache_version`: Default: `$::apache::apache_version`, - `restrict_access`: Determines whether to enable access restrictions. If 'false', the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: 'true'. +##### Class: `apache::mod::passenger` + +Installs and manages [`mod_passenger`][]. + +**Parameters within `apache::mod::passenger`**: +- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: on, off. Default: undef. +- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef +- `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. +- `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. +- ... + ##### Class: `apache::mod::ldap` Installs and configures [`mod_ldap`][]. Allows you to modify the From bd6239c59d3f77962ba9785024cf87f2ef7ff74c Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Tue, 12 Jan 2016 13:15:05 +0100 Subject: [PATCH 0796/2267] (MODULES-2964) Enable PassengerMaxRequestQueueSize to be set * https://tickets.puppetlabs.com/browse/MODULES-2964 * https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize --- README.md | 1 + manifests/mod/passenger.pp | 47 +++++++++++++++--------------- spec/classes/mod/passenger_spec.rb | 7 +++++ templates/mod/passenger.conf.erb | 3 ++ 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 1caf8ae2a7..38277a326f 100644 --- a/README.md +++ b/README.md @@ -1491,6 +1491,7 @@ Installs and manages [`mod_passenger`][]. - `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: on, off. Default: undef. - `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef - `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. +- `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: undef. - `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. - ... diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 4f7cb7f04a..8d3622d304 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,27 +1,28 @@ class apache::mod::passenger ( - $passenger_conf_file = $::apache::params::passenger_conf_file, - $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, - $passenger_high_performance = undef, - $passenger_pool_idle_time = undef, - $passenger_max_requests = undef, - $passenger_spawn_method = undef, - $passenger_stat_throttle_rate = undef, - $rack_autodetect = undef, - $rails_autodetect = undef, - $passenger_root = $::apache::params::passenger_root, - $passenger_ruby = $::apache::params::passenger_ruby, - $passenger_default_ruby = $::apache::params::passenger_default_ruby, - $passenger_max_pool_size = undef, - $passenger_min_instances = undef, - $passenger_use_global_queue = undef, - $passenger_app_env = undef, - $passenger_log_file = undef, - $mod_package = undef, - $mod_package_ensure = undef, - $mod_lib = undef, - $mod_lib_path = undef, - $mod_id = undef, - $mod_path = undef, + $passenger_conf_file = $::apache::params::passenger_conf_file, + $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, + $passenger_high_performance = undef, + $passenger_pool_idle_time = undef, + $passenger_max_request_queue_size = undef, + $passenger_max_requests = undef, + $passenger_spawn_method = undef, + $passenger_stat_throttle_rate = undef, + $rack_autodetect = undef, + $rails_autodetect = undef, + $passenger_root = $::apache::params::passenger_root, + $passenger_ruby = $::apache::params::passenger_ruby, + $passenger_default_ruby = $::apache::params::passenger_default_ruby, + $passenger_max_pool_size = undef, + $passenger_min_instances = undef, + $passenger_use_global_queue = undef, + $passenger_app_env = undef, + $passenger_log_file = undef, + $mod_package = undef, + $mod_package_ensure = undef, + $mod_lib = undef, + $mod_lib_path = undef, + $mod_id = undef, + $mod_path = undef, ) { if $passenger_spawn_method { diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 34dcc5c6f3..1cae95c456 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -57,6 +57,13 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) } end + describe "with passenger_max_request_queue_size => 100" do + let :params do + { :passenger_max_request_queue_size => 100 } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequestQueueSize 100$/) } + end + describe "with passenger_max_requests => 20" do let :params do { :passenger_max_requests => 20 } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 9bd13c22ac..8a3e9d4f37 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -22,6 +22,9 @@ <%- if @passenger_pool_idle_time -%> PassengerPoolIdleTime <%= @passenger_pool_idle_time %> <%- end -%> + <%- if @passenger_max_request_queue_size -%> + PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %> + <%- end -%> <%- if @passenger_max_requests -%> PassengerMaxRequests <%= @passenger_max_requests %> <%- end -%> From d4fb48aa501e0e86d4a57efd3e5fade978a24fdb Mon Sep 17 00:00:00 2001 From: tphoney Date: Tue, 12 Jan 2016 13:21:26 +0000 Subject: [PATCH 0797/2267] itk tests on redhat need epel --- spec/acceptance/itk_spec.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index dbc8b6251b..cb0da28849 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -24,6 +24,14 @@ end describe 'apache::mod::itk class', :if => service_name do + describe 'setting up epel(for itk) for redhat' do + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6|7)/ + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + end describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do From ac31d2ec0fcaf2e962cc3d5b0590b512d69744d8 Mon Sep 17 00:00:00 2001 From: Alan Chalmers Date: Tue, 12 Jan 2016 13:53:31 +1100 Subject: [PATCH 0798/2267] MODULES-2958 : correct CustomLog syslog entry --- templates/vhost/_access_log.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_access_log.erb b/templates/vhost/_access_log.erb index d1ec426a4a..894daa7ce4 100644 --- a/templates/vhost/_access_log.erb +++ b/templates/vhost/_access_log.erb @@ -10,7 +10,7 @@ <% destination = "#{@logroot}/#{log['file']}" -%> <% end -%> <% elsif log['syslog'] -%> -<% destination = "syslog" -%> +<% destination = log['syslog'] -%> <% elsif log['pipe'] -%> <% destination = log['pipe'] -%> <% else -%> From 99add117df452d2c513a3a7c36d9fd0416e696b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 13 Jan 2016 11:47:05 +0100 Subject: [PATCH 0799/2267] proxy: remove workaround for old broken clients this has been fixed for a long time (https://bz.apache.org/bugzilla/show_bug.cgi?id=38864) and the workaround documented by @niq http://www.apachetutor.org/admin/reverseproxies hasn't been necessary for a long time. --- templates/vhost/_proxy.erb | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 6eb0c3c9a8..1cc2720b78 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -19,27 +19,26 @@ <%- end -%> <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> <%- end %> - > <%- if not proxy['reverse_cookies'].nil? -%> <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> <%- if reverse_cookies['path'] -%> - ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> <%- end -%> <%- if reverse_cookies['domain'] -%> - ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> + ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> <%- end -%> <%- end -%> <%- end -%> <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['url'] %> + ProxyPassReverse <%= proxy['url'] %> <%- else -%> <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= reverse_url %> + ProxyPassReverse <%= reverse_url %> <%- end -%> <%- end -%> <%- if proxy['setenv'] -%> <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var %> + SetEnv <%= setenv_var %> <%- end -%> <%- end -%> <%- if proxy['options'] -%> @@ -47,7 +46,6 @@ <%= key %> <%= proxy['options'][key] %> <%- end -%> <%- end -%> - <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> @@ -57,36 +55,30 @@ <%- end -%> <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> <%- end %> - > <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['url'] %> + ProxyPassReverse <%= proxy['url'] %> <%- else -%> <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= reverse_url %> + ProxyPassReverse <%= reverse_url %> <%- end -%> <%- end -%> <%- if proxy['setenv'] -%> <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var %> + SetEnv <%= setenv_var %> <%- end -%> <%- end -%> - <% end -%> <% if @proxy_dest -%> <%- Array(@no_proxy_uris).each do |uri| -%> ProxyPass <%= uri %> ! <% end -%> - ProxyPass / <%= @proxy_dest %>/ - - ProxyPassReverse <%= @proxy_dest %>/ - + ProxyPass / <%= @proxy_dest %>/ + ProxyPassReverse / <%= @proxy_dest %>/ <% end -%> <% if @proxy_dest_match -%> <%- Array(@no_proxy_uris_match).each do |uri| -%> - ProxyPassMatch <%= uri %> ! + ProxyPassMatch <%= uri %> ! <% end -%> - ProxyPassMatch / <%= @proxy_dest_match %>/ - - ProxyPassReverse <%= @proxy_dest_reverse_match %>/ - + ProxyPassMatch / <%= @proxy_dest_match %>/ + ProxyPassReverse / <%= @proxy_dest_reverse_match %>/ <% end -%> From 4a8211097975c1680eb575963bd27406680e6f9d Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 14 Jan 2016 12:04:56 +0000 Subject: [PATCH 0800/2267] a path is needed for ProxyPassReverse --- spec/acceptance/vhost_spec.rb | 4 ++-- templates/vhost/_proxy.erb | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9d5306b282..d18495eab4 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1013,7 +1013,7 @@ class { 'apache': service_ensure => stopped, } describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } - it { is_expected.to contain 'ProxyPass / test2/' } + it { is_expected.to contain 'ProxyPass / test2/' } end end @@ -1076,8 +1076,8 @@ class { 'apache': service_ensure => stopped, } describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } - it { is_expected.to contain 'ProxyPass / http://test2/' } it { is_expected.to contain 'ProxyPass http://test2/test !' } + it { is_expected.to contain 'ProxyPass / http://test2/' } end end diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 1cc2720b78..4e36361ca1 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -30,10 +30,10 @@ <%- end -%> <%- end -%> <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['url'] %> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> <%- else -%> <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= reverse_url %> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> <%- end -%> <%- end -%> <%- if proxy['setenv'] -%> @@ -56,10 +56,10 @@ <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> <%- end %> <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['url'] %> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> <%- else -%> <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= reverse_url %> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> <%- end -%> <%- end -%> <%- if proxy['setenv'] -%> From 42bf228282fb540eb084d048f1d69748dc48f87d Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 14 Jan 2016 18:38:56 +0000 Subject: [PATCH 0801/2267] modify tests for debian 8 and add tests --- spec/acceptance/apache_parameters_spec.rb | 18 +++++- spec/acceptance/class_spec.rb | 12 +++- spec/acceptance/itk_spec.rb | 6 +- spec/acceptance/mod_dav_svn_spec.rb | 12 +++- spec/acceptance/mod_deflate_spec.rb | 6 +- spec/acceptance/mod_mime_spec.rb | 6 +- spec/acceptance/mod_negotiation_spec.rb | 18 +++++- spec/acceptance/mod_pagespeed_spec.rb | 6 +- spec/acceptance/mod_passenger_spec.rb | 11 +++- spec/acceptance/mod_php_spec.rb | 12 +++- spec/acceptance/mod_proxy_html_spec.rb | 6 +- spec/acceptance/mod_security_spec.rb | 24 ++++++-- spec/acceptance/mod_suphp_spec.rb | 6 +- spec/acceptance/nodesets/debian-82-x64.yml | 10 ++++ spec/acceptance/prefork_worker_spec.rb | 18 +++++- spec/acceptance/vhost_spec.rb | 68 ++++++++++++++++++---- 16 files changed, 200 insertions(+), 39 deletions(-) create mode 100644 spec/acceptance/nodesets/debian-82-x64.yml diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 00e486fb64..c44b2cfaec 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -55,7 +55,11 @@ class { 'apache': describe service($service_name) do it { is_expected.to be_running } - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end @@ -72,7 +76,11 @@ class { 'apache': describe service($service_name) do it { is_expected.not_to be_running } - it { is_expected.not_to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end @@ -90,7 +98,11 @@ class { 'apache': describe service($service_name) do it { is_expected.not_to be_running } - it { is_expected.not_to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 0e797b61d8..cd13985f69 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -18,7 +18,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -67,7 +71,11 @@ class { 'apache': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end end diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index cb0da28849..f0f14bddc5 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -59,6 +59,10 @@ class { 'apache': describe service(service_name) do it { is_expected.to be_running } - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index e4092d03a1..9abd12aed2 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -25,7 +25,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -46,7 +50,11 @@ class { 'apache::mod::dav_svn': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index c1ee4d3848..1b55e087a1 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -12,7 +12,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index ead76adc17..f8bc7c15c0 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -12,7 +12,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 142b412ade..56c29e3187 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -17,7 +17,11 @@ class { '::apache::mod::negotiation': } end describe service($service_name) do - it { should be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { should be_running } end end @@ -38,7 +42,11 @@ class { '::apache::mod::negotiation': end describe service($service_name) do - it { should be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { should be_running } end end @@ -59,7 +67,11 @@ class { '::apache::mod::negotiation': end describe service($service_name) do - it { should be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { should be_running } end end diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index ab50a54d0e..2434fbb4eb 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -48,7 +48,11 @@ class { 'apache::mod::pagespeed': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 88c8aff329..086c93eea7 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -97,7 +97,11 @@ class { 'apache::mod::passenger': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -150,7 +154,7 @@ class { 'apache::mod::passenger': } # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain # these two lines unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or - (fact('operatingsystem') == 'Debian' && fact('operatingsystemrelease') == '8.0')) + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) expect(r.stdout).to match(/### Processes: [0-9]+/) expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end @@ -167,7 +171,8 @@ class { 'apache::mod::passenger': } shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| # spacing may vary expect(r.stdout).to match(/[\-]+ General information [\-]+/) - if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' + if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or + fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index a5529851fb..11bcafcba5 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -23,7 +23,11 @@ class { 'apache::mod::php': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -66,7 +70,11 @@ class { 'apache::mod::php': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index 3e11586917..f87d825837 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -24,7 +24,11 @@ class { 'apache::mod::proxy_html': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end end diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 75f4175881..d6f2987df6 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -45,7 +45,11 @@ class { 'apache::mod::security': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -91,7 +95,11 @@ class { 'apache::mod::security': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -143,7 +151,11 @@ class { 'apache::mod::security': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -199,7 +211,11 @@ class { 'apache::mod::security': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index da2c6042e1..fb23b504d5 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -27,7 +27,11 @@ class { 'apache::mod::suphp': } end describe service('apache2') do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end diff --git a/spec/acceptance/nodesets/debian-82-x64.yml b/spec/acceptance/nodesets/debian-82-x64.yml new file mode 100644 index 0000000000..800c49aaa4 --- /dev/null +++ b/spec/acceptance/nodesets/debian-82-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + debian-82: + roles: + - master + platform: debian-8-amd64 + box: puppetlabs/debian-8.2-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: git diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 7ba13950d5..22eaaddeaa 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -21,7 +21,11 @@ class { 'apache': describe service($service_name) do it { is_expected.to be_running } - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end end @@ -44,7 +48,11 @@ class { 'apache': describe service($service_name) do it { is_expected.to be_running } - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end @@ -66,6 +74,10 @@ class { 'apache': describe service($service_name) do it { is_expected.to be_running } - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d18495eab4..b9b3a80acc 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -173,7 +173,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -213,7 +217,11 @@ class { 'apache': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -265,7 +273,11 @@ class { 'apache': end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -322,7 +334,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -380,7 +396,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -414,7 +434,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -488,7 +512,11 @@ class { 'apache': } end describe service($service_name) do - it { should be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { should be_running } end @@ -523,7 +551,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -564,7 +596,11 @@ class { 'apache': } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -610,7 +646,11 @@ class { 'apache': default_vhost => false, } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -651,7 +691,11 @@ class { 'apache': default_vhost => false, } end describe service($service_name) do - it { is_expected.to be_enabled } + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end it { is_expected.to be_running } end @@ -750,6 +794,8 @@ class { 'apache': } it { is_expected.not_to contain 'NameVirtualHost test.server' } elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/ it { is_expected.not_to contain 'NameVirtualHost test.server' } + elsif fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '8' + it { is_expected.not_to contain 'NameVirtualHost test.server' } else it { is_expected.to contain 'NameVirtualHost test.server' } end From 80fb727f1a524261dcbf3fbbf2f3d8af6209066f Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 14 Jan 2016 21:55:28 +0000 Subject: [PATCH 0802/2267] fixing apache_parameters_spec.rb --- spec/acceptance/apache_parameters_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index c44b2cfaec..923df6666c 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -58,7 +58,7 @@ class { 'apache': if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') pending 'Should be enabled - Bug 760616 on Debian 8' else - it { should be_enabled } + it { is_expected.to be_enabled } end end end @@ -79,7 +79,7 @@ class { 'apache': if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') pending 'Should be enabled - Bug 760616 on Debian 8' else - it { should be_enabled } + it { is_expected.not_to be_enabled } end end end @@ -101,7 +101,7 @@ class { 'apache': if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') pending 'Should be enabled - Bug 760616 on Debian 8' else - it { should be_enabled } + it { is_expected.not_to be_enabled } end end end From ee47dcbecdf93fa5e1b867495f3bbaf65bd3b84a Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 15 Jan 2016 15:15:42 +0000 Subject: [PATCH 0803/2267] install epel for RH in acceptance. clean itk test --- spec/acceptance/itk_spec.rb | 22 ++++++++-------------- spec/spec_helper_acceptance.rb | 6 ++++++ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index f0f14bddc5..5be43b1fed 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -10,12 +10,14 @@ variant = :prefork end when 'RedHat' - service_name = 'httpd' - majrelease = fact('operatingsystemmajrelease') - if ['5', '6'].include?(majrelease) - variant = :itk_only - else - variant = :prefork + unless fact('operatingsystemmajrelease') == '5' + service_name = 'httpd' + majrelease = fact('operatingsystemmajrelease') + if ['6'].include?(majrelease) + variant = :itk_only + else + variant = :prefork + end end when 'FreeBSD' service_name = 'apache24' @@ -24,14 +26,6 @@ end describe 'apache::mod::itk class', :if => service_name do - describe 'setting up epel(for itk) for redhat' do - if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6|7)/ - it 'adds epel' do - pp = "class { 'epel': }" - apply_manifest(pp, :catch_failures => true) - end - end - end describe 'running puppet code' do # Using puppet_apply as a helper it 'should work with no errors' do diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 6bfdefd714..cdaec445d8 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -43,6 +43,12 @@ if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel') on host, puppet('module','install','puppetlabs/inifile') + #we need epel installed, so we can get plugins, wsgi, mime ... + pp = <<-EOS + class { 'epel': } + EOS + + apply_manifest_on(host, pp, :catch_failures => true) end # Required for manifest to make mod_pagespeed repository available From 0f01b59c8ccb303b78ac1cd433d6144f844d6daf Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Fri, 15 Jan 2016 16:39:40 +0100 Subject: [PATCH 0804/2267] add paramter to set config file permissions --- README.md | 4 ++++ manifests/balancer.pp | 2 +- manifests/fastcgi/server.pp | 2 +- manifests/init.pp | 3 ++- manifests/mod.pp | 10 +++++----- manifests/mod/event.pp | 2 +- manifests/mod/itk.pp | 2 +- manifests/mod/peruser.pp | 2 +- manifests/mod/php.pp | 2 +- manifests/mod/prefork.pp | 2 +- manifests/mod/worker.pp | 2 +- manifests/params.pp | 3 +++ manifests/vhost.pp | 4 ++-- manifests/vhost/custom.pp | 2 +- spec/classes/apache_spec.rb | 10 ++++++++++ spec/defines/mod_spec.rb | 14 ++++++++++++++ 16 files changed, 49 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 38277a326f..707720a2b6 100644 --- a/README.md +++ b/README.md @@ -1160,6 +1160,10 @@ Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceE Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom built rpms. This can either be 'true' or 'false, defaults to 'true'. +##### `file_mode` + +The desired permissions mode for config files, in symbolic or numeric notation. This value must be a string. Defaults to '0644'. + ##### `vhost_dir` Changes your virtual host configuration files' location. Default: determined by your operating system. diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 765dae6290..9b7511a032 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -49,7 +49,7 @@ concat { $target: owner => '0', group => '0', - mode => '0644', + mode => $::apache::file_mode, notify => Class['Apache::Service'], } diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index afc7c8860f..ec89bf7785 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -15,7 +15,7 @@ path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, content => template('apache/fastcgi/server.erb'), require => Exec["mkdir ${::apache::confd_dir}"], before => File[$::apache::confd_dir], diff --git a/manifests/init.pp b/manifests/init.pp index bb50d0b2e9..9422d09d8b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -79,6 +79,7 @@ $use_optional_includes = $::apache::params::use_optional_includes, $use_systemd = $::apache::params::use_systemd, $mime_types_additional = $::apache::params::mime_types_additional, + $file_mode = $::apache::params::file_mode, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -241,7 +242,7 @@ concat { $ports_file: owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, notify => Class['Apache::Service'], require => Package['httpd'], } diff --git a/manifests/mod.pp b/manifests/mod.pp index abdbfcbed5..33b4de1ab3 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -81,7 +81,7 @@ path => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, content => template('apache/mod/load.erb'), require => [ Package['httpd'], @@ -99,7 +99,7 @@ target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File[$_loadfile_name], Exec["mkdir ${enable_dir}"], @@ -117,7 +117,7 @@ target => "${mod_dir}/${mod}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File["${mod}.conf"], Exec["mkdir ${enable_dir}"], @@ -134,7 +134,7 @@ target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File[$_loadfile_name], Exec["mkdir ${enable_dir}"], @@ -152,7 +152,7 @@ target => "${mod_dir}/${mod}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File["${mod}.conf"], Exec["mkdir ${enable_dir}"], diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 389120cb79..0ca201e560 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -27,7 +27,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 6f07966755..dd8a9e3a2d 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -35,7 +35,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index b6a8015f94..4eb5669d8c 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -35,7 +35,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } $mod_dir = $::apache::mod_dir diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 1d1274f3b4..3d45f87a8a 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -50,7 +50,7 @@ path => "${::apache::mod_dir}/php5.conf", owner => 'root', group => $root_group, - mode => '0644', + mode => $::apache::file_mode, content => $manage_content, source => $source, require => [ diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 91567de114..85d8b84d4c 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -24,7 +24,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 2e6a6421b2..9e417e0c41 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -79,7 +79,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/manifests/params.pp b/manifests/params.pp index 28692001c0..4120d074c7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -45,6 +45,9 @@ # should we use systemd module? $use_systemd = true + # Default mode for files + $file_mode = '0644' + $vhost_include_pattern = '*' if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { diff --git a/manifests/vhost.pp b/manifests/vhost.pp index df271a98f3..8b5422e5ae 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -504,7 +504,7 @@ path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, order => 'numeric', require => Package['httpd'], notify => Class['apache::service'], @@ -523,7 +523,7 @@ target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => Concat["${priority_real}${filename}.conf"], notify => Class['apache::service'], } diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp index d85e4d091b..12567f5dbd 100644 --- a/manifests/vhost/custom.pp +++ b/manifests/vhost/custom.pp @@ -30,7 +30,7 @@ target => "${::apache::vhost_dir}/${priority}-${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => Apache::Custom_config[$filename], } } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a766764527..45f8a690c6 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -835,6 +835,16 @@ ) } end + context 'with a custom file_mode parameter' do + let :params do { + :file_mode => '0640' + } + end + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( + 'mode' => '0640', + ) + } + end context 'default vhost defaults' do it { is_expected.to contain_apache__vhost('default').with_ensure('present') } it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index e4e9845290..1697190a32 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -34,6 +34,20 @@ end end + describe "with file_mode set" do + let :pre_condition do + "class {'::apache': file_mode => '0640'}" + end + let :title do + 'spec_m' + end + it "should manage the module load file" do + is_expected.to contain_file('spec_m.load').with({ + :mode => '0640', + } ) + end + end + describe "with shibboleth module and package param passed" do # name/title for the apache::mod define let :title do From 7b17dad57ee5cc2aec51d553950cc093eefcaf06 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Mon, 18 Jan 2016 15:42:07 +0100 Subject: [PATCH 0805/2267] fix vhosts listen to wildcard ip --- lib/puppet/parser/functions/enclose_ipv6.rb | 18 +++++----- spec/defines/vhost_spec.rb | 33 +++++++++++++++++++ .../parser/functions/enclose_ipv6_spec.rb | 8 +++-- 3 files changed, 49 insertions(+), 10 deletions(-) diff --git a/lib/puppet/parser/functions/enclose_ipv6.rb b/lib/puppet/parser/functions/enclose_ipv6.rb index 968bd723ed..80ffc3acae 100644 --- a/lib/puppet/parser/functions/enclose_ipv6.rb +++ b/lib/puppet/parser/functions/enclose_ipv6.rb @@ -28,16 +28,18 @@ module Puppet::Parser::Functions result = [] input.each do |val| - begin - ip = IPAddr.new(val) - rescue *rescuable_exceptions - raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ - "given #{val} is not an ip address.") + unless val == '*' + begin + ip = IPAddr.new(val) + rescue *rescuable_exceptions + raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ + "given #{val} is not an ip address.") + end + val = "[#{ip.to_s}]" if ip.ipv6? end - val = "[#{ip.to_s}]" if ip.ipv6? - result = [result,val] + result << val end - return result.flatten.compact + return result.uniq end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 40d93a0eea..9a3027604f 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -567,6 +567,39 @@ it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } end + context 'vhost with wildcard ip address' do + let :params do + { + 'port' => '80', + 'ip' => '*', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen *:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost *:80') } + end + context 'set only aliases' do let :params do { diff --git a/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb b/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb index 508f62aea4..b162127d06 100644 --- a/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb +++ b/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb @@ -28,6 +28,10 @@ expect { scope.function_enclose_ipv6(['127.0.0.1']) }.to_not raise_error end + it "should not raise a ParseError when given * as ip string" do + expect { scope.function_enclose_ipv6(['*']) }.to_not raise_error + end + it "should not raise a ParseError when given an array of ip strings" do expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1']]) }.to_not raise_error end @@ -49,8 +53,8 @@ end it "should embrace ipv6 adresses within an array of ip addresses" do - result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::1]']]) - expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::1]'])) + result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::2]']]) + expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::2]'])) end it "should embrace a single ipv6 adresse" do From dbfc3844541b745cef87251a32db94ab6178bd1a Mon Sep 17 00:00:00 2001 From: Daniel Klockenkaemper Date: Tue, 19 Jan 2016 11:24:11 +0100 Subject: [PATCH 0806/2267] update module handling for gentoo when used apache 2.4 add module authnz_external as external package in gentoo --- manifests/init.pp | 19 +++++++++++++++++-- manifests/params.pp | 27 ++++++++++++++------------- 2 files changed, 31 insertions(+), 15 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index bb50d0b2e9..8eb156fdf4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -273,9 +273,24 @@ $scriptalias = '/var/www/localhost/cgi-bin' $access_log_file = 'access.log' - ::portage::makeconf { 'apache2_modules': - content => $default_mods, + if is_array($default_mods) { + if versioncmp($apache_version, '2.4') >= 0 { + if defined('apache::mod::ssl') { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), + } + } else { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, 'authz_core'), + } + } + } else { + ::portage::makeconf { 'apache2_modules': + content => $default_mods, + } + } } + file { [ '/etc/apache2/modules.d/.keep_www-servers_apache-2', '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' diff --git a/manifests/params.pp b/manifests/params.pp index 28692001c0..ffe36bcc7e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -442,19 +442,20 @@ $suphp_configpath = '/etc/php5/apache2' $mod_packages = { # NOTE: I list here only modules that are not included in www-servers/apache - 'auth_kerb' => 'www-apache/mod_auth_kerb', - 'fcgid' => 'www-apache/mod_fcgid', - 'passenger' => 'www-apache/passenger', - 'perl' => 'www-apache/mod_perl', - 'php5' => 'dev-lang/php', - 'proxy_html' => 'www-apache/mod_proxy_html', - 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', - 'python' => 'www-apache/mod_python', - 'wsgi' => 'www-apache/mod_wsgi', - 'dav_svn' => 'dev-vcs/subversion', - 'xsendfile' => 'www-apache/mod_xsendfile', - 'rpaf' => 'www-apache/mod_rpaf', - 'xml2enc' => 'www-apache/mod_xml2enc', + 'auth_kerb' => 'www-apache/mod_auth_kerb', + 'authnz_external' => 'www-apache/mod_authnz_external', + 'fcgid' => 'www-apache/mod_fcgid', + 'passenger' => 'www-apache/passenger', + 'perl' => 'www-apache/mod_perl', + 'php5' => 'dev-lang/php', + 'proxy_html' => 'www-apache/mod_proxy_html', + 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', + 'python' => 'www-apache/mod_python', + 'wsgi' => 'www-apache/mod_wsgi', + 'dav_svn' => 'dev-vcs/subversion', + 'xsendfile' => 'www-apache/mod_xsendfile', + 'rpaf' => 'www-apache/mod_rpaf', + 'xml2enc' => 'www-apache/mod_xml2enc', } $mod_libs = { 'php5' => 'libphp5.so', From 6d4fcd8160d315a02a4e1fe441e550710f9b7e40 Mon Sep 17 00:00:00 2001 From: tphoney Date: Mon, 18 Jan 2016 22:02:01 +0000 Subject: [PATCH 0807/2267] work around pup_5016, debian8 2015.2 service fault --- spec/acceptance/class_spec.rb | 73 ++++++++++++-------------- spec/acceptance/default_mods_spec.rb | 29 ++++------ spec/acceptance/itk_spec.rb | 38 +++++++------- spec/acceptance/prefork_worker_spec.rb | 21 ++++---- spec/acceptance/service_spec.rb | 21 ++++---- spec/spec_helper_acceptance.rb | 16 ++++++ 6 files changed, 99 insertions(+), 99 deletions(-) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index cd13985f69..aff79eb082 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -3,15 +3,13 @@ describe 'apache class' do context 'default parameters' do - it 'should work with no errors' do - pp = <<-EOS - class { 'apache': } + let(:pp) do + <<-EOS + class { 'apache': } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe package($package_name) do it { is_expected.to be_installed } @@ -33,43 +31,42 @@ class { 'apache': } context 'custom site/mod dir parameters' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS - if $::osfamily == 'RedHat' and "$::selinux" == "true" { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } + let(:pp) do + <<-EOS + if $::osfamily == 'RedHat' and "$::selinux" == "true" { + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + default => 'policycoreutils-python', + } - package { $semanage_package: ensure => installed } - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - subscribe => Package[$semanage_package], - refreshonly => true, + package { $semanage_package: ensure => installed } + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + subscribe => Package[$semanage_package], + refreshonly => true, + } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + subscribe => Exec['set_apache_defaults'], + refreshonly => true, + } } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], - subscribe => Exec['set_apache_defaults'], - refreshonly => true, + file { '/apache_spec': ensure => directory, } + file { '/apache_spec/apache_custom': ensure => directory, } + class { 'apache': + mod_dir => '/apache_spec/apache_custom/mods', + vhost_dir => '/apache_spec/apache_custom/vhosts', } - } - file { '/apache_spec': ensure => directory, } - file { '/apache_spec/apache_custom': ensure => directory, } - class { 'apache': - mod_dir => '/apache_spec/apache_custom/mods', - vhost_dir => '/apache_spec/apache_custom/vhosts', - } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" + describe service($service_name) do if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') pending 'Should be enabled - Bug 760616 on Debian 8' diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 8cfc531b1d..3f28526966 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -4,18 +4,16 @@ describe 'apache::default_mods class' do describe 'no default mods' do # Using puppet_apply as a helper - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => false, } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } end @@ -54,8 +52,8 @@ class { 'apache': describe 'alternative default mods' do # Using puppet_apply as a helper - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => [ 'info', @@ -74,11 +72,8 @@ class { 'apache': setenv => 'TEST1 one', } EOS - - apply_manifest(pp, :catch_failures => true) - shell('sleep 10') - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } @@ -86,18 +81,16 @@ class { 'apache': end describe 'change loadfile name' do - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => false } ::apache::mod { 'auth_basic': loadfile_name => 'zz_auth_basic.load', } EOS - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } end diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index 5be43b1fed..059589a3f0 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -28,27 +28,25 @@ describe 'apache::mod::itk class', :if => service_name do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = case variant - when :prefork - <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::itk': } - EOS - when :itk_only - <<-EOS - class { 'apache': - mpm_module => 'itk', - } - EOS - end - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) + let(:pp) do + case variant + when :prefork + <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::itk': } + EOS + when :itk_only + <<-EOS + class { 'apache': + mpm_module => 'itk', + } + EOS + end end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service(service_name) do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 22eaaddeaa..6687161440 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -33,17 +33,16 @@ class { 'apache': describe 'apache::mod::worker class' do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': mpm_module => 'worker', } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service($service_name) do @@ -59,17 +58,15 @@ class { 'apache': describe 'apache::mod::prefork class' do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': mpm_module => 'prefork', } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service($service_name) do diff --git a/spec/acceptance/service_spec.rb b/spec/acceptance/service_spec.rb index c3124c8461..c62a34973a 100644 --- a/spec/acceptance/service_spec.rb +++ b/spec/acceptance/service_spec.rb @@ -2,18 +2,17 @@ describe 'apache::service class' do describe 'adding dependencies in between the base class and service class' do - it 'should work with no errors' do - pp = <<-EOS - class { 'apache': } - file { '/tmp/test': - require => Class['apache'], - notify => Class['apache::service'], - } + let(:pp) do + <<-EOS + class { 'apache': } + file { '/tmp/test': + require => Class['apache'], + notify => Class['apache::service'], + } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index cdaec445d8..307f7b7106 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -16,6 +16,12 @@ # Readable test descriptions c.formatter = :documentation + # detect the situation where PUP-5016 is triggered and skip the idempotency tests in that case + # also note how fact('puppetversion') is not available because of PUP-4359 + if fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '8' && shell('puppet --version').stdout =~ /^4\.2/ + c.filter_run_excluding :skip_pup_5016 => true + end + # Configure all nodes in nodeset c.before :suite do # net-tools required for netstat utility being used by be_listening @@ -62,3 +68,13 @@ class { 'epel': } end end end + +shared_examples "a idempotent resource" do + it 'should apply with no errors' do + apply_manifest(pp, :catch_failures => true) + end + + it 'should apply a second time without changes', :skip_pup_5016 do + apply_manifest(pp, :catch_changes => true) + end +end From fc3bea1dace807b786c437edcd5311c8d3a3a19a Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Wed, 20 Jan 2016 10:49:32 +0100 Subject: [PATCH 0808/2267] add file_mode to mod manifests --- manifests/mod/alias.pp | 1 + manifests/mod/auth_cas.pp | 1 + manifests/mod/auth_mellon.pp | 1 + manifests/mod/authnz_ldap.pp | 1 + manifests/mod/autoindex.pp | 1 + manifests/mod/cgid.pp | 1 + manifests/mod/dav_fs.pp | 1 + manifests/mod/deflate.pp | 1 + manifests/mod/dir.pp | 1 + manifests/mod/disk_cache.pp | 1 + manifests/mod/event.pp | 1 + manifests/mod/expires.pp | 1 + manifests/mod/ext_filter.pp | 1 + manifests/mod/fastcgi.pp | 1 + manifests/mod/fcgid.pp | 1 + manifests/mod/geoip.pp | 1 + manifests/mod/info.pp | 1 + manifests/mod/itk.pp | 1 + manifests/mod/ldap.pp | 1 + manifests/mod/mime.pp | 1 + manifests/mod/mime_magic.pp | 1 + manifests/mod/negotiation.pp | 1 + manifests/mod/nss.pp | 1 + manifests/mod/pagespeed.pp | 1 + manifests/mod/peruser.pp | 1 + manifests/mod/proxy.pp | 1 + manifests/mod/proxy_html.pp | 1 + manifests/mod/remoteip.pp | 1 + manifests/mod/rpaf.pp | 1 + manifests/mod/security.pp | 1 + manifests/mod/setenvif.pp | 1 + manifests/mod/ssl.pp | 1 + manifests/mod/status.pp | 3 ++- manifests/mod/suphp.pp | 1 + manifests/mod/userdir.pp | 1 + manifests/mod/wsgi.pp | 1 + 36 files changed, 37 insertions(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 5b59baa01d..eac21ba661 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -11,6 +11,7 @@ file { 'alias.conf': ensure => file, path => "${::apache::mod_dir}/alias.conf", + mode => $::apache::file_mode, content => template('apache/mod/alias.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index 5b13af66a2..0d1b9111ab 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -39,6 +39,7 @@ file { 'auth_cas.conf': ensure => file, path => "${::apache::mod_dir}/auth_cas.conf", + mode => $::apache::file_mode, content => template('apache/mod/auth_cas.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/manifests/mod/auth_mellon.pp b/manifests/mod/auth_mellon.pp index 79f6ffebb2..129441bf41 100644 --- a/manifests/mod/auth_mellon.pp +++ b/manifests/mod/auth_mellon.pp @@ -15,6 +15,7 @@ file { 'auth_mellon.conf': ensure => file, path => "${::apache::mod_dir}/auth_mellon.conf", + mode => $::apache::file_mode, content => template('apache/mod/auth_mellon.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index b75369ffcd..70d0a63630 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -11,6 +11,7 @@ file { 'authnz_ldap.conf': ensure => file, path => "${::apache::mod_dir}/authnz_ldap.conf", + mode => $::apache::file_mode, content => template('apache/mod/authnz_ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp index c0969a814e..c8cd0658d8 100644 --- a/manifests/mod/autoindex.pp +++ b/manifests/mod/autoindex.pp @@ -4,6 +4,7 @@ file { 'autoindex.conf': ensure => file, path => "${::apache::mod_dir}/autoindex.conf", + mode => $::apache::file_mode, content => template('apache/mod/autoindex.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 4094c3281a..891cdd75b4 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -23,6 +23,7 @@ file { 'cgid.conf': ensure => file, path => "${::apache::mod_dir}/cgid.conf", + mode => $::apache::file_mode, content => template('apache/mod/cgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index af037e32d0..f652d4c216 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -12,6 +12,7 @@ file { 'dav_fs.conf': ensure => file, path => "${::apache::mod_dir}/dav_fs.conf", + mode => $::apache::file_mode, content => template('apache/mod/dav_fs.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 0748a54e57..e63eeca47d 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -17,6 +17,7 @@ file { 'deflate.conf': ensure => file, path => "${::apache::mod_dir}/deflate.conf", + mode => $::apache::file_mode, content => template('apache/mod/deflate.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index 6243a1bb7d..bce05e0a44 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -13,6 +13,7 @@ file { 'dir.conf': ensure => file, path => "${::apache::mod_dir}/dir.conf", + mode => $::apache::file_mode, content => template('apache/mod/dir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 2f0a476fa4..051d69894c 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -32,6 +32,7 @@ file { 'disk_cache.conf': ensure => file, path => "${::apache::mod_dir}/disk_cache.conf", + mode => $::apache::file_mode, content => template('apache/mod/disk_cache.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 0ca201e560..6c70589a35 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -40,6 +40,7 @@ # - $serverlimit file { "${::apache::mod_dir}/event.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/event.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp index 10542916aa..1531fc54d9 100644 --- a/manifests/mod/expires.pp +++ b/manifests/mod/expires.pp @@ -12,6 +12,7 @@ file { 'expires.conf': ensure => file, path => "${::apache::mod_dir}/expires.conf", + mode => $::apache::file_mode, content => template('apache/mod/expires.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp index b78abb6071..244c2b1da1 100644 --- a/manifests/mod/ext_filter.pp +++ b/manifests/mod/ext_filter.pp @@ -15,6 +15,7 @@ file { 'ext_filter.conf': ensure => file, path => "${::apache::mod_dir}/ext_filter.conf", + mode => $::apache::file_mode, content => template('apache/mod/ext_filter.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index 1f7e5df4fb..c4da5b1e63 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -14,6 +14,7 @@ file { 'fastcgi.conf': ensure => file, path => "${::apache::mod_dir}/fastcgi.conf", + mode => $::apache::file_mode, content => template('apache/mod/fastcgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 9786670338..4c0f919388 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -11,6 +11,7 @@ file { 'unixd_fcgid.conf': ensure => file, path => "${::apache::mod_dir}/unixd_fcgid.conf", + mode => $::apache::file_mode, content => template('apache/mod/unixd_fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp index 1f8fb08eeb..2ff5d21918 100644 --- a/manifests/mod/geoip.pp +++ b/manifests/mod/geoip.pp @@ -22,6 +22,7 @@ file { 'geoip.conf': ensure => file, path => "${::apache::mod_dir}/geoip.conf", + mode => $::apache::file_mode, content => template('apache/mod/geoip.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index f0d03eb0f6..bed35af3a1 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -10,6 +10,7 @@ file { 'info.conf': ensure => file, path => "${::apache::mod_dir}/info.conf", + mode => $::apache::file_mode, content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index dd8a9e3a2d..2d5bf04c1c 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -47,6 +47,7 @@ # - $maxrequestsperchild file { "${::apache::mod_dir}/itk.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/itk.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index d084186717..95219bd41d 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -11,6 +11,7 @@ file { 'ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", + mode => $::apache::file_mode, content => template('apache/mod/ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index ace7663df1..0665eb639c 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -8,6 +8,7 @@ file { 'mime.conf': ensure => file, path => "${::apache::mod_dir}/mime.conf", + mode => $::apache::file_mode, content => template('apache/mod/mime.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index c057b01f50..722b0df402 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -6,6 +6,7 @@ file { 'mime_magic.conf': ensure => file, path => "${::apache::mod_dir}/mime_magic.conf", + mode => $::apache::file_mode, content => template('apache/mod/mime_magic.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index 02a3a0e64d..b9aec3673f 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -16,6 +16,7 @@ # Template uses no variables file { 'negotiation.conf': ensure => file, + mode => $::apache::file_mode, path => "${::apache::mod_dir}/negotiation.conf", content => template('apache/mod/negotiation.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index d275cc493e..16c285e939 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -18,6 +18,7 @@ file { 'nss.conf': ensure => file, path => "${::apache::mod_dir}/nss.conf", + mode => $::apache::file_mode, content => template('apache/mod/nss.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index 588849c472..e787d88ef5 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -47,6 +47,7 @@ file { 'pagespeed.conf': ensure => file, path => "${::apache::mod_dir}/pagespeed.conf", + mode => $::apache::file_mode, content => template('apache/mod/pagespeed.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 4eb5669d8c..e875a5afcc 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -52,6 +52,7 @@ # - $mod_dir file { "${::apache::mod_dir}/peruser.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/peruser.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 8c685d55b5..73b054ab36 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -8,6 +8,7 @@ file { 'proxy.conf': ensure => file, path => "${::apache::mod_dir}/proxy.conf", + mode => $::apache::file_mode, content => template('apache/mod/proxy.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 8b910c2510..24f332334a 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -29,6 +29,7 @@ file { 'proxy_html.conf': ensure => file, path => "${::apache::mod_dir}/proxy_html.conf", + mode => $::apache::file_mode, content => template('apache/mod/proxy_html.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp index 564390e94d..abceb08c7d 100644 --- a/manifests/mod/remoteip.pp +++ b/manifests/mod/remoteip.pp @@ -19,6 +19,7 @@ file { 'remoteip.conf': ensure => file, path => "${::apache::mod_dir}/remoteip.conf", + mode => $::apache::file_mode, content => template('apache/mod/remoteip.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index 12b86eb8bd..f21c43ebda 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -12,6 +12,7 @@ file { 'rpaf.conf': ensure => file, path => "${::apache::mod_dir}/rpaf.conf", + mode => $::apache::file_mode, content => template('apache/mod/rpaf.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 4571e2fd29..de8210118b 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -35,6 +35,7 @@ file { 'security.conf': ensure => file, content => template('apache/mod/security.conf.erb'), + mode => $::apache::file_mode, path => "${::apache::mod_dir}/security.conf", owner => $::apache::params::user, group => $::apache::params::group, diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp index c73102dfbe..63d3e321b4 100644 --- a/manifests/mod/setenvif.pp +++ b/manifests/mod/setenvif.pp @@ -4,6 +4,7 @@ file { 'setenvif.conf': ensure => file, path => "${::apache::mod_dir}/setenvif.conf", + mode => $::apache::file_mode, content => template('apache/mod/setenvif.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index a653badeda..dcc31ce8f3 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -73,6 +73,7 @@ file { 'ssl.conf': ensure => file, path => "${::apache::mod_dir}/ssl.conf", + mode => $::apache::file_mode, content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 4c3f8d9e25..d11a464d79 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -11,7 +11,7 @@ # values are 'On' or 'Off'. Defaults to 'On'. # - $status_path is the path assigned to the Location directive which # defines the URL to access the server status. Defaults to '/server-status'. -# +# # Actions: # - Enable and configure Apache mod_status # @@ -38,6 +38,7 @@ file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", + mode => $::apache::file_mode, content => template('apache/mod/status.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index c50beea06c..5d426d7948 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -5,6 +5,7 @@ file {'suphp.conf': ensure => file, path => "${::apache::mod_dir}/suphp.conf", + mode => $::apache::file_mode, content => template('apache/mod/suphp.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 4b3d0b8e80..516bb11654 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -11,6 +11,7 @@ file { 'userdir.conf': ensure => file, path => "${::apache::mod_dir}/userdir.conf", + mode => $::apache::file_mode, content => template('apache/mod/userdir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index bff5b46b7c..d1b8214753 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -32,6 +32,7 @@ file {'wsgi.conf': ensure => file, path => "${::apache::mod_dir}/wsgi.conf", + mode => $::apache::file_mode, content => template('apache/mod/wsgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], From 2c54785de4f76ed431eaa2d1060458408f62f6b3 Mon Sep 17 00:00:00 2001 From: slava Date: Wed, 20 Jan 2016 16:09:05 +0300 Subject: [PATCH 0809/2267] Specify owning permissions for logroot directory The main goal of this patch is to prevent inheritance of owning permissions for File resource. For example, if we define somewhere in high level manifest 'owner' and 'group' values, it will be passed to apache module and wrong owning permissions will be set. It's critical for 'logroot' folder as we have '0750' permissions for this folder in apache package by default. --- README.md | 8 ++++++++ manifests/vhost.pp | 4 ++++ spec/defines/vhost_spec.rb | 2 ++ 3 files changed, 14 insertions(+) diff --git a/README.md b/README.md index 707720a2b6..488421a368 100644 --- a/README.md +++ b/README.md @@ -2137,6 +2137,14 @@ Determines whether or not to remove the logroot directory for a virtual host. Va Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. +##### `logroot_owner` + +Sets individual user access to the logroot directory. Defaults to 'undef'. + +##### `logroot_group` + +Sets group access to the [`logroot`][] directory. Defaults to 'undef'. + ##### `log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8b5422e5ae..2201e72cd3 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -43,6 +43,8 @@ $logroot = $::apache::logroot, $logroot_ensure = 'directory', $logroot_mode = undef, + $logroot_owner = undef, + $logroot_group = undef, $log_level = undef, $access_log = true, $access_log_file = false, @@ -307,6 +309,8 @@ if ! defined(File[$logroot]) { file { $logroot: ensure => $logroot_ensure, + owner => $logroot_owner, + group => $logroot_group, mode => $logroot_mode, require => Package['httpd'], before => Concat["${priority_real}${filename}.conf"], diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9a3027604f..12653e9b1d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -170,6 +170,8 @@ 'logroot' => '/var/www/logs', 'logroot_ensure' => 'directory', 'logroot_mode' => '0600', + 'logroot_owner' => 'root', + 'logroot_group' => 'root', 'log_level' => 'crit', 'access_log' => false, 'access_log_file' => 'httpd_access_log', From ce48f577e38baed14d348c6a6ed71a6cd54398ea Mon Sep 17 00:00:00 2001 From: Jonathan Tripathy Date: Fri, 22 Jan 2016 16:13:35 +0000 Subject: [PATCH 0810/2267] Release Prep 1.8.0 --- CHANGELOG.md | 42 ++++++++++++++++++++++++++++++++++++------ metadata.json | 5 +++-- 2 files changed, 39 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db27b34baa..e787047623 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,43 @@ -## UNRELEASED +## 2016-01-26 - Supported Release 1.8.0 ### Summary +This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. -TODO - -### +#### Features +- Debian 8 Support. +- Added the 'file_mode' property to allow a custom permission setting for config files. +- Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger. +- MODULES-2956: Enable options within location block on proxy_match. +- Support itk on redhat. +- Support the mod_ssl SSLProxyVerify directive. +- Support ProxPassReverseCookieDomain directive (mod_proxy). +- Support proxy provider for vhost directories. +- Added new 'apache::vhost::custom' resource. -#### Security +#### Bugfixes +- Fixed ProxyPassReverse configuration. +- Fixed error in Amazon operatingsystem detection. +- Fixed mod_security catalog ordering issues for RedHat 7. +- Fixed paths and packages for the shib2 apache module on Debian pre Jessie. +- Fixed EL7 directory path for apache modules. +- Fixed validation error when empty array is passed for the rewrites parameter. +- Idempotency fixes with regards to '::apache::mod_enable_dir'. +- ITK fixes. +- (MODULES-2865) fix $mpm_module logic for 'false'. +- Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives. +- Enable setting LimitRequestFieldSize globally, and remove it from vhost. -* apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. +#### Improvements +- apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. +- Improved compatibility for Gentoo. +- Vhosts can now be supplied with a wildcard listen value. +- Numerous test improvements. +- Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache. +- Documentation updates. +- Ensureed order of ProxyPass and ProxyPassMatch parameters. +- Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest. +- Put headers and request headers before proxy with regards to template generation. +- Added X-Forwarded-For into log_formats defaults. +- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration. ## Supported Release 1.7.1 ###Summary diff --git a/metadata.json b/metadata.json index 85e6889497..af2b56b3ba 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.7.1", + "version": "1.8.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -47,7 +47,8 @@ "operatingsystem": "Debian", "operatingsystemrelease": [ "6", - "7" + "7", + "8" ] }, { From 5532bd08e9d71f56c65701c8134a726db48751a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Barbeira?= Date: Wed, 27 Jan 2016 09:23:32 +0100 Subject: [PATCH 0811/2267] Remove white space. --- manifests/mod/status.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 4c3f8d9e25..3dc0695e9d 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -11,7 +11,7 @@ # values are 'On' or 'Off'. Defaults to 'On'. # - $status_path is the path assigned to the Location directive which # defines the URL to access the server status. Defaults to '/server-status'. -# +# # Actions: # - Enable and configure Apache mod_status # From c748b4502da5534e0ffafd24e5b688e2c1585cd8 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Mon, 25 Jan 2016 14:12:10 +0000 Subject: [PATCH 0812/2267] (FM-4049) Update to current msync configs [2c99161] --- .gitignore | 1 + .rspec | 2 ++ .travis.yml | 15 +++++++------ CONTRIBUTING.md | 6 ++--- Gemfile | 22 +++++++++---------- Rakefile | 3 ++- spec/acceptance/nodesets/centos-59-x64.yml | 10 +++++++++ spec/acceptance/nodesets/centos-64-x64-pe.yml | 12 ++++++++++ spec/acceptance/nodesets/centos-65-x64.yml | 10 +++++++++ 9 files changed, 59 insertions(+), 22 deletions(-) create mode 100644 .rspec create mode 100644 spec/acceptance/nodesets/centos-59-x64.yml create mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml create mode 100644 spec/acceptance/nodesets/centos-65-x64.yml diff --git a/.gitignore b/.gitignore index b5db85e051..3190277498 100644 --- a/.gitignore +++ b/.gitignore @@ -5,5 +5,6 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +log/ .idea/ *.iml diff --git a/.rspec b/.rspec new file mode 100644 index 0000000000..16f9cdb013 --- /dev/null +++ b/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/.travis.yml b/.travis.yml index c418ab5f2a..e6314a4700 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,18 +1,19 @@ --- sudo: false language: ruby +cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.6 env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" notifications: email: false diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f1cbde4bbf..bfeaa701ca 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -159,7 +159,7 @@ If you already have those gems installed, make sure they are up-to-date: With all dependencies in place and up-to-date we can now run the tests: ```shell -% rake spec +% bundle exec rake spec ``` This will execute all the [rspec tests](http://rspec-puppet.com/) tests @@ -178,8 +178,8 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec_clean -% rspec spec/acceptance +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), diff --git a/Gemfile b/Gemfile index bfe64b186a..ced190e770 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, fake_version = nil) - if place =~ /^(git:[^#]*)#(.*)/ + if place =~ /^(git[:@][^#]*)#(.*)/ [fake_version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ ['>= 0', { :path => File.expand_path($1), :require => false }] @@ -11,14 +11,16 @@ def location_for(place, fake_version = nil) end group :development, :unit_tests do - gem 'rspec-core', '3.1.7', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'simplecov', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false + gem 'json', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false end - group :system_tests do + gem 'beaker-puppet_install_helper', :require => false if beaker_version = ENV['BEAKER_VERSION'] gem 'beaker', *location_for(beaker_version) end @@ -27,12 +29,10 @@ group :system_tests do else gem 'beaker-rspec', :require => false end - gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false + gem 'master_manipulator', :require => false + gem 'serverspec', :require => false end - - if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else diff --git a/Rakefile b/Rakefile index 416807dadc..636508b00e 100644 --- a/Rakefile +++ b/Rakefile @@ -1,5 +1,6 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 0000000000..2ad90b86aa --- /dev/null +++ b/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml new file mode 100644 index 0000000000..7d9242f1b9 --- /dev/null +++ b/spec/acceptance/nodesets/centos-64-x64-pe.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-64-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: pe diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml new file mode 100644 index 0000000000..4e2cb809e8 --- /dev/null +++ b/spec/acceptance/nodesets/centos-65-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-65-x64: + roles: + - master + platform: el-6-x86_64 + box : centos-65-x64-vbox436-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + type: foss From ecc290983dee972535020079587f99a0025e5237 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Thu, 28 Jan 2016 08:46:57 +0000 Subject: [PATCH 0813/2267] Preserve /etc/httpd/conf.d/passenger.conf on EL7 mod_passenger provides a passenger.conf containing PassengerRoot to ensure the service starts up correctly. On EL7, this is installed at /etc/httpd/conf.d/passenger.conf and has been protected from purging since 005bf61. The change in 2a608592 to move LoadModule config files to /etc/httpd/conf.modules.d/ on EL7 also affected the path of the protected passenger.conf. This change reverts the path change to match the packages. In summary, prior to 2a608592 (release 1.7.0): - /etc/httpd/conf.d/passenger.conf with PassengerRoot (packaged) - /etc/httpd/conf.d/passenger_extra.conf with apache::mod::passenger settings - /etc/httpd/conf.d/zpassenger.load with LoadModule In 2a608592 (release 1.8.0): - /etc/httpd/conf.modules.d/passenger_extra.conf with apache::mod::passenger settings - /etc/httpd/conf.modules.d/zpassenger.load with LoadModule - /etc/httpd/conf.d/passenger.conf is purged With this commit: - /etc/httpd/conf.modules.d/passenger_extra.conf with apache::mod::passenger settings - /etc/httpd/conf.modules.d/zpassenger.load with LoadModule - /etc/httpd/conf.d/passenger.conf with PassengerRoot (packaged) --- manifests/mod/passenger.pp | 2 +- spec/classes/mod/passenger_spec.rb | 63 ++++++++++++++++++------------ 2 files changed, 40 insertions(+), 25 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 8d3622d304..fa67f01cb9 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -35,7 +35,7 @@ # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': - path => "${::apache::mod_dir}/${passenger_conf_package_file}", + path => "${::apache::confd_dir}/${passenger_conf_package_file}", } } diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 1cae95c456..d7e9ce9ed0 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -237,10 +237,9 @@ end context "on a RedHat OS" do - let :facts do + let :rh_facts do { :osfamily => 'RedHat', - :operatingsystemrelease => '6', :concat_basedir => '/dne', :operatingsystem => 'RedHat', :id => 'root', @@ -249,30 +248,46 @@ :is_pe => false, } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package("mod_passenger") } - it { is_expected.to contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } - it { is_expected.to contain_file('passenger_package.conf').without_content } - it { is_expected.to contain_file('passenger_package.conf').without_source } - it { is_expected.to contain_file('zpassenger.load').with({ - 'path' => '/etc/httpd/conf.d/zpassenger.load', - }) } - it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } - describe "with passenger_root => '/usr/lib/example'" do - let :params do - { :passenger_root => '/usr/lib/example' } + + context "on EL6" do + let(:facts) { rh_facts.merge(:operatingsystemrelease => '6') } + + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("mod_passenger") } + it { is_expected.to contain_file('passenger_package.conf').with({ + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } + it { is_expected.to contain_file('passenger_package.conf').without_content } + it { is_expected.to contain_file('passenger_package.conf').without_source } + it { is_expected.to contain_file('zpassenger.load').with({ + 'path' => '/etc/httpd/conf.d/zpassenger.load', + }) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + describe "with passenger_root => '/usr/lib/example'" do + let :params do + { :passenger_root => '/usr/lib/example' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } - end - describe "with passenger_ruby => /usr/lib/example/ruby" do - let :params do - { :passenger_ruby => '/usr/lib/example/ruby' } + describe "with passenger_ruby => /usr/lib/example/ruby" do + let :params do + { :passenger_ruby => '/usr/lib/example/ruby' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } + end + + context "on EL7" do + let(:facts) { rh_facts.merge(:operatingsystemrelease => '7') } + + it { is_expected.to contain_file('passenger_package.conf').with({ + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } + it { is_expected.to contain_file('zpassenger.load').with({ + 'path' => '/etc/httpd/conf.modules.d/zpassenger.load', + }) } end end context "on a FreeBSD OS" do From 5e431279017e900966fc843d75a97c943448d016 Mon Sep 17 00:00:00 2001 From: Joseph Yaworski Date: Fri, 29 Jan 2016 14:51:43 -0500 Subject: [PATCH 0814/2267] Add apache_version fact --- lib/facter/apache_version.rb | 8 ++++++++ spec/unit/apache_version_spec.rb | 20 ++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 lib/facter/apache_version.rb create mode 100644 spec/unit/apache_version_spec.rb diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb new file mode 100644 index 0000000000..b45c888346 --- /dev/null +++ b/lib/facter/apache_version.rb @@ -0,0 +1,8 @@ +Facter.add(:apache_version) do + setcode do + if Facter::Util::Resolution.which('apachectl') + apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') + %r{^Server version: Apache\/([\w\.]+) $([\w]+)$}.match(apache_version)[1] + end + end +end diff --git a/spec/unit/apache_version_spec.rb b/spec/unit/apache_version_spec.rb new file mode 100644 index 0000000000..30f6ef9914 --- /dev/null +++ b/spec/unit/apache_version_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe Facter::Util::Fact do + before do + Facter.clear + end + + describe 'apache_version' do + context 'with value' do + before :each do + Facter::Util::Resolution.stubs(:which).with('apachectl').returns(true) + Facter::Util::Resolution.stubs(:exec).with('apachectl -v 2>&1').returns('Server version: Apache/2.4.16 (Unix) + Server built: Jul 31 2015 15:53:26') + end + it do + expect(Facter.fact(:apache_version).value).to eq('2.4.16') + end + end + end +end From 4b0cd61c7e7f06c744e17a2d4cd64a5033abbdae Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 29 Jan 2016 13:12:36 -0700 Subject: [PATCH 0815/2267] Removes pinning of concat dependency to <2.0.0 --- .fixtures.yml | 4 +--- metadata.json | 2 +- spec/spec_helper_acceptance.rb | 4 ++-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 4645a757fc..6eddf260f6 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,9 +1,7 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - concat: - repo: "git://github.com/puppetlabs/puppetlabs-concat.git" - branch: "1.2.x" + concat: "git://github.com/puppetlabs/puppetlabs-concat.git" portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" diff --git a/metadata.json b/metadata.json index af2b56b3ba..460502a181 100644 --- a/metadata.json +++ b/metadata.json @@ -9,7 +9,7 @@ "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} ], "operatingsystem_support": [ { diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 307f7b7106..b6ec0b5856 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -43,7 +43,7 @@ copy_module_to(host, :source => proj_root, :module_name => 'apache') on host, puppet('module','install','puppetlabs-stdlib') - on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force') + on host, puppet('module','install','puppetlabs-concat') # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' @@ -59,7 +59,7 @@ class { 'epel': } # Required for manifest to make mod_pagespeed repository available if fact('osfamily') == 'Debian' - on host, puppet('module','install','puppetlabs-apt', '--version 1.8.0', '--force') + on host, puppet('module','install','puppetlabs-apt') end # Make sure selinux is disabled so the tests work. From e96a933bef3d6bdeadd78ceb2185fe6a5b3b30d5 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 29 Jan 2016 13:09:52 -0700 Subject: [PATCH 0816/2267] (MODULES-3018) Fixes Apache to work correctly with Concat. --- manifests/init.pp | 2 +- spec/acceptance/custom_config_spec.rb | 2 +- spec/classes/apache_spec.rb | 2 +- spec/defines/vhost_spec.rb | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b67c9f2fb3..13eb5f7172 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -345,7 +345,7 @@ ensure => file, content => template($conf_template), notify => Class['Apache::Service'], - require => [Package['httpd'], File[$ports_file]], + require => [Package['httpd'], Concat[$ports_file]], } # preserve back-wards compatibility to the times when default_mods was diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index fe73d111bd..c8e254e858 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -82,7 +82,7 @@ class { 'apache': } # Try to wedge the apache::custom_config call between when httpd.conf is written and # ports.conf is written. This should trigger a dependency cycle - File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> File["#{$ports_file}"] + File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> Concat["#{$ports_file}"] EOS expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/Found 1 dependency cycle/i) end diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 45f8a690c6..34d56ba4f7 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -504,7 +504,7 @@ it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( 'ensure' => 'file', 'notify' => 'Class[Apache::Service]', - 'require' => ['Package[httpd]', 'File[/etc/httpd/conf/ports.conf]'], + 'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'], ) } end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9a3027604f..e6456ae265 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -50,7 +50,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } @@ -77,7 +77,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } @@ -99,7 +99,7 @@ let :facts do default_facts end it { is_expected.to contain_class("apache") } it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_concat("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/vhosts.d/25-rspec.example.com.conf' ) } @@ -1108,7 +1108,7 @@ end it { is_expected.to compile } - it { is_expected.to contain_file('25-rspec.example.com.conf') } + it { is_expected.to contain_concat('25-rspec.example.com.conf') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require all granted$/ ) } @@ -1141,7 +1141,7 @@ end it { is_expected.to compile } - it { is_expected.to contain_file('25-rspec.example.com.conf') } + it { is_expected.to contain_concat('25-rspec.example.com.conf') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } it { is_expected.to_not contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require all granted$/ ) From a91d9d7293c0cb26b9bf7b1344ced6fb3dfadcd4 Mon Sep 17 00:00:00 2001 From: Matthew Kennedy Date: Thu, 15 Oct 2015 12:58:52 -0600 Subject: [PATCH 0817/2267] ThreadLimit needs to be above MaxClients or it is ignored. https://bz.apache.org/bugzilla/show_bug.cgi?id=46113 --- templates/mod/worker.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/worker.conf.erb b/templates/mod/worker.conf.erb index ad2bc44610..8ad6451c75 100644 --- a/templates/mod/worker.conf.erb +++ b/templates/mod/worker.conf.erb @@ -1,11 +1,11 @@ ServerLimit <%= @serverlimit %> StartServers <%= @startservers %> + ThreadLimit <%= @threadlimit %> MaxClients <%= @maxclients %> MinSpareThreads <%= @minsparethreads %> MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> - ThreadLimit <%= @threadlimit %> ListenBacklog <%= @listenbacklog %> From 9fa1dd71aef812bde52337ea6a4b589d53ca10f1 Mon Sep 17 00:00:00 2001 From: Daehyung Lee Date: Mon, 11 Jan 2016 14:03:33 +0900 Subject: [PATCH 0818/2267] Added support cache related options to apache::mod::ldap Not to set the any options if you were not specified --- manifests/mod/ldap.pp | 5 +++++ templates/mod/ldap.conf.erb | 15 +++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index d084186717..8586756d5a 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -2,6 +2,11 @@ $apache_version = $::apache::apache_version, $ldap_trusted_global_cert_file = undef, $ldap_trusted_global_cert_type = 'CA_BASE64', + $ldap_shared_cache_size = undef, + $ldap_cache_entries = undef, + $ldap_cache_ttl = undef, + $ldap_opcache_entries = undef, + $ldap_opcache_ttl = undef, ){ if ($ldap_trusted_global_cert_file) { validate_string($ldap_trusted_global_cert_type) diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb index fbb4b92136..424fbe8ee7 100644 --- a/templates/mod/ldap.conf.erb +++ b/templates/mod/ldap.conf.erb @@ -12,3 +12,18 @@ <% if @ldap_trusted_global_cert_file -%> LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %> <% end -%> +<%- if @ldap_shared_cache_size -%> +LDAPSharedCacheSize <%= @ldap_shared_cache_size %> +<%- end -%> +<%- if @ldap_cache_entries -%> +LDAPCacheEntries <%= @ldap_cache_entries %> +<%- end -%> +<%- if @ldap_cache_ttl -%> +LDAPCacheTTL <%= @ldap_cache_ttl %> +<%- end -%> +<%- if @ldap_opcache_entries -%> +LDAPOpCacheEntries <%= @ldap_opcache_entries %> +<%- end -%> +<%- if @ldap_opcache_ttl -%> +LDAPOpCacheTTL <%= @ldap_opcache_ttl %> +<%- end -%> From ed74be3277eac484254e0bb887c736b35c14389e Mon Sep 17 00:00:00 2001 From: tphoney Date: Mon, 1 Feb 2016 11:14:11 +0000 Subject: [PATCH 0819/2267] adding docs and tests for ldap parameter additions --- README.md | 10 ++++++++++ spec/classes/mod/ldap_spec.rb | 14 ++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 707720a2b6..05b368686f 100644 --- a/README.md +++ b/README.md @@ -1508,6 +1508,11 @@ Installs and configures [`mod_ldap`][]. Allows you to modify the class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt' ldap_trusted_global_cert_type => 'CA_DER', + ldap_shared_cache_size => '500000', + ldap_cache_entries => '1024', + ldap_cache_ttl => '600', + ldap_opcache_entries => '1024', + ldap_opcache_ttl => '600', } ~~~ @@ -1515,6 +1520,11 @@ class { 'apache::mod::ldap': - `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. - `ldap_trusted_global_cert_type`: The global trust certificate format. Defaults to 'CA_BASE64'. +- `ldap_shared_cache_size`: Size in bytes of the shared-memory cache. +- `ldap_cache_entries`: Maximum number of entries in the primary LDAP cache. +- `ldap_cache_ttl`: Time that cached items remain valid. +- `ldap_opcache_entries`: Number of entries used to cache LDAP compare operations. +- `ldap_opcache_ttl`: Time that entries in the operation cache remain valid. ##### Class: `apache::mod::negotiation` diff --git a/spec/classes/mod/ldap_spec.rb b/spec/classes/mod/ldap_spec.rb index 2b82d8d1bb..f51cafd4f7 100644 --- a/spec/classes/mod/ldap_spec.rb +++ b/spec/classes/mod/ldap_spec.rb @@ -32,12 +32,22 @@ it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } end - context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do + context 'set multiple ldap params' do let(:params) {{ :ldap_trusted_global_cert_file => 'ca.pem', - :ldap_trusted_global_cert_type => 'CA_DER' + :ldap_trusted_global_cert_type => 'CA_DER', + :ldap_shared_cache_size => '500000', + :ldap_cache_entries => '1024', + :ldap_cache_ttl => '600', + :ldap_opcache_entries => '1024', + :ldap_opcache_ttl => '600' }} it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheEntries 1024$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheTTL 600$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheEntries 1024$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheTTL 600$/) } end end #Debian From 2f78dab061378ed6e0e5b7c6aa670dd2625dea14 Mon Sep 17 00:00:00 2001 From: Bob Vincent Date: Fri, 29 Jan 2016 17:02:16 -0500 Subject: [PATCH 0820/2267] Bugfix: require concat, not file --- manifests/init.pp | 2 +- spec/classes/apache_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b67c9f2fb3..13eb5f7172 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -345,7 +345,7 @@ ensure => file, content => template($conf_template), notify => Class['Apache::Service'], - require => [Package['httpd'], File[$ports_file]], + require => [Package['httpd'], Concat[$ports_file]], } # preserve back-wards compatibility to the times when default_mods was diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 45f8a690c6..34d56ba4f7 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -504,7 +504,7 @@ it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( 'ensure' => 'file', 'notify' => 'Class[Apache::Service]', - 'require' => ['Package[httpd]', 'File[/etc/httpd/conf/ports.conf]'], + 'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'], ) } end From 9996cb23a118ee14806197a8597be1c0cbe2e70b Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 2 Feb 2016 16:34:39 -0800 Subject: [PATCH 0821/2267] Fix passenger on redhat systems Passenger needs their own repository now, so this PR adds that repo to the apache::mod::passenger class. It also updates the readme documenting which mods need epel or other extra repositories (or at least the packages provided by those repos). It also updates the style of the readme and some other linting issues. --- README.md | 545 +++++++++++++------------- manifests/mod/passenger.pp | 16 + manifests/params.pp | 26 +- spec/acceptance/mod_passenger_spec.rb | 46 +-- spec/acceptance/vhost_spec.rb | 27 ++ 5 files changed, 355 insertions(+), 305 deletions(-) diff --git a/README.md b/README.md index f4dbe7829c..1ee7ce5ae6 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,6 @@ [`apache::version`]: #class-apacheversion [`apache::vhost`]: #define-apachevhost [`apache::vhost::custom`]: #define-apachevhostcustom -[`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTP Server]: http://httpd.apache.org [Apache modules]: http://httpd.apache.org/docs/current/mod/ [array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html @@ -290,19 +289,19 @@ To temporarily disable full Puppet management, set the [`purge_configs`][] param To have Puppet install Apache with the default parameters, declare the [`apache`][] class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: -~~~ puppet +``` puppet class { 'apache': default_vhost => false, } -~~~ +``` ## Usage @@ -314,41 +313,41 @@ The default [`apache`][] class sets up a virtual host on port 80, listening on a To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] define: -~~~ puppet +``` puppet apache::vhost { 'vhost.example.com': port => '80', docroot => '/var/www/vhost', } -~~~ +``` **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] define applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to 'false', Apache still processes virtual hosts in alphabetical order. To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: -~~~ puppet +``` puppet apache::vhost { 'user.example.com': port => '80', docroot => '/var/www/user', docroot_owner => 'www-data', docroot_group => 'www-data', } -~~~ +``` #### Configuring virtual hosts with SSL To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: -~~~ puppet +``` puppet apache::vhost { 'ssl.example.com': port => '443', docroot => '/var/www/ssl', ssl => true, } -~~~ +``` To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: -~~~ puppet +``` puppet apache::vhost { 'cert.example.com': port => '443', docroot => '/var/www/cert', @@ -356,11 +355,11 @@ apache::vhost { 'cert.example.com': ssl_cert => '/etc/ssl/fourth.example.com.cert', ssl_key => '/etc/ssl/fourth.example.com.key', } -~~~ +``` To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`] defines: -~~~ puppet +``` puppet # The non-ssl virtual host apache::vhost { 'mix.example.com non-ssl': servername => 'mix.example.com', @@ -375,11 +374,11 @@ apache::vhost { 'mix.example.com ssl': docroot => '/var/www/mix', ssl => true, } -~~~ +``` To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`] defines and redirect unencrypted requests to the virtual host with SSL enabled: -~~~ puppet +``` puppet apache::vhost { 'redirect.example.com non-ssl': servername => 'redirect.example.com', port => '80', @@ -394,33 +393,33 @@ apache::vhost { 'redirect.example.com ssl': docroot => '/var/www/redirect', ssl => true, } -~~~ +``` #### Configuring virtual host port and address bindings -Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: +Virtual hosts listen on all IP addresses ('\*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => '127.0.0.1', port => '80', docroot => '/var/www/ip', } -~~~ +``` It is also possible to configure more than one IP address per vhost by using an array of IP addresses for the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1','169.254.1.1'], port => '80', docroot => '/var/www/ip', } -~~~ +``` To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'aliases.example.com': serveraliases => [ 'aliases.example.org', @@ -429,11 +428,11 @@ apache::vhost { 'aliases.example.com': port => '80', docroot => '/var/www/aliases', } -~~~ +``` To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -441,11 +440,11 @@ apache::vhost { 'subdomain.loc': docroot => '/var/www', serveraliases => ['*.loc',], } -~~~ +``` To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': port => '80', filters => [ @@ -456,13 +455,13 @@ apache::vhost { 'subdomain.loc': ], docroot => '/var/www/html', } -~~~ +``` #### Configuring virtual hosts for apps and processors To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -478,11 +477,11 @@ apache::vhost { 'suphp.example.com': }, ], } -~~~ +``` You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -501,53 +500,53 @@ apache::vhost { 'wsgi.example.com': wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } -~~~ +``` Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'wordpress.example.com': port => '80', docroot => '/var/www/wordpress', fallbackresource => '/index.php', } -~~~ +``` **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: -~~~ puppet +``` puppet apache::vhost { 'cgi.example.com': port => '80', docroot => '/var/www/cgi', scriptalias => '/usr/lib/cgi-bin', } -~~~ +``` To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'rack.example.com': port => '80', docroot => '/var/www/rack', rack_base_uris => ['/rackapp1', '/rackapp2'], } -~~~ +``` #### Configuring IP-based virtual hosts You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: -~~~ puppet +``` puppet apache::listen { '80': } apache::listen { '81': } -~~~ +``` Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'first.example.com': ip => '10.0.0.10', docroot => '/var/www/first', @@ -559,11 +558,11 @@ apache::vhost { 'second.example.com': docroot => '/var/www/second', ip_based => true, } -~~~ +``` You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: -~~~ puppet +``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': servername => 'first.example.com', ip => '10.0.0.10', @@ -580,11 +579,11 @@ apache::vhost { 'The first IP-based vhost, ssl': docroot => '/var/www/first-ssl', ssl => true, } -~~~ +``` Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): -~~~ puppet +``` puppet apache::vhost { 'second.example.com': ip => '10.0.0.20', port => '80', @@ -596,11 +595,11 @@ apache::vhost { 'third.example.com': port => '80', docroot => '/var/www/third', } -~~~ +``` To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to 'false' to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. -~~~ puppet +``` puppet apache::vhost { 'fourth.example.com': port => '80', docroot => '/var/www/fourth', @@ -612,7 +611,7 @@ apache::vhost { 'fifth.example.com': docroot => '/var/www/fifth', add_listen => false, } -~~~ +``` ### Installing Apache modules @@ -627,17 +626,17 @@ The Puppet apache module supports installing many common [Apache modules][], oft For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: -~~~ puppet +``` puppet class { 'apache::mod::ssl': } -~~~ +``` [`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to 'true': -~~~ puppet +``` puppet class { 'apache::mod::ssl': ssl_compression => true, } -~~~ +``` Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. @@ -645,11 +644,11 @@ Note that some modules have prerequisites, which are documented in their referen You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. -For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: +For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod\_authnz\_external' name: -~~~ puppet +``` puppet apache::mod { 'mod_authnz_external': } -~~~ +``` There's several optional parameters you can specify when defining Apache modules this way. See the [define's reference][`apache::mod`] for details. @@ -657,7 +656,7 @@ There's several optional parameters you can specify when defining Apache modules Add the [`apache::fastcgi::server`][] define to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -666,17 +665,17 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` You can then use the [`custom_fragment`] parameter to configure the virtual host to have the FastCGI server handle the specified file type: -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ### Load balancing examples @@ -684,23 +683,23 @@ Apache supports load balancing across groups of servers through the [`mod_proxy` To enable load balancing with [exported resources][], export the [`apache::balancermember`][] define from the load balancer member server: -~~~ puppet +``` puppet @@apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } -~~~ +``` Then, on the proxy server, create the load balancing group: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } -~~~ +``` To enable load balancing without exporting resources, declare the following on the proxy server: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } apache::balancermember { "${::fqdn}-puppet00": @@ -708,26 +707,26 @@ apache::balancermember { "${::fqdn}-puppet00": url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } -~~~ +``` Then declare the `apache::balancer` and `apache::balancermember` defines on the proxy server. If you need to use the [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: -~~~ puppet +``` puppet apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', }, } -~~~ +``` ## Reference - [**Public Classes**](#public-classes) - [Class: apache](#class-apache) - [Class: apache::dev](#class-apachedev) - - [Classes: apache::mod::*](#classes-apachemodname) + - [Classes: apache::mod::\*](#classes-apachemodname) - [**Private Classes**](#private-classes) - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) - [Class: apache::default_confd_files](#class-apachedefault_confd_files) @@ -763,15 +762,15 @@ When this class is declared with the default options, Puppet: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. -- Configures the server with a default virtual host and standard port ('80') and address ('*') bindings. +- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. - Creates a document root directory determined by your operating system, typically `/var/www`. - Starts the Apache service. You can simply declare the default `apache` class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` You can establish a default virtual host in this class, by using the [`apache::vhost`][] define, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] define. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. @@ -885,7 +884,7 @@ Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: -~~~ puppet +``` puppet apache::vhost { 'default-ssl': port => 443, ssl => true, @@ -894,7 +893,7 @@ apache::vhost { 'default-ssl': serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } -~~~ +``` **Note**: SSL virtual hosts only respond to HTTPS queries. @@ -914,13 +913,13 @@ Configures a specific dev package to use. Valid options: String. Default: 'OS d Example for using httpd 2.4 from the IUS yum repo: -~~~ puppet +``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } -~~~ +``` ##### `docroot` @@ -992,19 +991,19 @@ Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'eme Define additional [`LogFormat`][] directives. Valid options: A [Hash][], such as: -~~~ puppet +``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -~~~ +``` There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: -~~~ httpd +``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -~~~ +``` If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. @@ -1175,13 +1174,12 @@ Changes your virtual host configuration files' location. Default: determined by ##### `vhost_include_pattern` -Defines the pattern for files included from the `vhost_dir`. This defaults to '*', also for BC with previous versions of this module. +Defines the pattern for files included from the `vhost_dir`. This defaults to '\*', also for BC with previous versions of this module. However, you may want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (from version control systems, editor backups or the like) are *not* included in your server configuration. -A value of '*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending -in '.conf'. +A value of '\*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending in '.conf'. ##### `user` @@ -1225,23 +1223,23 @@ The default value is determined by your operating system: Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': -~~~ puppet +``` puppet class { 'apache::mod::alias': icons_options => 'None', } -~~~ +``` The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. * `actions` * `alias` (see [`apache::mod::alias`][]) * `auth_basic` -* `auth_cas`* (see [`apache::mod::auth_cas`][]) -* `auth_mellon`* (see [`apache::mod::auth_mellon`][]) +* `auth_cas`\* (see [`apache::mod::auth_cas`][]) +* `auth_mellon`\* (see [`apache::mod::auth_mellon`][]) * `auth_kerb` * `authn_core` * `authn_file` -* `authnz_ldap`* +* `authnz_ldap`\* * `authz_default` * `authz_user` * `autoindex` @@ -1250,10 +1248,10 @@ The following Apache modules have supported classes, many of which allow for par * `cgid` * `dav` * `dav_fs` -* `dav_svn`* -* `deflate` +* `dav_svn`\* +* `deflate\` * `dev` -* `dir`* +* `dir`\* * `disk_cache` (see [`apache::mod::disk_cache`][]) * `event` (see [`apache::mod::event`][]) * `expires` @@ -1264,40 +1262,40 @@ The following Apache modules have supported classes, many of which allow for par * `geoip` (see [`apache::mod::geoip`][]) * `headers` * `include` -* `info`* +* `info`\* * `itk` * `ldap` * `mime` -* `mime_magic`* +* `mime_magic`\* * `negotiation` -* `nss`* +* `nss`\* * `pagespeed` (see [`apache::mod::pagespeed`][]) -* `passenger`* (see [`apache::mod::passenger`][]) +* `passenger`\* (see [`apache::mod::passenger`][]) * `perl` * `peruser` * `php` (requires [`mpm_module`][] set to `prefork`) -* `prefork`* -* `proxy`* +* `prefork`\* +* `proxy`\* * `proxy_ajp` * `proxy_balancer` -* `proxy_html` +* `proxy_html` (see [`apache::mod::proxy_html`][]) * `proxy_http` * `python` * `reqtimeout` -* `remoteip`* +* `remoteip`\* * `rewrite` -* `rpaf`* +* `rpaf`\* * `setenvif` * `security` -* `shib`* (see [`apache::mod::shib`]) +* `shib`\* (see [`apache::mod::shib`]) * `speling` -* `ssl`* (see [`apache::mod::ssl`][]) -* `status`* (see [`apache::mod::status`][]) +* `ssl`\* (see [`apache::mod::ssl`][]) +* `status`\* (see [`apache::mod::status`][]) * `suphp` -* `userdir`* +* `userdir`\* * `version` * `vhost_alias` -* `worker`* +* `worker`\* * `wsgi` (see [`apache::mod::wsgi`][]) * `xsendfile` @@ -1328,11 +1326,11 @@ Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk` You can specify the cache root by passing a path as a string to the `cache_root` parameter. -~~~ puppet +``` puppet class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } -~~~ +``` ##### Class: `apache::mod::event` @@ -1355,6 +1353,8 @@ Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apa The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. +**Note**: The auth\_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() + **Parameters within `apache::mod::auth_cas`**: - `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: 'undef'. @@ -1376,11 +1376,11 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. -~~~ puppet +``` puppet class{ 'apache::mod::auth_mellon': mellon_cache_size => 101, } -~~~ +``` **Parameters within `apache::mod::auth_mellon`**: @@ -1415,14 +1415,14 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Installs and configures [`mod_ext_filter`][]. -~~~ puppet +``` puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } -~~~ +``` **Parameters within `apache::mod::ext_filter`**: @@ -1434,7 +1434,7 @@ Installs and configures [`mod_fcgid`][]. The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: -~~~ puppet +``` puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', @@ -1442,13 +1442,13 @@ class { 'apache::mod::fcgid': 'AddHandler' => 'fcgid-script .fcgi', }, } -~~~ +``` For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. -~~~ puppet +``` puppet include apache::mod::fcgid apache::vhost { 'example.org': @@ -1460,7 +1460,7 @@ apache::vhost { 'example.org': } }, } -~~~ +``` ##### Class: `apache::mod::geoip` @@ -1504,7 +1504,7 @@ Installs and manages [`mod_passenger`][]. Installs and configures [`mod_ldap`][]. Allows you to modify the [`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/2.2/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: -~~~puppet +```puppet class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt' ldap_trusted_global_cert_type => 'CA_DER', @@ -1514,7 +1514,7 @@ class { 'apache::mod::ldap': ldap_opcache_entries => '1024', ldap_opcache_ttl => '600', } -~~~ +``` **Parameters within `apache::mod::ldap`:** @@ -1545,7 +1545,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d - `inherit_vhost_config`: Default: 'on'. - `filter_xhtml`: Default: false. -- `cache_path`: Default: '/var/cache/mod_pagespeed/'. +- `cache_path`: Default: '/var/cache/mod\_pagespeed/'. - `log_dir`: Default: '/var/log/pagespeed'. - `memcache_servers`: Default: []. - `rewrite_level`: Default: 'CoreFilters'. @@ -1579,6 +1579,18 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. +##### Class: `apache::mod::passenger` + +Installs and configures mod\_passenger + +**Parameters within `apache::mod::passenger`**: + +- `manage_repo`: Manage phusionpassenger.com repository. Default: true. + +TODO: The parameters section is incomplete. + +**Note**: The passenger module isn't available on RH/CentOS without providing dependency packages provided by EPEL and mod\_passengers own custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() + ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. @@ -1595,6 +1607,10 @@ Default values depend on your operating system. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. - `content`: Adds arbitrary content to `php.conf`. +##### Class: `apache::mod::proxy_html` + +**Note**: There is no official package available for mod\_proxy\_html and thus it must be made available by means outside of the control of the apache module. + ##### Class: `apache::mod::reqtimeout` Installs and configures [`mod_reqtimeout`][]. @@ -1609,6 +1625,8 @@ Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, whic Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. +**Note**: The shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See [http://wiki.aaf.edu.au/tech-info/sp-install-guide]() + ##### Class: `apache::mod::ssl` Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. @@ -1655,7 +1673,7 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b - `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' - `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. - `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. -${modsec_dir}/activated_rules. +${modsec\_dir}/activated\_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. - `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. @@ -1674,7 +1692,7 @@ Otherwise, Puppet follows it literally. - `package_name`: Names the package that installs `mod_wsgi`. Default: undef. - `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. - `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. -- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE_RUN_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. +- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. @@ -1766,7 +1784,7 @@ Specifies whether the configuration file should be present. Valid options: 'abse ##### `confdir` -Sets the directory in which Puppet places configuration files. Default: '$::apache::confd_dir'. +Sets the directory in which Puppet places configuration files. Default: '$::apache::confd\_dir'. ##### `content` @@ -1828,7 +1846,7 @@ Sets the [MIME `content-type`][] of the file to be processed by the FastCGI serv #### Define: `apache::listen` -Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '', ':', or ':'. +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '\', '\:\', or '\:\'. #### Define: `apache::mod` @@ -1868,7 +1886,7 @@ Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. Don't manuall #### Define: `apache::namevirtualhost` -Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'. #### Define: `apache::vhost` @@ -1892,7 +1910,7 @@ Specifies that only requests with particular environment variables be logged. De ##### `access_log_file` -Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_access.log' for unencrypted virtual hosts. ##### `access_log_format` @@ -1930,7 +1948,7 @@ Passes a list of [Hashes][Hash] to the virtual host to create [`Alias`][], [`Ali For example: -~~~ puppet +``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', @@ -1948,7 +1966,7 @@ aliases => [ path => '/usr/share/nagios/html', }, ], -~~~ +``` For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. @@ -2008,7 +2026,7 @@ Specifies whether `*_error.log` directives should be configured. Defaults to 'tr ##### `error_log_file` -Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. +Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com\_ssl\_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. ##### `error_log_pipe` @@ -2022,14 +2040,14 @@ Sends all error log messages to syslog. Defaults to 'undef'. A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } -~~~ +``` ##### `ensure` @@ -2043,7 +2061,7 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm [Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. -~~~ puppet +``` puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', @@ -2052,7 +2070,7 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } -~~~ +``` ##### `force_type` @@ -2084,7 +2102,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { @@ -2092,7 +2110,7 @@ apache::vhost { 'sample.example.net': group => 'somegroup', }, } -~~~ +``` ##### `auth_kerb` @@ -2100,7 +2118,7 @@ Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid values are 'true Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': auth_kerb => true, krb_method_negotiate => 'on', @@ -2113,7 +2131,7 @@ apache::vhost { 'sample.example.net': auth_require => 'valid-user', }, } -~~~ +``` Related parameters follow the names of `mod_auth_kerb` directives: @@ -2138,7 +2156,7 @@ This option enables credential saving functionality. Default is 'off' ##### `logroot` -Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. +Specifies the location of the virtual host's logfiles. Defaults to '/var/log/\/'. ##### `$logroot_ensure` @@ -2165,17 +2183,17 @@ Boolean. Only valid if apache::mod::security is included. Used to disable mod_ Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } -~~~ +``` -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } -~~~ +``` ###### `modsec_disable_ips` @@ -2203,12 +2221,12 @@ Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/current/mod Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } -~~~ +``` **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. @@ -2274,7 +2292,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters and location options can be added as an array. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ @@ -2295,7 +2313,7 @@ apache::vhost { 'site.name.fdqn': 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, ], } -~~~ +``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. `reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath and/or ProxyPassReverseCookieDomain. @@ -2316,11 +2334,11 @@ This directive is equivalent to proxy_pass, but takes regular expressions, see [ ##### `rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the \_rack.erb template. Defaults to 'undef'. #####`passenger_base_uris` -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Defaults to 'undef'. +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the \_passenger\_base\_uris.erb template. Defaults to 'undef'. ##### `redirect_dest` @@ -2330,43 +2348,43 @@ Specifies the address to redirect to. Defaults to 'undef'. Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } -~~~ +``` ##### `redirect_status` Specifies the status to append to the redirect. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } -~~~ +``` ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } -~~~ +``` ##### `request_headers` Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … request_headers => [ @@ -2374,23 +2392,23 @@ apache::vhost { 'site.name.fdqn': 'unset MirrorID', ], } -~~~ +``` ##### `rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } -~~~ +``` The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2401,11 +2419,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2416,11 +2434,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` Multiple rewrites and conditions are also possible -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2445,7 +2463,7 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. @@ -2459,7 +2477,7 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for exa Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). -~~~ puppet +``` puppet scriptaliases => [ { alias => '/myscript', @@ -2478,7 +2496,7 @@ scriptaliases => [ path => '/usr/share/neatscript', }, ] -~~~ +``` The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. @@ -2500,11 +2518,11 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: -~~~ puppet +``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } -~~~ +``` ##### `setenvif` @@ -2522,7 +2540,7 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -2533,17 +2551,17 @@ apache::vhost { 'suphp.example.com': 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } -~~~ +``` ##### `vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '\*'. ##### `virtual_docroot` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -2551,7 +2569,7 @@ apache::vhost { 'subdomain.loc': docroot => '/var/www', serveraliases => ['*.loc',], } -~~~ +``` ##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` @@ -2571,7 +2589,7 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -2585,11 +2603,11 @@ apache::vhost { 'wsgi.example.com': wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } -~~~ +``` #### Parameter `directories` for `apache::vhost` -The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. +The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '\< Directory /path/to/directory\>...\'. The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. @@ -2597,7 +2615,7 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like -~~~ puppet +``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ @@ -2607,18 +2625,18 @@ apache::vhost { 'files.example.net': }, ], } -~~~ +``` *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } -~~~ +``` Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: @@ -2626,7 +2644,7 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2635,13 +2653,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow` Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2650,13 +2668,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow_override` Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2665,7 +2683,7 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `auth_basic_authoritative` @@ -2727,7 +2745,7 @@ Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_a Pass a string of custom configuration directives to be placed at the end of the directory configuration. -~~~ puppet +``` puppet apache::vhost { 'monitor': … directories => [ @@ -2748,13 +2766,13 @@ Pass a string of custom configuration directives to be placed at the end of the }, ] } -~~~ +``` ###### `deny` Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2763,13 +2781,13 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir }, ], } -~~~ +``` ###### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', @@ -2781,14 +2799,14 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `ext_filter_options` Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'filter.example.org': docroot => '/var/www/filter', directories => [ @@ -2797,14 +2815,14 @@ apache::vhost { 'filter.example.org': }, ], } -~~~ +``` ###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ @@ -2813,13 +2831,13 @@ apache::vhost { 'first.example.com': }, ], } -~~~ +``` ###### `headers` Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { @@ -2827,13 +2845,13 @@ apache::vhost { 'sample.example.net': headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } -~~~ +``` ###### `index_options` Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2844,13 +2862,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_order_default` Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2860,13 +2878,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_style_sheet` Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2877,13 +2895,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `mellon_enable` Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_melon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2905,7 +2923,7 @@ apache::vhost { 'sample.example.net': }, ] } -~~~ +``` Related parameters follow the names of `mod_auth_melon` directives: @@ -2923,7 +2941,7 @@ to environment variables. Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2932,13 +2950,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `order` Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2947,13 +2965,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2962,7 +2980,7 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. @@ -2980,7 +2998,7 @@ apache::vhost { 'sample.example.net': Sets a `Require` directive as per the [Apache Authz documentation](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2989,11 +3007,11 @@ Sets a `Require` directive as per the [Apache Authz documentation](http://httpd. } ], } -~~~ +``` If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3002,13 +3020,13 @@ If `require` is set to `unmanaged` it will not be set at all. This is useful for } ], } -~~~ +``` ###### `satisfy` Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3017,13 +3035,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `sethandler` Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3032,13 +3050,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `set_output_filter` Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). -~~~ puppet +``` puppet apache::vhost{ 'filter.example.net': docroot => '/path/to/directory', directories => [ @@ -3047,13 +3065,13 @@ apache::vhost{ 'filter.example.net': }, ], } -~~~ +``` ###### `rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3072,15 +3090,15 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` -***Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. +**Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. ###### `shib_request_setting` Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3090,7 +3108,7 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `shib_use_headers` @@ -3100,7 +3118,7 @@ When set to 'On', this turns on the use of request headers to publish attributes String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3112,13 +3130,13 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `suphp` A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3130,7 +3148,7 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` #### SSL parameters for `apache::vhost` @@ -3186,25 +3204,25 @@ Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tl ##### `ssl_verify_client` -Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. +Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional\_no\_ca'. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } -~~~ +``` ##### `ssl_verify_depth` Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_verify_depth => 1, } -~~~ +``` ##### `ssl_proxy_verify` @@ -3214,12 +3232,12 @@ Sets the [SSLProxyVerify](http://httpd.apache.org/docs/current/mod/mod_ssl.html# Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', } -~~~ +``` ##### `ssl_proxy_check_peer_cn` @@ -3236,21 +3254,21 @@ Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslo A string: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } -~~~ +``` An array: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_options => [ '+StrictRequire', '+ExportCertData' ], } -~~~ +``` ##### `ssl_openssl_conf_cmd` @@ -3262,13 +3280,13 @@ Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/cu ####Define: FastCGI Server -This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. +This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. ** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository. Ex: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -3277,17 +3295,17 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ##### `host` @@ -3299,7 +3317,7 @@ The number of seconds of FastCGI application inactivity allowed before the reque ##### `flush` -Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. +Force a write to the client as data is received from the application. By default, mod\_fastcgi buffers data in order to free the application as quickly as possible. ##### `faux_path` @@ -3357,22 +3375,6 @@ The Apache module relies heavily on templates to enable the [`apache::vhost`][] ## Limitations -### Ubuntu 10.04 - -The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. - -### RHEL/CentOS 5 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. - -### RHEL/CentOS 6 - -The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. - -### RHEL/CentOS 7 - -The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. - ### General This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: @@ -3384,13 +3386,22 @@ This module is CI tested against both [open source Puppet][] and [Puppet Enterpr This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. +### Ubuntu 10.04 + +The [`apache::vhost::wsgi_import_script`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. + +### RHEL/CentOS +The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories. + +See their respective documentation above for related repositories and packages. + ### SELinux and custom paths If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. You can do this with Puppet: -~~~ puppet +``` puppet exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', @@ -3427,7 +3438,7 @@ apache::vhost { 'test.server': docroot => '/custom/path', additional_includes => '/custom/path/include', } -~~~ +``` You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. @@ -3451,18 +3462,18 @@ This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to ve #### Testing quickstart: Ruby > 1.8.7 -~~~ +``` gem install bundler bundle install bundle exec rake spec bundle exec rspec spec/acceptance RS_DEBUG=yes bundle exec rspec spec/acceptance -~~~ +``` #### Testing quickstart: Ruby = 1.8.7 -~~~ +``` gem install bundler bundle install --without system_tests bundle exec rake spec -~~~ +``` diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 8d3622d304..d0b9f73fee 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -17,6 +17,7 @@ $passenger_use_global_queue = undef, $passenger_app_env = undef, $passenger_log_file = undef, + $manage_repo = true, $mod_package = undef, $mod_package_ensure = undef, $mod_lib = undef, @@ -52,6 +53,21 @@ $_lib_path = $mod_lib_path } + if $::osfamily == 'RedHat' and $manage_repo { + yumrepo { 'passenger': + ensure => 'present', + baseurl => 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch', + descr => 'passenger', + enabled => '1', + gpgcheck => '0', + gpgkey => 'https://packagecloud.io/gpg.key', + repo_gpgcheck => '1', + sslcacert => '/etc/pki/tls/certs/ca-bundle.crt', + sslverify => '1', + before => Apache::Mod['passenger'], + } + } + $_id = $mod_id $_path = $mod_path ::apache::mod { 'passenger': diff --git a/manifests/params.pp b/manifests/params.pp index abef55e0ba..a8cd7bfebd 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -31,15 +31,9 @@ # Default mime types settings $mime_types_additional = { - 'AddHandler' => { - 'type-map' => 'var' - }, - 'AddType' => { - 'text/html' => '.shtml' - }, - 'AddOutputFilter' => { - 'INCLUDES' => '.shtml' - }, + 'AddHandler' => { 'type-map' => 'var', }, + 'AddType' => { 'text/html' => '.shtml', }, + 'AddOutputFilter' => { 'INCLUDES' => '.shtml', }, } # should we use systemd module? @@ -91,9 +85,8 @@ $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef - # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide - # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. $mod_packages = { + # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', 'auth_mellon' => 'mod_auth_mellon', @@ -109,6 +102,10 @@ default => undef, }, 'pagespeed' => 'mod-pagespeed-stable', + # NOTE: The passenger module isn't available on RH/CentOS without + # providing dependency packages provided by EPEL and passenger + # repositories. See + # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/ 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', 'php5' => $::apache::version::distrelease ? { @@ -118,6 +115,9 @@ 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', 'security' => 'mod_security', + # NOTE: The module for Shibboleth is not available on RH/CentOS without + # providing dependency packages provided by Shibboleth's repositories. + # See http://wiki.aaf.edu.au/tech-info/sp-install-guide 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', @@ -183,7 +183,7 @@ 'base_rules/modsecurity_crs_49_inbound_blocking.conf', 'base_rules/modsecurity_crs_50_outbound.conf', 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf' + 'base_rules/modsecurity_crs_60_correlation.conf', ] } elsif $::osfamily == 'Debian' { $user = 'www-data' @@ -287,7 +287,7 @@ 'base_rules/modsecurity_crs_49_inbound_blocking.conf', 'base_rules/modsecurity_crs_50_outbound.conf', 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf' + 'base_rules/modsecurity_crs_60_correlation.conf', ] $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 086c93eea7..fd967d1ea6 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -49,38 +49,34 @@ conf_file = "#{$mod_dir}/passenger.conf" load_file = "#{$mod_dir}/zpassenger.load" # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part - passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' passenger_ruby = '/usr/bin/ruby' - passenger_tempdir = '/var/run/rubygem-passenger' passenger_module_path = 'modules/mod_passenger.so' rackapp_user = 'apache' rackapp_group = 'apache' end pp_rackapp = <<-EOS - /* a simple ruby rack 'hellow world' app */ - file { '/var/www/passenger': - ensure => directory, - owner => '#{rackapp_user}', - group => '#{rackapp_group}', - require => Class['apache::mod::passenger'], - } - file { '/var/www/passenger/config.ru': - ensure => file, - owner => '#{rackapp_user}', - group => '#{rackapp_group}', - content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello world\\"]] }\\nrun app", - require => File['/var/www/passenger'] , - } - apache::vhost { 'passenger.example.com': - port => '80', - docroot => '/var/www/passenger/public', - docroot_group => '#{rackapp_group}' , - docroot_owner => '#{rackapp_user}' , - custom_fragment => "PassengerRuby #{passenger_ruby}\\nRailsEnv development" , - require => File['/var/www/passenger/config.ru'] , - } - host { 'passenger.example.com': ip => '127.0.0.1', } + /* a simple ruby rack 'hello world' app */ + file { '/var/www/passenger': + ensure => directory, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + } + file { '/var/www/passenger/config.ru': + ensure => file, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello world\\"]] }\\nrun app", + } + apache::vhost { 'passenger.example.com': + port => '80', + docroot => '/var/www/passenger/public', + docroot_group => '#{rackapp_group}', + docroot_owner => '#{rackapp_user}', + require => File['/var/www/passenger/config.ru'], + } + host { 'passenger.example.com': ip => '127.0.0.1', } EOS case fact('osfamily') diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b9b3a80acc..90b42e0e6e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1106,6 +1106,33 @@ class { 'apache': service_ensure => stopped, } end end + # Passenger isn't even in EPEL on el-5 + if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') + describe 'rack_base_uris' do + before :all do + pp = "if $::osfamily == 'RedHat' { include epel }" + apply_manifest(pp, :catch_failures => true) + end + + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'RackBaseURI /test' } + end + end + end + describe 'no_proxy_uris' do it 'applies cleanly' do pp = <<-EOS From b1f60c7c4297de78350a10cbede8ed1149df0fdd Mon Sep 17 00:00:00 2001 From: Alan Chalmers Date: Wed, 3 Feb 2016 16:32:28 +1100 Subject: [PATCH 0822/2267] allow status code on redirect match to be optional and not a requirement as per apache documentation http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectmatch --- manifests/vhost.pp | 2 +- templates/vhost/_redirect.erb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8b5422e5ae..912be76e52 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -748,7 +748,7 @@ # - $redirectmatch_status_a # - $redirectmatch_regexp_a # - $redirectmatch_dest - if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}${filename}.conf", order => 180, diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb index 69bbfd09de..209da646cc 100644 --- a/templates/vhost/_redirect.erb +++ b/templates/vhost/_redirect.erb @@ -22,4 +22,14 @@ <% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> <%- end -%> +<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> <% end -%> From fe1dae9f59c756b86d05dd4e3e921b2838031e6d Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 3 Feb 2016 12:24:18 -0800 Subject: [PATCH 0823/2267] Need to know where mod_dir is --- spec/acceptance/mod_pagespeed_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 2434fbb4eb..009df6a101 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,4 +1,5 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::pagespeed class' do context "default pagespeed config" do From a85588aa66dbd9c83f3cb0434bc99256618728f3 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Wed, 20 Jan 2016 11:39:11 +0100 Subject: [PATCH 0824/2267] add parameter root_directory_options --- README.md | 4 ++++ manifests/init.pp | 1 + manifests/params.pp | 3 +++ spec/classes/apache_spec.rb | 8 ++++++++ templates/httpd.conf.erb | 2 +- 5 files changed, 17 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 707720a2b6..f768eb2d7c 100644 --- a/README.md +++ b/README.md @@ -1164,6 +1164,10 @@ Controls whether the systemd module should be installed on Centos 7 servers, thi The desired permissions mode for config files, in symbolic or numeric notation. This value must be a string. Defaults to '0644'. +##### `root_directory_options` + +Array of the desired options for the / directory in httpd.conf. Defaults to 'FollowSymLinks'. + ##### `vhost_dir` Changes your virtual host configuration files' location. Default: determined by your operating system. diff --git a/manifests/init.pp b/manifests/init.pp index 9422d09d8b..008ab92e26 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -80,6 +80,7 @@ $use_systemd = $::apache::params::use_systemd, $mime_types_additional = $::apache::params::mime_types_additional, $file_mode = $::apache::params::file_mode, + $root_directory_options = $::apache::params::root_directory_options, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) diff --git a/manifests/params.pp b/manifests/params.pp index 4120d074c7..faff49a6c8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -48,6 +48,9 @@ # Default mode for files $file_mode = '0644' + # Default options for / directory + $root_directory_options = ['FollowSymLinks'] + $vhost_include_pattern = '*' if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 45f8a690c6..6b9b6b881f 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -845,9 +845,17 @@ ) } end + context 'with a custom root_directory_options parameter' do + let :params do { + :root_directory_options => ['-Indexes', '-FollowSymLinks'] + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options -Indexes -FollowSymLinks} } + end context 'default vhost defaults' do it { is_expected.to contain_apache__vhost('default').with_ensure('present') } it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks} } end context 'without default non-ssl vhost' do let :params do { diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 9c854cfc31..448d1fec55 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -31,7 +31,7 @@ AccessFileName .htaccess - Options FollowSymLinks + Options <%= Array(@root_directory_options).join(' ') %> AllowOverride None From 8871f0be57b66d3b4259efa2bb00b3eec11e0e35 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 4 Feb 2016 15:06:28 -0800 Subject: [PATCH 0825/2267] Disable passenger tests other than vhost The module does not yet manage passenger.conf with puppet and so any two tests that use passenger with non-passenger tests between them will cause failures. --- spec/acceptance/mod_passenger_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index fd967d1ea6..5798545ea2 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -2,9 +2,11 @@ require_relative './version.rb' describe 'apache::mod::passenger class' do + pending 'This cannot run in the same test run as apache::vhost with passenger + as the passenger.conf file is not yet managed by puppet and will be wiped out + between tests and not replaced' case fact('osfamily') when 'Debian' - mod_dir = '/etc/apache2/mods-available/' conf_file = "#{$mod_dir}/passenger.conf" load_file = "#{$mod_dir}/zpassenger.load" From 8ca7a6697ab907803789b2aa63e304f19e3497d3 Mon Sep 17 00:00:00 2001 From: Guy Van den Bergh Date: Fri, 5 Feb 2016 11:59:54 +0100 Subject: [PATCH 0826/2267] changed rpaf Configuration Directives: RPAF -> RPAF_ --- spec/classes/mod/rpaf_spec.rb | 24 ++++++++++++------------ templates/mod/rpaf.conf.erb | 14 +++++++------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 83591bc282..6b2ddd92f3 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -26,25 +26,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/mods-available/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } end end context "on a FreeBSD OS" do @@ -66,25 +66,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } end end context "on a Gentoo OS" do @@ -106,25 +106,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/modules.d/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } end end end diff --git a/templates/mod/rpaf.conf.erb b/templates/mod/rpaf.conf.erb index 56e2398b55..e0ed8dce8d 100644 --- a/templates/mod/rpaf.conf.erb +++ b/templates/mod/rpaf.conf.erb @@ -1,15 +1,15 @@ # Enable reverse proxy add forward -RPAFenable On -# RPAFsethostname will, when enabled, take the incoming X-Host header and +RPAF_enable On +# RPAF_sethostname will, when enabled, take the incoming X-Host header and # update the virtual host settings accordingly. This allows to have the same # hostnames as in the "real" configuration for the forwarding proxy. <% if @sethostname -%> -RPAFsethostname On +RPAF_sethostname On <% else -%> -RPAFsethostname Off +RPAF_sethostname Off <% end -%> # Which IPs are forwarding requests to us -RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %> -# Setting RPAFheader allows you to change the header name to parse from the +RPAF_proxyIPs <%= Array(@proxy_ips).join(" ") %> +# Setting RPAF_header allows you to change the header name to parse from the # default X-Forwarded-For to something of your choice. -RPAFheader <%= @header %> +RPAF_header <%= @header %> From 65f41c0cb54f3a7ff2843e7c8e4e78b6a90d7257 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Fri, 29 Jan 2016 14:36:28 -0700 Subject: [PATCH 0827/2267] quote php_values when the value is a string --- spec/acceptance/mod_php_spec.rb | 2 +- templates/vhost/_php.erb | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 11bcafcba5..f9919646f0 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -80,7 +80,7 @@ class { 'apache::mod::php': describe file("#{$vhost_dir}/25-php.example.com.conf") do it { is_expected.to contain " php_flag display_errors on" } - it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" } + it { is_expected.to contain " php_value include_path \".:/usr/share/pear:/usr/bin/php\"" } it { is_expected.to contain " php_admin_flag engine on" } it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } end diff --git a/templates/vhost/_php.erb b/templates/vhost/_php.erb index 369fdb7f92..8032a1ade2 100644 --- a/templates/vhost/_php.erb +++ b/templates/vhost/_php.erb @@ -1,6 +1,10 @@ <% if @php_values and not @php_values.empty? -%> <%- @php_values.sort.each do |key,value| -%> + <%- if value.is_a? String -%> + php_value <%= key %> "<%= value %>" + <%- else -%> php_value <%= key %> <%= value %> + <%- end -%> <%- end -%> <% end -%> <% if @php_flags and not @php_flags.empty? -%> @@ -9,4 +13,4 @@ <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> php_flag <%= key %> <%= flag %> <%- end -%> -<% end -%> \ No newline at end of file +<% end -%> From f1ea11bb5be89956171687b7a5b226b25d20fd3b Mon Sep 17 00:00:00 2001 From: Bob Vincent Date: Mon, 1 Feb 2016 11:00:39 -0500 Subject: [PATCH 0828/2267] Fix in custom fact "apache_version" for RHEL. The custom fact defined by lib/facter/apache_version.rb runs "apachectl -v" and applies the following regular expression: ^Server version: Apache\/([\w\.]+) $([\w]+)$ On RHEL 7.1, running apachectl -v produces the following output: Server version: Apache/2.4.6 (Red Hat Enterprise Linux) The regex fails to match the output because it does not allow for whitespace inside the parentheses. The following modified regex matches properly: ^Server version: Apache\/([\w\.]+) $([\w ]+)$ --- lib/facter/apache_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index b45c888346..b84d776150 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -2,7 +2,7 @@ setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') - %r{^Server version: Apache\/([\w\.]+) $([\w]+)$}.match(apache_version)[1] + %r{^Server version: Apache\/([\w\.]+) $([\w ]+)$}.match(apache_version)[1] end end end From 28e0f3e8b1d797af4b56dcc0b1397077e86f94a7 Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Mon, 25 Jan 2016 16:41:07 -0800 Subject: [PATCH 0829/2267] Edit and restyle the README. - Adds more default values for parameters. - Styles parameters and values more consistently. - Updates several broken or outdated external links. - Fixes broken internal links. - Replaces "define" (as a noun) with "defined type" for clarity. - Updates code fences from tildes to backticks. - Fixes mispelled references to `mod_auth_mellon`. --- README.md | 1468 +++++++++++++++++++++++++++-------------------------- 1 file changed, 745 insertions(+), 723 deletions(-) diff --git a/README.md b/README.md index 707720a2b6..77c27e7372 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ [Reference]: #reference [Public classes]: #public-classes [Private classes]: #private-classes -[Public defines]: #public-defines -[Private defines]: #private-defines +[Public defined types]: #public-defined-types +[Private defined types]: #private-defined-types [Templates]: #templates [Limitations]: #limitations @@ -30,18 +30,18 @@ [Contributing]: #contributing [Running tests]: #running-tests -[`AddDefaultCharset`]: http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset +[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen [`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias [`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch [aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html -[`AllowEncodedSlashes`]: http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes +[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes [`apache`]: #class-apache [`apache_version`]: #apache_version -[`apache::balancer`]: #define-apachebalancer -[`apache::balancermember`]: #define-apachebalancermember -[`apache::fastcgi::server`]: #define-apachefastcgiserver -[`apache::mod`]: #define-apachemod +[`apache::balancer`]: #defined-type-apachebalancer +[`apache::balancermember`]: #defined-type-apachebalancermember +[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver +[`apache::mod`]: #defined-type-apachemod [`apache::mod::`]: #classes-apachemodmodule-name [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas @@ -64,21 +64,21 @@ [`apache::mod::wsgi`]: #class-apachemodwsgi [`apache::params`]: #class-apacheparams [`apache::version`]: #class-apacheversion -[`apache::vhost`]: #define-apachevhost -[`apache::vhost::custom`]: #define-apachevhostcustom +[`apache::vhost`]: #defined-type-apachevhost +[`apache::vhost::custom`]: #defined-type-apachevhostcustom [`apache::vhost::WSGIImportScript`]: #wsgiimportscript -[Apache HTTP Server]: http://httpd.apache.org -[Apache modules]: http://httpd.apache.org/docs/current/mod/ +[Apache HTTP Server]: https://httpd.apache.org +[Apache modules]: https://httpd.apache.org/docs/current/mod/ [array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec -[certificate revocation list]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile -[certificate revocation list path]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath -[common gateway interface]: http://httpd.apache.org/docs/current/howto/cgi.html +[certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile +[certificate revocation list path]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath +[common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html [`confd_dir`]: #confd_dir [`content`]: #content -[custom error documents]: http://httpd.apache.org/docs/current/custom-error.html +[custom error documents]: https://httpd.apache.org/docs/current/custom-error.html [`custom_fragment`]: #custom_fragment [`default_mods`]: #default_mods @@ -88,53 +88,56 @@ [`dev_packages`]: #dev_packages [`directory`]: #directory [`directories`]: #parameter-directories-for-apachevhost -[`DirectoryIndex`]: http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex [`docroot`]: #docroot [`docroot_owner`]: #docroot_owner [`docroot_group`]: #docroot_group [`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot -[`EnableSendfile`]: http://httpd.apache.org/docs/current/mod/core.html#enablesendfile -[`ExpiresByType`]: http://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype +[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile [enforcing mode]: http://selinuxproject.org/page/Guide/Mode [`ensure`]: https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure +[`error_log_file`]: #error_log_file +[`error_log_syslog`]: #error_log_syslog +[`error_log_pipe`]: #error_log_pipe +[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype [exported resources]: http://docs.puppetlabs.com/latest/reference/lang_exported.md -[`ExtendedStatus`]: http://httpd.apache.org/docs/current/mod/core.html#extendedstatus +[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus [Facter]: http://docs.puppetlabs.com/facter/ [FastCGI]: http://www.fastcgi.com/ [FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource [`fallbackresource`]: #fallbackresource -[filter rules]: http://httpd.apache.org/docs/current/filter.html +[filter rules]: https://httpd.apache.org/docs/current/filter.html [`filters`]: #filters -[`ForceType`]: http://httpd.apache.org/docs/current/mod/core.html#forcetype +[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype [GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives [`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage [Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html -[`IncludeOptional`]: http://httpd.apache.org/docs/current/mod/core.html#includeoptional -[`Include`]: http://httpd.apache.org/docs/current/mod/core.html#include -[interval syntax]: http://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn +[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional +[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include +[interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn [`ip`]: #ip [`ip_based`]: #ip_based -[IP-based virtual hosts]: http://httpd.apache.org/docs/current/vhosts/ip-based.html +[IP-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/ip-based.html -[`KeepAlive`]: http://httpd.apache.org/docs/current/mod/core.html#keepalive -[`KeepAliveTimeout`]: http://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout +[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive +[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout [`keepalive` parameter]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize [`lib`]: #lib [`lib_path`]: #lib_path -[`Listen`]: http://httpd.apache.org/docs/current/bind.html +[`Listen`]: https://httpd.apache.org/docs/current/bind.html [`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog [`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile [`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat [`logroot`]: #logroot -[Log security]: http://httpd.apache.org/docs/current/logs.html#security +[Log security]: https://httpd.apache.org/docs/current/logs.html#security [`manage_docroot`]: #manage_docroot [`manage_user`]: #manage_user @@ -148,48 +151,53 @@ [`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas [`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html -[`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ +[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html [`mod_cache_disk`]: https://httpd.apache.org/docs/current/mod/mod_cache_disk.html -[`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html -[`mod_ext_filter`]: http://httpd.apache.org/docs/current/mod/mod_ext_filter.html +[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ [`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html [`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html [`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html -[`mod_negotiation`]: http://httpd.apache.org/docs/current/mod/mod_negotiation.html +[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html [`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en [`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ [`mod_php`]: http://php.net/manual/en/book.apache.php [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html -[`mod_proxy_balancer`]: http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html -[`mod_reqtimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html +[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [`mod_security`]: https://www.modsecurity.org/ -[`mod_ssl`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html -[`mod_status`]: http://httpd.apache.org/docs/current/mod/mod_status.html -[`mod_version`]: http://httpd.apache.org/docs/current/mod/mod_version.html -[`mod_wsgi`]: http://modwsgi.readthedocs.org/en/latest/ -[module contribution guide]: http://docs.puppetlabs.com/forge/contributing.html +[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html +[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html +[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html +[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ +[module contribution guide]: https://docs.puppetlabs.com/forge/contributing.html [`mpm_module`]: #mpm_module -[multi-processing module]: http://httpd.apache.org/docs/current/mpm.html +[multi-processing module]: https://httpd.apache.org/docs/current/mpm.html [name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html +[`no_proxy_uris`]: #no_proxy_uris -[open source Puppet]: http://docs.puppetlabs.com/puppet/ +[open source Puppet]: https://docs.puppetlabs.com/puppet/ [`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options [`path`]: #path -[`Peruser`]: http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr +[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr [`port`]: #port -[`priority`]: #defines-apachevhost -[`ProxyPass`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass -[`ProxySet`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset -[Puppet Enterprise]: http://docs.puppetlabs.com/pe/ -[Puppet Forge]: http://forge.puppetlabs.com -[Puppet Labs]: http://puppetlabs.com -[Puppet module]: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html +[`priority`]: #defined-types-apachevhost +[`proxy_dest`]: #proxy_dest +[`proxy_dest_match`]: #proxy_dest_match +[`proxy_pass`]: #proxy_pass +[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass +[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset +[Puppet Enterprise]: https://docs.puppetlabs.com/pe/ +[Puppet Forge]: https://forge.puppetlabs.com +[Puppet Labs]: https://puppetlabs.com +[Puppet module]: https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html [Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp [`purge_configs`]: #purge_configs [`purge_vhost_dir`]: #purge_vhost_dir @@ -198,24 +206,24 @@ [Rack]: http://rack.github.io/ [`rack_base_uris`]: #rack_base_uris [RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt -[`RequestReadTimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout +[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout [rspec-puppet]: http://rspec-puppet.com/ [`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias [`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch [`scriptalias`]: #scriptalias [SELinux]: http://selinuxproject.org/ -[`ServerAdmin`]: http://httpd.apache.org/docs/current/mod/core.html#serveradmin +[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin [`serveraliases`]: #serveraliases [`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit -[`ServerName`]: http://httpd.apache.org/docs/current/mod/core.html#servername -[`ServerRoot`]: http://httpd.apache.org/docs/current/mod/core.html#serverroot -[`ServerTokens`]: http://httpd.apache.org/docs/current/mod/core.html#servertokens -[`ServerSignature`]: http://httpd.apache.org/docs/current/mod/core.html#serversignature +[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername +[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot +[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens +[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature [Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart [`source`]: #source -[`SSLCARevocationCheck`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck -[SSL certificate key file]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile +[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile [SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile [SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html [`ssl`]: #ssl @@ -229,20 +237,20 @@ [`suphp_engine`]: #suphp_engine [supported operating system]: https://forge.puppetlabs.com/supported#puppet-supported-modules-compatibility-matrix -[`ThreadLimit`]: http://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit +[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit [`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild -[`TimeOut`]: http://httpd.apache.org/docs/current/mod/core.html#timeout +[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout [template]: http://docs.puppetlabs.com/puppet/latest/reference/lang_template.html -[`TraceEnable`]: http://httpd.apache.org/docs/current/mod/core.html#traceenable +[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable [`verify_config`]: #verify_config -[`vhost`]: #define-apachevhost +[`vhost`]: #defined-type-apachevhost [`vhost_dir`]: #vhost_dir [`virtual_docroot`]: #virtual_docroot [Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract -[`WSGIPythonPath`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonPath -[`WSGIPythonHome`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonHome +[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html +[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html #### Table of Contents @@ -256,8 +264,8 @@ 4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] - [Public classes][] - [Private classes][] - - [Public defines][] - - [Private defines][] + - [Public defined types][] + - [Private defined types][] - [Templates][] 5. [Limitations - OS compatibility, etc.][Limitations] 6. [Development - Guide for contributing to the module][Development] @@ -282,27 +290,27 @@ On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. -**Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. +> **Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. -To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to 'false'. We recommend using this only as a temporary means of saving and relocating customized configurations. +To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend using this only as a temporary means of saving and relocating customized configurations. ### Beginning with Apache To have Puppet install Apache with the default parameters, declare the [`apache`][] class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: -~~~ puppet +``` puppet class { 'apache': default_vhost => false, } -~~~ +``` ## Usage @@ -310,45 +318,45 @@ class { 'apache': The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. -**Note**: See the [`apache::vhost`][] define's reference for a list of all virtual host parameters. +> **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. -To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] define: +To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type: -~~~ puppet +``` puppet apache::vhost { 'vhost.example.com': port => '80', docroot => '/var/www/vhost', } -~~~ +``` -**Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] define applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to 'false', Apache still processes virtual hosts in alphabetical order. +> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order. To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: -~~~ puppet +``` puppet apache::vhost { 'user.example.com': port => '80', docroot => '/var/www/user', docroot_owner => 'www-data', docroot_group => 'www-data', } -~~~ +``` #### Configuring virtual hosts with SSL To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: -~~~ puppet +``` puppet apache::vhost { 'ssl.example.com': port => '443', docroot => '/var/www/ssl', ssl => true, } -~~~ +``` To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: -~~~ puppet +``` puppet apache::vhost { 'cert.example.com': port => '443', docroot => '/var/www/cert', @@ -356,11 +364,11 @@ apache::vhost { 'cert.example.com': ssl_cert => '/etc/ssl/fourth.example.com.cert', ssl_key => '/etc/ssl/fourth.example.com.key', } -~~~ +``` -To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`] defines: +To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`][] defined types: -~~~ puppet +``` puppet # The non-ssl virtual host apache::vhost { 'mix.example.com non-ssl': servername => 'mix.example.com', @@ -375,11 +383,11 @@ apache::vhost { 'mix.example.com ssl': docroot => '/var/www/mix', ssl => true, } -~~~ +``` -To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`] defines and redirect unencrypted requests to the virtual host with SSL enabled: +To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`][] defined types and redirect unencrypted requests to the virtual host with SSL enabled: -~~~ puppet +``` puppet apache::vhost { 'redirect.example.com non-ssl': servername => 'redirect.example.com', port => '80', @@ -394,33 +402,33 @@ apache::vhost { 'redirect.example.com ssl': docroot => '/var/www/redirect', ssl => true, } -~~~ +``` #### Configuring virtual host port and address bindings Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => '127.0.0.1', port => '80', docroot => '/var/www/ip', } -~~~ +``` -It is also possible to configure more than one IP address per vhost by using an array of IP addresses for the [`ip`][] parameter: +It is also possible to configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1','169.254.1.1'], port => '80', docroot => '/var/www/ip', } -~~~ +``` To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'aliases.example.com': serveraliases => [ 'aliases.example.org', @@ -429,11 +437,11 @@ apache::vhost { 'aliases.example.com': port => '80', docroot => '/var/www/aliases', } -~~~ +``` To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -441,11 +449,11 @@ apache::vhost { 'subdomain.loc': docroot => '/var/www', serveraliases => ['*.loc',], } -~~~ +``` To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': port => '80', filters => [ @@ -456,13 +464,13 @@ apache::vhost { 'subdomain.loc': ], docroot => '/var/www/html', } -~~~ +``` #### Configuring virtual hosts for apps and processors To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -478,11 +486,11 @@ apache::vhost { 'suphp.example.com': }, ], } -~~~ +``` You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -501,53 +509,53 @@ apache::vhost { 'wsgi.example.com': wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } -~~~ +``` Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'wordpress.example.com': port => '80', docroot => '/var/www/wordpress', fallbackresource => '/index.php', } -~~~ +``` -**Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. +> **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: -~~~ puppet +``` puppet apache::vhost { 'cgi.example.com': port => '80', docroot => '/var/www/cgi', scriptalias => '/usr/lib/cgi-bin', } -~~~ +``` To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'rack.example.com': port => '80', docroot => '/var/www/rack', rack_base_uris => ['/rackapp1', '/rackapp2'], } -~~~ +``` #### Configuring IP-based virtual hosts You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: -~~~ puppet +``` puppet apache::listen { '80': } apache::listen { '81': } -~~~ +``` Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'first.example.com': ip => '10.0.0.10', docroot => '/var/www/first', @@ -559,11 +567,11 @@ apache::vhost { 'second.example.com': docroot => '/var/www/second', ip_based => true, } -~~~ +``` You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: -~~~ puppet +``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': servername => 'first.example.com', ip => '10.0.0.10', @@ -580,11 +588,11 @@ apache::vhost { 'The first IP-based vhost, ssl': docroot => '/var/www/first-ssl', ssl => true, } -~~~ +``` Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): -~~~ puppet +``` puppet apache::vhost { 'second.example.com': ip => '10.0.0.20', port => '80', @@ -596,11 +604,11 @@ apache::vhost { 'third.example.com': port => '80', docroot => '/var/www/third', } -~~~ +``` -To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to 'false' to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. +To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to false to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. -~~~ puppet +``` puppet apache::vhost { 'fourth.example.com': port => '80', docroot => '/var/www/fourth', @@ -612,14 +620,14 @@ apache::vhost { 'fifth.example.com': docroot => '/var/www/fifth', add_listen => false, } -~~~ +``` ### Installing Apache modules -There's two ways to install [Apache modules][] using the Puppet apache module: +There are two ways to install [Apache modules][] using the Puppet apache module: - Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. -- Use the [`apache::mod`][] define to [install arbitrary Apache modules][Installing arbitrary modules]. +- Use the [`apache::mod`][] defined type to [install arbitrary Apache modules][Installing arbitrary modules]. #### Installing specific modules @@ -627,37 +635,37 @@ The Puppet apache module supports installing many common [Apache modules][], oft For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: -~~~ puppet +``` puppet class { 'apache::mod::ssl': } -~~~ +``` -[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to 'true': +[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to true: -~~~ puppet +``` puppet class { 'apache::mod::ssl': ssl_compression => true, } -~~~ +``` Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. #### Installing arbitrary modules -You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. +You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] defined type to install it. Unlike the specific-module classes, the [`apache::mod`][] defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. -For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: +For example, to install the [`mod_authnz_external`][] Apache module, declare the defined type with the 'mod_authnz_external' name: -~~~ puppet +``` puppet apache::mod { 'mod_authnz_external': } -~~~ +``` -There's several optional parameters you can specify when defining Apache modules this way. See the [define's reference][`apache::mod`] for details. +There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details. ### Configuring FastCGI servers to handle PHP files -Add the [`apache::fastcgi::server`][] define to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: +Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -666,69 +674,69 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` -You can then use the [`custom_fragment`] parameter to configure the virtual host to have the FastCGI server handle the specified file type: +You can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type: -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ### Load balancing examples -Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defines. +Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types. -To enable load balancing with [exported resources][], export the [`apache::balancermember`][] define from the load balancer member server: +To enable load balancing with [exported resources][], export the [`apache::balancermember`][] defined type from the load balancer member server: -~~~ puppet +``` puppet @@apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } -~~~ +``` Then, on the proxy server, create the load balancing group: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } -~~~ +``` To enable load balancing without exporting resources, declare the following on the proxy server: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009", - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], - } -~~~ + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +``` -Then declare the `apache::balancer` and `apache::balancermember` defines on the proxy server. +Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server. -If you need to use the [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: +If you need to use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: -~~~ puppet +``` puppet apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', }, } -~~~ +``` ## Reference -- [**Public Classes**](#public-classes) +- [**Public classes**](#public-classes) - [Class: apache](#class-apache) - [Class: apache::dev](#class-apachedev) - [Classes: apache::mod::*](#classes-apachemodname) -- [**Private Classes**](#private-classes) +- [**Private classes**](#private-classes) - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) - [Class: apache::default_confd_files](#class-apachedefault_confd_files) - [Class: apache::default_mods](#class-apachedefault_mods) @@ -736,21 +744,21 @@ apache::balancer { 'puppet01': - [Class: apache::params](#class-apacheparams) - [Class: apache::service](#class-apacheservice) - [Class: apache::version](#class-apacheversion) -- [**Public Defines**](#public-defines) - - [Define: apache::balancer](#define-apachebalancer) - - [Define: apache::balancermember](#define-apachebalancermember) - - [Define: apache::custom_config](#define-apachecustom_config) - - [Define: apache::fastcgi::server](#define-fastcgi-server) - - [Define: apache::listen](#define-apachelisten) - - [Define: apache::mod](#define-apachemod) - - [Define: apache::namevirtualhost](#define-apachenamevirtualhost) - - [Define: apache::vhost](#define-apachevhost) - - [Define: apache::vhost::custom](#define-apachevhostcustom) -- [**Private Defines**](#private-defines) - - [Define: apache::default_mods::load](#define-default_mods-load) - - [Define: apache::peruser::multiplexer](#define-apacheperusermultiplexer) - - [Define: apache::peruser::processor](#define-apacheperuserprocessor) - - [Define: apache::security::file_link](#define-apachesecurityfile_link) +- [**Public defined types**](#public-defined-types) + - [Defined type: apache::balancer](#defined-type-apachebalancer) + - [Defined type: apache::balancermember](#defined-type-apachebalancermember) + - [Defined type: apache::custom_config](#defined-type-apachecustom_config) + - [Defined type: apache::fastcgi::server](#defined-type-fastcgi-server) + - [Defined type: apache::listen](#defined-type-apachelisten) + - [Defined type: apache::mod](#defined-type-apachemod) + - [Defined type: apache::namevirtualhost](#defined-type-apachenamevirtualhost) + - [Defined type: apache::vhost](#defined-type-apachevhost) + - [Defined type: apache::vhost::custom](#defined-type-apachevhostcustom) +- [**Private defined types**](#private-defined-types) + - [Defined type: apache::default_mods::load](#defined-type-default_mods-load) + - [Defined type: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) + - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor) + - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link) - [**Templates**](#templates) ### Public Classes @@ -769,17 +777,17 @@ When this class is declared with the default options, Puppet: You can simply declare the default `apache` class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` -You can establish a default virtual host in this class, by using the [`apache::vhost`][] define, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] define. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. +You can establish a default virtual host in this class, by using the [`apache::vhost`][] defined type, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. **Parameters within `apache`:** ##### `allow_encoded_slashes` -Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: 'undef', which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: undef, which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. ##### `apache_version` @@ -809,25 +817,25 @@ Sets the location of the Apache server's custom configuration directory. Default ##### `default_charset` -Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: 'undef'. +Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: undef. ##### `default_confd_files` -Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: 'true'. +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: true. ##### `default_mods` -Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: 'true', 'false', or an array of Apache module names. Default: 'true'. +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: true, false, or an array of Apache module names. Default: true. -If this parameter's value is 'false', Puppet only includes the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] define. +If this parameter's value is false, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. -If 'true', Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. +If true, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. If this parameter contains an array, Puppet instead enables all passed Apache modules. ##### `default_ssl_ca` -Sets the default certificate authority for the Apache server. Default: 'undef'. +Sets the default certificate authority for the Apache server. Default: undef. While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. @@ -844,25 +852,25 @@ While the default value results in a functioning Apache server, you **must** upd ##### `default_ssl_chain` -Sets the default [SSL chain][] location. Default: 'undef'. +Sets the default [SSL chain][] location. Default: undef. While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. ##### `default_ssl_crl` -Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: 'undef'. +Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: undef. While this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. ##### `default_ssl_crl_path` -Sets the server's [certificate revocation list path][], which contains your CRLs. Default: 'undef'. +Sets the server's [certificate revocation list path][], which contains your CRLs. Default: undef. While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. ##### `default_ssl_crl_check` -Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: 'undef'. +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: undef. While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. @@ -881,11 +889,11 @@ While these default values result in a functioning Apache server, you **must** u ##### `default_ssl_vhost` -Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: 'false'. +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: false. -If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: +If true, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: -~~~ puppet +``` puppet apache::vhost { 'default-ssl': port => 443, ssl => true, @@ -894,33 +902,39 @@ apache::vhost { 'default-ssl': serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } -~~~ +``` -**Note**: SSL virtual hosts only respond to HTTPS queries. +> **Note**: SSL virtual hosts only respond to HTTPS queries. ##### `default_type` -_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: 'undef'. +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: undef. ##### `default_vhost` -Configures a default virtual host when the class is declared. Valid options: Boolean. Default: 'true'. +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: true. -To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to 'false'. +To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to false. ##### `dev_packages` -Configures a specific dev package to use. Valid options: String. Default: 'OS default httpd dev package'. +Configures a specific dev package to use. Valid options: A string or array of strings. Default: Depends on the operating system. + +- **Red Hat:** 'httpd-devel' +- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] +- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] +- **FreeBSD, Gentoo:** undef +- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] Example for using httpd 2.4 from the IUS yum repo: -~~~ puppet +``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } -~~~ +``` ##### `docroot` @@ -933,15 +947,15 @@ Sets the default [`DocumentRoot`][] location. Default: Determined by your operat ##### `error_documents` -Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: 'false'. +Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: false. ##### `group` Sets the group ID that owns any Apache processes spawned to answer requests. -By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to 'false'. +By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to false. -**Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. +> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. ##### `httpd_dir` @@ -976,7 +990,7 @@ Specifies the location where [Apache module][Apache modules] files are stored. D - **FreeBSD**: `/usr/local/libexec/apache24` - **Red Hat**: `modules` -**Note**: Do not configure this parameter manually without special reason. +> **Note**: Do not configure this parameter manually without special reason. ##### `loadfile_name` @@ -990,21 +1004,21 @@ Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'eme ##### `log_formats` -Define additional [`LogFormat`][] directives. Valid options: A [Hash][], such as: +Define additional [`LogFormat`][] directives. Valid options: A [hash][], such as: -~~~ puppet +``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -~~~ +``` There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: -~~~ httpd +``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -~~~ +``` If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. @@ -1019,19 +1033,19 @@ Changes the directory of Apache log files for the virtual host. Default: Determi ##### `logroot_mode` -Overrides the default [`logroot`][] directory's mode. Default: 'undef'. +Overrides the default [`logroot`][] directory's mode. Default: undef. -**Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. +> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. ##### `manage_group` -When 'false', stops Puppet from creating the group resource. Valid options: Boolean. Default: 'true'. +When false, stops Puppet from creating the group resource. Valid options: Boolean. Default: true. -If you have a group created from another Puppet module that you want to use to run Apache, set this to 'false'. Without this parameter, attempting to use a previously established group results in a duplicate resource error. +If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error. ##### `manage_user` -When 'false', stops Puppet from creating the user resource. Valid options: Boolean. Default: 'true'. +When false, stops Puppet from creating the user resource. Valid options: Boolean. Default: true. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. @@ -1046,12 +1060,12 @@ Sets where Puppet places configuration files for your [Apache modules][]. Defaul ##### `mpm_module` -Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Default: Determined by your operating system. +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or false. Default: Determined by your operating system. -- **Debian**: `worker` -- **FreeBSD, Gentoo, and Red Hat**: `prefork` +- **Debian**: 'worker' +- **FreeBSD, Gentoo, and Red Hat**: 'prefork' -You must set this to 'false' to explicitly declare the following classes with custom parameters: +You must set this to false to explicitly declare the following classes with custom parameters: - [`apache::mod::event`][] - [`apache::mod::itk`][] @@ -1059,7 +1073,7 @@ You must set this to 'false' to explicitly declare the following classes with cu - [`apache::mod::prefork`][] - [`apache::mod::worker`][] -**Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. +> **Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. ##### `package_ensure` @@ -1067,27 +1081,31 @@ Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent ##### `pidfile` -Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Defaults to 'run/httpd.pid' on RedHat, '/var/run/httpd.pid on FreeBSD and '\${APACHE_PID_FILE}' on Debian. +Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Default: Depends on operating system. + +- **Debian:** '\${APACHE_PID_FILE}' +- **FreeBSD:** '/var/run/httpd.pid' +- **Red Hat:** 'run/httpd.pid' ##### `ports_file` -Sets the path to the file containing Apache ports configuration. Default: `{$conf_dir}/ports.conf`. +Sets the path to the file containing Apache ports configuration. Default: '{$conf_dir}/ports.conf'. ##### `purge_configs` -Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: true. -Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. +Setting this to false is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. ##### `purge_vhost_dir` -If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Default: same as [`purge_configs`][]. +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Valid options: Boolean. Default: same as [`purge_configs`][]. -Setting `purge_vhost_dir` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. +Setting `purge_vhost_dir` to false is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. ##### `rewrite_lock` -Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your vhost. Default: 'undef'. +Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. Default: undef. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. @@ -1120,11 +1138,11 @@ Configures a trailing footer line to display at the bottom of server-generated d ##### `server_tokens` -Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Defaults to 'OS'. +Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Default: 'OS'. ##### `service_enable` -Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: 'true'. +Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: true. ##### `service_ensure` @@ -1136,21 +1154,21 @@ The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` para Sets the name of the Apache service. Default: determined by your operating system. -- **Debian and Gentoo**: `apache2` -- **FreeBSD**: `apache22` -- **Red Hat**: `httpd` +- **Debian and Gentoo**: 'apache2' +- **FreeBSD**: 'apache22' +- **Red Hat**: 'httpd' ##### `service_manage` -Determines whether Puppet manages the HTTPD service's state. Default: 'true'. +Determines whether Puppet manages the HTTPD service's state. Valid options: Boolean. Default: true. ##### `service_restart` -Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: 'undef', which uses the [default Puppet behavior][Service attribute restart]. +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: undef, which uses the [default Puppet behavior][Service attribute restart]. ##### `timeout` -Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Defaults to 120. +Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. ##### `trace_enable` @@ -1158,11 +1176,11 @@ Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceE ##### `use_systemd` -Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom built rpms. This can either be 'true' or 'false, defaults to 'true'. +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Valid options: Boolean. Default: true. ##### `file_mode` -The desired permissions mode for config files, in symbolic or numeric notation. This value must be a string. Defaults to '0644'. +Sets the desired permissions mode for config files, in symbolic or numeric notation. Valid options: A string. Default: '0644'. ##### `vhost_dir` @@ -1175,13 +1193,11 @@ Changes your virtual host configuration files' location. Default: determined by ##### `vhost_include_pattern` -Defines the pattern for files included from the `vhost_dir`. This defaults to '*', also for BC with previous versions of this module. +Defines the pattern for files included from the `vhost_dir`. Default: '*', also for BC with previous versions of this module. -However, you may want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (from version -control systems, editor backups or the like) are *not* included in your server configuration. +However, you might want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. -A value of '*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending -in '.conf'. +Some operating systems ship with a value of '*.conf'. Also note that this module will, by default, create configuration files ending in '.conf'. ##### `user` @@ -1193,7 +1209,7 @@ Default: Puppet sets the default value via the [`apache::params`][] class, which - **FreeBSD**: 'www' - **Gentoo** and **Red Hat**: 'apache' -To prevent Puppet from managing the user, set the [`manage_user`][] parameter to 'false'. +To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false. ##### `apache_name` @@ -1219,19 +1235,19 @@ The default value is determined by your operating system: - **Gentoo**: 'undef' - **Red Hat**: 'httpd-devel' -**Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. +> **Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. #### Classes: `apache::mod::` Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': -~~~ puppet +``` puppet class { 'apache::mod::alias': icons_options => 'None', } -~~~ +``` -The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. +The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] defined type. * `actions` * `alias` (see [`apache::mod::alias`][]) @@ -1328,11 +1344,11 @@ Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk` You can specify the cache root by passing a path as a string to the `cache_root` parameter. -~~~ puppet +``` puppet class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } -~~~ +``` ##### Class: `apache::mod::event` @@ -1357,18 +1373,18 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe **Parameters within `apache::mod::auth_cas`**: -- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: 'undef'. -- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: 'undef'. -- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: 'undef'. -- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: 'undef'. -- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: 'undef'. -- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: 'undef'. +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: undef. +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: undef. +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: undef. +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: undef. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: undef. +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: undef. - `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. -- `cas_idle_timeout`: Default: 'undef'. +- `cas_idle_timeout`: Default: undef. - `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. -- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: 'undef'. -- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: 'undef'. -- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: 'undef'. +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: undef. +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: undef. +- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: undef. - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. @@ -1376,21 +1392,21 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. -~~~ puppet +``` puppet class{ 'apache::mod::auth_mellon': mellon_cache_size => 101, } -~~~ +``` **Parameters within `apache::mod::auth_mellon`**: -- `mellon_cache_entry_size`: Maximum size for a single session. Default: 'undef'. +- `mellon_cache_entry_size`: Maximum size for a single session. Default: undef. - `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. - `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. - `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' -- `mellon_post_ttl`: Time to keep post requests. Default: 'undef'. -- `mellon_post_size`: Maximum size of post requests. Default: 'undef'. -- `mellon_post_count`: Maximum number of post requests. Default: 'undef'. +- `mellon_post_ttl`: Time to keep post requests. Default: undef. +- `mellon_post_size`: Maximum size of post requests. Default: undef. +- `mellon_post_count`: Maximum number of post requests. Default: undef. ##### Class: `apache::mod::deflate` @@ -1407,7 +1423,7 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate **Parameters within `apache::mod::expires`**: -- `expires_active`: Enables generation of `Expires` headers for a document realm. Default: 'true'. +- `expires_active`: Enables generation of `Expires` headers for a document realm. Valid options: Boolean. Default: true. - `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. - `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. @@ -1415,14 +1431,14 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Installs and configures [`mod_ext_filter`][]. -~~~ puppet +``` puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } -~~~ +``` **Parameters within `apache::mod::ext_filter`**: @@ -1434,7 +1450,7 @@ Installs and configures [`mod_fcgid`][]. The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: -~~~ puppet +``` puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', @@ -1442,13 +1458,13 @@ class { 'apache::mod::fcgid': 'AddHandler' => 'fcgid-script .fcgi', }, } -~~~ +``` For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. -~~~ puppet +``` puppet include apache::mod::fcgid apache::vhost { 'example.org': @@ -1460,7 +1476,7 @@ apache::vhost { 'example.org': } }, } -~~~ +``` ##### Class: `apache::mod::geoip` @@ -1469,13 +1485,13 @@ Installs and manages [`mod_geoip`][]. **Parameters within `apache::mod::geoip`**: - `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. -- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: 'false'. +- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: false. - `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. - `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. -- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: 'undef'. -- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: 'undef'. -- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: 'undef'. -- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: 'undef'. +- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: undef. +- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: undef. +- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: undef. +- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: undef. ##### Class: `apache::mod::info` @@ -1483,38 +1499,38 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of **Parameters within `apache::mod::info`**: -- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1'] -- `apache_version`: Default: `$::apache::apache_version`, -- `restrict_access`: Determines whether to enable access restrictions. If 'false', the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: 'true'. +- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1']. +- `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. +- `restrict_access`: Determines whether to enable access restrictions. If false, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: true. ##### Class: `apache::mod::passenger` Installs and manages [`mod_passenger`][]. **Parameters within `apache::mod::passenger`**: -- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: on, off. Default: undef. -- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef + +- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: 'on', 'off'. Default: undef. +- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef. - `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. - `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: undef. - `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. -- ... ##### Class: `apache::mod::ldap` -Installs and configures [`mod_ldap`][]. Allows you to modify the -[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/2.2/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: +Installs and configures [`mod_ldap`][], and allows you to modify the +[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: -~~~puppet +``` puppet class { 'apache::mod::ldap': - ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt' + ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', } -~~~ +``` **Parameters within `apache::mod::ldap`:** - `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. -- `ldap_trusted_global_cert_type`: The global trust certificate format. Defaults to 'CA_BASE64'. +- `ldap_trusted_global_cert_type`: The global trust certificate format. Default: 'CA_BASE64'. ##### Class: `apache::mod::negotiation` @@ -1527,7 +1543,7 @@ Installs and configures [`mod_negotiation`][]. ##### Class: `apache::mod::pagespeed` -Installs and manages [`mod_pagespeed`], a Google module that rewrites web pages to reduce latency and bandwidth. +Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth. While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. @@ -1565,7 +1581,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d - `allow_pagespeed_console`: Default: []. - `allow_pagespeed_message`: Default: []. - `message_buffer_size`: Default: 100000. -- `additional_configuration`: Default: { }. A hash of directive/value pairs or an array of lines to insert at the end of the pagespeed configuration. +- `additional_configuration`: A hash of directive-value pairs or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. @@ -1579,7 +1595,7 @@ Default values depend on your operating system. > **Note**: This list is incomplete. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. -- `package_name`: Names the package that installs `php_mod`. +- `package_name`: Names the package that installs `mod_php`. - `path`: Defines the path to the `mod_php` shared object (`.so`) file. - `source`: Defines the path to the default configuration. Valid options include a `puppet:///` path. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. @@ -1606,17 +1622,17 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t **Parameters within `apache::mod::ssl`**: - `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. -- `ssl_compression`: Default: 'false'. +- `ssl_compression`: Default: false. - `ssl_cryptodevice`: Default: 'builtin'. - `ssl_honorcipherorder`: Default: 'On'. -- `ssl_openssl_conf_cmd`: Default: 'undef'. +- `ssl_openssl_conf_cmd`: Default: undef. - `ssl_options`: Default: [ 'StdEnvVars' ] - `ssl_pass_phrase_dialog`: Default: 'builtin'. - `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. -- `ssl_random_seed_bytes`: Default: '512'. -- `ssl_sessioncachetimeout`: Default: '300'. +- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. +- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. -To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to 'true' **o**r the [`ssl`][] parameter in [`apache::vhost`][] to 'true'. +To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to true **or** the [`ssl`][] parameter in [`apache::vhost`][] to true. ##### Class: `apache::mod::status` @@ -1696,13 +1712,13 @@ Manages the Apache daemon. Attempts to automatically detect the Apache version based on the operating system. -### Public Defines +### Public defined types -#### Define: `apache::balancer` +#### Defined type: `apache::balancer` Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] define. -Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defines for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. +Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. **Parameters within `apache::balancer`**: @@ -1712,19 +1728,19 @@ Sets the title of the balancer cluster and name of the `conf.d` file containing ##### `proxy_set` -Configures key-value pairs as [`ProxySet`][] lines. Valid options: [Hash][]. Default: '{}'. +Configures key-value pairs as [`ProxySet`][] lines. Valid options: a [hash][]. Default: '{}'. ##### `collect_exported` -Determines whether to use [exported resources][]. Valid options: Boolean. Default: 'true'. +Determines whether to use [exported resources][]. Valid options: Boolean. Default: true. -If you statically declare all of your backend servers, set this parameter to 'false' to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. +If you statically declare all of your backend servers, set this parameter to false to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. -To dynamically declare backend servers via exported resources collected on a central node, set this parameter to 'true' to collect the balancer member resources exported by the balancer member nodes. +To dynamically declare backend servers via exported resources collected on a central node, set this parameter to true to collect the balancer member resources exported by the balancer member nodes. If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. -#### Define: `apache::balancermember` +#### Defined type: `apache::balancermember` Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. @@ -1740,11 +1756,11 @@ Specifies the URL used to contact the balancer member server. Default: 'http:// ##### `options` -Specifies an [array][] of [options](http://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. +Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. -#### Define: `apache::custom_config` +#### Defined type: `apache::custom_config` -Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this define's `$verify_config` parameter is 'true', Puppet throws an error during a Puppet run. +Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is true, Puppet throws an error during a Puppet run. **Parameters within `apache::custom_config`**: @@ -1754,7 +1770,7 @@ Specifies whether the configuration file should be present. Valid options: 'abse ##### `confdir` -Sets the directory in which Puppet places configuration files. Default: '$::apache::confd_dir'. +Sets the directory in which Puppet places configuration files. Default: the value of [`$::apache::confd_dir`][`confd_dir`]. ##### `content` @@ -1762,13 +1778,13 @@ Sets the configuration file's content. The `content` and [`source`][] parameters ##### `filename` -Sets the name of the file under `confdir` in which Puppet stores the configuration. The default behavior is to generate the file name from the `priority` parameter and the resource name. +Sets the name of the file under `confdir` in which Puppet stores the configuration. The default behavior is to generate the filename from the `priority` parameter and the resource name. ##### `priority` -Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. Default: '25'. -To omit the priority prefix in the configuration file's name, set this parameter to `false`. +To omit the priority prefix in the configuration file's name, set this parameter to false. ##### `source` @@ -1782,11 +1798,11 @@ This parameter is only used if the [`verify_config`][] parameter's value is 'tru ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: true. -#### Define: `apache::fastcgi::server` +#### Defined type: `apache::fastcgi::server` -Defines one or more external FastCGI servers to handle specific file types. Use this define with [`mod_fastcgi`][FastCGI]. +Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI]. **Parameters within `apache::fastcgi::server`:** @@ -1814,11 +1830,11 @@ Internally links actions with the FastCGI server. This alias must be unique. Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. -#### Define: `apache::listen` +#### Defined type: `apache::listen` -Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '', ':', or ':'. +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form '', ':', or ':'. -#### Define: `apache::mod` +#### Defined type: `apache::mod` Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. @@ -1844,39 +1860,41 @@ Don't manually set this parameter without special reason. The [`path`][] paramet ##### `loadfile_name` -Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: `$name.load`. +Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: the resource's name followed by 'load', as in '$name.load'. ##### `loadfiles` -Specifies an [array][] of [`LoadFile`][] directives. +Specifies an array of [`LoadFile`][] directives. Default: undef. ##### `path` -Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. Don't manually set this parameter without special reason. +Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. -#### Define: `apache::namevirtualhost` +> **Note:** Don't manually set this parameter without a specific reason. + +#### Defined type: `apache::namevirtualhost` Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. -#### Define: `apache::vhost` +#### Defined type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. -The `apache::vhost` define allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. +The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. -The `apache::vhost` define uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the define doesn't inherently support, add a custom fragment. +The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment. -For the custom fragment's `order` parameter, the `apache::vhost` define uses multiples of 10, so any `order` that isn't a multiple of 10 should work. +For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work. **Parameters within `apache::vhost`**: ##### `access_log` -Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: 'true'. +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: true. ##### `access_log_env_var` -Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. +Specifies that only requests with particular environment variables be logged. Default: undef. ##### `access_log_file` @@ -1888,11 +1906,11 @@ Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted str ##### `access_log_pipe` -Specifies a pipe where Apache sends access log messages. Default: 'undef'. +Specifies a pipe where Apache sends access log messages. Default: undef. ##### `access_log_syslog` -Sends all access log messages to syslog. Default: 'undef'. +Sends all access log messages to syslog. Default: undef. ##### `add_default_charset` @@ -1900,13 +1918,13 @@ Sets a default media charset value for the [`AddDefaultCharset`][] directive, wh ##### `add_listen` -Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: 'true'. +Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: true. -Setting `add_listen` to 'false' prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. +Setting `add_listen` to false prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. ##### `use_optional_includes` -Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: 'false'. +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: false. ##### `additional_includes` @@ -1914,11 +1932,11 @@ Specifies paths to additional static, virtual host-specific Apache configuration ##### `aliases` -Passes a list of [Hashes][Hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. +Passes a list of [hashes][hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. For example: -~~~ puppet +``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', @@ -1936,11 +1954,11 @@ aliases => [ path => '/usr/share/nagios/html', }, ], -~~~ +``` For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. -**Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. +> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'true', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. @@ -1954,11 +1972,11 @@ Specifies the list of things to which Apache blocks access. Valid option: 'scm', ##### `custom_fragment` -Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: 'undef'. +Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: undef. ##### `default_vhost` -Sets a given `apache::vhost` define as the default to serve requests that do not match any other `apache::vhost` defines. Default: 'false'. +Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default: false. ##### `directories` @@ -1966,97 +1984,105 @@ See the [`directories`](#parameter-directories-for-apachevhost) section. ##### `directoryindex` -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: 'undef'. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: undef. ##### `docroot` **Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. -If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. +If `docroot` and [`manage_docroot`][] are both set to false, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. ##### `docroot_group` -Sets group access to the [`docroot`][] directory. Defaults to 'root'. +Sets group access to the [`docroot`][] directory. Valid options: A string representing a system group. Default: 'root'. ##### `docroot_owner` -Sets individual user access to the docroot directory. Defaults to 'root'. +Sets individual user access to the [`docroot`][] directory. Valid options: A string representing a user account. Default: 'root'. ##### `docroot_mode` -Sets access permissions of the docroot directory. Defaults to 'undef'. +Sets access permissions for the [`docroot`][] directory, in numeric notation. Valid options: A string. Default: undef. ##### `manage_docroot` -Whether to manage to docroot directory at all. Defaults to 'true'. +Determines whether Puppet manages the [`docroot`][] directory. Valid options: Boolean. Default: true. ##### `error_log` -Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. +Specifies whether `*_error.log` directives should be configured. Valid options: Boolean. Default: true. ##### `error_log_file` -Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. +Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in [`error_log_pipe`][], then [`error_log_syslog`][]. + +If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. ##### `error_log_pipe` -Specifies a pipe to send error log messages to. Defaults to 'undef'. +Specifies a pipe to send error log messages to. Default: undef. + +This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][]. ##### `error_log_syslog` -Sends all error log messages to syslog. Defaults to 'undef'. +Determines whether to send all error log messages to syslog. Valid options: Boolean. Default: undef. + +This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. ##### `error_documents` -A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host. Default: '[]'. -~~~ puppet - apache::vhost { 'sample.example.net': - error_documents => [ - { 'error_code' => '503', 'document' => '/service-unavail' }, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, - ], - } -~~~ +An example: + +``` puppet +apache::vhost { 'sample.example.net': + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, + ], +} +``` ##### `ensure` -Specifies if the vhost file is present or absent. Defaults to 'present'. +Specifies if the virtual host is present or absent. Valid options: 'absent', 'present'. Default: 'present'. ##### `fallbackresource` -Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'. +Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: undef. ##### `filters` -[Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. +[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. -~~~ puppet - apache::vhost { "$::fqdn": - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - } -~~~ +``` puppet +apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], +} +``` ##### `force_type` -Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with the specified [MIME `content-type`][]. +Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value. ##### `headers` -Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. +Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or undef. Default: undef. ##### `ip` -Sets the IP address the vhost listens on. Defaults to listen on all IPs. +Sets the IP address the virtual host listens on. Valid options: Strings. Default: undef, which uses Apache's default behavior of listening on all IPs. ##### `ip_based` -Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. +Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default: false. ##### `itk` @@ -2072,7 +2098,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { @@ -2080,15 +2106,15 @@ apache::vhost { 'sample.example.net': group => 'somegroup', }, } -~~~ +``` ##### `auth_kerb` -Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid values are 'true' or 'false'. Defaults to 'false'. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: false. Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': auth_kerb => true, krb_method_negotiate => 'on', @@ -2101,24 +2127,24 @@ apache::vhost { 'sample.example.net': auth_require => 'valid-user', }, } -~~~ +``` Related parameters follow the names of `mod_auth_kerb` directives: - `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. - `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. - `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. -- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: `[]`. +- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: '[]'. - `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. - `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. ##### `krb_verify_kdc` -This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default is 'on' +This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default: 'on'. ##### `krb_servicename` -Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default is 'HTTP' +Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default: 'HTTP'. ##### `krb_save_credentials` @@ -2126,20 +2152,19 @@ This option enables credential saving functionality. Default is 'off' ##### `logroot` -Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. +Specifies the location of the virtual host's logfiles. Default: '/var/log//'. ##### `$logroot_ensure` -Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'. +Determines whether or not to remove the logroot directory for a virtual host. Valid options: 'directory', 'absent'. ##### `logroot_mode` -Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored -in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. +Overrides the mode the logroot directory is set to. Default: undef. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). ##### `log_level` -Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. +Specifies the verbosity of the error log. Valid options: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. Default: 'warn' for the global server configuration, which can be overridden on a per-virtual host basis. ###### `modsec_body_limit` @@ -2147,27 +2172,27 @@ Configures the maximum request body size (in bytes) ModSecurity will accept for ###### `modsec_disable_vhost` -Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. +Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. Valid options: Boolean. Default: undef. ###### `modsec_disable_ids` -Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. +Array of mod_security IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location. -~~~ puppet - apache::vhost { 'sample.example.net': - modsec_disable_ids => [ 90015, 90016 ], - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], +} +``` -~~~ puppet - apache::vhost { 'sample.example.net': - modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, +} +``` ###### `modsec_disable_ips` -Array of IPs to exclude from mod_security rule matching +Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: undef. ##### `no_proxy_uris` @@ -2175,34 +2200,34 @@ Specifies URLs you do not want to proxy. This parameter is meant to be used in c ##### `no_proxy_uris_match` -This directive is equivalent to `no_proxy_uris`, but takes regular expressions. +This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions. ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: 'false'. +Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: false. -Setting this parameter to 'true' enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. 'false' sets this option to 'Off'. +Setting this parameter to true enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to false sets this directive to 'Off'. ##### `proxy_error_override` -Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. +Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: false. ##### `options` Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: -~~~ puppet - apache::vhost { 'site.name.fdqn': - … - options => ['Indexes','FollowSymLinks','MultiViews'], - } -~~~ +``` puppet +apache::vhost { 'site.name.fdqn': + … + options => ['Indexes','FollowSymLinks','MultiViews'], +} +``` -**Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. +> **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. ##### `override` -Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. +Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Default: '[none]'. ##### `passenger_app_root` @@ -2214,11 +2239,11 @@ Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/re ##### `passenger_log_file` -By default Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can have those messages logged to a different file instead. n.b.: This option is only available since Passenger 5.0.5 +By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5. ##### `passenger_ruby` -Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby) on this virtual host, the Ruby interpreter to use for the application. +Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host. ##### `passenger_min_instances` @@ -2234,35 +2259,35 @@ Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/ ##### `php_flags & values` -Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'. +Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. ##### `php_admin_flags & values` -Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'. +Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default: '{}'. ##### `port` -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter. ##### `priority` -Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. +Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Default: '25'. -If nothing matches the priority, the first name-based vhost is used. Likewise, passing a higher priority causes the alphabetically first name-based vhost to be used if no other names match. +If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match. -*Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. +> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. -Pass priority `false` to omit the priority prefix in file names. +To omit the priority prefix in file names, pass a priority of false. ##### `proxy_dest` -Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. ##### `proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters and location options can be added as an array. +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. Parameters and location options can optionally be added as an array. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ @@ -2283,78 +2308,78 @@ apache::vhost { 'site.name.fdqn': 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, ], } -~~~ +``` -`reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. -`reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath and/or ProxyPassReverseCookieDomain. -`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). -`setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings +* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Valid options: an array or string. +* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. +* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. +* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Valid options: array. ##### `proxy_dest_match` -This directive is equivalent to proxy_dest, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. +This directive is equivalent to [`proxy_dest`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. ##### `proxy_dest_reverse_match` -Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. +Allows you to pass a ProxyPassReverse if [`proxy_dest_match`][] is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. ##### `proxy_pass_match` -This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. +This directive is equivalent to [`proxy_pass`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. ##### `rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Default: undef. #####`passenger_base_uris` -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Defaults to 'undef'. +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Default: undef. ##### `redirect_dest` -Specifies the address to redirect to. Defaults to 'undef'. +Specifies the address to redirect to. Default: undef. ##### `redirect_source` Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } -~~~ +``` ##### `redirect_status` -Specifies the status to append to the redirect. Defaults to 'undef'. +Specifies the status to append to the redirect. Default: undef. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } -~~~ +``` ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` -Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Default: undef. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } -~~~ +``` ##### `request_headers` -Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. +Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Default: undef. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … request_headers => [ @@ -2362,23 +2387,23 @@ apache::vhost { 'site.name.fdqn': 'unset MirrorID', ], } -~~~ +``` ##### `rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Default: undef. For example, you can specify that anyone trying to access index.html is served welcome.html -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } -~~~ +``` The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2389,11 +2414,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2404,11 +2429,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` Multiple rewrites and conditions are also possible -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2433,21 +2458,21 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` -Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. +Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions. ##### `scriptalias` -Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for example: '/usr/scripts'. Defaults to 'undef'. +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: undef. ##### `scriptaliases` -**Note**: This parameter is deprecated in favor of the `aliases` parameter. +> **Note**: This parameter is deprecated in favor of the `aliases` parameter. -Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). +Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation][`mod_alias`]. -~~~ puppet +``` puppet scriptaliases => [ { alias => '/myscript', @@ -2466,100 +2491,93 @@ scriptaliases => [ path => '/usr/share/neatscript', }, ] -~~~ +``` The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. ##### `serveradmin` -Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'. +Specifies the email address Apache displays when it renders one of its error pages. Default: undef. ##### `serveraliases` -Sets the [ServerAliases](http://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Defaults to '[]'. +Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Default: '[]'. ##### `servername` -Sets the servername corresponding to the hostname you connect to the virtual host at. Defaults to the title of the resource. +Sets the servername corresponding to the hostname you connect to the virtual host at. Default: the title of the resource. ##### `setenv` -Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. +Used by HTTPD to set environment variables for virtual hosts. Default: '[]'. Example: -~~~ puppet +``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } -~~~ +``` ##### `setenvif` -Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. +Used by HTTPD to conditionally set environment variables for virtual hosts. Default: '[]'. ##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). - -`suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. +Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). -`suphp_configpath` defaults to 'undef' on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. +* `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. +* `suphp_configpath`. Default: undef on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. +* `suphp_engine`. Valid options: 'on' or 'off'. Default: 'off'. -`suphp_engine` allows values 'on' or 'off'. Defaults to 'off' +An example virtual host configuration with suPHP: -To set up a virtual host with suPHP - -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } -~~~ +``` ##### `vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. Default: '*'. ##### `virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Default: false. -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot' => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], } -~~~ +``` ##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` -Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). +Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). -`wsgi_daemon_process` sets the name of the WSGI daemon. It is a hash, accepting [these keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html), and it defaults to 'undef'. +* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: undef. +* `wsgi_daemon_process_options`. _Optional._ Default: undef. +* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: undef. +* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: undef. +* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: undef, leading Apache to use its default value of 'Off'. +* `wsgi_chunked_request`: Enables support for chunked requests. Default: undef. -`wsgi_daemon_process_options` is optional and defaults to 'undef'. +An example virtual host configuration with WSGI: -`wsgi_process_group` sets the group ID the virtual host runs under. Defaults to 'undef'. - -`wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. - -`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache sets the defaults setting to 'Off'. - -`wsgi_chunked_request` enables support for chunked requests. Defaults to 'undef'. - -To set up a virtual host with WSGI - -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -2573,19 +2591,19 @@ apache::vhost { 'wsgi.example.com': wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } -~~~ +``` #### Parameter `directories` for `apache::vhost` -The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. +The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid options: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. -General `directories` usage looks something like +An example use of `directories`: -~~~ puppet +``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ @@ -2595,26 +2613,28 @@ apache::vhost { 'files.example.net': }, ], } -~~~ +``` -*Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. +> **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. -Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like +Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } -~~~ +``` Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: ###### `addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`. + +An example: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2623,13 +2643,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow` -Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. +Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2638,13 +2658,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow_override` -Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. +Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2653,7 +2673,7 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `auth_basic_authoritative` @@ -2661,35 +2681,35 @@ Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/curren ###### `auth_basic_fake` -Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. +Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. ###### `auth_basic_provider` -Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. +Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. ###### `auth_digest_algorithm` -Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. +Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. ###### `auth_digest_domain` -Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. +Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. ###### `auth_digest_nonce_lifetime` -Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. +Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. ###### `auth_digest_provider` -Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. +Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. ###### `auth_digest_qop` -Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. +Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. ###### `auth_digest_shmem_size` -Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. +Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. ###### `auth_group_file` @@ -2697,67 +2717,67 @@ Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod ###### `auth_name` -Sets the value for [AuthName](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. +Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. ###### `auth_require` -Sets the entity name you're requiring to allow access. Read more about [Require](http://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). +Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). ###### `auth_type` -Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. +Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. ###### `auth_user_file` -Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. +Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. ###### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. -~~~ puppet - apache::vhost { 'monitor': - … - directories => [ - { - path => '/path/to/directory', - custom_fragment => ' - - SetHandler balancer-manager - Order allow,deny - Allow from all - - - SetHandler server-status - Order allow,deny - Allow from all - - ProxyStatus On', - }, - ] - } -~~~ +``` puppet +apache::vhost { 'monitor': + … + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' + + SetHandler balancer-manager + Order allow,deny + Allow from all + + + SetHandler server-status + Order allow,deny + Allow from all + +ProxyStatus On', + }, + ] +} +``` ###### `deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. +Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, - ], - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, + ], +} +``` ###### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', @@ -2769,14 +2789,14 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `ext_filter_options` Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'filter.example.org': docroot => '/var/www/filter', directories => [ @@ -2785,14 +2805,14 @@ apache::vhost { 'filter.example.org': }, ], } -~~~ +``` ###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ @@ -2801,13 +2821,13 @@ apache::vhost { 'first.example.com': }, ], } -~~~ +``` ###### `headers` -Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. +Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { @@ -2815,13 +2835,13 @@ apache::vhost { 'sample.example.net': headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } -~~~ +``` ###### `index_options` -Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). +Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2832,13 +2852,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_order_default` Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2848,13 +2868,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_style_sheet` Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2865,13 +2885,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `mellon_enable` -Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_melon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. +Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2893,25 +2913,25 @@ apache::vhost { 'sample.example.net': }, ] } -~~~ +``` -Related parameters follow the names of `mod_auth_melon` directives: +Related parameters follow the names of `mod_auth_mellon` directives: -- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_melon`] directive for each item in the array. -- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_melon`] to set the mellon endpoint path. -- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_melon`] location of the IDP metadata file. -- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_melon`] directive to enable debug of SAML. -- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_melon`] directive to a hash of attribute names to map +- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array. +- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path. +- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file. +- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML. +- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map to environment variables. -- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_melon`] directive for the private key location of the service provider. -- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_melon`] directive for the public key location of the service provider. -- `mellon_user`: Sets the [MellonUser][`mod_auth_melon`] attribute to use for the username. +- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider. +- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider. +- `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username. ###### `options` Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2920,13 +2940,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `order` -Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2935,13 +2955,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2950,9 +2970,9 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` -**Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. +> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. ###### `php_value` and `php_flag` @@ -2966,37 +2986,37 @@ apache::vhost { 'sample.example.net': ###### `require` -Sets a `Require` directive as per the [Apache Authz documentation](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. +Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. -~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'IP 10.17.42.23', - } - ], +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'IP 10.17.42.23', } -~~~ + ], +} +``` If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. -~~~ puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'unmanaged', - } - ], +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'unmanaged', } -~~~ + ], +} +``` ###### `satisfy` -Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. +Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3005,13 +3025,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `sethandler` -Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). +Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3020,13 +3040,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `set_output_filter` -Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). +Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). -~~~ puppet +``` puppet apache::vhost{ 'filter.example.net': docroot => '/path/to/directory', directories => [ @@ -3035,13 +3055,13 @@ apache::vhost{ 'filter.example.net': }, ], } -~~~ +``` ###### `rewrites` -Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. +Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3060,15 +3080,15 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` -***Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. +> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. ###### `shib_request_setting` Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3078,17 +3098,17 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `shib_use_headers` -When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid options for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ###### `ssl_options` -String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. +String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3100,13 +3120,13 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `suphp` -A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. +A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3118,19 +3138,19 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` #### SSL parameters for `apache::vhost` -All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. +All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific virtual hosts. ##### `ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Valid options: Boolean. Default: false. ##### `ssl_ca` -Specifies the SSL certificate authority. Defaults to 'undef'. +Specifies the SSL certificate authority. Default: undef. ##### `ssl_cert` @@ -3138,35 +3158,40 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce ##### `ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. +Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults: 'all', '-SSLv2', '-SSLv3'. ##### `ssl_cipher` -Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'HIGH:MEDIUM:!aNULL:!MD5'. +Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default: 'HIGH:MEDIUM:!aNULL:!MD5'. ##### `ssl_honorcipherorder` -Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Defaults to 'On' in the base `apache` config. +Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Default: 'On' in the base `apache` config. ##### `ssl_certs_dir` -Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, '/usr/local/etc/apache22' on FreeBSD, and '/etc/ssl/apache2' on Gentoo. +Specifies the location of the SSL certification directory. Default: Depends on the operating system. + +- **Debian:** '/etc/ssl/certs' +- **Red Hat:** '/etc/pki/tls/certs' +- **FreeBSD:** '/usr/local/etc/apache22' +- **Gentoo:** '/etc/ssl/apache2' ##### `ssl_chain` -Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL chain. Default: undef. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. ##### `ssl_crl` -Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the certificate revocation list to use. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) ##### `ssl_crl_path` -Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) ##### `ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). Default: undef. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. ##### `ssl_key` @@ -3174,81 +3199,80 @@ Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tl ##### `ssl_verify_client` -Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. +Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid options are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: undef. -~~~ puppet - apache::vhost { 'sample.example.net': - … - ssl_verify_client => 'optional', - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_client => 'optional', +} +``` ##### `ssl_verify_depth` -Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. +Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Default: undef. -~~~ puppet - apache::vhost { 'sample.example.net': - … - ssl_verify_depth => 1, - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_depth => 1, +} +``` ##### `ssl_proxy_verify` -Sets the [SSLProxyVerify](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Defaults to 'undef'. +Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: undef. ##### `ssl_proxy_machine_cert` -Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Defaults to 'undef'. +Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. -~~~ puppet - apache::vhost { 'sample.example.net': - … - ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', +} +``` ##### `ssl_proxy_check_peer_cn` -Sets the [SSLProxyMachinePeerCN](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. - +Sets the [SSLProxyMachinePeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. ##### `ssl_proxy_check_peer_name` -Sets the [SSLProxyMachinePeerName](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specified whether the remote server certificate's CN field is compared against the hostname of the request URL . Defaults to 'undef'. +Sets the [SSLProxyMachinePeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. ##### `ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: undef. A string: -~~~ puppet - apache::vhost { 'sample.example.net': - … - ssl_options => '+ExportCertData', - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => '+ExportCertData', +} +``` An array: -~~~ puppet - apache::vhost { 'sample.example.net': - … - ssl_options => [ '+StrictRequire', '+ExportCertData' ], - } -~~~ +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => [ '+StrictRequire', '+ExportCertData' ], +} +``` ##### `ssl_openssl_conf_cmd` -Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'. +Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: undef. ##### `ssl_proxyengine` -Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: true. -####Define: FastCGI Server +#### Defined type: FastCGI Server This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. @@ -3256,7 +3280,7 @@ This type is intended for use with mod_fastcgi. It allows you to define one or m Ex: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -3265,17 +3289,17 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ##### `host` @@ -3301,11 +3325,9 @@ A unique alias. This is used internally to link the action with the FastCGI serv The MIME-type of the file to be processed by the FastCGI server. -#### Define: `apache::vhost::custom` +#### Defined type: `apache::vhost::custom` -The `apache::vhost::custom` is a thin wrapper to the `apache::custom_config`` -define. We are simply overriding some of the default settings specifc to the -vhost directory in Apache. +The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specifc to the virtual host directory in Apache. **Parameters within `apache::vhost::custom`**: @@ -3315,33 +3337,33 @@ Sets the configuration file's content. ##### `ensure` -Specifies if the vhost file is present or absent. Defaults to 'present'. +Specifies if the virtual host file is present or absent. Valid options: 'absent', 'present'. Default: 'present'. ##### `priority` -Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. +Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default: '25'. -### Private Defines +### Private defined types -#### Define: `apache::peruser::multiplexer` +#### Defined type: `apache::peruser::multiplexer` -This define checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] define. +This defined type checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] defined type. -#### Define: `apache::peruser::multiplexer` +#### Defined type: `apache::peruser::multiplexer` Enables the [`Peruser`][] module for FreeBSD only. -#### Define: `apache::peruser::processor` +#### Defined type: `apache::peruser::processor` Enables the [`Peruser`][] module for FreeBSD only. -#### Define: `apache::security::file_link` +#### Defined type: `apache::security::file_link` Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk. ### Templates -The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defines. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. +The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. ## Limitations @@ -3359,7 +3381,7 @@ The [`apache::mod::passenger`][] class is not installing as the the EL6 reposito ### RHEL/CentOS 7 -The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. +The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. ### General @@ -3378,7 +3400,7 @@ If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `lo You can do this with Puppet: -~~~ puppet +``` puppet exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', @@ -3415,7 +3437,7 @@ apache::vhost { 'test.server': docroot => '/custom/path', additional_includes => '/custom/path/include', } -~~~ +``` You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. @@ -3439,18 +3461,18 @@ This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to ve #### Testing quickstart: Ruby > 1.8.7 -~~~ +``` gem install bundler bundle install bundle exec rake spec bundle exec rspec spec/acceptance RS_DEBUG=yes bundle exec rspec spec/acceptance -~~~ +``` #### Testing quickstart: Ruby = 1.8.7 -~~~ +``` gem install bundler bundle install --without system_tests bundle exec rake spec -~~~ +``` From 0806e59a0ddc08f444ac2f073964023dfef871d0 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 5 Feb 2016 15:23:33 -0700 Subject: [PATCH 0830/2267] Release Prep for 1.8.1 --- CHANGELOG.md | 9 +++++++++ metadata.json | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e787047623..58cd91ae62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## Supported Release 1.8.1 +### Summary +This release includes bug fixes and a documentation update. + +#### Bugfixes +- Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x. +- Fixes a bug where passenger.conf was vulnerable to purging. +- Removes the pin of the concat module dependency. + ## 2016-01-26 - Supported Release 1.8.0 ### Summary This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. diff --git a/metadata.json b/metadata.json index 460502a181..9ef58c8c96 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.8.0", + "version": "1.8.1", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -11,6 +11,7 @@ {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} ], + "data_provider": null, "operatingsystem_support": [ { "operatingsystem": "RedHat", From 6c0579d36644859ac4566600c87a5295c1a394a8 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 15 Jan 2016 15:15:47 +0100 Subject: [PATCH 0831/2267] Fix fcgid.conf load on Debian family Fix the regression from 1bf0aba (see #879). --- manifests/mod/fcgid.pp | 15 +++++++++++---- spec/classes/mod/fcgid_spec.rb | 18 +++++++++--------- .../{unixd_fcgid.conf.erb => fcgid.conf.erb} | 0 3 files changed, 20 insertions(+), 13 deletions(-) rename templates/mod/{unixd_fcgid.conf.erb => fcgid.conf.erb} (100%) diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 4c0f919388..69e3112d4f 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,18 +1,25 @@ class apache::mod::fcgid( $options = {}, ) { + if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') or $::osfamily == 'FreeBSD' { + $loadfile_name = 'unixd_fcgid.load' + $conf_name = 'unixd_fcgid.conf' + } else { + $loadfile_name = undef + $conf_name = 'fcgid.conf' + } ::apache::mod { 'fcgid': - loadfile_name => 'unixd_fcgid.load', + loadfile_name => $loadfile_name, } # Template uses: # - $options - file { 'unixd_fcgid.conf': + file { $conf_name: ensure => file, - path => "${::apache::mod_dir}/unixd_fcgid.conf", + path => "${::apache::mod_dir}/${conf_name}", mode => $::apache::file_mode, - content => template('apache/mod/unixd_fcgid.conf.erb'), + content => template('apache/mod/fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index 98953625ac..b86cc0e6b3 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -17,17 +17,17 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('fcgid').with({ - 'loadfile_name' => 'unixd_fcgid.load' + 'loadfile_name' => nil }) } it { is_expected.to contain_package("libapache2-mod-fcgid") } end - context "on a RedHat OS" do + context "on a RHEL6" do let :facts do { :osfamily => 'RedHat', @@ -45,7 +45,7 @@ describe 'without parameters' do it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('fcgid').with({ - 'loadfile_name' => 'unixd_fcgid.load' + 'loadfile_name' => nil }) } it { is_expected.to contain_package("mod_fcgid") } end @@ -61,7 +61,7 @@ } end it 'should contain the correct config' do - content = catalogue.resource('file', 'unixd_fcgid.conf').send(:parameters)[:content] + content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content] expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ '', ' AddHandler fcgid-script .fcgi', @@ -85,7 +85,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end @@ -109,7 +109,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end @@ -130,13 +130,13 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :is_pe => false, + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('fcgid').with({ - 'loadfile_name' => 'unixd_fcgid.load' + 'loadfile_name' => nil, }) } it { is_expected.to contain_package("www-apache/mod_fcgid") } end diff --git a/templates/mod/unixd_fcgid.conf.erb b/templates/mod/fcgid.conf.erb similarity index 100% rename from templates/mod/unixd_fcgid.conf.erb rename to templates/mod/fcgid.conf.erb From c37677622f8bc11b3ad8620f28d4cbb9bc1325ce Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Sun, 7 Feb 2016 00:38:49 +0100 Subject: [PATCH 0832/2267] support Ubuntu xenial (16.04) --- manifests/params.pp | 5 +++++ metadata.json | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 0c6f9a34fd..7b6e93cc01 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -320,6 +320,11 @@ $passenger_ruby = undef $passenger_default_ruby = '/usr/bin/ruby' } + '16.04': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } default: { # The following settings may or may not work on Ubuntu releases not # supported by this module. diff --git a/metadata.json b/metadata.json index 85e6889497..4bdd2f9a85 100644 --- a/metadata.json +++ b/metadata.json @@ -61,7 +61,8 @@ "operatingsystemrelease": [ "10.04", "12.04", - "14.04" + "14.04", + "16.04" ] } ], From 72cb702921953b1e372d773e0c58b8be972ba70a Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 11 Feb 2016 17:00:51 -0800 Subject: [PATCH 0833/2267] Disable passenger tests on redhatish 6 RedHat 6 platforms need either their kernel updated (which we can't do in testing) or selinux disabled and rebooted (which is silly) so lets just disable the test. --- README.md | 2 +- spec/acceptance/vhost_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 464d2bc365..48b8cb3d48 100644 --- a/README.md +++ b/README.md @@ -1493,7 +1493,7 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of ##### Class: `apache::mod::passenger` -Installs and manages [`mod_passenger`][]. +Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensure that you meet the minimum requirements as described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux) **Parameters within `apache::mod::passenger`**: - `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: on, off. Default: undef. diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 90b42e0e6e..2b40af4560 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1106,8 +1106,8 @@ class { 'apache': service_ensure => stopped, } end end - # Passenger isn't even in EPEL on el-5 - if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') + # Passenger isn't even in EPEL on el-5 and needs a kernel update on el-6 + if (fact('osfamily') == 'RedHat' and ! ['6','5'].include?(fact('operatingsystemmajrelease'))) describe 'rack_base_uris' do before :all do pp = "if $::osfamily == 'RedHat' { include epel }" From cbdd1871b9db73692f4fbe89cfcbe7f308ebc6be Mon Sep 17 00:00:00 2001 From: Sebastian Gerhards Date: Fri, 12 Feb 2016 13:05:08 +0100 Subject: [PATCH 0834/2267] Fix broken internal link for virtual hosts configuration --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b8562bddb..c9deb5adc6 100644 --- a/README.md +++ b/README.md @@ -314,7 +314,7 @@ class { 'apache': ## Usage -### Configuring a virtual host +### Configuring virtual hosts The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. From 4cd7472478eadc4b93f7490e2dff3202e8c125aa Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Fri, 12 Feb 2016 14:23:29 +0100 Subject: [PATCH 0835/2267] support pass-header option in apache::fastcgi::server --- manifests/fastcgi/server.pp | 3 ++- spec/defines/fastcgi_server_spec.rb | 5 +++-- templates/fastcgi/server.erb | 3 ++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index ec89bf7785..8805484066 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -4,7 +4,8 @@ $flush = false, $faux_path = "/var/www/${name}.fcgi", $fcgi_alias = "/${name}.fcgi", - $file_type = 'application/x-httpd-php' + $file_type = 'application/x-httpd-php', + $pass_header = undef, ) { include apache::mod::fastcgi diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 1a6d3199c4..fdcf2dbca3 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -116,11 +116,12 @@ :flush => true, :faux_path => '/var/www/php-www.fcgi', :fcgi_alias => '/php-www.fcgi', - :file_type => 'application/x-httpd-php' + :file_type => 'application/x-httpd-php', + :pass_header => 'Authorization' } end let :expected do -'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 +'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 -pass-header Authorization Alias /php-www.fcgi /var/www/php-www.fcgi Action application/x-httpd-php /php-www.fcgi ' diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb index 9cb25b76eb..61169413d1 100644 --- a/templates/fastcgi/server.erb +++ b/templates/fastcgi/server.erb @@ -1,3 +1,4 @@ -FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %> +FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host -%> +<%- if @pass_header -%> -pass-header <%= @pass_header %><% end %> Alias <%= @fcgi_alias %> <%= @faux_path %> Action <%= @file_type %> <%= @fcgi_alias %> From fc9ca123e3e3c80010e8373e3f67d30b069f7a5d Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 16 Feb 2016 15:59:52 +0000 Subject: [PATCH 0836/2267] (FM-4046) Update to current msync configs [006831f] This moves all copyright statements to the NOTICE file in accordance with the ASFs guidelines on applying the Apache-2.0 license. --- .gitattributes | 5 ++ .gitignore | 1 + .travis.yml | 1 + Gemfile | 39 ++++----- LICENSE | 209 ++++++++++++++++++++++++++++++++++++++++++++++--- NOTICE | 17 ++++ Rakefile | 31 ++++++++ 7 files changed, 268 insertions(+), 35 deletions(-) create mode 100644 .gitattributes create mode 100644 NOTICE diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..900ea0cbb5 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +#This file is generated by ModuleSync, do not edit. +*.rb eol=lf +*.erb eol=lf +*.pp eol=lf +*.sh eol=lf diff --git a/.gitignore b/.gitignore index 3190277498..dd126f2fb2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +#This file is generated by ModuleSync, do not edit. pkg/ Gemfile.lock vendor/ diff --git a/.travis.yml b/.travis.yml index e6314a4700..588fb5b002 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +#This file is generated by ModuleSync, do not edit. --- sudo: false language: ruby diff --git a/Gemfile b/Gemfile index ced190e770..e490bc9b98 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,14 @@ +#This file is generated by ModuleSync, do not edit. + source ENV['GEM_SOURCE'] || "https://rubygems.org" -def location_for(place, fake_version = nil) +def location_for(place, version = nil) if place =~ /^(git[:@][^#]*)#(.*)/ - [fake_version, { :git => $1, :branch => $2, :require => false }].compact + [version, { :git => $1, :branch => $2, :require => false}].compact elsif place =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false }] + ['>= 0', { :path => File.expand_path($1), :require => false}] else - [place, { :require => false }] + [place, version, { :require => false}].compact end end @@ -20,29 +22,18 @@ group :development, :unit_tests do gem 'simplecov', :require => false end group :system_tests do + gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') + gem 'beaker', *location_for(ENV['BEAKER_VERSION']) + gem 'serverspec', :require => false gem 'beaker-puppet_install_helper', :require => false - if beaker_version = ENV['BEAKER_VERSION'] - gem 'beaker', *location_for(beaker_version) - end - if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] - gem 'beaker-rspec', *location_for(beaker_rspec_version) - else - gem 'beaker-rspec', :require => false - end gem 'master_manipulator', :require => false - gem 'serverspec', :require => false + gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) end -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion, :require => false -else - gem 'facter', :require => false -end +gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) +gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end -# vim:ft=ruby +if File.exists? "#{__FILE__}.local" + eval(File.read("#{__FILE__}.local"), binding) +end diff --git a/LICENSE b/LICENSE index 8961ce8a6d..d645695673 100644 --- a/LICENSE +++ b/LICENSE @@ -1,15 +1,202 @@ -Copyright (C) 2012 Puppet Labs Inc -Puppet Labs can be contacted at: info@puppetlabs.com + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - http://www.apache.org/licenses/LICENSE-2.0 + 1. Definitions. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/NOTICE b/NOTICE new file mode 100644 index 0000000000..c07b29dc8e --- /dev/null +++ b/NOTICE @@ -0,0 +1,17 @@ +apache puppet module + +Copyright (C) 2012-2016 Puppet Labs, Inc. + +Puppet Labs can be contacted at: info@puppetlabs.com + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/Rakefile b/Rakefile index 636508b00e..1e2be6663c 100644 --- a/Rakefile +++ b/Rakefile @@ -10,3 +10,34 @@ PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +desc 'Generate pooler nodesets' +task :gen_nodeset do + require 'beaker-hostgenerator' + require 'securerandom' + require 'fileutils' + + agent_target = ENV['TEST_TARGET'] + if ! agent_target + STDERR.puts 'TEST_TARGET environment variable is not set' + STDERR.puts 'setting to default value of "redhat-64default."' + agent_target = 'redhat-64default.' + end + + master_target = ENV['MASTER_TEST_TARGET'] + if ! master_target + STDERR.puts 'MASTER_TEST_TARGET environment variable is not set' + STDERR.puts 'setting to default value of "redhat7-64mdcl"' + master_target = 'redhat7-64mdcl' + end + + targets = "#{master_target}-#{agent_target}" + cli = BeakerHostGenerator::CLI.new([targets]) + nodeset_dir = "tmp/nodesets" + nodeset = "#{nodeset_dir}/#{targets}-#{SecureRandom.uuid}.yaml" + FileUtils.mkdir_p(nodeset_dir) + File.open(nodeset, 'w') do |fh| + fh.print(cli.execute) + end + puts nodeset +end From e4272b38d741d7bade2d34ebbc1ec22befa43aba Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 16 Feb 2016 09:03:17 -0800 Subject: [PATCH 0837/2267] Disable passenger testing on el7 due to outdated packages --- spec/acceptance/vhost_spec.rb | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 2b40af4560..47a403f00e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1106,8 +1106,6 @@ class { 'apache': service_ensure => stopped, } end end - # Passenger isn't even in EPEL on el-5 and needs a kernel update on el-6 - if (fact('osfamily') == 'RedHat' and ! ['6','5'].include?(fact('operatingsystemmajrelease'))) describe 'rack_base_uris' do before :all do pp = "if $::osfamily == 'RedHat' { include epel }" @@ -1115,6 +1113,9 @@ class { 'apache': service_ensure => stopped, } end it 'applies cleanly' do + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") + end pp = <<-EOS class { 'apache': } host { 'test.server': ip => '127.0.0.1' } @@ -1127,8 +1128,18 @@ class { 'apache': } end describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'RackBaseURI /test' } + it do + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") + end + is_expected.to be_file + end + it do + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") + end + is_expected.to contain 'RackBaseURI /test' + end end end end From da16e92d3d8b5167c26b82b9e75e8d86ee108d5e Mon Sep 17 00:00:00 2001 From: Daniele Sluijters Date: Tue, 16 Feb 2016 23:32:05 +0100 Subject: [PATCH 0838/2267] mod/ssl: Add option to configure SSL mutex This allows the end user to explicitly define or override what the `SSLMutex` or `Mutex` configuration for Apache will be as the platform default might not always be desirable. Supersedes #1346 Closes #1346 --- README.md | 5 ++++ manifests/mod/ssl.pp | 51 ++++++++++++++++++++---------------- spec/classes/mod/ssl_spec.rb | 9 +++++++ templates/mod/ssl.conf.erb | 4 +-- 4 files changed, 44 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index c9deb5adc6..f7997e6cea 100644 --- a/README.md +++ b/README.md @@ -1665,6 +1665,11 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t - `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. - `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. - `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. +- `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation. + - RedHat/FreeBSD/Suse/Gentoo: 'default' + - Debian/Ubuntu + Apache >= 2.4: 'default' + - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' + - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex' To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to true **or** the [`ssl`][] parameter in [`apache::vhost`][] to true. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index dcc31ce8f3..399131314a 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -9,34 +9,39 @@ $ssl_pass_phrase_dialog = 'builtin', $ssl_random_seed_bytes = '512', $ssl_sessioncachetimeout = '300', + $ssl_mutex = undef, $apache_version = $::apache::apache_version, $package_name = undef, ) { - case $::osfamily { - 'debian': { - if versioncmp($apache_version, '2.4') >= 0 { - $ssl_mutex = 'default' - } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { - $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' - } else { - $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" + if $ssl_mutex { + $_ssl_mutex = $ssl_mutex + } else { + case $::osfamily { + 'debian': { + if versioncmp($apache_version, '2.4') >= 0 { + $_ssl_mutex = 'default' + } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { + $_ssl_mutex = 'file:/var/run/apache2/ssl_mutex' + } else { + $_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" + } + } + 'redhat': { + $_ssl_mutex = 'default' + } + 'freebsd': { + $_ssl_mutex = 'default' + } + 'gentoo': { + $_ssl_mutex = 'default' + } + 'Suse': { + $_ssl_mutex = 'default' + } + default: { + fail("Unsupported osfamily ${::osfamily}, please explicitly pass in \$ssl_mutex") } - } - 'redhat': { - $ssl_mutex = 'default' - } - 'freebsd': { - $ssl_mutex = 'default' - } - 'gentoo': { - $ssl_mutex = 'default' - } - 'Suse': { - $ssl_mutex = 'default' - } - default: { - fail("Unsupported osfamily ${::osfamily}") } } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 0fd813d7e1..a738ab0a21 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -161,5 +161,14 @@ end it { is_expected.to contain_file('ssl.conf').with_content(/^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$/)} end + + context 'setting ssl_mutex' do + let :params do + { + :ssl_mutex => 'posixsem', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLMutex posixsem$})} + end end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 96b80b0036..d5120500a9 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -14,9 +14,9 @@ SSLCompression On <% end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Mutex <%= @ssl_mutex %> + Mutex <%= @_ssl_mutex %> <%- else -%> - SSLMutex <%= @ssl_mutex %> + SSLMutex <%= @_ssl_mutex %> <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> SSLHonorCipherOrder <%= @ssl_honorcipherorder %> From 984e0d5655bb5eccea09c6178af53d404aa12788 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 16 Feb 2016 21:12:49 -0800 Subject: [PATCH 0839/2267] Missed an end --- spec/acceptance/vhost_spec.rb | 53 +++++++++++++++++------------------ 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 47a403f00e..4e4ddd5e99 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1106,40 +1106,39 @@ class { 'apache': service_ensure => stopped, } end end - describe 'rack_base_uris' do - before :all do - pp = "if $::osfamily == 'RedHat' { include epel }" - apply_manifest(pp, :catch_failures => true) + describe 'rack_base_uris' do + before :all do + pp = "if $::osfamily == 'RedHat' { include epel }" + apply_manifest(pp, :catch_failures => true) + end + + it 'applies cleanly' do + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") end + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end - it 'applies cleanly' do + describe file("#{$vhost_dir}/25-test.server.conf") do + it do if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") end - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) + is_expected.to be_file end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it do - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") - end - is_expected.to be_file - end - it do - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") - end - is_expected.to contain 'RackBaseURI /test' + it do + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") end + is_expected.to contain 'RackBaseURI /test' end end end From dd3b4cf1815524b998ab3b15ccee74fc683df800 Mon Sep 17 00:00:00 2001 From: Henri Salo Date: Wed, 17 Feb 2016 19:38:50 +0200 Subject: [PATCH 0840/2267] Fix syntax typo in documentation. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f7997e6cea..d188f12c70 100644 --- a/README.md +++ b/README.md @@ -2947,7 +2947,7 @@ apache::vhost { 'sample.example.net': { path => '/', provider => 'directory', mellon_enable => 'info', - mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, + mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key', mellon_endpoint_path => '/mellon', mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, From 4da066490f45b44dd5b9c05e8e21a1d25ba07519 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 18 Feb 2016 14:25:48 -0800 Subject: [PATCH 0841/2267] Move rack test to pending block The pending calls didn't have blocks before, so the tests continued to run as usual. They have to be inside a pending block to work correctly --- spec/acceptance/vhost_spec.rb | 42 +++++++++++++++++------------------ 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 4e4ddd5e99..d65e397849 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1113,32 +1113,30 @@ class { 'apache': service_ensure => stopped, } end it 'applies cleanly' do + test = lambda do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") + pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") do + test.call + end + else + test.call end - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) end - describe file("#{$vhost_dir}/25-test.server.conf") do - it do - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") - end - is_expected.to be_file - end - it do - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") - end - is_expected.to contain 'RackBaseURI /test' + if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'RackBaseURI /test' } end end end From 1fef317de1b0d0d26b3ec8af4007750e02af347f Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 19 Feb 2016 14:22:59 +0000 Subject: [PATCH 0842/2267] include apache, so parsing works. --- manifests/mod/alias.pp | 8 +- manifests/mod/auth_cas.pp | 3 +- manifests/mod/auth_kerb.pp | 1 + manifests/mod/auth_mellon.pp | 3 +- manifests/mod/authnz_ldap.pp | 1 + manifests/mod/dav_svn.pp | 1 + manifests/mod/dir.pp | 1 + manifests/mod/status.pp | 6 +- spec/classes/mod/alias_spec.rb | 173 ++++++++++--------- spec/classes/mod/auth_cas_spec.rb | 94 +++++----- spec/classes/mod/auth_kerb_spec.rb | 135 ++++++++------- spec/classes/mod/auth_mellon_spec.rb | 155 ++++++++--------- spec/classes/mod/authnz_ldap_spec.rb | 126 +++++++------- spec/classes/mod/dav_svn_spec.rb | 141 +++++++-------- spec/classes/mod/deflate_spec.rb | 181 +++++++++---------- spec/classes/mod/dev_spec.rb | 5 +- spec/classes/mod/dir_spec.rb | 249 +++++++++++++-------------- spec/classes/mod/status_spec.rb | 247 +++++++++++++------------- spec/spec_helper.rb | 17 ++ templates/mod/alias.conf.erb | 2 +- templates/mod/status.conf.erb | 2 +- 21 files changed, 794 insertions(+), 757 deletions(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index eac21ba661..91f68b2dc2 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,11 +1,13 @@ class apache::mod::alias( - $apache_version = $apache::apache_version, + $apache_version = undef, $icons_options = 'Indexes MultiViews', # set icons_path to false to disable the alias $icons_path = $::apache::params::alias_icons_path, - -) { +) inherits ::apache::params { + include ::apache + $real_apache_version = pick($apache_version, $apache::apache_version) apache::mod { 'alias': } + # Template uses $icons_path if $icons_path { file { 'alias.conf': diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index 0d1b9111ab..2b5338d1e6 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -16,7 +16,7 @@ $cas_cookie_http_only = undef, $cas_authoritative = undef, $suppress_warning = false, -) { +) inherits ::apache::params { validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) @@ -24,6 +24,7 @@ warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') } + include ::apache ::apache::mod { 'auth_cas': } file { $cas_cookie_path: diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp index 6b53262a1b..fe63d22d7b 100644 --- a/manifests/mod/auth_kerb.pp +++ b/manifests/mod/auth_kerb.pp @@ -1,4 +1,5 @@ class apache::mod::auth_kerb { + include ::apache ::apache::mod { 'auth_kerb': } } diff --git a/manifests/mod/auth_mellon.pp b/manifests/mod/auth_mellon.pp index 129441bf41..5dbb6b5771 100644 --- a/manifests/mod/auth_mellon.pp +++ b/manifests/mod/auth_mellon.pp @@ -6,8 +6,9 @@ $mellon_post_ttl = undef, $mellon_post_size = undef, $mellon_post_count = undef -) { +) inherits ::apache::params { + include ::apache ::apache::mod { 'auth_mellon': } # Template uses diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 70d0a63630..14a60494b0 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,6 +1,7 @@ class apache::mod::authnz_ldap ( $verifyServerCert = true, ) { + include ::apache include '::apache::mod::ldap' ::apache::mod { 'authnz_ldap': } diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 6e70598d0a..6d2912155b 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -2,6 +2,7 @@ $authz_svn_enabled = false, ) { Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache include ::apache::mod::dav ::apache::mod { 'dav_svn': } diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index bce05e0a44..e41aa86ad6 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -6,6 +6,7 @@ $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], ) { validate_array($indexes) + include ::apache ::apache::mod { 'dir': } # Template uses diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index d11a464d79..364505f7b0 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -28,9 +28,11 @@ class apache::mod::status ( $allow_from = ['127.0.0.1','::1'], $extended_status = 'On', - $apache_version = $::apache::apache_version, + $apache_version = undef, $status_path = '/server-status', -){ +) inherits ::apache::params { + include ::apache + $real_apache_version = pick($apache_version, $apache::apache_version) validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 9bb28b3aa2..99854e8182 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -1,96 +1,97 @@ require 'spec_helper' describe 'apache::mod::alias', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } - end - it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) } - end - context "on a RedHat 6-based OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } - end - it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) } - end - context "on a RedHat 7-based OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) } end - it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } - end - context "with icons options", :compile do - let :pre_condition do - 'class { apache: default_mods => false }' + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) } end - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + context "on a RedHat 7-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } end - let :params do - { - 'icons_options' => 'foo' - } + context "with icons options", :compile do + let :pre_condition do + 'class { apache: default_mods => false }' + end + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + let :params do + { + 'icons_options' => 'foo' + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Options foo/) } end - it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Options foo/) } - end - context "on a FreeBSD OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'FreeBSD', - :osfamily => 'FreeBSD', - :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '10', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) } end - it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) } end end diff --git a/spec/classes/mod/auth_cas_spec.rb b/spec/classes/mod/auth_cas_spec.rb index 53c13c5a12..aee3f8c298 100644 --- a/spec/classes/mod/auth_cas_spec.rb +++ b/spec/classes/mod/auth_cas_spec.rb @@ -1,54 +1,64 @@ require 'spec_helper' describe 'apache::mod::auth_cas', :type => :class do - let :params do - { - :cas_login_url => 'https://cas.example.com/login', - :cas_validate_url => 'https://cas.example.com/validate', - } - end - - let :pre_condition do - 'include ::apache' - end - - context "on a Debian OS", :compile do - let :facts do + context "default params" do + let :params do { - :id => 'root', - :kernel => 'Linux', - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, + :cas_login_url => 'https://cas.example.com/login', + :cas_validate_url => 'https://cas.example.com/validate', + :cas_cookie_path => '/var/cache/apache2/mod_auth_cas/' } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_cas") } - it { is_expected.to contain_package("libapache2-mod-auth-cas") } - it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') } - it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') } + + it_behaves_like "a mod class, without including apache" end - context "on a RedHat OS", :compile do - let :facts do + + context "default configuration with parameters" do + let :params do { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, + :cas_login_url => 'https://cas.example.com/login', + :cas_validate_url => 'https://cas.example.com/validate', } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_cas") } - it { is_expected.to contain_package("mod_auth_cas") } - it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') } - it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') } + + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("libapache2-mod-auth-cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') } + end + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("mod_auth_cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') } + end end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index beba378a9d..74b6827d0f 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -1,76 +1,77 @@ require 'spec_helper' describe 'apache::mod::auth_kerb', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("libapache2-mod-auth-kerb") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_kerb") } - it { is_expected.to contain_package("libapache2-mod-auth-kerb") } - end - context "on a RedHat OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("mod_auth_kerb") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_kerb") } - it { is_expected.to contain_package("mod_auth_kerb") } - end - context "on a FreeBSD OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'FreeBSD', - :osfamily => 'FreeBSD', - :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("www/mod_auth_kerb2") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_kerb") } - it { is_expected.to contain_package("www/mod_auth_kerb2") } - end - context "on a Gentoo OS", :compile do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :is_pe => false, - } + context "on a Gentoo OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("www-apache/mod_auth_kerb") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod("auth_kerb") } - it { is_expected.to contain_package("www-apache/mod_auth_kerb") } end end diff --git a/spec/classes/mod/auth_mellon_spec.rb b/spec/classes/mod/auth_mellon_spec.rb index 4fac1c3e86..7d0826ff72 100644 --- a/spec/classes/mod/auth_mellon_spec.rb +++ b/spec/classes/mod/auth_mellon_spec.rb @@ -1,89 +1,90 @@ require 'spec_helper' describe 'apache::mod::auth_mellon', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :fqdn => 'test.example.com', - :is_pe => false, - } - end - describe 'with no parameters' do - it { should contain_apache__mod('auth_mellon') } - it { should contain_package('libapache2-mod-auth-mellon') } - it { should contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') } - it { should contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") } - end - describe 'with parameters' do - let :params do - { :mellon_cache_size => '200', - :mellon_cache_entry_size => '2010', - :mellon_lock_file => '/tmp/junk', - :mellon_post_directory => '/tmp/post', - :mellon_post_ttl => '5', - :mellon_post_size => '8', - :mellon_post_count => '10' + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, } end - it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } - end + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('libapache2-mod-auth-mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :fqdn => 'test.example.com', - :is_pe => false, - } - end - describe 'with no parameters' do - it { should contain_apache__mod('auth_mellon') } - it { should contain_package('mod_auth_mellon') } - it { should contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') } - it { should contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") } end - describe 'with parameters' do - let :params do - { :mellon_cache_size => '200', - :mellon_cache_entry_size => '2010', - :mellon_lock_file => '/tmp/junk', - :mellon_post_directory => '/tmp/post', - :mellon_post_ttl => '5', - :mellon_post_size => '8', - :mellon_post_count => '10' + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, } end - it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } - it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('mod_auth_mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end end end end diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index f897833996..d433bc5337 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -1,78 +1,76 @@ require 'spec_helper' describe 'apache::mod::authnz_ldap', :type => :class do - let :pre_condition do - 'include apache' - end - - context "on a Debian OS" do - let :facts do - { - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :id => 'root', - :kernel => 'Linux', - :operatingsystem => 'Debian', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_class("apache::mod::ldap") } - it { is_expected.to contain_apache__mod('authnz_ldap') } + it_behaves_like "a mod class, without including apache" - context 'default verifyServerCert' do - it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } - end + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } - context 'verifyServerCert = false' do - let(:params) { { :verifyServerCert => false } } - it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } - end + context 'default verifyServerCert' do + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + end - context 'verifyServerCert = wrong' do - let(:params) { { :verifyServerCert => 'wrong' } } - it 'should raise an error' do - expect { is_expected.to raise_error Puppet::Error } + context 'verifyServerCert = false' do + let(:params) { { :verifyServerCert => false } } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end - end - end #Debian - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :id => 'root', - :kernel => 'Linux', - :operatingsystem => 'RedHat', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_class("apache::mod::ldap") } - it { is_expected.to contain_apache__mod('authnz_ldap') } + context 'verifyServerCert = wrong' do + let(:params) { { :verifyServerCert => 'wrong' } } + it 'should raise an error' do + expect { is_expected.to raise_error Puppet::Error } + end + end + end #Debian - context 'default verifyServerCert' do - it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } - end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } - context 'verifyServerCert = false' do - let(:params) { { :verifyServerCert => false } } - it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } - end + context 'default verifyServerCert' do + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + end - context 'verifyServerCert = wrong' do - let(:params) { { :verifyServerCert => 'wrong' } } - it 'should raise an error' do - expect { is_expected.to raise_error Puppet::Error } + context 'verifyServerCert = false' do + let(:params) { { :verifyServerCert => false } } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end - end - end # Redhat + context 'verifyServerCert = wrong' do + let(:params) { { :verifyServerCert => 'wrong' } } + it 'should raise an error' do + expect { is_expected.to raise_error Puppet::Error } + end + end + end # Redhat + end end - diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 06c6b870f2..1f60e730b1 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -1,79 +1,80 @@ require 'spec_helper' describe 'apache::mod::dav_svn', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS" do - let :facts do - { - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :operatingsystemmajrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("libapache2-svn") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package("libapache2-svn") } - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :operatingsystemmajrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("mod_dav_svn") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package("mod_dav_svn") } - end - context "on a FreeBSD OS" do - let :facts do - { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :operatingsystemmajrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("devel/subversion") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package("devel/subversion") } - end - context "on a Gentoo OS", :compile do - let :facts do - { - :id => 'root', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :kernel => 'Linux', - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :is_pe => false, - } + context "on a Gentoo OS", :compile do + let :facts do + { + :id => 'root', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("dev-vcs/subversion") } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package("dev-vcs/subversion") } end end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index d0d8fedc21..264c70f362 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -16,111 +16,112 @@ def general_deflate_specs end describe 'apache::mod::deflate', :type => :class do - let :pre_condition do - 'class { "apache": - default_mods => false, - } - class { "apache::mod::deflate": - types => [ "text/html", "text/css" ], - notes => { - "Input" => "instream", - "Ratio" => "ratio", - } - } - ' - end + it_behaves_like "a mod class, without including apache" - context "On a Debian OS with default params" do - let :facts do - { - :id => 'root', - :lsbdistcodename => 'squeeze', - :kernel => 'Linux', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, + context "default configuration with parameters" do + let :pre_condition do + 'class { "apache::mod::deflate": + types => [ "text/html", "text/css" ], + notes => { + "Input" => "instream", + "Ratio" => "ratio", + } } + ' end - # Load the more generic tests for this context - general_deflate_specs() - - it { is_expected.to contain_file("deflate.conf").with({ - :ensure => 'file', - :path => '/etc/apache2/mods-available/deflate.conf', - } ) } - it { is_expected.to contain_file("deflate.conf symlink").with({ - :ensure => 'link', - :path => '/etc/apache2/mods-enabled/deflate.conf', - } ) } - end + context "On a Debian OS with default params" do + let :facts do + { + :id => 'root', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end - context "on a RedHat OS with default params" do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/deflate.conf', + } ) } + it { is_expected.to contain_file("deflate.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/deflate.conf', + } ) } end - # Load the more generic tests for this context - general_deflate_specs() + context "on a RedHat OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end - it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } - end + # Load the more generic tests for this context + general_deflate_specs() - context "On a FreeBSD OS with default params" do - let :facts do - { - :id => 'root', - :kernel => 'FreeBSD', - :osfamily => 'FreeBSD', - :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - } + it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } end - # Load the more generic tests for this context - general_deflate_specs() + context "On a FreeBSD OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end - it { is_expected.to contain_file("deflate.conf").with({ - :ensure => 'file', - :path => '/usr/local/etc/apache24/Modules/deflate.conf', - } ) } - end + # Load the more generic tests for this context + general_deflate_specs() - context "On a Gentoo OS with default params" do - let :facts do - { - :id => 'root', - :kernel => 'Linux', - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :is_pe => false, - } + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/usr/local/etc/apache24/Modules/deflate.conf', + } ) } end - # Load the more generic tests for this context - general_deflate_specs() + context "On a Gentoo OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :is_pe => false, + } + end - it { is_expected.to contain_file("deflate.conf").with({ - :ensure => 'file', - :path => '/etc/apache2/modules.d/deflate.conf', - } ) } + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/modules.d/deflate.conf', + } ) } + end end end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index 1686a02755..29589f99f2 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -1,9 +1,8 @@ require 'spec_helper' describe 'apache::mod::dev', :type => :class do - let(:pre_condition) {[ - 'include apache' - ]} + it_behaves_like "a mod class, without including apache" + [ ['RedHat', '6', 'Santiago', 'Linux'], ['Debian', '6', 'squeeze', 'Linux'], diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 11622a41cb..9aad0d3ff5 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -1,138 +1,137 @@ require 'spec_helper' describe 'apache::mod::dir', :type => :class do - let :pre_condition do - 'class { "apache": - default_mods => false, - }' - end - context "on a Debian OS" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :lsbdistcodename => 'squeeze', - :is_pe => false, - } - end - context "passing no parameters" do - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - {:indexes => ['example.txt','fearsome.aspx']} + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :is_pe => false, + } end - it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } - it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } - end - end - context "on a RedHat OS" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Redhat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - context "passing no parameters" do - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - {:indexes => ['example.txt','fearsome.aspx']} + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end - it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } - it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } - end - end - context "on a FreeBSD OS" do - let :facts do - { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - context "passing no parameters" do - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - {:indexes => ['example.txt','fearsome.aspx']} + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end - it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } - it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end - end - context "on a Gentoo OS" do - let :facts do - { - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :is_pe => false, - } + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Redhat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end end - context "passing no parameters" do - it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } - it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - {:indexes => ['example.txt','fearsome.aspx']} + context "on a Gentoo OS" do + let :facts do + { + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end - it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } - it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end end diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index e3b3d24428..7bc7831fba 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -21,139 +21,89 @@ def status_conf_spec(allow_from, extended_status, status_path) end describe 'apache::mod::status', :type => :class do - let :pre_condition do - 'include apache' - end - - context "on a Debian OS with default params" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - - it { is_expected.to contain_apache__mod("status") } + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS with default params" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end - status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") + it { is_expected.to contain_apache__mod("status") } - it { is_expected.to contain_file("status.conf").with({ - :ensure => 'file', - :path => '/etc/apache2/mods-available/status.conf', - } ) } + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") - it { is_expected.to contain_file("status.conf symlink").with({ - :ensure => 'link', - :path => '/etc/apache2/mods-enabled/status.conf', - } ) } + it { is_expected.to contain_file("status.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/status.conf', + } ) } - end + it { is_expected.to contain_file("status.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/status.conf', + } ) } - context "on a RedHat OS with default params" do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } end - it { is_expected.to contain_apache__mod("status") } + context "on a RedHat OS with default params" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end - status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") + it { is_expected.to contain_apache__mod("status") } - it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") - end + it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - let :params do - { - :allow_from => ['10.10.10.10','11.11.11.11'], - :extended_status => 'Off', - :status_path => '/custom-status', - } end - status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status") - - end + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do + { + :allow_from => ['10.10.10.10','11.11.11.11'], + :extended_status => 'Off', + :status_path => '/custom-status', + } + end - context "with valid parameter type $allow_from => ['10.10.10.10']" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - let :params do - { :allow_from => ['10.10.10.10'] } - end - it 'should expect to succeed array validation' do - expect { - is_expected.to contain_file("status.conf") - }.not_to raise_error() - end - end + status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status") - context "with invalid parameter type $allow_from => '10.10.10.10'" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - let :params do - { :allow_from => '10.10.10.10' } end - it 'should expect to fail array validation' do - expect { - is_expected.to contain_file("status.conf") - }.to raise_error(Puppet::Error) - end - end - # Only On or Off are valid options - ['On', 'Off'].each do |valid_param| - context "with valid value $extended_status => '#{valid_param}'" do + context "with valid parameter type $allow_from => ['10.10.10.10']" do let :facts do { :osfamily => 'Debian', @@ -168,18 +118,16 @@ def status_conf_spec(allow_from, extended_status, status_path) } end let :params do - { :extended_status => valid_param } + { :allow_from => ['10.10.10.10'] } end - it 'should expect to succeed regular expression validation' do + it 'should expect to succeed array validation' do expect { is_expected.to contain_file("status.conf") }.not_to raise_error() end end - end - ['Yes', 'No'].each do |invalid_param| - context "with invalid value $extended_status => '#{invalid_param}'" do + context "with invalid parameter type $allow_from => '10.10.10.10'" do let :facts do { :osfamily => 'Debian', @@ -193,14 +141,65 @@ def status_conf_spec(allow_from, extended_status, status_path) } end let :params do - { :extended_status => invalid_param } + { :allow_from => '10.10.10.10' } end - it 'should expect to fail regular expression validation' do + it 'should expect to fail array validation' do expect { is_expected.to contain_file("status.conf") }.to raise_error(Puppet::Error) end end - end + # Only On or Off are valid options + ['On', 'Off'].each do |valid_param| + context "with valid value $extended_status => '#{valid_param}'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do + { :extended_status => valid_param } + end + it 'should expect to succeed regular expression validation' do + expect { + is_expected.to contain_file("status.conf") + }.not_to raise_error() + end + end + end + + ['Yes', 'No'].each do |invalid_param| + context "with invalid value $extended_status => '#{invalid_param}'" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do + { :extended_status => invalid_param } + end + it 'should expect to fail regular expression validation' do + expect { + is_expected.to contain_file("status.conf") + }.to raise_error(Puppet::Error) + end + end + end + end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 475b72c07b..c48f49b1bf 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -21,3 +21,20 @@ shared_examples :compile, :compile => true do it { should compile.with_all_deps } end + +shared_examples 'a mod class, without including apache' do + let :facts do + { + :id => 'root', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { should compile.with_all_deps } +end diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb index 2056476e82..799b2e666b 100644 --- a/templates/mod/alias.conf.erb +++ b/templates/mod/alias.conf.erb @@ -3,7 +3,7 @@ Alias /icons/ "<%= @icons_path %>/" "> Options <%= @icons_options %> AllowOverride None -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@real_apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index f02ed156ff..895bf0c665 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,6 +1,6 @@ > SetHandler server-status - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@real_apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> <%- else -%> Order deny,allow From 328cb96780d40142c74261137b508daa8aefe98d Mon Sep 17 00:00:00 2001 From: Jason Hancock Date: Fri, 19 Feb 2016 14:27:34 -0800 Subject: [PATCH 0843/2267] Ensure module packages are installed before evaluating conf.d dir The problem I'm running into on EL7 is that when the ssl module is enabled, the mod_ssl package gets installed and drops `/etc/httpd/conf.d/ssl.conf`. We want to remove that file, but the purge for `/etc/httpd/conf.d` is being evaluated before the mod_ssl package is being installed. On the second client run the `ssl.conf` file will be removed. This change ensures that the `mod_ssl` package gets installed prior to the purge on `/etc/httpd/conf.d` being evaluated so that the ssl.conf file gets removed on the first client run. --- manifests/mod.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 33b4de1ab3..014aa274ae 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -64,7 +64,10 @@ File[$_loadfile_name], File["${::apache::conf_dir}/${::apache::params::conf_file}"] ], - default => File[$_loadfile_name], + default => [ + File[$_loadfile_name], + File[$::apache::confd_dir], + ], } # if there are any packages, they should be installed before the associated conf file Package[$_package] -> File<| title == "${mod}.conf" |> From 15950ea9d3e3edbbed1533958a7d00205a95bcc8 Mon Sep 17 00:00:00 2001 From: kaihowl Date: Tue, 23 Feb 2016 08:21:45 +0100 Subject: [PATCH 0844/2267] [MODULES-1628] Fix mod rewrite typo in examples There is no HTTPS_HOST variable in mod_rewrite --- examples/vhost.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/vhost.pp b/examples/vhost.pp index 0cf8da75c4..79ac994019 100644 --- a/examples/vhost.pp +++ b/examples/vhost.pp @@ -151,7 +151,7 @@ { comment => 'redirect non-SSL traffic to SSL site', rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'], } ] } @@ -183,7 +183,7 @@ port => '80', docroot => '/var/www/sixteenth', rewrite_cond => '%{HTTPS} off', - rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', + rewrite_rule => '(.*) https://%{HTTP_HOST}%{REQUEST_URI}', } apache::vhost { 'sixteenth.example.com ssl old rewrite': servername => 'sixteenth.example.com', From 779e040e71e15377f8531118096850668717b309 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 24 Feb 2016 16:27:22 +0000 Subject: [PATCH 0845/2267] only run the passenger tests on non redhat --- spec/acceptance/vhost_spec.rb | 40 +++++++++++------------------------ 1 file changed, 12 insertions(+), 28 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d65e397849..5a978c4356 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1107,38 +1107,22 @@ class { 'apache': service_ensure => stopped, } end describe 'rack_base_uris' do - before :all do - pp = "if $::osfamily == 'RedHat' { include epel }" - apply_manifest(pp, :catch_failures => true) - end - - it 'applies cleanly' do - test = lambda do - pp = <<-EOS - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - pending("Passenger isn't even in EPEL on el-5, needs a kernel update on el-6, and needs selinux-policy >= 3.13.1-60 on el7 which is not available in official repos") do - test.call + if (fact('osfamily') != 'RedHat') + it 'applies cleanly' do + test = lambda do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) end - else test.call end end - - if (fact('osfamily') == 'RedHat' and ! ['7','6','5'].include?(fact('operatingsystemmajrelease'))) - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'RackBaseURI /test' } - end - end end describe 'no_proxy_uris' do From 20440e515f1bacb3780bf386c46a8c85ab3205b2 Mon Sep 17 00:00:00 2001 From: Chris Reeves Date: Wed, 24 Feb 2016 18:48:02 +0000 Subject: [PATCH 0846/2267] Fix typo in README for shib_request_settings vhost param --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d188f12c70..dd89b37b58 100644 --- a/README.md +++ b/README.md @@ -3133,7 +3133,7 @@ apache::vhost { 'secure.example.net': > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. -###### `shib_request_setting` +###### `shib_request_settings` Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. From 8150ee15e1f6dcde500a5d092914596ecabc25b4 Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Thu, 25 Feb 2016 10:36:26 +0100 Subject: [PATCH 0847/2267] better readable template --- templates/fastcgi/server.erb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb index 61169413d1..7a3837b1b3 100644 --- a/templates/fastcgi/server.erb +++ b/templates/fastcgi/server.erb @@ -1,4 +1,17 @@ -FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host -%> -<%- if @pass_header -%> -pass-header <%= @pass_header %><% end %> +<% + timeout = " -idle-timeout #{@timeout}" + flush = "" + if @flush + flush = " -flush" + end + host = " -host #{@host}" + pass_header = "" + if @pass_header and ! @pass_header.empty? + pass_header = " -pass-header #{@pass_header}" + end + + options = timeout + flush + host + pass_header +-%> +FastCGIExternalServer <%= @faux_path %><%= options %> Alias <%= @fcgi_alias %> <%= @faux_path %> Action <%= @file_type %> <%= @fcgi_alias %> From 7450d813465e51d3e467322ef2a48fe2d471b54d Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 24 Feb 2016 14:58:15 +0000 Subject: [PATCH 0848/2267] include apache, so parsing works --- manifests/mod/alias.pp | 4 ++-- manifests/mod/expires.pp | 1 + manifests/mod/ext_filter.pp | 2 +- manifests/mod/fastcgi.pp | 1 + manifests/mod/fcgid.pp | 1 + manifests/mod/info.pp | 8 ++++---- manifests/mod/ldap.pp | 6 ++++-- manifests/mod/mime.pp | 8 +++++--- manifests/mod/mime_magic.pp | 4 +++- manifests/mod/negotiation.pp | 1 + manifests/mod/pagespeed.pp | 8 +++++--- manifests/mod/passenger.pp | 4 ++-- manifests/mod/perl.pp | 1 + manifests/mod/proxy.pp | 6 ++++-- manifests/mod/proxy_connect.pp | 6 ++++-- manifests/mod/proxy_html.pp | 1 + manifests/mod/python.pp | 1 + manifests/mod/remoteip.pp | 6 ++++-- manifests/mod/reqtimeout.pp | 1 + manifests/mod/rpaf.pp | 1 + manifests/mod/security.pp | 3 ++- manifests/mod/shib.pp | 4 ++-- manifests/mod/speling.pp | 1 + manifests/mod/ssl.pp | 12 ++++++------ manifests/mod/status.pp | 4 ++-- manifests/mod/suphp.pp | 1 + manifests/mod/wsgi.pp | 4 ++-- spec/classes/mod/expires_spec.rb | 5 ++--- spec/classes/mod/ext_filter_spec.rb | 6 +----- spec/classes/mod/fastcgi_spec.rb | 4 +--- spec/classes/mod/fcgid_spec.rb | 4 +--- spec/classes/mod/info_spec.rb | 4 +--- spec/classes/mod/ldap_spec.rb | 4 +--- spec/classes/mod/mime_magic_spec.rb | 4 +--- spec/classes/mod/mime_spec.rb | 4 +--- spec/classes/mod/negotiation_spec.rb | 11 +---------- spec/classes/mod/pagespeed_spec.rb | 3 --- spec/classes/mod/passenger_spec.rb | 4 +--- spec/classes/mod/perl_spec.rb | 4 +--- spec/classes/mod/proxy_connect_spec.rb | 2 +- spec/classes/mod/proxy_html_spec.rb | 2 +- spec/classes/mod/python_spec.rb | 5 ++--- spec/classes/mod/remoteip_spec.rb | 5 ----- spec/classes/mod/reqtimeout_spec.rb | 6 +----- spec/classes/mod/rpaf_spec.rb | 6 +----- spec/classes/mod/security_spec.rb | 5 +---- spec/classes/mod/shib_spec.rb | 4 +--- spec/classes/mod/speling_spec.rb | 4 +--- spec/classes/mod/ssl_spec.rb | 4 +--- spec/classes/mod/suphp_spec.rb | 4 +--- spec/classes/mod/wsgi_spec.rb | 4 +--- templates/mod/alias.conf.erb | 2 +- templates/mod/info.conf.erb | 2 +- templates/mod/ldap.conf.erb | 2 +- templates/mod/mime.conf.erb | 2 +- templates/mod/mime_magic.conf.erb | 2 +- templates/mod/pagespeed.conf.erb | 6 +++--- templates/mod/proxy.conf.erb | 2 +- templates/mod/ssl.conf.erb | 2 +- templates/mod/status.conf.erb | 2 +- 60 files changed, 98 insertions(+), 132 deletions(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 91f68b2dc2..4eb42ac974 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -5,10 +5,10 @@ $icons_path = $::apache::params::alias_icons_path, ) inherits ::apache::params { include ::apache - $real_apache_version = pick($apache_version, $apache::apache_version) + $_apache_version = pick($apache_version, $apache::apache_version) apache::mod { 'alias': } - # Template uses $icons_path + # Template uses $icons_path, $_apache_version if $icons_path { file { 'alias.conf': ensure => file, diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp index 1531fc54d9..07ec82e276 100644 --- a/manifests/mod/expires.pp +++ b/manifests/mod/expires.pp @@ -3,6 +3,7 @@ $expires_default = undef, $expires_by_type = undef, ) { + include ::apache ::apache::mod { 'expires': } # Template uses diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp index 244c2b1da1..aa14c10259 100644 --- a/manifests/mod/ext_filter.pp +++ b/manifests/mod/ext_filter.pp @@ -1,7 +1,7 @@ class apache::mod::ext_filter( $ext_filter_define = undef ) { - + include ::apache if $ext_filter_define { validate_hash($ext_filter_define) } diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index c4da5b1e63..543a322336 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -1,4 +1,5 @@ class apache::mod::fastcgi { + include ::apache # Debian specifies it's fastcgi lib path, but RedHat uses the default value # with no config file diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 69e3112d4f..0e99a9b799 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,6 +1,7 @@ class apache::mod::fcgid( $options = {}, ) { + include ::apache if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') or $::osfamily == 'FreeBSD' { $loadfile_name = 'unixd_fcgid.load' $conf_name = 'unixd_fcgid.conf' diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index bed35af3a1..2c477c748f 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -1,12 +1,12 @@ class apache::mod::info ( $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, + $apache_version = undef, $restrict_access = true, ){ + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) apache::mod { 'info': } - # Template uses - # $allow_from - # $apache_version + # Template uses $allow_from, $_apache_version file { 'info.conf': ensure => file, path => "${::apache::mod_dir}/info.conf", diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index fe9f6b80a7..d842668361 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,5 +1,5 @@ class apache::mod::ldap ( - $apache_version = $::apache::apache_version, + $apache_version = undef, $ldap_trusted_global_cert_file = undef, $ldap_trusted_global_cert_type = 'CA_BASE64', $ldap_shared_cache_size = undef, @@ -8,11 +8,13 @@ $ldap_opcache_entries = undef, $ldap_opcache_ttl = undef, ){ + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) if ($ldap_trusted_global_cert_file) { validate_string($ldap_trusted_global_cert_type) } ::apache::mod { 'ldap': } - # Template uses $apache_version + # Template uses $_apache_version file { 'ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index 0665eb639c..f686930932 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -1,10 +1,12 @@ class apache::mod::mime ( $mime_support_package = $::apache::params::mime_support_package, $mime_types_config = $::apache::params::mime_types_config, - $mime_types_additional = $::apache::mime_types_additional, -) { + $mime_types_additional = undef, +) inherits ::apache::params { + include ::apache + $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional) apache::mod { 'mime': } - # Template uses $mime_types_config + # Template uses $_mime_types_config file { 'mime.conf': ensure => file, path => "${::apache::mod_dir}/mime.conf", diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index 722b0df402..ecc74cfddc 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -1,6 +1,8 @@ class apache::mod::mime_magic ( - $magic_file = "${::apache::conf_dir}/magic" + $magic_file = undef, ) { + include ::apache + $_magic_file = pick($magic_file, "${::apache::conf_dir}/magic") apache::mod { 'mime_magic': } # Template uses $magic_file file { 'mime_magic.conf': diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index b9aec3673f..c7c34b81fe 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -5,6 +5,7 @@ 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ], ) { + include ::apache if !is_array($force_language_priority) and !is_string($force_language_priority) { fail('force_languague_priority must be a string or array of strings') } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index e787d88ef5..a6506007bb 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -32,10 +32,11 @@ $allow_pagespeed_message = [], $message_buffer_size = 100000, $additional_configuration = {}, - $apache_version = $::apache::apache_version, + $apache_version = undef, ){ - - $_lib = $::apache::apache_version ? { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) + $_lib = $_apache_version ? { '2.4' => 'mod_pagespeed_ap24.so', default => undef } @@ -44,6 +45,7 @@ lib => $_lib, } + # Template uses $_apache_version file { 'pagespeed.conf': ensure => file, path => "${::apache::mod_dir}/pagespeed.conf", diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 7ed7563eb4..e97577d98f 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -24,8 +24,8 @@ $mod_lib_path = undef, $mod_id = undef, $mod_path = undef, -) { - +) inherits ::apache::params { + include ::apache if $passenger_spawn_method { validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") } diff --git a/manifests/mod/perl.pp b/manifests/mod/perl.pp index b57f25fd5f..3bfeac9770 100644 --- a/manifests/mod/perl.pp +++ b/manifests/mod/perl.pp @@ -1,3 +1,4 @@ class apache::mod::perl { + include ::apache ::apache::mod { 'perl': } } diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 73b054ab36..1f70938921 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -1,10 +1,12 @@ class apache::mod::proxy ( $proxy_requests = 'Off', $allow_from = undef, - $apache_version = $::apache::apache_version, + $apache_version = undef, ) { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) ::apache::mod { 'proxy': } - # Template uses $proxy_requests, $apache_version + # Template uses $proxy_requests, $_apache_version file { 'proxy.conf': ensure => file, path => "${::apache::mod_dir}/proxy.conf", diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp index 7adef1f899..cda5b89dc6 100644 --- a/manifests/mod/proxy_connect.pp +++ b/manifests/mod/proxy_connect.pp @@ -1,7 +1,9 @@ class apache::mod::proxy_connect ( - $apache_version = $::apache::apache_version, + $apache_version = undef, ) { - if versioncmp($apache_version, '2.2') >= 0 { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) + if versioncmp($_apache_version, '2.2') >= 0 { Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] ::apache::mod { 'proxy_connect': } } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 24f332334a..cceaf0b755 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -1,4 +1,5 @@ class apache::mod::proxy_html { + include ::apache Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html'] Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html'] diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp index e326c8d757..75af350114 100644 --- a/manifests/mod/python.pp +++ b/manifests/mod/python.pp @@ -1,4 +1,5 @@ class apache::mod::python { + include ::apache ::apache::mod { 'python': } } diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp index abceb08c7d..92010cf960 100644 --- a/manifests/mod/remoteip.pp +++ b/manifests/mod/remoteip.pp @@ -3,9 +3,11 @@ $proxy_ips = [ '127.0.0.1' ], $proxies_header = undef, $trusted_proxy_ips = undef, - $apache_version = $::apache::apache_version + $apache_version = undef, ) { - if versioncmp($apache_version, '2.4') < 0 { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) + if versioncmp($_apache_version, '2.4') < 0 { fail('mod_remoteip is only available in Apache 2.4') } diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp index 34c96a6784..f166f6d6f6 100644 --- a/manifests/mod/reqtimeout.pp +++ b/manifests/mod/reqtimeout.pp @@ -1,6 +1,7 @@ class apache::mod::reqtimeout ( $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500'] ){ + include ::apache ::apache::mod { 'reqtimeout': } # Template uses no variables file { 'reqtimeout.conf': diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index f21c43ebda..cb65483605 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -3,6 +3,7 @@ $proxy_ips = [ '127.0.0.1' ], $header = 'X-Forwarded-For' ) { + include ::apache ::apache::mod { 'rpaf': } # Template uses: diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 95018a6809..10145d7f3b 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -9,7 +9,8 @@ $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', -){ +) inherits ::apache::params { + include ::apache if $::osfamily == 'FreeBSD' { fail('FreeBSD is not currently supported') diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index 8ec4c6dd11..4b00889260 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -1,7 +1,7 @@ class apache::mod::shib ( $suppress_warning = false, ) { - + include ::apache if $::osfamily == 'RedHat' and ! $suppress_warning { warning('RedHat distributions do not have Apache mod_shib in their default package repositories.') } @@ -12,4 +12,4 @@ id => 'mod_shib', } -} \ No newline at end of file +} diff --git a/manifests/mod/speling.pp b/manifests/mod/speling.pp index eb46d78f04..fbd19d373c 100644 --- a/manifests/mod/speling.pp +++ b/manifests/mod/speling.pp @@ -1,3 +1,4 @@ class apache::mod::speling { + include ::apache ::apache::mod { 'speling': } } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 399131314a..c0dd1f61bf 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -10,16 +10,17 @@ $ssl_random_seed_bytes = '512', $ssl_sessioncachetimeout = '300', $ssl_mutex = undef, - $apache_version = $::apache::apache_version, + $apache_version = undef, $package_name = undef, ) { - + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) if $ssl_mutex { $_ssl_mutex = $ssl_mutex } else { case $::osfamily { 'debian': { - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($_apache_version, '2.4') >= 0 { $_ssl_mutex = 'default' } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { $_ssl_mutex = 'file:/var/run/apache2/ssl_mutex' @@ -57,7 +58,7 @@ package => $package_name, } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($_apache_version, '2.4') >= 0 { ::apache::mod { 'socache_shmcb': } } @@ -73,8 +74,7 @@ # $ssl_mutex # $ssl_random_seed_bytes # $ssl_sessioncachetimeout - # $apache_version - # + # $_apache_version file { 'ssl.conf': ensure => file, path => "${::apache::mod_dir}/ssl.conf", diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 364505f7b0..d30a690de8 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -32,11 +32,11 @@ $status_path = '/server-status', ) inherits ::apache::params { include ::apache - $real_apache_version = pick($apache_version, $apache::apache_version) + $_apache_version = pick($apache_version, $apache::apache_version) validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } - # Template uses $allow_from, $extended_status, $apache_version, $status_path + # Template uses $allow_from, $extended_status, $_apache_version, $status_path file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index 5d426d7948..955bba302c 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -1,5 +1,6 @@ class apache::mod::suphp ( ){ + include ::apache ::apache::mod { 'suphp': } file {'suphp.conf': diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index d1b8214753..e726bcfaa4 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -4,8 +4,8 @@ $wsgi_python_home = undef, $package_name = undef, $mod_path = undef, -){ - +) inherits ::apache::params { + include ::apache if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { fail('apache::mod::wsgi - both package_name and mod_path must be specified!') } diff --git a/spec/classes/mod/expires_spec.rb b/spec/classes/mod/expires_spec.rb index e6eab7c48d..397fee0243 100644 --- a/spec/classes/mod/expires_spec.rb +++ b/spec/classes/mod/expires_spec.rb @@ -1,9 +1,8 @@ require 'spec_helper' describe 'apache::mod::expires', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" + context "with expires active", :compile do let :facts do { diff --git a/spec/classes/mod/ext_filter_spec.rb b/spec/classes/mod/ext_filter_spec.rb index ed61db9f20..a0cf37cec5 100644 --- a/spec/classes/mod/ext_filter_spec.rb +++ b/spec/classes/mod/ext_filter_spec.rb @@ -1,11 +1,7 @@ require 'spec_helper' describe 'apache::mod::ext_filter', :type => :class do - let :pre_condition do - 'class { "apache": - default_mods => false, - }' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index e204bb7460..778d27cffb 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::fastcgi', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index b86cc0e6b3..f08596be6b 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::fcgid', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 8ecbcdd2a3..766a9e4fdb 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -121,9 +121,7 @@ def general_info_specs_24 end describe 'apache::mod::info', :type => :class do - let :pre_condition do - "class { 'apache': default_mods => false, }" - end + it_behaves_like "a mod class, without including apache" context 'On a Debian OS' do let :facts do diff --git a/spec/classes/mod/ldap_spec.rb b/spec/classes/mod/ldap_spec.rb index f51cafd4f7..73c51adf28 100644 --- a/spec/classes/mod/ldap_spec.rb +++ b/spec/classes/mod/ldap_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::ldap', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index f846ce386b..cf8f898aa5 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -6,9 +6,7 @@ def general_mime_magic_specs end describe 'apache::mod::mime_magic', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "On a Debian OS with default params" do let :facts do diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb index 3c7ad88d18..b0675a3c0a 100644 --- a/spec/classes/mod/mime_spec.rb +++ b/spec/classes/mod/mime_spec.rb @@ -6,9 +6,7 @@ def general_mime_specs end describe 'apache::mod::mime', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "On a Debian OS with default params", :compile do let :facts do diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index 813e76def0..9dadb7651e 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper' describe 'apache::mod::negotiation', :type => :class do + it_behaves_like "a mod class, without including apache" describe "OS independent tests" do - let :facts do { :osfamily => 'Debian', @@ -18,9 +18,6 @@ end context "default params" do - let :pre_condition do - 'class {"::apache": }' - end it { should contain_class("apache") } it do should contain_file('negotiation.conf').with( { @@ -33,9 +30,6 @@ end context 'with force_language_priority parameter' do - let :pre_condition do - 'class {"::apache": default_mods => ["negotiation"]}' - end let :params do { :force_language_priority => 'Prefer' } end @@ -48,9 +42,6 @@ end context 'with language_priority parameter' do - let :pre_condition do - 'class {"::apache": default_mods => ["negotiation"]}' - end let :params do { :language_priority => [ 'en', 'es' ] } end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index 44c60053e0..2cbc3d170e 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -1,9 +1,6 @@ require 'spec_helper' describe 'apache::mod::pagespeed', :type => :class do - let :pre_condition do - 'include apache' - end context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index d7e9ce9ed0..70ce4ea60d 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::passenger', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 17ee1b366b..f5b61fe0ce 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::perl', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb index dbb314c2bf..33059c07b2 100644 --- a/spec/classes/mod/proxy_connect_spec.rb +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -3,10 +3,10 @@ describe 'apache::mod::proxy_connect', :type => :class do let :pre_condition do [ - 'include apache', 'include apache::mod::proxy', ] end + it_behaves_like "a mod class, without including apache" context 'on a Debian OS' do let :facts do { diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 80106931e0..ffdaa243ed 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -3,11 +3,11 @@ describe 'apache::mod::proxy_html', :type => :class do let :pre_condition do [ - 'include apache', 'include apache::mod::proxy', 'include apache::mod::proxy_http', ] end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do shared_examples "debian" do |loadfiles| it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 46c4cde3a2..1393293a97 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -1,9 +1,8 @@ require 'spec_helper' describe 'apache::mod::python', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" + context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/remoteip_spec.rb b/spec/classes/mod/remoteip_spec.rb index c9f5b4e831..d75ea56031 100644 --- a/spec/classes/mod/remoteip_spec.rb +++ b/spec/classes/mod/remoteip_spec.rb @@ -1,11 +1,6 @@ require 'spec_helper' describe 'apache::mod::remoteip', :type => :class do - let :pre_condition do - [ - 'include apache', - ] - end context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/reqtimeout_spec.rb b/spec/classes/mod/reqtimeout_spec.rb index 1869eb68dc..c3a09777cc 100644 --- a/spec/classes/mod/reqtimeout_spec.rb +++ b/spec/classes/mod/reqtimeout_spec.rb @@ -1,11 +1,7 @@ require 'spec_helper' describe 'apache::mod::reqtimeout', :type => :class do - let :pre_condition do - 'class { "apache": - default_mods => false, - }' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 6b2ddd92f3..ef41fcd350 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -1,11 +1,7 @@ require 'spec_helper' describe 'apache::mod::rpaf', :type => :class do - let :pre_condition do - [ - 'include apache', - ] - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index ba0bb2f711..2b6d16ecb7 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -1,10 +1,7 @@ require 'spec_helper' describe 'apache::mod::security', :type => :class do - let :pre_condition do - 'include apache' - end - + it_behaves_like "a mod class, without including apache" context "on RedHat based systems" do let :facts do { diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb index 11193b2766..a651c280a2 100644 --- a/spec/classes/mod/shib_spec.rb +++ b/spec/classes/mod/shib_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::shib', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb index b07af25897..b4844ec748 100644 --- a/spec/classes/mod/speling_spec.rb +++ b/spec/classes/mod/speling_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::speling', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index a738ab0a21..f76377e859 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::ssl', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context 'on an unsupported OS' do let :facts do { diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index 9b20000f30..71dbab30e4 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::suphp', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 5fe313acf4..1d54c54081 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -1,9 +1,7 @@ require 'spec_helper' describe 'apache::mod::wsgi', :type => :class do - let :pre_condition do - 'include apache' - end + it_behaves_like "a mod class, without including apache" context "on a Debian OS" do let :facts do { diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb index 799b2e666b..8580f707c1 100644 --- a/templates/mod/alias.conf.erb +++ b/templates/mod/alias.conf.erb @@ -3,7 +3,7 @@ Alias /icons/ "<%= @icons_path %>/" "> Options <%= @icons_options %> AllowOverride None -<%- if scope.function_versioncmp([@real_apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb index 1a025b7a6e..dd79ecea8d 100644 --- a/templates/mod/info.conf.erb +++ b/templates/mod/info.conf.erb @@ -1,7 +1,7 @@ SetHandler server-info <%- if @restrict_access -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> <%- else -%> Order deny,allow diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb index 424fbe8ee7..5ac0c1c546 100644 --- a/templates/mod/ldap.conf.erb +++ b/templates/mod/ldap.conf.erb @@ -1,6 +1,6 @@ SetHandler ldap-status - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip 127.0.0.1 ::1 <%- else -%> Order deny,allow diff --git a/templates/mod/mime.conf.erb b/templates/mod/mime.conf.erb index 8101cf031f..46d021c217 100644 --- a/templates/mod/mime.conf.erb +++ b/templates/mod/mime.conf.erb @@ -31,7 +31,7 @@ AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw -<%- @mime_types_additional.sort.each do |add_mime, config| -%> +<%- @_mime_types_additional.sort.each do |add_mime, config| -%> <%- config.each do |type, extension| %> <%= add_mime %> <%= type %> <%= extension%> <%- end -%> diff --git a/templates/mod/mime_magic.conf.erb b/templates/mod/mime_magic.conf.erb index 1ce1bc3c16..cbc173debc 100644 --- a/templates/mod/mime_magic.conf.erb +++ b/templates/mod/mime_magic.conf.erb @@ -1 +1 @@ -MIMEMagicFile "<%= @magic_file %>" +MIMEMagicFile "<%= @_magic_file %>" diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index 051cf5bedb..d1ce642976 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -61,7 +61,7 @@ ModPagespeedStatistics <%= @collect_statistics %> # statistics. This might be appropriate in an experimental setup or # if the Apache server is protected by a reverse proxy that will # filter URLs in some fashion. - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> <%- else -%> Order allow,deny @@ -72,7 +72,7 @@ ModPagespeedStatistics <%= @collect_statistics %> ModPagespeedStatisticsLogging <%= @statistics_logging %> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> <%- else -%> Order allow,deny @@ -84,7 +84,7 @@ ModPagespeedStatisticsLogging <%= @statistics_logging %> ModPagespeedMessageBufferSize <%= @message_buffer_size %> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> <%- else -%> Order allow,deny diff --git a/templates/mod/proxy.conf.erb b/templates/mod/proxy.conf.erb index 5ea829eeb3..06fe547140 100644 --- a/templates/mod/proxy.conf.erb +++ b/templates/mod/proxy.conf.erb @@ -10,7 +10,7 @@ <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> <%- else -%> Order deny,allow diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index d5120500a9..4ae29e40a0 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -13,7 +13,7 @@ <% if @ssl_compression -%> SSLCompression On <% end -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Mutex <%= @_ssl_mutex %> <%- else -%> SSLMutex <%= @_ssl_mutex %> diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index 895bf0c665..6a6b3daa2d 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,6 +1,6 @@ > SetHandler server-status - <%- if scope.function_versioncmp([@real_apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> <%- else -%> Order deny,allow From b07c049d8d09e0b49d3c122f0761987d405c7804 Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Fri, 26 Feb 2016 10:31:35 +0100 Subject: [PATCH 0849/2267] add documentation --- README.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6b8562bddb..5cb0cd3ee9 100644 --- a/README.md +++ b/README.md @@ -3326,12 +3326,13 @@ Ex: ``` puppet apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => false, - faux_path => '/var/www/php.fcgi', - fcgi_alias => '/php.fcgi', - file_type => 'application/x-httpd-php' + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php', + pass_header => '' } ``` @@ -3369,6 +3370,10 @@ A unique alias. This is used internally to link the action with the FastCGI serv The MIME-type of the file to be processed by the FastCGI server. +##### `pass_header` + +The name of an HTTP Request Header to be passed in the request environment. This option makes available the contents of headers which are normally not available (e.g. Authorization) to a CGI environment. + #### Defined type: `apache::vhost::custom` The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specifc to the virtual host directory in Apache. From d3d1929a297d754d9beb83b073666afc0e1972c6 Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Fri, 12 Feb 2016 11:20:45 +0100 Subject: [PATCH 0850/2267] added test --- spec/defines/fastcgi_server_spec.rb | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index fdcf2dbca3..89016f03a3 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -108,7 +108,7 @@ :is_pe => false, } end - describe ".conf content" do + describe ".conf content using TCP communication" do let :params do { :host => '127.0.0.1:9001', @@ -130,5 +130,28 @@ should contain_file("fastcgi-pool-www.conf").with_content(expected) end end + describe ".conf content using socket communication" do + let :params do + { + :host => :undef, + :socket => '/var/run/fcgi.sock', + :timeout => 30, + :flush => true, + :faux_path => '/var/www/php-www.fcgi', + :fcgi_alias => '/php-www.fcgi', + :file_type => 'application/x-httpd-php' + } + end + let :expected do + 'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock +Alias /php-www.fcgi /var/www/php-www.fcgi +Action application/x-httpd-php /php-www.fcgi +' + end + it do + should contain_file("fastcgi-pool-www.conf").with_content(expected) + end + end + end end From 42a591a8d158909079fb6d9f9ce0821e3b96d50a Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Fri, 12 Feb 2016 11:29:04 +0100 Subject: [PATCH 0851/2267] support socket communication a socket path can now be passed to apache::fastcgi::server::host to support socket communication --- README.md | 8 ++++++++ manifests/fastcgi/server.pp | 4 ++++ spec/defines/fastcgi_server_spec.rb | 5 ++--- templates/fastcgi/server.erb | 9 +++++++-- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5b88e2958d..915ff06f19 100644 --- a/README.md +++ b/README.md @@ -3355,6 +3355,14 @@ apache::vhost { 'www': The hostname or IP address and TCP port number (1-65535) of the FastCGI server. +It is also possible to pass a unix socket: + +``` puppet +apache::fastcgi::server { 'php': + host => '/var/run/fcgi.sock', +} +``` + ##### `timeout` The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index 8805484066..3493194917 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -11,6 +11,10 @@ Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] + if is_absolute_path($host) { + $socket = $host + } + file { "fastcgi-pool-${name}.conf": ensure => present, path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 89016f03a3..e415461cca 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -133,8 +133,7 @@ describe ".conf content using socket communication" do let :params do { - :host => :undef, - :socket => '/var/run/fcgi.sock', + :host => '/var/run/fcgi.sock', :timeout => 30, :flush => true, :faux_path => '/var/www/php-www.fcgi', @@ -143,7 +142,7 @@ } end let :expected do - 'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock +'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock Alias /php-www.fcgi /var/www/php-www.fcgi Action application/x-httpd-php /php-www.fcgi ' diff --git a/templates/fastcgi/server.erb b/templates/fastcgi/server.erb index 7a3837b1b3..bae56d48ef 100644 --- a/templates/fastcgi/server.erb +++ b/templates/fastcgi/server.erb @@ -4,13 +4,18 @@ if @flush flush = " -flush" end - host = " -host #{@host}" + if @socket + host_or_socket = " -socket #{@socket}" + else + host_or_socket = " -host #{@host}" + end + pass_header = "" if @pass_header and ! @pass_header.empty? pass_header = " -pass-header #{@pass_header}" end - options = timeout + flush + host + pass_header + options = timeout + flush + host_or_socket + pass_header -%> FastCGIExternalServer <%= @faux_path %><%= options %> Alias <%= @fcgi_alias %> <%= @faux_path %> From 811e63c9a7ca76d7d13924a5654dece9e7224a68 Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Wed, 2 Mar 2016 13:25:13 +0100 Subject: [PATCH 0852/2267] Remove SSLv3 from the example as we do not want to encourage its usage. --- examples/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/vhost.pp b/examples/vhost.pp index 79ac994019..486570f815 100644 --- a/examples/vhost.pp +++ b/examples/vhost.pp @@ -239,7 +239,7 @@ ssl_cert => '/etc/ssl/securedomain.cert', ssl_key => '/etc/ssl/securedomain.key', ssl_chain => '/etc/ssl/securedomain.crt', - ssl_protocol => '-ALL +SSLv3 +TLSv1', + ssl_protocol => '-ALL +TLSv1', ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', ssl_honorcipherorder => 'On', add_listen => false, From bef16174075faa1a39d372cc3284f0feb5de6342 Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Wed, 2 Mar 2016 13:25:56 +0100 Subject: [PATCH 0853/2267] Remove insecure SSLv3 from mod_nss --- templates/mod/nss.conf.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mod/nss.conf.erb b/templates/mod/nss.conf.erb index b6ea504877..36f83d865b 100644 --- a/templates/mod/nss.conf.erb +++ b/templates/mod/nss.conf.erb @@ -121,9 +121,9 @@ NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa # with the maximum specified protocol and downgrading as necessary to the # minimum specified protocol that can be used between two processes. # Since all protocol ranges are completely inclusive, and no protocol in the -# middle of a range may be excluded, the entry "NSSProtocol SSLv3,TLSv1.1" -# is identical to the entry "NSSProtocol SSLv3,TLSv1.0,TLSv1.1". -NSSProtocol SSLv3,TLSv1.0,TLSv1.1 +# middle of a range may be excluded, the entry "NSSProtocol TLSv1.0,TLSv1.2" +# is identical to the entry "NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2". +NSSProtocol TLSv1.0,TLSv1.1 # SSL Certificate Nickname: # The nickname of the RSA server certificate you are going to use. From e6a1775ce2019998ea34bd36f4e27a9d790d41d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Mo=CC=88ding?= Date: Wed, 2 Mar 2016 18:07:16 +0100 Subject: [PATCH 0854/2267] Add JkMount/JkUnmount directives to vhost 'mod_jk' is one of the possibilities to use Apache as a frontend to Tomcat. The module understands 'JkMount' and 'JkUnMount' directives to configure whether an URL should be handled by Apache or by Tomcat. This patch enhances 'apache::vhost' to allow configuration of these two directives for a virtual host. --- README.md | 17 +++++++++++++++++ manifests/vhost.pp | 11 +++++++++++ spec/defines/vhost_spec.rb | 8 ++++++++ templates/vhost/_jk_mounts.erb | 12 ++++++++++++ 4 files changed, 48 insertions(+) create mode 100644 templates/vhost/_jk_mounts.erb diff --git a/README.md b/README.md index 915ff06f19..029d47b544 100644 --- a/README.md +++ b/README.md @@ -2149,6 +2149,23 @@ apache::vhost { 'sample.example.net': } ``` +##### `jk_mounts` + +Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. Default: undef. + +The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys. + +Usage typically looks like: + +``` puppet +apache::vhost { 'sample.example.net': + jk_mounts => [ + { mount => '/*', worker => 'tcnode1', }, + { unmount => '/*.jpg', worker => 'tcnode1', }, + ], +} +``` + ##### `auth_kerb` Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: false. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e909788dfe..b6b47fd560 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -129,6 +129,7 @@ $modsec_disable_ids = undef, $modsec_disable_ips = undef, $modsec_body_limit = undef, + $jk_mounts = undef, $auth_kerb = false, $krb_method_negotiate = 'on', $krb_method_k5passwd = 'on', @@ -994,6 +995,16 @@ } } + # Template uses: + # - $jk_mounts + if $jk_mounts and ! empty($jk_mounts) { + concat::fragment { "${name}-jk_mounts": + target => "${priority_real}${filename}.conf", + order => 340, + content => template('apache/vhost/_jk_mounts.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8bcd3cfd59..5ae37bc519 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -338,6 +338,10 @@ 'passenger_start_timeout' => '600', 'passenger_pre_start' => 'http://localhost/myapp', 'add_default_charset' => 'UTF-8', + 'jk_mounts' => [ + { 'mount' => '/*', 'worker' => 'tcnode1', }, + { 'unmount' => '/*.jpg', 'worker' => 'tcnode1', }, + ], 'auth_kerb' => true, 'krb_method_negotiate' => 'off', 'krb_method_k5passwd' => 'off', @@ -484,6 +488,10 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + it { is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( + :content => /^\s+JkMount\s+\/\*\s+tcnode1$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( + :content => /^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbMethodNegotiate\soff$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( diff --git a/templates/vhost/_jk_mounts.erb b/templates/vhost/_jk_mounts.erb new file mode 100644 index 0000000000..8cb1d116bb --- /dev/null +++ b/templates/vhost/_jk_mounts.erb @@ -0,0 +1,12 @@ +<% if @jk_mounts and not @jk_mounts.empty? -%> + + <%- @jk_mounts.each do |jk| -%> + <%- if jk.is_a?(Hash) -%> + <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> + JkMount <%= jk['mount'] %> <%= jk['worker'] %> + <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> + JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %> + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> From 7022328bcad17476dd315b198882f4896fc0f6cc Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Thu, 3 Mar 2016 13:03:33 +0100 Subject: [PATCH 0855/2267] (doc) Fix a typo: specifc -> specific --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 915ff06f19..5f1e77f89b 100644 --- a/README.md +++ b/README.md @@ -3389,7 +3389,7 @@ The name of an HTTP Request Header to be passed in the request environment. This #### Defined type: `apache::vhost::custom` -The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specifc to the virtual host directory in Apache. +The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache. **Parameters within `apache::vhost::custom`**: From b2bc76f63045bdb4ad8df91a835873fbb1eec025 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Thu, 3 Mar 2016 22:18:06 +0100 Subject: [PATCH 0856/2267] apache::balancer: Add a target parameter to write to a custom path Thit commits implements a target parameter to the apache::balancer definition to specify a different configuration path if needed (e.g with a different suffix or in a different location). --- manifests/balancer.pp | 20 ++++++++--- manifests/balancermember.pp | 2 +- spec/defines/balancer_spec.rb | 33 ++++++++++++++++++ spec/defines/balancermember_spec.rb | 52 ++++++++++++++++++++--------- 4 files changed, 86 insertions(+), 21 deletions(-) create mode 100644 spec/defines/balancer_spec.rb diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 9b7511a032..a3534ded8c 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -23,6 +23,10 @@ # Hash, default empty. If given, each key-value pair will be used as a ProxySet # line in the configuration. # +# [*target*] +# String, default undef. If given, path to the file the balancer definition will +# be written. +# # [*collect_exported*] # Boolean, default 'true'. True means 'collect exported @@balancermember # resources' (for the case when every balancermember node exports itself), @@ -41,21 +45,27 @@ define apache::balancer ( $proxy_set = {}, $collect_exported = true, + $target = undef, ) { include ::apache::mod::proxy_balancer - $target = "${::apache::params::confd_dir}/balancer_${name}.conf" + if $target { + $_target = $target + } else { + $_target = "${::apache::params::confd_dir}/balancer_${name}.conf" + } - concat { $target: + concat { "apache_balancer_${name}": owner => '0', group => '0', + path => $_target, mode => $::apache::file_mode, notify => Class['Apache::Service'], } concat::fragment { "00-${name}-header": ensure => present, - target => $target, + target => "apache_balancer_${name}", order => '01', content => "\n", } @@ -68,14 +78,14 @@ concat::fragment { "01-${name}-proxyset": ensure => present, - target => $target, + target => "apache_balancer_${name}", order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": ensure => present, - target => $target, + target => "apache_balancer_${name}", order => '20', content => "\n", } diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index 459081a716..78723043bc 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -47,7 +47,7 @@ concat::fragment { "BalancerMember ${name}": ensure => present, - target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", + target => "apache_balancer_${balancer_cluster}", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } } diff --git a/spec/defines/balancer_spec.rb b/spec/defines/balancer_spec.rb new file mode 100644 index 0000000000..4a1477b13d --- /dev/null +++ b/spec/defines/balancer_spec.rb @@ -0,0 +1,33 @@ +require 'spec_helper' + +describe 'apache::balancer', :type => :define do + let :pre_condition do + 'include apache' + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + :is_pe => false, + } + end + describe "accept a target parameter and use it" do + let :title do + 'myapp' + end + let :params do + { + :target => '/tmp/myapp.conf' + } + end + it { should contain_concat('apache_balancer_myapp').with({ + :path => "/tmp/myapp.conf", + })} + end +end diff --git a/spec/defines/balancermember_spec.rb b/spec/defines/balancermember_spec.rb index 0322d308eb..d99f99686e 100644 --- a/spec/defines/balancermember_spec.rb +++ b/spec/defines/balancermember_spec.rb @@ -2,21 +2,7 @@ describe 'apache::balancermember', :type => :define do let :pre_condition do - 'include apache - apache::balancer {"balancer":} - apache::balancer {"balancer-external":} - apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} - ' - end - let :title do - 'http://127.0.0.1:8080/' - end - let :params do - { - :options => [], - :url => 'http://127.0.0.1:8080/', - :balancer_cluster => 'balancer-internal' - } + 'include apache' end let :facts do { @@ -32,6 +18,42 @@ } end describe "allows multiple balancermembers with the same url" do + let :pre_condition do + 'apache::balancer {"balancer":} + apache::balancer {"balancer-external":} + apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} + ' + end + let :title do + 'http://127.0.0.1:8080/' + end + let :params do + { + :options => [], + :url => 'http://127.0.0.1:8080/', + :balancer_cluster => 'balancer-internal' + } + end it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') } end + describe "allows balancermember with a different target" do + let :pre_condition do + 'apache::balancer {"balancername": target => "/etc/apache/balancer.conf"} + apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancername"} + ' + end + let :title do + 'http://127.0.0.1:8080/' + end + let :params do + { + :options => [], + :url => 'http://127.0.0.1:8080/', + :balancer_cluster => 'balancername' + } + end + it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/').with({ + :target => "apache_balancer_balancername", + })} + end end From 68362b54108e907ef674be3e3c23c17650ea877b Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 4 Mar 2016 10:33:37 -0800 Subject: [PATCH 0857/2267] Manage mod dir before things that depend on mods On Ubuntu Trusty, the default mpm module is "event". In puppetlabs-apache, the default mpm module is "worker". These can't both be loaded at once. The apache puppet module takes care of this by purging the mods-enabled directory. However, if we try to run a syntax check before the directory is purged, it fails. The apache::custom_config defined type contains an "syntax verification for ${name}" exec that can potentially run before the event mod is unloaded. This patch ensures that the module purging occurs before syntax check happens so that the puppet run is successful. --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index 41a879c5ec..e8f6e6f9ba 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -189,6 +189,7 @@ purge => $purge_mod_dir, notify => Class['Apache::Service'], require => Package['httpd'], + before => Anchor['::apache::modules_set_up'], } } From d26c4bbb6f12f90039a370dc1270d90029ff25a7 Mon Sep 17 00:00:00 2001 From: jokajak Date: Sat, 5 Mar 2016 12:12:59 -0500 Subject: [PATCH 0858/2267] Add mellon_sp_metadata_file parameter for directory entries This allows specifying the mellon_sp_metadata_file parameter --- README.md | 1 + templates/vhost/_directories.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 5f1e77f89b..026fb67e05 100644 --- a/README.md +++ b/README.md @@ -2968,6 +2968,7 @@ Related parameters follow the names of `mod_auth_mellon` directives: - `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array. - `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path. +- `mellon_sp_metadata_file`: Sets the [MellonSPMetadataFile][`mod_auth_mellon`] location of the SP metadata file. - `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file. - `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML. - `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 49a9bd9011..9beb89865f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -270,6 +270,9 @@ <%- end -%> <%- if directory['mellon_sp_cert_file'] -%> MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_metadata_file'] -%> + MellonSPMetadataFile "<%= directory['mellon_sp_metadata_file'] %>" <%- end -%> <%- if directory['mellon_idp_metadata_file'] -%> MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" From d1e9d46cc26f68d5ac941e8478cee383f00fcef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20S=C3=A9hier?= Date: Mon, 7 Mar 2016 14:41:41 +0100 Subject: [PATCH 0859/2267] add support for SSLProxyProtocol directive --- manifests/vhost.pp | 2 ++ templates/vhost/_sslproxy.erb | 3 +++ 2 files changed, 5 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e909788dfe..561364bead 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -29,6 +29,7 @@ $ssl_proxy_check_peer_cn = undef, $ssl_proxy_check_peer_name = undef, $ssl_proxy_machine_cert = undef, + $ssl_proxy_protocol = undef, $ssl_options = undef, $ssl_openssl_conf_cmd = undef, $ssl_proxyengine = false, @@ -838,6 +839,7 @@ # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name # - $ssl_proxy_machine_cert + # - $ssl_proxy_protocol if $ssl_proxyengine { concat::fragment { "${name}-sslproxy": target => "${priority_real}${filename}.conf", diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index 568d9d1d0d..393126e439 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -14,4 +14,7 @@ <%- if @ssl_proxy_machine_cert -%> SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" <%- end -%> + <%- if @ssl_proxy_protocol -%> + SSLProxyProtocol "<%= @ssl_proxy_protocol %>" + <%- end -%> <% end -%> From fcc9bc541d2ddc5ae1f600147755c2dae9c6e71a Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Tue, 8 Mar 2016 15:40:19 +0100 Subject: [PATCH 0860/2267] (#3139) Add support for PassengerUser --- README.md | 4 ++++ manifests/vhost.pp | 6 ++++-- spec/defines/vhost_spec.rb | 1 + templates/vhost/_passenger.erb | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5f1e77f89b..6cd5729786 100644 --- a/README.md +++ b/README.md @@ -2306,6 +2306,10 @@ Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apa Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required. +##### `passenger_user` + +Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications. + ##### `php_flags & values` Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e909788dfe..2430272b9b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -124,6 +124,7 @@ $passenger_min_instances = undef, $passenger_start_timeout = undef, $passenger_pre_start = undef, + $passenger_user = undef, $add_default_charset = undef, $modsec_disable_vhost = undef, $modsec_disable_ids = undef, @@ -274,7 +275,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user { include ::apache::mod::passenger } @@ -953,7 +954,8 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + # - $passenger_user + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user { concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8bcd3cfd59..b565eaa874 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -337,6 +337,7 @@ 'passenger_min_instances' => '1', 'passenger_start_timeout' => '600', 'passenger_pre_start' => 'http://localhost/myapp', + 'passenger_user' => 'sandbox', 'add_default_charset' => 'UTF-8', 'auth_kerb' => true, 'krb_method_negotiate' => 'off', diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index 130e769353..91820d3634 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -16,3 +16,6 @@ <% if @passenger_pre_start -%> PassengerPreStart <%= @passenger_pre_start %> <% end -%> +<% if @passenger_user -%> + PassengerUser <%= @passenger_user %> +<% end -%> From 7212175803ea2fab60f5f49df699f9b3216be265 Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Tue, 8 Mar 2016 17:07:09 +0000 Subject: [PATCH 0861/2267] Allow configuring mod_security's SecAuditLogParts The default configuration for this includes "I" which is not always always suitable, e.g. if you cannot tolerate POST parameters appearing in your modsec_audit.log You may want to omit `I` if mod_security is protecting a hypothetical web service that accepts credit card data in a POST request, for example. --- manifests/mod/security.pp | 2 ++ manifests/params.pp | 1 + spec/classes/mod/security_spec.rb | 8 ++++++++ templates/mod/security.conf.erb | 2 +- 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 10145d7f3b..7cd7114c4e 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -3,6 +3,7 @@ $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $audit_log_parts = $::apache::params::modsec_audit_log_parts, $secpcrematchlimit = $::apache::params::secpcrematchlimit, $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, $allowed_methods = 'GET HEAD POST OPTIONS', @@ -35,6 +36,7 @@ # Template uses: # - $modsec_dir + # - $audit_log_parts # - secpcrematchlimit # - secpcrematchlimitrecursion file { 'security.conf': diff --git a/manifests/params.pp b/manifests/params.pp index 7b6e93cc01..6a40f4d9bf 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -159,6 +159,7 @@ $mellon_lock_file = '/run/mod_auth_mellon/lock' $mellon_cache_size = 100 $mellon_post_directory = undef + $modsec_audit_log_parts = 'ABIJDEFHZ' $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 2b6d16ecb7..1dd2e9571b 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -27,6 +27,7 @@ it { should contain_file('security.conf').with( :path => '/etc/httpd/conf.modules.d/security.conf' ) } + it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABJDEFHZ$") } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', :path => '/etc/httpd/modsecurity.d', @@ -43,6 +44,13 @@ :path => '/etc/httpd/modsecurity.d/security_crs.conf' ) } it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + + describe 'with parameters' do + let :params do + { :modsec_audit_log_parts => "ABCDZ" + } + end + it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABCDZ$") } end context "on Debian based systems" do diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index a71f5887d1..1ffd30bb9c 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -50,7 +50,7 @@ SecDebugLogLevel 0 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" - SecAuditLogParts ABIJDEFHZ + SecAuditLogParts <%= @audit_log_parts %> SecAuditLogType Serial SecArgumentSeparator & SecCookieFormat 0 From d2699d18e5856ff8841373b3ebc9adc8c321564f Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Tue, 8 Mar 2016 17:27:38 +0000 Subject: [PATCH 0862/2267] Add SecAuditLogParts tests for Debian-based systems --- spec/classes/mod/security_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 1dd2e9571b..0590b21c1c 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -51,6 +51,7 @@ } end it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABCDZ$") } + end end context "on Debian based systems" do @@ -79,6 +80,7 @@ it { should contain_file('security.conf').with( :path => '/etc/apache2/mods-available/security.conf' ) } + it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABJDEFHZ$") } it { should contain_file('/etc/modsecurity').with( :ensure => 'directory', :path => '/etc/modsecurity', @@ -95,6 +97,14 @@ :path => '/etc/modsecurity/security_crs.conf' ) } it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + + describe 'with parameters' do + let :params do + { :modsec_audit_log_parts => "ACEZ" + } + end + it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ACEZ$") } + end end end From 78ee594d71921e86a80ccdfe84952b2cea0097f5 Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Wed, 9 Mar 2016 10:36:19 +0000 Subject: [PATCH 0863/2267] Fix parameter name --- spec/classes/mod/security_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 0590b21c1c..2730861f06 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -47,7 +47,7 @@ describe 'with parameters' do let :params do - { :modsec_audit_log_parts => "ABCDZ" + { :audit_log_parts => "ABCDZ" } end it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABCDZ$") } @@ -100,7 +100,7 @@ describe 'with parameters' do let :params do - { :modsec_audit_log_parts => "ACEZ" + { :audit_log_parts => "ACEZ" } end it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ACEZ$") } From 388ab4b53de683039c120d138132eebf7c0fbee5 Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Wed, 9 Mar 2016 15:04:22 +0000 Subject: [PATCH 0864/2267] Use regular expression rather than exact string match --- spec/classes/mod/security_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 2730861f06..7a0ba8f299 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -27,7 +27,7 @@ it { should contain_file('security.conf').with( :path => '/etc/httpd/conf.modules.d/security.conf' ) } - it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABJDEFHZ$") } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', :path => '/etc/httpd/modsecurity.d', @@ -50,7 +50,7 @@ { :audit_log_parts => "ABCDZ" } end - it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABCDZ$") } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } end end @@ -80,7 +80,7 @@ it { should contain_file('security.conf').with( :path => '/etc/apache2/mods-available/security.conf' ) } - it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ABJDEFHZ$") } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/modsecurity').with( :ensure => 'directory', :path => '/etc/modsecurity', @@ -103,7 +103,7 @@ { :audit_log_parts => "ACEZ" } end - it { should contain_file('security.conf').with_content("^\s*SecAuditLogParts ACEZ$") } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ACEZ$} } end end From 3d5aa16b3fe927920599566ffda12da483d80124 Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Wed, 9 Mar 2016 15:04:56 +0000 Subject: [PATCH 0865/2267] Move default value outside the redhat-specific section So it is valid for Debian-based systems also. --- manifests/params.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 6a40f4d9bf..19b3d2a460 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -47,6 +47,8 @@ $vhost_include_pattern = '*' + $modsec_audit_log_parts = 'ABIJDEFHZ' + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' } else { @@ -159,7 +161,6 @@ $mellon_lock_file = '/run/mod_auth_mellon/lock' $mellon_cache_size = 100 $mellon_post_directory = undef - $modsec_audit_log_parts = 'ABIJDEFHZ' $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' From 946be7ea59d65735bb4d50deef516fe0a4ab6e58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20S=C3=A9hier?= Date: Thu, 10 Mar 2016 11:12:05 +0100 Subject: [PATCH 0866/2267] add doc for ssl_proxy_protocol --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 5f1e77f89b..ad1415a812 100644 --- a/README.md +++ b/README.md @@ -3267,6 +3267,10 @@ apache::vhost { 'sample.example.net': ssl_verify_depth => 1, } ``` +##### `ssl_proxy_protocol` + +Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy. It will only connect to servers using one of the provided protocols. Default: undef. + ##### `ssl_proxy_verify` From e252bd08aed9b66a80677c9c742de29e1e6965fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20S=C3=A9hier?= Date: Thu, 10 Mar 2016 14:14:41 +0100 Subject: [PATCH 0867/2267] make ssl_proxy_protocol consistent with ssl_protocol usage --- templates/vhost/_sslproxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index 393126e439..0bc0a244a1 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -15,6 +15,6 @@ SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" <%- end -%> <%- if @ssl_proxy_protocol -%> - SSLProxyProtocol "<%= @ssl_proxy_protocol %>" + SSLProxyProtocol <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %> <%- end -%> <% end -%> From 50d7795cb75c69baa3bf248ee53d1c2845e9667b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20S=C3=A9hier?= Date: Thu, 10 Mar 2016 14:21:32 +0100 Subject: [PATCH 0868/2267] add tests for SSLProxyProtocol --- spec/acceptance/apache_ssl_spec.rb | 1 + spec/defines/vhost_spec.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 254a3c35a2..5df551a414 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -62,6 +62,7 @@ class { 'apache': ssl_verify_depth => 'test', ssl_options => ['test', 'test1'], ssl_proxyengine => true, + ssl_proxy_protocol => 'TLSv1.2', } EOS apply_manifest(pp, :catch_failures => true) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8bcd3cfd59..c8d54dd3b7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -158,6 +158,7 @@ 'ssl_proxy_check_peer_cn' => 'on', 'ssl_proxy_check_peer_name' => 'on', 'ssl_proxyengine' => true, + 'ssl_proxy_protocol' => 'TLSv1.2', 'priority' => '30', 'default_vhost' => true, @@ -470,6 +471,8 @@ :content => /^\s+SSLProxyCheckPeerCN\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + :content => /^\s+SSLProxyProtocol\s+TLSv1.2$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to contain_concat__fragment('rspec.example.com-header') } @@ -778,6 +781,19 @@ it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } end + context 'ssl_proxy_protocol without ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => true, + 'ssl_proxyengine' => false, + 'ssl_proxy_protocol' => 'TLSv1.2', + } + end + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } + end end describe 'access logs' do let :facts do From 9ac6064f58a304392184b10729993a5024641548 Mon Sep 17 00:00:00 2001 From: Stig Brautaset Date: Thu, 10 Mar 2016 14:33:12 +0000 Subject: [PATCH 0869/2267] Document mod_security's audit_log_parts parameter in README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5f1e77f89b..76c174cc56 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,8 @@ [Apache modules]: https://httpd.apache.org/docs/current/mod/ [array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html +[audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log + [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec [certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile @@ -1706,6 +1708,7 @@ ${modsec\_dir}/activated\_rules. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' +- `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' ##### Class: `apache::mod::wsgi` From d2f64a788e7f88326ab18c53ce0d6c002dd68191 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 10 Mar 2016 11:03:15 -0800 Subject: [PATCH 0870/2267] Enable multiverse on all Ubuntu hosts multiverse is needed for libapache2-mod-fastcgi but is not enabled by default on any Ubuntu release. --- spec/acceptance/vhost_spec.rb | 68 +++++++++++++++++------------------ 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 5a978c4356..36d4f42c59 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1396,44 +1396,42 @@ class { 'apache': } describe 'fastcgi' do it 'applies cleanly' do pp = <<-EOS - unless $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '12.04') >= 0 { - $_os = $::operatingsystem - - if $_os == 'Ubuntu' { - $_location = "http://archive.ubuntu.com/" - $_security_location = "http://archive.ubuntu.com/" - $_release = $::lsbdistcodename - $_release_security = "${_release}-security" - $_repos = "main universe multiverse" - } else { - $_location = "http://httpredir.debian.org/debian/" - $_security_location = "http://security.debian.org/" - $_release = $::lsbdistcodename - $_release_security = "${_release}/updates" - $_repos = "main contrib non-free" - } + $_os = $::operatingsystem + + if $_os == 'Ubuntu' { + $_location = "http://archive.ubuntu.com/ubuntu/" + $_security_location = "http://archive.ubuntu.com/ubuntu/" + $_release = $::lsbdistcodename + $_release_security = "${_release}-security" + $_repos = "main universe multiverse" + } else { + $_location = "http://httpredir.debian.org/debian/" + $_security_location = "http://security.debian.org/" + $_release = $::lsbdistcodename + $_release_security = "${_release}/updates" + $_repos = "main contrib non-free" + } - include ::apt - apt::source { "${_os}_${_release}": - location => $_location, - release => $_release, - repos => $_repos, - include_src => false, - } + include ::apt + apt::source { "${_os}_${_release}": + location => $_location, + release => $_release, + repos => $_repos, + include_src => false, + } - apt::source { "${_os}_${_release}-updates": - location => $_location, - release => "${_release}-updates", - repos => $_repos, - include_src => false, - } + apt::source { "${_os}_${_release}-updates": + location => $_location, + release => "${_release}-updates", + repos => $_repos, + include_src => false, + } - apt::source { "${_os}_${_release}-security": - location => $_security_location, - release => $_release_security, - repos => $_repos, - include_src => false, - } + apt::source { "${_os}_${_release}-security": + location => $_security_location, + release => $_release_security, + repos => $_repos, + include_src => false, } EOS From 06498f221a8cab2afa2a8a1e7a4d21b463d680df Mon Sep 17 00:00:00 2001 From: Martin Hagstrom Date: Fri, 11 Mar 2016 12:30:38 +0100 Subject: [PATCH 0871/2267] Use valid parameter name According to this document, uppercase letters are not allowed: https://docs.puppetlabs.com/puppet/latest/reference/lang_reserved.html#parameters --- manifests/mod/authnz_ldap.pp | 14 +++++++++++--- spec/classes/mod/authnz_ldap_spec.rb | 20 ++++++++++---------- templates/mod/authnz_ldap.conf.erb | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 14a60494b0..45fcc997f5 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,14 +1,22 @@ class apache::mod::authnz_ldap ( - $verifyServerCert = true, + $verify_server_cert = true, + $verifyServerCert = undef, ) { include ::apache include '::apache::mod::ldap' ::apache::mod { 'authnz_ldap': } - validate_bool($verifyServerCert) + if $verifyServerCert { + warning('Class[\'apache::mod::authnz_ldap\'] parameter verifyServerCert is deprecated in favor of verify_server_cert') + $_verify_server_cert = $verifyServerCert + } else { + $_verify_server_cert = $verify_server_cert + } + + validate_bool($_verify_server_cert) # Template uses: - # - $verifyServerCert + # - $_verify_server_cert file { 'authnz_ldap.conf': ensure => file, path => "${::apache::mod_dir}/authnz_ldap.conf", diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index d433bc5337..7469d165e3 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -22,17 +22,17 @@ it { is_expected.to contain_class("apache::mod::ldap") } it { is_expected.to contain_apache__mod('authnz_ldap') } - context 'default verifyServerCert' do + context 'default verify_server_cert' do it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end - context 'verifyServerCert = false' do - let(:params) { { :verifyServerCert => false } } + context 'verify_server_cert = false' do + let(:params) { { :verify_server_cert => false } } it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end - context 'verifyServerCert = wrong' do - let(:params) { { :verifyServerCert => 'wrong' } } + context 'verify_server_cert = wrong' do + let(:params) { { :verify_server_cert => 'wrong' } } it 'should raise an error' do expect { is_expected.to raise_error Puppet::Error } end @@ -56,17 +56,17 @@ it { is_expected.to contain_class("apache::mod::ldap") } it { is_expected.to contain_apache__mod('authnz_ldap') } - context 'default verifyServerCert' do + context 'default verify_server_cert' do it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end - context 'verifyServerCert = false' do - let(:params) { { :verifyServerCert => false } } + context 'verify_server_cert = false' do + let(:params) { { :verify_server_cert => false } } it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end - context 'verifyServerCert = wrong' do - let(:params) { { :verifyServerCert => 'wrong' } } + context 'verify_server_cert = wrong' do + let(:params) { { :verify_server_cert => 'wrong' } } it 'should raise an error' do expect { is_expected.to raise_error Puppet::Error } end diff --git a/templates/mod/authnz_ldap.conf.erb b/templates/mod/authnz_ldap.conf.erb index 565fcf0df9..8d73b239d5 100644 --- a/templates/mod/authnz_ldap.conf.erb +++ b/templates/mod/authnz_ldap.conf.erb @@ -1,4 +1,4 @@ -<% if @verifyServerCert == true -%> +<% if @_verify_server_cert == true -%> LDAPVerifyServerCert On <% else -%> LDAPVerifyServerCert Off From fc8fee7ef3d91e8c4ec2fcc2e19e6ad4cb46028e Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 16 Mar 2016 17:17:11 +0100 Subject: [PATCH 0872/2267] mod_ssl requires mod_mime for AddType directives --- manifests/mod/ssl.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index c0dd1f61bf..4cbddcbd66 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -14,6 +14,7 @@ $package_name = undef, ) { include ::apache + include ::apache::mod::mime $_apache_version = pick($apache_version, $apache::apache_version) if $ssl_mutex { $_ssl_mutex = $ssl_mutex From a2f636235623c0b024fdbf6b3afc451544511750 Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Wed, 20 May 2015 18:55:41 +0100 Subject: [PATCH 0873/2267] Move all ensure parameters from concat::fragment to concat Deprecated in 1.1.x and has no effect in 2.x. From commit 1919eb3, but was reverted when temporarily removing 2.x support in f54393e. --- manifests/balancer.pp | 3 --- manifests/balancermember.pp | 1 - manifests/init.pp | 2 +- manifests/listen.pp | 1 - manifests/namevirtualhost.pp | 1 - 5 files changed, 1 insertion(+), 7 deletions(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index a3534ded8c..65f6352a32 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -64,7 +64,6 @@ } concat::fragment { "00-${name}-header": - ensure => present, target => "apache_balancer_${name}", order => '01', content => "\n", @@ -77,14 +76,12 @@ # concat fragments. We don't have to do anything about them. concat::fragment { "01-${name}-proxyset": - ensure => present, target => "apache_balancer_${name}", order => '19', content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer": - ensure => present, target => "apache_balancer_${name}", order => '20', content => "\n", diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp index 78723043bc..6e8b29f13f 100644 --- a/manifests/balancermember.pp +++ b/manifests/balancermember.pp @@ -46,7 +46,6 @@ ) { concat::fragment { "BalancerMember ${name}": - ensure => present, target => "apache_balancer_${balancer_cluster}", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), } diff --git a/manifests/init.pp b/manifests/init.pp index e8f6e6f9ba..194c1741e9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -242,6 +242,7 @@ } concat { $ports_file: + ensure => present, owner => 'root', group => $::apache::params::root_group, mode => $::apache::file_mode, @@ -249,7 +250,6 @@ require => Package['httpd'], } concat::fragment { 'Apache ports header': - ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } diff --git a/manifests/listen.pp b/manifests/listen.pp index e6a8a3c767..503ee8860b 100644 --- a/manifests/listen.pp +++ b/manifests/listen.pp @@ -3,7 +3,6 @@ # Template uses: $listen_addr_port concat::fragment { "Listen ${listen_addr_port}": - ensure => present, target => $::apache::ports_file, content => template('apache/listen.erb'), } diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp index f8c3a80d85..4fa8795185 100644 --- a/manifests/namevirtualhost.pp +++ b/manifests/namevirtualhost.pp @@ -3,7 +3,6 @@ # Template uses: $addr_port concat::fragment { "NameVirtualHost ${addr_port}": - ensure => present, target => $::apache::ports_file, content => template('apache/namevirtualhost.erb'), } From 281da58df7a710b99ae4c61e05a3e29bd06bf1c0 Mon Sep 17 00:00:00 2001 From: Tom Downes Date: Thu, 17 Mar 2016 10:14:49 -0700 Subject: [PATCH 0874/2267] 1. Fix MODULES-3158 (any string interpreted as SSLCompression on) 2. Convert ssl_honorcipherorder to boolean, backport strings 'on' or 'off' 3. Update documentation accordingly --- README.md | 4 ++-- manifests/mod/ssl.pp | 14 +++++++++++++- templates/mod/ssl.conf.erb | 6 +++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index cd2ac7c9a4..198a540e6c 100644 --- a/README.md +++ b/README.md @@ -1660,7 +1660,7 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t - `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. - `ssl_compression`: Default: false. - `ssl_cryptodevice`: Default: 'builtin'. -- `ssl_honorcipherorder`: Default: 'On'. +- `ssl_honorcipherorder`: Default: true. - `ssl_openssl_conf_cmd`: Default: undef. - `ssl_options`: Default: [ 'StdEnvVars' ] - `ssl_pass_phrase_dialog`: Default: 'builtin'. @@ -3240,7 +3240,7 @@ Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.htm ##### `ssl_honorcipherorder` -Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Default: 'On' in the base `apache` config. +Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default: true. In addition to true/false Boolean values, will also accept case-insensitive Strings 'on' or 'off'. ##### `ssl_certs_dir` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 4cbddcbd66..7a220e8345 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,7 +4,7 @@ $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', - $ssl_honorcipherorder = 'On', + $ssl_honorcipherorder = true, $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', $ssl_random_seed_bytes = '512', @@ -47,6 +47,18 @@ } } + validate_bool($ssl_compression) + + if is_bool($ssl_honorcipherorder) { + $_ssl_honorcipherorder = $ssl_honorcipherorder + } else { + $_ssl_honorcipherorder = $ssl_honorcipherorder ? { + 'on' => true, + 'off' => false, + default => true, + } + } + $session_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", 'redhat' => '/var/cache/mod_ssl/scache(512000)', diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 4ae29e40a0..686c62a0e0 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -19,7 +19,11 @@ SSLMutex <%= @_ssl_mutex %> <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> - SSLHonorCipherOrder <%= @ssl_honorcipherorder %> +<% if @_ssl_honorcipherorder -%> + SSLHonorCipherOrder On +<% else -%> + SSLHonorCipherOrder Off +<% end -%> SSLCipherSuite <%= @ssl_cipher %> SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> From 3ccd3294dcd866bdc1cf3a3901bcc0b5d21a7c25 Mon Sep 17 00:00:00 2001 From: Tom Downes Date: Fri, 25 Mar 2016 09:15:00 -0500 Subject: [PATCH 0875/2267] Take igalic's suggestion to use bool2httpd --- templates/mod/ssl.conf.erb | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 686c62a0e0..a66d73312b 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -10,20 +10,14 @@ SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> -<% if @ssl_compression -%> - SSLCompression On -<% end -%> + SSLCompression <%= scope.function_bool2httpd([@ssl_compression]) %> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Mutex <%= @_ssl_mutex %> <%- else -%> SSLMutex <%= @_ssl_mutex %> <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> -<% if @_ssl_honorcipherorder -%> - SSLHonorCipherOrder On -<% else -%> - SSLHonorCipherOrder Off -<% end -%> + SSLHonorCipherOrder <%= scope.function_bool2httpd([@_ssl_honorcipherorder]) %> SSLCipherSuite <%= @ssl_cipher %> SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> From 44495362bd94a7b9c600487b6ced63870d30b9dd Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 28 Mar 2016 09:36:26 -0600 Subject: [PATCH 0876/2267] MODULES-3211: fix broken strict_variable tests --- manifests/dev.pp | 6 +++++- manifests/params.pp | 1 + manifests/vhost.pp | 2 ++ spec/classes/mod/dav_svn_spec.rb | 4 ++-- spec/classes/mod/dev_spec.rb | 28 ---------------------------- spec/classes/mod/proxy_html_spec.rb | 2 +- spec/spec_helper.rb | 25 ++++++++++++++++--------- 7 files changed, 27 insertions(+), 41 deletions(-) delete mode 100644 spec/classes/mod/dev_spec.rb diff --git a/manifests/dev.pp b/manifests/dev.pp index fdebf59f55..d4a25a7e44 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -1,5 +1,9 @@ class apache::dev { - include ::apache::params + + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + $packages = $::apache::dev_packages if $packages { # FreeBSD doesn't have dev packages to install package { $packages: diff --git a/manifests/params.pp b/manifests/params.pp index 19b3d2a460..1cb2f40f5e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -488,6 +488,7 @@ $docroot = '/var/www/localhost/htdocs' $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' + $pidfile = '/var/run/apache2.pid' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' $group = 'wwwrun' diff --git a/manifests/vhost.pp b/manifests/vhost.pp index a02e25f144..90e99d1101 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -493,6 +493,8 @@ } $_directories = [ merge($_directory, $_directory_version) ] + } else { + $_directories = undef } ## Create a global LocationMatch if locations aren't defined diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 1f60e730b1..1eb06b22c5 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -34,7 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -52,7 +52,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb deleted file mode 100644 index 29589f99f2..0000000000 --- a/spec/classes/mod/dev_spec.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::dev', :type => :class do - it_behaves_like "a mod class, without including apache" - - [ - ['RedHat', '6', 'Santiago', 'Linux'], - ['Debian', '6', 'squeeze', 'Linux'], - ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'], - ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel| - context "on a #{osfamily} OS" do - let :facts do - { - :lsbdistcodename => lsbdistcodename, - :osfamily => osfamily, - :operatingsystem => osfamily, - :operatingsystemrelease => operatingsystemrelease, - :is_pe => false, - :concat_basedir => '/foo', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - :kernel => kernel - } - end - it { is_expected.to contain_class('apache::dev') } - end - end -end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index ffdaa243ed..066ae239a0 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -25,7 +25,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :hardwaremodel => 'i386', - :is_pe => false, + :is_pe => false, } end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c48f49b1bf..561f633026 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,16 +25,23 @@ shared_examples 'a mod class, without including apache' do let :facts do { - :id => 'root', - :lsbdistcodename => 'squeeze', - :kernel => 'Linux', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, + :id => 'root', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => nil, + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + :hardwaremodel => 'x86_64', } end it { should compile.with_all_deps } end + +RSpec.configure do |config| + config.filter_run focus: true + config.run_all_when_everything_filtered = true +end From 0cbb9c789d45c95620f0c75f15a5e8798515fb2f Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Fri, 25 Mar 2016 13:17:36 -0600 Subject: [PATCH 0877/2267] MODULES-2179: Implement SetEnvIfNoCase --- README.md | 4 ++++ manifests/vhost.pp | 9 +++++++-- spec/defines/vhost_spec.rb | 8 +++++++- spec/spec_helper.rb | 5 +++++ templates/vhost/_setenv.erb | 5 +++++ 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 198a540e6c..f123c9a901 100644 --- a/README.md +++ b/README.md @@ -2596,6 +2596,10 @@ apache::vhost { 'setenv.example.com': Used by HTTPD to conditionally set environment variables for virtual hosts. Default: '[]'. +##### `setenvifnocase` + +Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). Default: '[]'. + ##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 90e99d1101..69aee69e7c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -97,6 +97,7 @@ $rewrite_cond = undef, $setenv = [], $setenvif = [], + $setenvifnocase = [], $block = [], $ensure = 'present', $wsgi_application_group = undef, @@ -460,7 +461,11 @@ } } - if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + # Check if mod_setenvif is required and not yet loaded. + # create an expression to simplify the conditional check + $use_setenv_mod = ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase)) + + if ($use_setenv_mod) { if ! defined(Class['apache::mod::setenvif']) { include ::apache::mod::setenvif } @@ -803,7 +808,7 @@ # Template uses: # - $setenv # - $setenvif - if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + if ($use_setenv_mod) { concat::fragment { "${name}-setenv": target => "${priority_real}${filename}.conf", order => 220, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 405c2a21e8..e99e2a6ccd 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -299,6 +299,7 @@ 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', 'setenv' => ['FOO=/bin/true'], 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', + 'setenvifnocase' => 'REMOTE_ADDR ^127.0.0.1 localhost=true', 'block' => 'scm', 'wsgi_application_group' => '%{GLOBAL}', 'wsgi_daemon_process' => 'wsgi', @@ -465,7 +466,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } - it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnv FOO=/bin/true}) } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif}) } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( + %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true}) } it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( :content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 561f633026..e61b185c1a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -18,6 +18,11 @@ end end +RSpec.configure do |config| + config.filter_run focus: true + config.run_all_when_everything_filtered = true +end + shared_examples :compile, :compile => true do it { should compile.with_all_deps } end diff --git a/templates/vhost/_setenv.erb b/templates/vhost/_setenv.erb index ce1fa955ef..476a6b19ca 100644 --- a/templates/vhost/_setenv.erb +++ b/templates/vhost/_setenv.erb @@ -10,3 +10,8 @@ SetEnvIf <%= envifvar %> <%- end -%> <% end -%> +<% if @setenvifnocase and ! @setenvifnocase.empty? -%> + <%- Array(@setenvifnocase).each do |envifncvar| -%> + SetEnvIfNoCase <%= envifncvar %> + <%- end -%> +<% end -%> From 3d864609aca8eae82c337eb3b538f701102206c1 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 28 Mar 2016 09:36:26 -0600 Subject: [PATCH 0878/2267] MODULES-3211: fix broken strict_variable tests --- spec/classes/mod/dev_spec.rb | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 spec/classes/mod/dev_spec.rb diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb new file mode 100644 index 0000000000..4c9f324b38 --- /dev/null +++ b/spec/classes/mod/dev_spec.rb @@ -0,0 +1,32 @@ +require 'spec_helper' + +describe 'apache::mod::dev', :type => :class do + let(:pre_condition) {[ + 'include apache' + ]} + + it_behaves_like "a mod class, without including apache" + + [ + ['RedHat', '6', 'Santiago', 'Linux'], + ['Debian', '6', 'squeeze', 'Linux'], + ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'], + ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel| + context "on a #{osfamily} OS" do + let :facts do + { + :lsbdistcodename => lsbdistcodename, + :osfamily => osfamily, + :operatingsystem => osfamily, + :operatingsystemrelease => operatingsystemrelease, + :is_pe => false, + :concat_basedir => '/foo', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', + :kernel => kernel + } + end + it { is_expected.to contain_class('apache::dev') } + end + end +end From 6b662e430db8387d8c192cb60005b49d4b043bda Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Mon, 28 Mar 2016 10:58:56 -0600 Subject: [PATCH 0879/2267] MODULES-3212: add parallel_spec option --- .travis.yml | 2 +- Gemfile | 1 + Rakefile | 9 +++++++++ spec/spec.opts | 6 ------ 4 files changed, 11 insertions(+), 7 deletions(-) delete mode 100644 spec/spec.opts diff --git a/.travis.yml b/.travis.yml index 588fb5b002..e366e0ee2e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ sudo: false language: ruby cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate lint spec" +script: "bundle exec rake validate lint parallel_spec" matrix: fast_finish: true include: diff --git a/Gemfile b/Gemfile index e490bc9b98..21c2dbc3ea 100644 --- a/Gemfile +++ b/Gemfile @@ -20,6 +20,7 @@ group :development, :unit_tests do gem 'puppetlabs_spec_helper', :require => false gem 'rspec-puppet', '>= 2.3.2', :require => false gem 'simplecov', :require => false + gem 'parallel_tests', :require => false end group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') diff --git a/Rakefile b/Rakefile index 1e2be6663c..7ef974b94c 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,8 @@ require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppetlabs_spec_helper/rake_tasks' +require 'parallel_tests' +require 'parallel_tests/cli' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') @@ -41,3 +43,10 @@ task :gen_nodeset do end puts nodeset end + +desc "Parallel spec tests" +task :parallel_spec do + Rake::Task[:spec_prep].invoke + ParallelTests::CLI.new.run('--type test -t rspec spec/classes spec/defines spec/unit'.split) + Rake::Task[:spec_clean].invoke +end diff --git a/spec/spec.opts b/spec/spec.opts deleted file mode 100644 index 91cd6427ed..0000000000 --- a/spec/spec.opts +++ /dev/null @@ -1,6 +0,0 @@ ---format -s ---colour ---loadby -mtime ---backtrace From 95e6dcd5217e73c94b27aca66f3b3189c1e3b82d Mon Sep 17 00:00:00 2001 From: Johan De Wit Date: Mon, 28 Mar 2016 15:11:47 +0200 Subject: [PATCH 0880/2267] MODULES-1352: adding support for apache 2.4 require directives. Includes doc and rspec --- README.md | 19 ++++++++++++ spec/defines/vhost_spec.rb | 51 ++++++++++++++++++++++++++++++++ templates/vhost/_directories.erb | 15 +++++++++- 3 files changed, 84 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 198a540e6c..b22bf0168b 100644 --- a/README.md +++ b/README.md @@ -3073,6 +3073,23 @@ apache::vhost { 'sample.example.net': } ``` +When more complex sets of requirement are needed, apache >= 2.4 provides the use of [RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall), [RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone) or [RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany) directives. +Using the 'enforce' key, which only supports 'any','none','all' (other values are silently ignored), this could be established like: + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => { + enforce => 'all', + require => ['group', 'not host host.example.com'], + }, + }, + ], +} +``` + If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. ``` puppet @@ -3086,6 +3103,8 @@ apache::vhost { 'sample.example.net': } ``` + + ###### `satisfy` Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 405c2a21e8..f0bead76ec 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -191,6 +191,33 @@ 'provider' => 'files', 'require' => 'all granted', }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'all', + 'requires' => ['all-valid1', 'all-valid2'], + }, + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'none', + 'requires' => ['none-valid1', 'none-valid2'], + }, + }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'require' => + { + 'enforce' => 'any', + 'requires' => ['any-valid1', 'any-valid2'], + }, + }, { 'path' => '*', 'provider' => 'proxy', @@ -422,6 +449,30 @@ :content => /^\s+Require all denied$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require all granted$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+<\/RequireAll>$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all-valid1$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require all-valid2$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+<\/RequireNone>$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require none-valid1$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require none-valid2$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+<\/RequireAny>$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require any-valid1$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Require any-valid2$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 9beb89865f..7ef40edd2d 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -58,8 +58,21 @@ <%- end -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['require'] && directory['require'] != '' && directory['require'] !~ /unmanaged/i -%> - <%- Array(directory['require']).each do |req| -%> + <%- if directory['require'].is_a?(Hash) -%> + <%- case directory['require']['enforce'].downcase -%> + <%- when 'all','none','any' then -%> + > + <%- Array(directory['require']['requires']).each do |req| -%> + Require <%= req.strip %> + <%- end -%> + > + <%- else -%> + <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> + <%- end -%> + <%- else -%> + <%- Array(directory['require']).each do |req| -%> Require <%= req %> + <%- end -%> <%- end -%> <%- end -%> <%- if directory['auth_require'] -%> From 837a0885f3e9e00b417e39d44ed11032ca6da1a4 Mon Sep 17 00:00:00 2001 From: FlatKey Date: Sat, 26 Mar 2016 01:57:20 +0100 Subject: [PATCH 0881/2267] Configurability of SecDefaultAction for OWASP Core Rule Set --- README.md | 1 + manifests/mod/security.pp | 1 + templates/mod/security_crs.conf.erb | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 198a540e6c..0e29fcb6df 100644 --- a/README.md +++ b/README.md @@ -1706,6 +1706,7 @@ ${modsec\_dir}/activated\_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. - `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. +- `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 7cd7114c4e..36f726b0ac 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -10,6 +10,7 @@ $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', + $secdefaultaction = 'deny', ) inherits ::apache::params { include ::apache diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 016efc797e..8c5a83710c 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -63,8 +63,8 @@ SecComponentSignature "OWASP_CRS/2.2.6" # Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html # Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction # -SecDefaultAction "phase:1,deny,log" - +SecDefaultAction "phase:1,<%= @secdefaultaction -%>,log" +SecDefaultAction "phase:2,<%= @secdefaultaction -%>,log" # # -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- From d26761c2c990b023ff2e08693335fe8d08dcd5b2 Mon Sep 17 00:00:00 2001 From: FlatKey Date: Sat, 26 Mar 2016 05:57:36 +0100 Subject: [PATCH 0882/2267] aligned hash rocket within widest attribute of the parameter block ( remaining parameters aligned in #1404 ) --- manifests/mod/security.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 36f726b0ac..dc06786f33 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -10,7 +10,7 @@ $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', - $secdefaultaction = 'deny', + $secdefaultaction = 'deny', ) inherits ::apache::params { include ::apache From 8082d2aa6beafdc90edd768a271ef629b703c41c Mon Sep 17 00:00:00 2001 From: FlatKey Date: Sat, 26 Mar 2016 16:40:17 +0100 Subject: [PATCH 0883/2267] Added vhost option SecRuleRemoveByTag --- README.md | 16 ++++++++ manifests/vhost.pp | 14 ++++++- spec/acceptance/mod_security_spec.rb | 60 ++++++++++++++++++++++++++++ templates/vhost/_security.erb | 9 +++++ 4 files changed, 98 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 198a540e6c..f597284396 100644 --- a/README.md +++ b/README.md @@ -2263,6 +2263,22 @@ apache::vhost { 'sample.example.net': Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: undef. +###### `modsec_disable_tags` + +Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. Default: undef. + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, +} +``` + ##### `no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 90e99d1101..bf1654fad4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -130,6 +130,7 @@ $modsec_disable_vhost = undef, $modsec_disable_ids = undef, $modsec_disable_ips = undef, + $modsec_disable_tags = undef, $modsec_body_limit = undef, $jk_mounts = undef, $auth_kerb = false, @@ -508,6 +509,16 @@ } } + if $modsec_disable_tags { + if is_hash($modsec_disable_tags) { + $_modsec_disable_tags = $modsec_disable_tags + } elsif is_array($modsec_disable_tags) { + $_modsec_disable_tags = { '.*' => $modsec_disable_tags } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_tags' must be either a Hash of location/Tags or an Array of Tags") + } + } + concat { "${priority_real}${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", @@ -982,8 +993,9 @@ # - $modsec_disable_vhost # - $modsec_disable_ids # - $modsec_disable_ips + # - $modsec_disable_tags # - $modsec_body_limit - if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_tags { concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index d6f2987df6..b1d1f5dd12 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -249,5 +249,65 @@ class { 'apache::mod::security': } end #mod_security should allow disabling by id + context "mod_security should allow disabling by tag" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + file { '/var/www/html/index2.html': + ensure => file, + content => 'Page 2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } + end + + describe file("#{$mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + end #mod_security should allow disabling by tag end #apache::mod::security class diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb index 5ab0a5b5da..ca09d4944f 100644 --- a/templates/vhost/_security.erb +++ b/templates/vhost/_security.erb @@ -15,6 +15,15 @@ SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" SecAction "phase:2,pass,nolog,id:1234123456" <% end -%> +<% if @_modsec_disable_tags.is_a?(Hash) -%> +<% @_modsec_disable_tags.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByTag "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> <% if @modsec_body_limit -%> SecRequestBodyLimit <%= @modsec_body_limit %> <% end -%> From 800c7ce7ba739df2c07d4b4b6d3bb2787ec6d950 Mon Sep 17 00:00:00 2001 From: FlatKey Date: Wed, 30 Mar 2016 21:20:53 +0200 Subject: [PATCH 0884/2267] Added vhost option SecRuleRemoveByMsg --- README.md | 16 ++++++++ manifests/vhost.pp | 14 ++++++- spec/acceptance/mod_security_spec.rb | 61 ++++++++++++++++++++++++++++ templates/vhost/_security.erb | 9 ++++ 4 files changed, 99 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f597284396..d4cc0a3a24 100644 --- a/README.md +++ b/README.md @@ -2263,6 +2263,22 @@ apache::vhost { 'sample.example.net': Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: undef. +###### `modsec_disable_msgs` + +Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. Default: undef. + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_msgs => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_msgs => { '/location1' => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ] }, +} +``` + ###### `modsec_disable_tags` Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. Default: undef. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index bf1654fad4..bef9d31fae 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -130,6 +130,7 @@ $modsec_disable_vhost = undef, $modsec_disable_ids = undef, $modsec_disable_ips = undef, + $modsec_disable_msgs = undef, $modsec_disable_tags = undef, $modsec_body_limit = undef, $jk_mounts = undef, @@ -509,6 +510,16 @@ } } + if $modsec_disable_msgs { + if is_hash($modsec_disable_msgs) { + $_modsec_disable_msgs = $modsec_disable_msgs + } elsif is_array($modsec_disable_msgs) { + $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_msgs' must be either a Hash of location/Msgs or an Array of Msgs") + } + } + if $modsec_disable_tags { if is_hash($modsec_disable_tags) { $_modsec_disable_tags = $modsec_disable_tags @@ -993,9 +1004,10 @@ # - $modsec_disable_vhost # - $modsec_disable_ids # - $modsec_disable_ips + # - $modsec_disable_msgs # - $modsec_disable_tags # - $modsec_body_limit - if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_tags { + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags { concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index b1d1f5dd12..8a12296079 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -249,6 +249,67 @@ class { 'apache::mod::security': } end #mod_security should allow disabling by id + context "mod_security should allow disabling by msg" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + file { '/var/www/html/index2.html': + ensure => file, + content => 'Page 2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } + end + + describe file("#{$mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_msgs => [ 'Blind SQL Injection Attack' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + end #mod_security should allow disabling by msg + context "mod_security should allow disabling by tag" do it 'succeeds in puppeting mod_security' do pp= <<-EOS diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb index ca09d4944f..7f61da2eb2 100644 --- a/templates/vhost/_security.erb +++ b/templates/vhost/_security.erb @@ -15,6 +15,15 @@ SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" SecAction "phase:2,pass,nolog,id:1234123456" <% end -%> +<% if @_modsec_disable_msgs.is_a?(Hash) -%> +<% @_modsec_disable_msgs.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByMsg "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> <% if @_modsec_disable_tags.is_a?(Hash) -%> <% @_modsec_disable_tags.each do |location,rules| -%> > From 1d2fe55b19f4e4316fe7c8e7e7842607b08da832 Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 31 Mar 2016 11:23:56 +0200 Subject: [PATCH 0885/2267] SSLCompression only available with apache 2.4.3 http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression --- templates/mod/ssl.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index a66d73312b..15aab10d78 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -10,9 +10,9 @@ SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> - SSLCompression <%= scope.function_bool2httpd([@ssl_compression]) %> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Mutex <%= @_ssl_mutex %> + SSLCompression <%= scope.function_bool2httpd([@ssl_compression]) %> <%- else -%> SSLMutex <%= @_ssl_mutex %> <%- end -%> From 5739a20b70c33583ee9743f5417eacb08dacf082 Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 31 Mar 2016 11:31:06 +0200 Subject: [PATCH 0886/2267] Fix in custom fact "apache_version" for OracleLinux. The custom fact defined by lib/facter/apache_version.rb runs "apachectl -v" and applies the following regular expression: ^Server version: Apache\/([\w\.]+) $([\w ]+)$ On OracleLinux 7.2, running apachectl -v produces the following output: Server version: Apache/2.4.6 () Server built: Nov 21 2015 05:34:59 The regex fails to match the output because it does not allow for nothing inside the parentheses. The following modified regex matches properly: ^Server version: Apache\/([\w\.]+) $([\w ]*)$ --- lib/facter/apache_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index b84d776150..2790627307 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -2,7 +2,7 @@ setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') - %r{^Server version: Apache\/([\w\.]+) $([\w ]+)$}.match(apache_version)[1] + %r{^Server version: Apache\/([\w\.]+) $([\w ]*)$}.match(apache_version)[1] end end end From 10632d8d40e4c18d6ddcd5e4587a7f94d2d5d1bd Mon Sep 17 00:00:00 2001 From: Matthew Gyurgyik Date: Tue, 29 Mar 2016 08:11:03 -0400 Subject: [PATCH 0887/2267] (MODULES-3218) add auth_merging for directory enteries --- README.md | 4 ++++ templates/vhost/_directories.erb | 3 +++ 2 files changed, 7 insertions(+) diff --git a/README.md b/README.md index 198a540e6c..4abe075d83 100644 --- a/README.md +++ b/README.md @@ -2804,6 +2804,10 @@ Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_auth Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. +###### `auth_merging` + +Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined + ###### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 9beb89865f..193955dccc 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -186,6 +186,9 @@ <%- if directory['auth_group_file'] -%> AuthGroupFile <%= directory['auth_group_file'] %> <%- end -%> + <%- if directory['auth_merging'] -%> + AuthMerging <%= directory['auth_merging'] %> + <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> <%- end -%> From 0b568a98b53b19672c00950cac900f180c19d21b Mon Sep 17 00:00:00 2001 From: Jason Hancock Date: Thu, 31 Mar 2016 11:28:33 -0700 Subject: [PATCH 0888/2267] Adding SSLProxyCheckPeerExpire support --- README.md | 4 ++++ manifests/vhost.pp | 6 ++++++ spec/defines/vhost_spec.rb | 3 +++ templates/vhost/_sslproxy.erb | 3 +++ 4 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 198a540e6c..19d9dcfb60 100644 --- a/README.md +++ b/README.md @@ -3320,6 +3320,10 @@ Sets the [SSLProxyMachinePeerCN](https://httpd.apache.org/docs/current/mod/mod_s Sets the [SSLProxyMachinePeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. +##### `ssl_proxy_check_peer_expire` + +Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Valid options: 'on', 'off'. Default: undef. + ##### `ssl_options` Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: undef. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 90e99d1101..6843fc886d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -28,6 +28,7 @@ $ssl_proxy_verify = undef, $ssl_proxy_check_peer_cn = undef, $ssl_proxy_check_peer_name = undef, + $ssl_proxy_check_peer_expire = undef, $ssl_proxy_machine_cert = undef, $ssl_proxy_protocol = undef, $ssl_options = undef, @@ -253,6 +254,10 @@ validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.") } + if $ssl_proxy_check_peer_expire { + validate_re($ssl_proxy_check_peer_expire,'(^on$|^off$)',"${ssl_proxy_check_peer_expire} is not permitted for ssl_proxy_check_peer_expire. Allowed values are 'on' or 'off'.") + } + # Input validation ends if $ssl and $ensure == 'present' { @@ -842,6 +847,7 @@ # - $ssl_proxy_verify # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name + # - $ssl_proxy_check_peer_expire # - $ssl_proxy_machine_cert # - $ssl_proxy_protocol if $ssl_proxyengine { diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 405c2a21e8..8c069dd3c7 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -157,6 +157,7 @@ 'ssl_proxy_verify' => 'require', 'ssl_proxy_check_peer_cn' => 'on', 'ssl_proxy_check_peer_name' => 'on', + 'ssl_proxy_check_peer_expire' => 'on', 'ssl_proxyengine' => true, 'ssl_proxy_protocol' => 'TLSv1.2', @@ -476,6 +477,8 @@ :content => /^\s+SSLProxyCheckPeerCN\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + :content => /^\s+SSLProxyCheckPeerExpire\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyProtocol\s+TLSv1.2$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index 0bc0a244a1..a92bab5524 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -11,6 +11,9 @@ <%- if @ssl_proxy_check_peer_name -%> SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> <%- end -%> + <%- if @ssl_proxy_check_peer_expire -%> + SSLProxyCheckPeerExpire <%= @ssl_proxy_check_peer_expire %> + <%- end -%> <%- if @ssl_proxy_machine_cert -%> SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" <%- end -%> From b93680bb04e3047a558b134021f48dc9bcf27019 Mon Sep 17 00:00:00 2001 From: Jason Hancock Date: Thu, 31 Mar 2016 11:38:54 -0700 Subject: [PATCH 0889/2267] Fixing copy/paste errors in README for sslproxy directives --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 19d9dcfb60..4ca149d9f8 100644 --- a/README.md +++ b/README.md @@ -3314,11 +3314,11 @@ apache::vhost { 'sample.example.net': ##### `ssl_proxy_check_peer_cn` -Sets the [SSLProxyMachinePeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. +Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. ##### `ssl_proxy_check_peer_name` -Sets the [SSLProxyMachinePeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. +Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. ##### `ssl_proxy_check_peer_expire` From 6a5df0637afd4d2e9c29ab3152f588d5b711aac7 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Fri, 1 Apr 2016 11:40:03 +0200 Subject: [PATCH 0890/2267] add passenger_high_performance on the vhost level --- README.md | 4 ++++ manifests/vhost.pp | 3 ++- spec/defines/vhost_spec.rb | 1 + templates/vhost/_passenger.erb | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4abe075d83..b436ad53f5 100644 --- a/README.md +++ b/README.md @@ -2330,6 +2330,10 @@ Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/ Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications. +##### `passenger_high_performance` + +Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Valid options: 'true', 'false'. Default: undef. + ##### `php_flags & values` Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 90e99d1101..35fe6eacc2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -126,6 +126,7 @@ $passenger_start_timeout = undef, $passenger_pre_start = undef, $passenger_user = undef, + $passenger_high_performance = undef, $add_default_charset = undef, $modsec_disable_vhost = undef, $modsec_disable_ids = undef, @@ -277,7 +278,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance { include ::apache::mod::passenger } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 405c2a21e8..3a809de9db 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -338,6 +338,7 @@ 'passenger_min_instances' => '1', 'passenger_start_timeout' => '600', 'passenger_pre_start' => 'http://localhost/myapp', + 'passenger_high_performance' => true, 'passenger_user' => 'sandbox', 'add_default_charset' => 'UTF-8', 'jk_mounts' => [ diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index 91820d3634..becea9c4d0 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -19,3 +19,6 @@ <% if @passenger_user -%> PassengerUser <%= @passenger_user %> <% end -%> +<% if @passenger_high_performance -%> + PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %> +<% end -%> From 323b601ea53717e806e3685d6639aaea299d49e6 Mon Sep 17 00:00:00 2001 From: Samuel Barabas Date: Fri, 1 Apr 2016 18:43:01 +0200 Subject: [PATCH 0891/2267] Add parameter passanger_log_level --- README.md | 4 ++++ manifests/mod/passenger.pp | 2 ++ spec/classes/mod/passenger_spec.rb | 6 ++++++ templates/mod/passenger.conf.erb | 3 +++ 4 files changed, 15 insertions(+) diff --git a/README.md b/README.md index 2b7f3da501..f1875481ce 100644 --- a/README.md +++ b/README.md @@ -2311,6 +2311,10 @@ Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/re By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5. +##### `passenger_log_level` + +This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. For Passenger > 3.0.0 the default is '0', since 5.0.0 it's '3'. + ##### `passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host. diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e97577d98f..e127d78267 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -17,6 +17,7 @@ $passenger_use_global_queue = undef, $passenger_app_env = undef, $passenger_log_file = undef, + $passenger_log_level = undef, $manage_repo = true, $mod_package = undef, $mod_package_ensure = undef, @@ -92,6 +93,7 @@ # - $passenger_stat_throttle_rate # - $passenger_use_global_queue # - $passenger_log_file + # - $passenger_log_level # - $passenger_app_env # - $rack_autodetect # - $rails_autodetect diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 70ce4ea60d..e9e754202c 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -128,6 +128,12 @@ end it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile /var/log/apache2/passenger.log$}) } end + describe "with passenger_log_level => 3" do + let :params do + { :passenger_log_level => 3 } + end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogLevel 3$}) } + end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 8a3e9d4f37..6eac6fe649 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -49,4 +49,7 @@ <%- if @passenger_log_file -%> PassengerLogFile <%= @passenger_log_file %> <%- end -%> + <%- if @passenger_log_level -%> + PassengerLogLevel <%= @passenger_log_level %> + <%- end -%> From 71958f2b922cdfaff8f3f2d9fae05386475d7a3f Mon Sep 17 00:00:00 2001 From: Micha Krause Date: Wed, 23 Mar 2016 11:03:01 +0100 Subject: [PATCH 0892/2267] Added vhost option fastcgi_idle_timeout --- README.md | 4 ++++ manifests/vhost.pp | 2 ++ spec/defines/vhost_spec.rb | 1 + templates/vhost/_fastcgi.erb | 3 ++- 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b7f3da501..551287462f 100644 --- a/README.md +++ b/README.md @@ -2098,6 +2098,10 @@ Specifies if the virtual host is present or absent. Valid options: 'absent', 'pr Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: undef. +#####`fastcgi_idle_timeout` + +If using fastcgi, this option sets the timeout for the server to respond. + ##### `filters` [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 90e99d1101..abe60a18eb 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -114,6 +114,7 @@ $fastcgi_server = undef, $fastcgi_socket = undef, $fastcgi_dir = undef, + $fastcgi_idle_timeout = undef, $additional_includes = [], $use_optional_includes = $::apache::use_optional_includes, $apache_version = $::apache::apache_version, @@ -933,6 +934,7 @@ # - $fastcgi_server # - $fastcgi_socket # - $fastcgi_dir + # - $fastcgi_idle_timeout # - $apache_version if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 405c2a21e8..6ecee9a4cf 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -327,6 +327,7 @@ 'fastcgi_server' => 'localhost', 'fastcgi_socket' => '/tmp/fastcgi.socket', 'fastcgi_dir' => '/tmp', + 'fastcgi_idle_timeout' => '120', 'additional_includes' => '/custom/path/includes', 'apache_version' => '2.4', 'use_optional_includes' => true, diff --git a/templates/vhost/_fastcgi.erb b/templates/vhost/_fastcgi.erb index 3a2baa5596..b4718391b7 100644 --- a/templates/vhost/_fastcgi.erb +++ b/templates/vhost/_fastcgi.erb @@ -1,6 +1,7 @@ <% if @fastcgi_server -%> - FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket %> + FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket -%> +<% unless @fastcgi_idle_timeout.nil? %> -idle-timeout <%= @fastcgi_idle_timeout %><% end %> <% end -%> <% if @fastcgi_dir -%> From b97be96e49582943bd64cebd3038f8e8a683d7ee Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Mon, 4 Apr 2016 12:12:48 +0200 Subject: [PATCH 0893/2267] Add spec test for apache_version with an empty OS --- spec/unit/apache_version_spec.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/spec/unit/apache_version_spec.rb b/spec/unit/apache_version_spec.rb index 30f6ef9914..c62339da41 100644 --- a/spec/unit/apache_version_spec.rb +++ b/spec/unit/apache_version_spec.rb @@ -17,4 +17,17 @@ end end end + + describe 'apache_version with empty OS' do + context 'with value' do + before :each do + Facter::Util::Resolution.stubs(:which).with('apachectl').returns(true) + Facter::Util::Resolution.stubs(:exec).with('apachectl -v 2>&1').returns('Server version: Apache/2.4.6 () + Server built: Nov 21 2015 05:34:59') + end + it do + expect(Facter.fact(:apache_version).value).to eq('2.4.6') + end + end + end end From 1f174bcfd8ac6809ad02aaebe5497ad9ddd7ba3d Mon Sep 17 00:00:00 2001 From: FlatKey Date: Mon, 28 Mar 2016 00:28:20 +0200 Subject: [PATCH 0894/2267] Configurability of Collaborative Detection Blocking for OWASP Core Rule Set --- README.md | 1 + manifests/mod/security.pp | 1 + templates/mod/security_crs.conf.erb | 4 ++-- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 328c98ca21..6863383d08 100644 --- a/README.md +++ b/README.md @@ -1710,6 +1710,7 @@ ${modsec\_dir}/activated\_rules. - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' +- `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. ##### Class: `apache::mod::wsgi` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index dc06786f33..5a6aa3227f 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -11,6 +11,7 @@ $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', $secdefaultaction = 'deny', + $anomaly_score_blocking = 'off', ) inherits ::apache::params { include ::apache diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 8c5a83710c..6b4bb6f50c 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -143,11 +143,11 @@ SecAction \ # # If you want to use anomaly scoring mode, then uncomment this line. # -#SecAction \ +SecAction \ "id:'900004', \ phase:1, \ t:none, \ - setvar:tx.anomaly_score_blocking=on, \ + setvar:tx.anomaly_score_blocking=<%= @anomaly_score_blocking -%>, \ nolog, \ pass" From a43cd35a675f3258bbdc15d0110c466ba71c0a1a Mon Sep 17 00:00:00 2001 From: Zarne Date: Thu, 7 Apr 2016 20:17:58 +0200 Subject: [PATCH 0895/2267] allow include in vhost directory (#1366) * allow include in vhost directory * update include in vhost directory * add some test for include in directory * add some documentation for additional include in vhost directory --- README.md | 14 ++++++++++++++ spec/defines/vhost_spec.rb | 9 +++++++++ templates/vhost/_directories.erb | 5 +++++ 3 files changed, 28 insertions(+) diff --git a/README.md b/README.md index 328c98ca21..1e6c57d7b7 100644 --- a/README.md +++ b/README.md @@ -3226,6 +3226,20 @@ apache::vhost { 'secure.example.net': ], } ``` +###### `additional_includes` + +Specifies paths to additional static, specific Apache configuration files in virtual host directories. Valid options: a array of string path. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/different/dir', + additional_includes => [ '/custom/path/includes', '/custom/path/another_includes', ], + }, + ], +} +``` #### SSL parameters for `apache::vhost` diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8d50a2ab76..8fc9250143 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -187,6 +187,11 @@ 'provider' => 'files', 'require' => [ 'valid-user', 'all denied', ], }, + { + 'path' => '/var/www/files', + 'provider' => 'files', + 'additional_includes' => [ '/custom/path/includes', '/custom/path/another_includes', ], + }, { 'path' => '/var/www/files', 'provider' => 'files', @@ -418,6 +423,10 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Include\s'\/custom\/path\/includes'$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Include\s'\/custom\/path\/another_includes'$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require valid-user$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 193955dccc..7bd3377e76 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -142,6 +142,11 @@ <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> DirectoryIndex <%= directory['directoryindex'] %> <%- end -%> + <%- if directory['additional_includes'] and ! directory['additional_includes'].empty? -%> + <%- directory['additional_includes'].each do |include| -%> + Include '<%= "#{include}" %>' + <%- end -%> + <%- end -%> <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%> <%- [directory['error_documents']].flatten.compact.each do |error_document| -%> ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> From 8e74af7a53f56cf85eedcaee310aefe581313979 Mon Sep 17 00:00:00 2001 From: Michael Ly Date: Fri, 8 Apr 2016 04:24:30 -0500 Subject: [PATCH 0896/2267] Allow for pagespeed mod to automatically be updated to the latest version (#1422) * Allow for optionally ensuring to have the lastest pagespeed package, Restart apache if there is a package update --- manifests/mod.pp | 1 + manifests/mod/pagespeed.pp | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 014aa274ae..347179d40b 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -76,6 +76,7 @@ ensure => $package_ensure, require => Package['httpd'], before => $package_before, + notify => Class['apache::service'], } } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index a6506007bb..052dad0b17 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -33,6 +33,7 @@ $message_buffer_size = 100000, $additional_configuration = {}, $apache_version = undef, + $package_ensure = undef, ){ include ::apache $_apache_version = pick($apache_version, $apache::apache_version) @@ -42,7 +43,8 @@ } apache::mod { 'pagespeed': - lib => $_lib, + lib => $_lib, + package_ensure => $package_ensure, } # Template uses $_apache_version From cbd2c265ddbe9b7f4f6eb4443ded15f69af72f92 Mon Sep 17 00:00:00 2001 From: FlatKey Date: Sat, 26 Mar 2016 05:42:09 +0100 Subject: [PATCH 0897/2267] Configurability of Collaborative Detection Threshold Levels for OWASP Core Rule Set --- README.md | 2 ++ manifests/mod/security.pp | 2 ++ templates/mod/security_crs.conf.erb | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97e0f6b7b9..1a4efd591c 100644 --- a/README.md +++ b/README.md @@ -1711,6 +1711,8 @@ ${modsec\_dir}/activated\_rules. - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' - `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. +- `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. +- `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. ##### Class: `apache::mod::wsgi` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 5a6aa3227f..745957fc26 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -12,6 +12,8 @@ $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', $secdefaultaction = 'deny', $anomaly_score_blocking = 'off', + $inbound_anomaly_threshold = '5', + $outbound_anomaly_threshold = '4', ) inherits ::apache::params { include ::apache diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 6b4bb6f50c..d5e25e182c 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -118,7 +118,7 @@ SecAction \ "id:'900002', \ phase:1, \ t:none, \ - setvar:tx.inbound_anomaly_score_level=5, \ + setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \ nolog, \ pass" @@ -127,7 +127,7 @@ SecAction \ "id:'900003', \ phase:1, \ t:none, \ - setvar:tx.outbound_anomaly_score_level=4, \ + setvar:tx.outbound_anomaly_score_level=<%= @outbound_anomaly_threshold -%>, \ nolog, \ pass" From b9926431a65722138a64370cef8fdffee365e4b7 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 25 Mar 2016 16:40:59 +0100 Subject: [PATCH 0898/2267] Load mod_xml2enc on Apache >= 2.4 on Debian With improved testsuite. --- manifests/mod/proxy_html.pp | 3 +++ spec/classes/mod/proxy_html_spec.rb | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index cceaf0b755..f4f4b44111 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -19,6 +19,9 @@ '10' => ['/usr/lib/libxml2.so.2'], default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"], } + if versioncmp($::apache::apache_version, '2.4') >= 0 { + ::apache::mod { 'xml2enc': } + } } } diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 066ae239a0..0d70276c26 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -32,9 +32,29 @@ context "on squeeze" do let(:facts) { super().merge({ :operatingsystemrelease => '6' }) } it_behaves_like "debian", ['/usr/lib/libxml2.so.2'] + it { is_expected.to_not contain_apache__mod('xml2enc') } end context "on wheezy" do let(:facts) { super().merge({ :operatingsystemrelease => '7' }) } + it { is_expected.to_not contain_apache__mod('xml2enc') } + context "i386" do + let(:facts) { super().merge({ + :hardwaremodel => 'i686', + :architecture => 'i386' + })} + it_behaves_like "debian", ["/usr/lib/i386-linux-gnu/libxml2.so.2"] + end + context "x64" do + let(:facts) { super().merge({ + :hardwaremodel => 'x86_64', + :architecture => 'amd64' + })} + it_behaves_like "debian", ["/usr/lib/x86_64-linux-gnu/libxml2.so.2"] + end + end + context "on jessie" do + let(:facts) { super().merge({ :operatingsystemrelease => '8' }) } + it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) } context "i386" do let(:facts) { super().merge({ :hardwaremodel => 'i686', @@ -67,6 +87,7 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } it { is_expected.to contain_package("mod_proxy_html") } + it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) } end context "on a FreeBSD OS", :compile do let :facts do @@ -83,6 +104,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) } it { is_expected.to contain_package("www/mod_proxy_html") } end context "on a Gentoo OS", :compile do @@ -100,6 +122,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_apache__mod('xml2enc').with(:loadfiles => nil) } it { is_expected.to contain_package("www-apache/mod_proxy_html") } end end From ccd49ca5e802a963902baf47291561391ae007f9 Mon Sep 17 00:00:00 2001 From: Matt Peter Date: Wed, 13 Apr 2016 02:31:08 -0400 Subject: [PATCH 0899/2267] fix incorrect use of .join() with newlines (#1425) --- templates/mod/pagespeed.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/pagespeed.conf.erb b/templates/mod/pagespeed.conf.erb index d1ce642976..56e72fe29d 100644 --- a/templates/mod/pagespeed.conf.erb +++ b/templates/mod/pagespeed.conf.erb @@ -94,7 +94,7 @@ ModPagespeedMessageBufferSize <%= @message_buffer_size %> <% if @additional_configuration.is_a? Array -%> -<%= @additional_configuration.join('\n') %> +<%= @additional_configuration.join("\n") %> <% else -%> <% @additional_configuration.each_pair do |key, value| -%> <%= key %> <%= value %> From 71cb7302f2d83d5a293dc22f22bb0b955b66684c Mon Sep 17 00:00:00 2001 From: Michael Hess Date: Wed, 13 Apr 2016 02:54:31 -0400 Subject: [PATCH 0900/2267] add support for fcgi (#1387) * add support for fcgi * Update README.md --- README.md | 1 + manifests/mod/proxy_fcgi.pp | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 manifests/mod/proxy_fcgi.pp diff --git a/README.md b/README.md index f77e22055e..4f0112eda2 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::security`]: #class-apachemodsecurity [`apache::mod::shib`]: #class-apachemodshib diff --git a/manifests/mod/proxy_fcgi.pp b/manifests/mod/proxy_fcgi.pp new file mode 100644 index 0000000000..21473eb762 --- /dev/null +++ b/manifests/mod/proxy_fcgi.pp @@ -0,0 +1,4 @@ +class apache::mod::proxy_fcgi { + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi'] + ::apache::mod { 'proxy_fcgi': } +} From 410fc358d48e43a8df0dfa93880bd868ec03ca8c Mon Sep 17 00:00:00 2001 From: Simon Beirnaert Date: Mon, 4 Apr 2016 18:01:16 +0200 Subject: [PATCH 0901/2267] Allow package names to be specified for mod_proxy, mod_ldap, and mod_authnz_ldap --- manifests/mod/authnz_ldap.pp | 5 ++++- manifests/mod/ldap.pp | 5 ++++- manifests/mod/proxy.pp | 7 +++++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 45fcc997f5..0bcd1b887c 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,10 +1,13 @@ class apache::mod::authnz_ldap ( $verify_server_cert = true, $verifyServerCert = undef, + $package_name = undef, ) { include ::apache include '::apache::mod::ldap' - ::apache::mod { 'authnz_ldap': } + ::apache::mod { 'authnz_ldap': + package => $package_name, + } if $verifyServerCert { warning('Class[\'apache::mod::authnz_ldap\'] parameter verifyServerCert is deprecated in favor of verify_server_cert') diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index d842668361..c3fbb2611c 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,5 +1,6 @@ class apache::mod::ldap ( $apache_version = undef, + $package_name = undef, $ldap_trusted_global_cert_file = undef, $ldap_trusted_global_cert_type = 'CA_BASE64', $ldap_shared_cache_size = undef, @@ -13,7 +14,9 @@ if ($ldap_trusted_global_cert_file) { validate_string($ldap_trusted_global_cert_type) } - ::apache::mod { 'ldap': } + ::apache::mod { 'ldap': + package => $package_name, + } # Template uses $_apache_version file { 'ldap.conf': ensure => file, diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 1f70938921..b69a17e9d9 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -1,11 +1,14 @@ class apache::mod::proxy ( $proxy_requests = 'Off', - $allow_from = undef, + $allow_from = undef, $apache_version = undef, + $package_name = undef, ) { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) - ::apache::mod { 'proxy': } + ::apache::mod { 'proxy': + package => $package_name, + } # Template uses $proxy_requests, $_apache_version file { 'proxy.conf': ensure => file, From 138c5dba0c6c066f5da3c8ca23da1b1d5e25be68 Mon Sep 17 00:00:00 2001 From: Simon Beirnaert Date: Thu, 14 Apr 2016 15:01:29 +0200 Subject: [PATCH 0902/2267] Add/improve documentation for mod_proxy, mod_ldap, mod_authnz_ldap --- README.md | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 68e9793874..51fbe5291d 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon +[`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::event`]: #class-apachemodevent [`apache::mod::ext_filter`]: #class-apachemodext_filter @@ -55,6 +56,7 @@ [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy`]: #class-apachemodproxy [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::security`]: #class-apachemodsecurity @@ -1264,7 +1266,7 @@ The following Apache modules have supported classes, many of which allow for par * `auth_kerb` * `authn_core` * `authn_file` -* `authnz_ldap`\* +* `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][]) * `authz_default` * `authz_user` * `autoindex` @@ -1289,7 +1291,7 @@ The following Apache modules have supported classes, many of which allow for par * `include` * `info`\* * `itk` -* `ldap` +* `ldap` (see [`apache::mod::ldap`][]) * `mime` * `mime_magic`\* * `negotiation` @@ -1300,7 +1302,7 @@ The following Apache modules have supported classes, many of which allow for par * `peruser` * `php` (requires [`mpm_module`][] set to `prefork`) * `prefork`\* -* `proxy`\* +* `proxy`\* (see [`apache::mod::proxy`][]) * `proxy_ajp` * `proxy_balancer` * `proxy_html` (see [`apache::mod::proxy_html`][]) @@ -1417,6 +1419,15 @@ class{ 'apache::mod::auth_mellon': - `mellon_post_size`: Maximum size of post requests. Default: undef. - `mellon_post_count`: Maximum number of post requests. Default: undef. +##### Class: `apache::mod::authnz_ldap` + +Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration. + +**Parameters within `apache::mod::authnz_ldap`**: + +- `package_name`: Default: `undef`. +- `verify_server_cert`: Default: `undef`. + ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. @@ -1543,6 +1554,7 @@ class { 'apache::mod::ldap': **Parameters within `apache::mod::ldap`:** +- `apache_version`: The installed Apache version. Defaults to `undef`. - `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. - `ldap_trusted_global_cert_type`: The global trust certificate format. Default: 'CA_BASE64'. - `ldap_shared_cache_size`: Size in bytes of the shared-memory cache. @@ -1550,6 +1562,7 @@ class { 'apache::mod::ldap': - `ldap_cache_ttl`: Time that cached items remain valid. - `ldap_opcache_entries`: Number of entries used to cache LDAP compare operations. - `ldap_opcache_ttl`: Time that entries in the operation cache remain valid. +- `package_name`: Custom package name. Defaults to `undef`. ##### Class: `apache::mod::negotiation` @@ -1616,6 +1629,17 @@ TODO: The parameters section is incomplete. **Note**: The passenger module isn't available on RH/CentOS without providing dependency packages provided by EPEL and mod\_passengers own custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() +##### Class: `apache::mod::proxy` + +Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its configuration. + +**Parameters within `apache::mod::proxy`**: + +- `allow_from`: Default: `undef`. +- `apache_version`: Default: `undef`. +- `package_name`: Default: `undef`. +- `proxy_requests`: Default: 'Off'. + ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. From 20c85511a47fd389970c53e2c7e9f59e150ef780 Mon Sep 17 00:00:00 2001 From: FlatKey Date: Sat, 26 Mar 2016 04:16:22 +0100 Subject: [PATCH 0903/2267] Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set --- README.md | 4 ++++ manifests/mod/security.pp | 24 ++++++++++++++---------- templates/mod/security_crs.conf.erb | 8 ++++---- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 51fbe5291d..ded6f75d19 100644 --- a/README.md +++ b/README.md @@ -1738,6 +1738,10 @@ ${modsec\_dir}/activated\_rules. - `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. - `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. - `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. +- `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. +- `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. +- `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '3'. +- `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '2'. ##### Class: `apache::mod::wsgi` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 745957fc26..a4fe57f89a 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -1,19 +1,23 @@ class apache::mod::security ( - $crs_package = $::apache::params::modsec_crs_package, - $activated_rules = $::apache::params::modsec_default_rules, - $modsec_dir = $::apache::params::modsec_dir, - $modsec_secruleengine = $::apache::params::modsec_secruleengine, - $audit_log_parts = $::apache::params::modsec_audit_log_parts, - $secpcrematchlimit = $::apache::params::secpcrematchlimit, + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, + $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $audit_log_parts = $::apache::params::modsec_audit_log_parts, + $secpcrematchlimit = $::apache::params::secpcrematchlimit, $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, - $allowed_methods = 'GET HEAD POST OPTIONS', - $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', - $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', - $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', + $allowed_methods = 'GET HEAD POST OPTIONS', + $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', + $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', + $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', $secdefaultaction = 'deny', $anomaly_score_blocking = 'off', $inbound_anomaly_threshold = '5', $outbound_anomaly_threshold = '4', + $critical_anomaly_score = '5', + $error_anomaly_score = '4', + $warning_anomaly_score = '3', + $notice_anomaly_score = '2', ) inherits ::apache::params { include ::apache diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index d5e25e182c..d5eb70a249 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -89,10 +89,10 @@ SecAction \ "id:'900001', \ phase:1, \ t:none, \ - setvar:tx.critical_anomaly_score=5, \ - setvar:tx.error_anomaly_score=4, \ - setvar:tx.warning_anomaly_score=3, \ - setvar:tx.notice_anomaly_score=2, \ + setvar:tx.critical_anomaly_score=<%= @critical_anomaly_score -%>, \ + setvar:tx.error_anomaly_score=<%= @error_anomaly_score -%>, \ + setvar:tx.warning_anomaly_score=<%= @warning_anomaly_score -%>, \ + setvar:tx.notice_anomaly_score=<%= @notice_anomaly_score -%>, \ nolog, \ pass" From 1329e0e61aff45d6cff5f18e6ba33c2a33687b67 Mon Sep 17 00:00:00 2001 From: pingtux Date: Fri, 15 Apr 2016 11:42:10 +0200 Subject: [PATCH 0904/2267] Fixed trailing slash in lib_path on Suse --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 1cb2f40f5e..bed1a953f2 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -508,7 +508,7 @@ $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' $logroot_mode = undef - $lib_path = '/usr/lib64/apache2-prefork/' + $lib_path = '/usr/lib64/apache2-prefork' $mpm_module = 'prefork' $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' From 111247c8d4004c68c0a39be376283a65ec107dbb Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 13 Apr 2016 20:49:34 +0100 Subject: [PATCH 0905/2267] Update to newest modulesync_configs [9ca280f] --- .travis.yml | 19 +++++++++++++++++-- Gemfile | 1 - Rakefile | 9 --------- spec/acceptance/nodesets/centos-59-x64.yml | 10 ---------- spec/acceptance/nodesets/centos-64-x64-pe.yml | 12 ------------ spec/acceptance/nodesets/centos-65-x64.yml | 10 ---------- spec/acceptance/nodesets/centos-7-x64.yml | 10 ++++++++++ spec/acceptance/nodesets/centos-70-x64.yml | 11 ----------- spec/acceptance/nodesets/debian-607-x64.yml | 11 ----------- spec/acceptance/nodesets/debian-70rc1-x64.yml | 11 ----------- spec/acceptance/nodesets/debian-73-i386.yml | 11 ----------- spec/acceptance/nodesets/debian-73-x64.yml | 11 ----------- .../{debian-82-x64.yml => debian-8-x64.yml} | 10 +++++----- spec/acceptance/nodesets/default.yml | 14 +++++++------- spec/acceptance/nodesets/docker/centos-7.yml | 12 ++++++++++++ spec/acceptance/nodesets/docker/debian-8.yml | 11 +++++++++++ .../nodesets/docker/ubuntu-14.04.yml | 12 ++++++++++++ spec/acceptance/nodesets/fedora-18-x64.yml | 11 ----------- .../nodesets/ubuntu-server-10044-x64.yml | 10 ---------- .../nodesets/ubuntu-server-12042-x64.yml | 10 ---------- .../nodesets/ubuntu-server-1310-x64.yml | 11 ----------- .../nodesets/ubuntu-server-1404-x64.yml | 11 ----------- 22 files changed, 74 insertions(+), 164 deletions(-) delete mode 100644 spec/acceptance/nodesets/centos-59-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml delete mode 100644 spec/acceptance/nodesets/centos-65-x64.yml create mode 100644 spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-70-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-607-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-70rc1-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-73-i386.yml delete mode 100644 spec/acceptance/nodesets/debian-73-x64.yml rename spec/acceptance/nodesets/{debian-82-x64.yml => debian-8-x64.yml} (66%) create mode 100644 spec/acceptance/nodesets/docker/centos-7.yml create mode 100644 spec/acceptance/nodesets/docker/debian-8.yml create mode 100644 spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 spec/acceptance/nodesets/fedora-18-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-10044-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-12042-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-1310-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-1404-x64.yml diff --git a/.travis.yml b/.travis.yml index e366e0ee2e..4e2c66df32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,18 +3,33 @@ sudo: false language: ruby cache: bundler -bundler_args: --without system_tests -script: "bundle exec rake validate lint parallel_spec" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - rvm: 2.1.6 + dist: trusty + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04 + script: bundle exec rake beaker + services: docker + sudo: required + - rvm: 2.1.6 + dist: trusty + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7 + script: bundle exec rake beaker + services: docker + sudo: required + - rvm: 2.1.6 + bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" - rvm: 2.1.5 + bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.5 + bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 + bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 3.0" notifications: email: false diff --git a/Gemfile b/Gemfile index 21c2dbc3ea..e490bc9b98 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,6 @@ group :development, :unit_tests do gem 'puppetlabs_spec_helper', :require => false gem 'rspec-puppet', '>= 2.3.2', :require => false gem 'simplecov', :require => false - gem 'parallel_tests', :require => false end group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') diff --git a/Rakefile b/Rakefile index 7ef974b94c..1e2be6663c 100644 --- a/Rakefile +++ b/Rakefile @@ -1,8 +1,6 @@ require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppetlabs_spec_helper/rake_tasks' -require 'parallel_tests' -require 'parallel_tests/cli' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') @@ -43,10 +41,3 @@ task :gen_nodeset do end puts nodeset end - -desc "Parallel spec tests" -task :parallel_spec do - Rake::Task[:spec_prep].invoke - ParallelTests::CLI.new.run('--type test -t rspec spec/classes spec/defines spec/unit'.split) - Rake::Task[:spec_clean].invoke -end diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml deleted file mode 100644 index 2ad90b86aa..0000000000 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-59-x64: - roles: - - master - platform: el-5-x86_64 - box : centos-59-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml deleted file mode 100644 index 7d9242f1b9..0000000000 --- a/spec/acceptance/nodesets/centos-64-x64-pe.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - - database - - dashboard - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: pe diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml deleted file mode 100644 index 4e2cb809e8..0000000000 --- a/spec/acceptance/nodesets/centos-65-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-65-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-65-x64-vbox436-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/centos-7-x64.yml b/spec/acceptance/nodesets/centos-7-x64.yml new file mode 100644 index 0000000000..1a40c8950f --- /dev/null +++ b/spec/acceptance/nodesets/centos-7-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-7-x64: + roles: + - agent + - default + platform: redhat-7-x86_64 + hypervisor: vagrant + box: puppetlabs/centos-7.2-64-nocm +CONFIG: + type: foss diff --git a/spec/acceptance/nodesets/centos-70-x64.yml b/spec/acceptance/nodesets/centos-70-x64.yml deleted file mode 100644 index 2ab0052043..0000000000 --- a/spec/acceptance/nodesets/centos-70-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - centos-70-x64: - roles: - - master - platform: el-7-x86_64 - box : puppetlabs/centos-7.0-64-nocm - box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm - hypervisor : vagrant -CONFIG: - log_level: verbose - type: foss diff --git a/spec/acceptance/nodesets/debian-607-x64.yml b/spec/acceptance/nodesets/debian-607-x64.yml deleted file mode 100644 index e642e09925..0000000000 --- a/spec/acceptance/nodesets/debian-607-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-607-x64: - roles: - - master - platform: debian-6-amd64 - box : debian-607-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-70rc1-x64.yml b/spec/acceptance/nodesets/debian-70rc1-x64.yml deleted file mode 100644 index cbbbfb2cc6..0000000000 --- a/spec/acceptance/nodesets/debian-70rc1-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-70rc1-x64: - roles: - - master - platform: debian-7-amd64 - box : debian-70rc1-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-73-i386.yml b/spec/acceptance/nodesets/debian-73-i386.yml deleted file mode 100644 index a38902d897..0000000000 --- a/spec/acceptance/nodesets/debian-73-i386.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-73-i386: - roles: - - master - platform: debian-7-i386 - box : debian-73-i386-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-i386-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-73-x64.yml b/spec/acceptance/nodesets/debian-73-x64.yml deleted file mode 100644 index f9cf0c9b8a..0000000000 --- a/spec/acceptance/nodesets/debian-73-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-73-x64: - roles: - - master - platform: debian-7-amd64 - box : debian-73-x64-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-82-x64.yml b/spec/acceptance/nodesets/debian-8-x64.yml similarity index 66% rename from spec/acceptance/nodesets/debian-82-x64.yml rename to spec/acceptance/nodesets/debian-8-x64.yml index 800c49aaa4..fef6e63ca5 100644 --- a/spec/acceptance/nodesets/debian-82-x64.yml +++ b/spec/acceptance/nodesets/debian-8-x64.yml @@ -1,10 +1,10 @@ HOSTS: - debian-82: + debian-8-x64: roles: - - master + - agent + - default platform: debian-8-amd64 - box: puppetlabs/debian-8.2-64-nocm hypervisor: vagrant + box: puppetlabs/debian-8.2-64-nocm CONFIG: - log_level: debug - type: git + type: foss diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml index 00e141d092..dba339c46a 100644 --- a/spec/acceptance/nodesets/default.yml +++ b/spec/acceptance/nodesets/default.yml @@ -1,10 +1,10 @@ HOSTS: - centos-66-x64: + ubuntu-1404-x64: roles: - - master - platform: el-6-x86_64 - box : puppetlabs/centos-6.6-64-nocm - hypervisor : vagrant + - agent + - default + platform: ubuntu-14.04-amd64 + hypervisor: vagrant + box: puppetlabs/ubuntu-14.04-64-nocm CONFIG: - log_level: debug - type: git + type: foss diff --git a/spec/acceptance/nodesets/docker/centos-7.yml b/spec/acceptance/nodesets/docker/centos-7.yml new file mode 100644 index 0000000000..a3333aac53 --- /dev/null +++ b/spec/acceptance/nodesets/docker/centos-7.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-7-x64: + platform: el-7-x86_64 + hypervisor: docker + image: centos:7 + docker_preserve_image: true + docker_cmd: '["/usr/sbin/init"]' + # install various tools required to get the image up to usable levels + docker_image_commands: + - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts' +CONFIG: + trace_limit: 200 diff --git a/spec/acceptance/nodesets/docker/debian-8.yml b/spec/acceptance/nodesets/docker/debian-8.yml new file mode 100644 index 0000000000..df5c31944f --- /dev/null +++ b/spec/acceptance/nodesets/docker/debian-8.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-8-x64: + platform: debian-8-amd64 + hypervisor: docker + image: debian:8 + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen' +CONFIG: + trace_limit: 200 diff --git a/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/spec/acceptance/nodesets/docker/ubuntu-14.04.yml new file mode 100644 index 0000000000..b1efa58390 --- /dev/null +++ b/spec/acceptance/nodesets/docker/ubuntu-14.04.yml @@ -0,0 +1,12 @@ +HOSTS: + ubuntu-1404-x64: + platform: ubuntu-14.04-amd64 + hypervisor: docker + image: ubuntu:14.04 + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + # ensure that upstart is booting correctly in the container + - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8' +CONFIG: + trace_limit: 200 diff --git a/spec/acceptance/nodesets/fedora-18-x64.yml b/spec/acceptance/nodesets/fedora-18-x64.yml deleted file mode 100644 index 086cae995c..0000000000 --- a/spec/acceptance/nodesets/fedora-18-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - fedora-18-x64: - roles: - - master - platform: fedora-18-x86_64 - box : fedora-18-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml deleted file mode 100644 index 5ca1514e40..0000000000 --- a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-10044-x64: - roles: - - master - platform: ubuntu-10.04-amd64 - box : ubuntu-server-10044-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml deleted file mode 100644 index d065b304f8..0000000000 --- a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-12042-x64: - roles: - - master - platform: ubuntu-12.04-amd64 - box : ubuntu-server-12042-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml deleted file mode 100644 index f4b2366f3b..0000000000 --- a/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - ubuntu-server-1310-x64: - roles: - - master - platform: ubuntu-13.10-amd64 - box : ubuntu-server-1310-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-1310-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level : debug - type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml deleted file mode 100644 index cba1cd04c2..0000000000 --- a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - ubuntu-server-1404-x64: - roles: - - master - platform: ubuntu-14.04-amd64 - box : puppetlabs/ubuntu-14.04-64-nocm - box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm - hypervisor : vagrant -CONFIG: - log_level : debug - type: git From 4b9f6d312190ca9b25bc9f18b7b369e7460f39e7 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 19 Apr 2016 10:20:11 +0100 Subject: [PATCH 0906/2267] (MODULES-3274) mod-info: specify the info_path Changes lifted from Eric Young's feture request. --- manifests/mod/info.pp | 1 + templates/mod/info.conf.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 2c477c748f..5f4ffa7c95 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -2,6 +2,7 @@ $allow_from = ['127.0.0.1','::1'], $apache_version = undef, $restrict_access = true, + $info_path = '/server-info', ){ include ::apache $_apache_version = pick($apache_version, $apache::apache_version) diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb index dd79ecea8d..c661a23ab5 100644 --- a/templates/mod/info.conf.erb +++ b/templates/mod/info.conf.erb @@ -1,4 +1,4 @@ - +> SetHandler server-info <%- if @restrict_access -%> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> From 9aedb0446e6b7a77f41494c98bb187bb972b1732 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 19 Apr 2016 15:29:10 +0100 Subject: [PATCH 0907/2267] (MODULES-3140) explicitly rely on hasrestart if no restart command is passed Apache always had a restart option for the init script and in some cases does require special handling of the daemon when restarting, so this prefers the init scripts' restart action over just stopping/starting it. --- manifests/service.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/service.pp b/manifests/service.pp index 708027921c..f90097d0bb 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -38,12 +38,16 @@ $_service_ensure = undef } } + + $service_hasrestart = $service_restart == undef + if $service_manage { service { 'httpd': - ensure => $_service_ensure, - name => $service_name, - enable => $service_enable, - restart => $service_restart + ensure => $_service_ensure, + name => $service_name, + enable => $service_enable, + restart => $service_restart, + hasrestart => $service_hasrestart, } } } From 6df5d4160268d21a058847fac8e53d878988dfe6 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Tue, 19 Apr 2016 09:23:27 -0700 Subject: [PATCH 0908/2267] Expose verify_config in apache::vhost::custom In many cases verify_config confuses more than it helps and users would like to be able to turn it off. Expose the $apache::custom_config::verify_config parameter in apache::vhost::custom so custom vhost users can also turn this off. --- README.md | 5 +++++ manifests/vhost/custom.pp | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ded6f75d19..74b5183152 100644 --- a/README.md +++ b/README.md @@ -3556,6 +3556,11 @@ Specifies if the virtual host file is present or absent. Valid options: 'absent' Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default: '25'. +##### `verify_config` + +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: true. + + ### Private defined types #### Defined type: `apache::peruser::multiplexer` diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp index 12567f5dbd..e46b4c4d81 100644 --- a/manifests/vhost/custom.pp +++ b/manifests/vhost/custom.pp @@ -3,6 +3,7 @@ $content, $ensure = 'present', $priority = '25', + $verify_config = true, ) { include ::apache @@ -10,10 +11,11 @@ $filename = regsubst($name, ' ', '_', 'G') ::apache::custom_config { $filename: - ensure => $ensure, - confdir => $::apache::vhost_dir, - content => $content, - priority => $priority, + ensure => $ensure, + confdir => $::apache::vhost_dir, + content => $content, + priority => $priority, + verify_config => $verify_config, } # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to From e051bbfd87c7bc6b5a1e8a09a7cbd60daf153928 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sun, 17 Apr 2016 05:38:28 +0200 Subject: [PATCH 0909/2267] MODULES-2890: Allow php_version != 5 --- manifests/mod/php.pp | 38 ++++++++++++++----- manifests/params.pp | 19 +++++----- spec/classes/mod/php_spec.rb | 2 +- templates/mod/{php5.conf.erb => php.conf.erb} | 0 4 files changed, 40 insertions(+), 19 deletions(-) rename templates/mod/{php5.conf.erb => php.conf.erb} (100%) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 3d45f87a8a..340549ccb1 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -4,25 +4,28 @@ $path = undef, $extensions = ['.php'], $content = undef, - $template = 'apache/mod/php5.conf.erb', + $template = 'apache/mod/php.conf.erb', $source = undef, $root_group = $::apache::params::root_group, + $php_version = $::apache::params::php_version, ) inherits apache::params { + $mod = "php${php_version}" + if defined(Class['::apache::mod::prefork']) { - Class['::apache::mod::prefork']->File['php5.conf'] + Class['::apache::mod::prefork']->File["${mod}.conf"] } elsif defined(Class['::apache::mod::itk']) { - Class['::apache::mod::itk']->File['php5.conf'] + Class['::apache::mod::itk']->File["${mod}.conf"] } else { fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']') } validate_array($extensions) - if $source and ($content or $template != 'apache/mod/php5.conf.erb') { + if $source and ($content or $template != 'apache/mod/php.conf.erb') { warning('source and content or template parameters are provided. source parameter will be used') - } elsif $content and $template != 'apache/mod/php5.conf.erb' { + } elsif $content and $template != 'apache/mod/php.conf.erb' { warning('content and template parameters are provided. content parameter will be used') } @@ -34,9 +37,26 @@ default => undef, } - ::apache::mod { 'php5': - package => $package_name, + # Determine if we have a package + $mod_packages = $::apache::params::mod_packages + if $package_name { + $_package_name = $package_name + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package_name = $mod_packages[$mod] + } elsif has_key($mod_packages, 'phpXXX') { # 2.6 compatibility hack + $_package_name = regsubst($mod_packages['phpXXX'], 'XXX', $php_version) + } else { + $_package_name = undef + } + + $_lib = "libphp${php_version}.so" + $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1') + + ::apache::mod { $mod: + package => $_package_name, package_ensure => $package_ensure, + lib => $_lib, + id => "php${_php_major}_module", path => $path, } @@ -45,9 +65,9 @@ Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php'] # Template uses $extensions - file { 'php5.conf': + file { "${mod}.conf": ensure => file, - path => "${::apache::mod_dir}/php5.conf", + path => "${::apache::mod_dir}/${mod}.conf", owner => 'root', group => $root_group, mode => $::apache::file_mode, diff --git a/manifests/params.pp b/manifests/params.pp index 1cb2f40f5e..d067ac848d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -90,6 +90,7 @@ $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef + $php_version = '5' $mod_packages = { # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. 'auth_cas' => 'mod_auth_cas', @@ -117,6 +118,7 @@ '5' => 'php53', default => 'php', }, + 'phpXXX' => 'php', 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', 'security' => 'mod_security', @@ -133,8 +135,7 @@ 'shib2' => 'shibboleth', } $mod_libs = { - 'php5' => 'libphp5.so', - 'nss' => 'libmodnss.so', + 'nss' => 'libmodnss.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -217,6 +218,7 @@ $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' + $php_version = '5' $mod_packages = { 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', @@ -229,7 +231,7 @@ 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', - 'php5' => 'libapache2-mod-php5', + 'phpXXX' => 'libapache2-mod-phpXXX', 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', 'rpaf' => 'libapache2-mod-rpaf', @@ -246,7 +248,6 @@ $shib2_lib = 'mod_shib2.so' } $mod_libs = { - 'php5' => 'libphp5.so', 'shib2' => $shib2_lib } $conf_template = 'apache/httpd.conf.erb' @@ -392,6 +393,7 @@ $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef + $php_version = '5' $mod_packages = { # NOTE: I list here only modules that are not included in www/apache24 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config @@ -402,7 +404,7 @@ 'fcgid' => 'www/mod_fcgid', 'passenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', - 'php5' => 'www/mod_php5', + 'phpXXX' => 'www/mod_phpXXX', 'proxy_html' => 'www/mod_proxy_html', 'python' => 'www/mod_python3', 'wsgi' => 'www/mod_wsgi', @@ -412,7 +414,6 @@ 'shib2' => 'security/shibboleth2-sp', } $mod_libs = { - 'php5' => 'libphp5.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -457,6 +458,7 @@ $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' + $php_version = '5' $mod_packages = { # NOTE: I list here only modules that are not included in www-servers/apache 'auth_kerb' => 'www-apache/mod_auth_kerb', @@ -464,7 +466,7 @@ 'fcgid' => 'www-apache/mod_fcgid', 'passenger' => 'www-apache/passenger', 'perl' => 'www-apache/mod_perl', - 'php5' => 'dev-lang/php', + 'phpXXX' => 'dev-lang/php', 'proxy_html' => 'www-apache/mod_proxy_html', 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', 'python' => 'www-apache/mod_python', @@ -475,7 +477,6 @@ 'xml2enc' => 'www-apache/mod_xml2enc', } $mod_libs = { - 'php5' => 'libphp5.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -516,6 +517,7 @@ $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' + $php_version = '5' $mod_packages = { 'auth_kerb' => 'apache2-mod_auth_kerb', 'fcgid' => 'apache2-mod_fcgid', @@ -524,7 +526,6 @@ 'python' => 'apache2-mod_python', } $mod_libs = { - 'php5' => 'libphp5.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 3aaa3d329b..3908655295 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -222,7 +222,7 @@ 'class { "apache": mpm_module => prefork, }' end let :params do - { :template => 'apache/mod/php5.conf.erb' } + { :template => 'apache/mod/php.conf.erb' } end it { should contain_file('php5.conf').with( :content => /^# PHP is an HTML-embedded scripting language which attempts to make it/ diff --git a/templates/mod/php5.conf.erb b/templates/mod/php.conf.erb similarity index 100% rename from templates/mod/php5.conf.erb rename to templates/mod/php.conf.erb From 9121dffd852f236b64532bc35138d21d099db42b Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sun, 17 Apr 2016 04:28:00 +0200 Subject: [PATCH 0910/2267] MODULES-2890: mod::php: Explicit test on jessie --- spec/classes/mod/php_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 3908655295..e5d3befbc3 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -39,6 +39,18 @@ :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" ) } end + context "on jessie" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let(:facts) { super().merge({ + :operatingsystemrelease => '8', + :lsbdistcodename => 'jessie', + }) } + it { is_expected.to contain_file("php5.load").with( + :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" + ) } + end end describe "on a RedHat OS" do let :facts do From f7f519c61b1ec276b80d5e4cc68b9cf8eae6a51a Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sun, 17 Apr 2016 04:30:31 +0200 Subject: [PATCH 0911/2267] MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial --- manifests/params.pp | 8 +++++++- spec/classes/mod/php_spec.rb | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index d067ac848d..60e184a962 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -218,7 +218,13 @@ $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' - $php_version = '5' + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) { + # Only the major version is used here + $php_version = '5' + } else { + # major.minor version used since Debian stretch and Ubuntu Xenial + $php_version = '7.0' + } $mod_packages = { 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index e5d3befbc3..ad61e897b5 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -51,6 +51,20 @@ :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" ) } end + context "on stretch" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let(:facts) { super().merge({ + :operatingsystemrelease => '9', + :lsbdistcodename => 'stretch', + }) } + it { is_expected.to contain_apache__mod('php7.0') } + it { is_expected.to contain_package("libapache2-mod-php7.0") } + it { is_expected.to contain_file("php7.0.load").with( + :content => "LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so\n" + ) } + end end describe "on a RedHat OS" do let :facts do From c0c3e4ab88447e995a40c1f3a0126c518e25a4dc Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Sun, 17 Apr 2016 05:36:59 +0200 Subject: [PATCH 0912/2267] MODULES-2890: Fix mod_php SetHandler and cleanup --- templates/mod/php.conf.erb | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/templates/mod/php.conf.erb b/templates/mod/php.conf.erb index 3fd1000390..9e684fe6d0 100644 --- a/templates/mod/php.conf.erb +++ b/templates/mod/php.conf.erb @@ -2,20 +2,12 @@ # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages. # -# -# LoadModule php5_module modules/libphp5.so -# -# -# # Use of the "ZTS" build with worker is experimental, and no shared -# # modules are supported. -# LoadModule php5_module modules/libphp5-zts.so -# # # Cause the PHP interpreter to handle files with a .php extension. # )$"> - SetHandler php5-script + SetHandler application/x-httpd-php # From d90bfbd3e074465c1b074618e8bdff23d2de9ded Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 20 Apr 2016 09:38:48 +0200 Subject: [PATCH 0913/2267] Set default keepalive to On According to docs "In some cases this has been shown to result in an almost 50% speedup in latency times for HTML documents with many images." Ref: http://httpd.apache.org/docs/2.4/mod/core.html#keepalive --- README.md | 2 +- manifests/params.pp | 2 +- spec/acceptance/apache_parameters_spec.rb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 74b5183152..e8a1a67d83 100644 --- a/README.md +++ b/README.md @@ -973,7 +973,7 @@ Sets the Apache server's base configuration directory. This is useful for specia ##### `keepalive` -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'Off'. +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'On'. If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. diff --git a/manifests/params.pp b/manifests/params.pp index 1cb2f40f5e..c72d6b927d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -137,7 +137,7 @@ 'nss' => 'libmodnss.so', } $conf_template = 'apache/httpd.conf.erb' - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = undef diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 923df6666c..fdf3d8561a 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -353,14 +353,14 @@ class { 'apache': describe 'keepalive' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': keepalive => 'On', keepalive_timeout => '30', max_keepalive_requests => '200' }" + pp = "class { 'apache': keepalive => 'Off', keepalive_timeout => '30', max_keepalive_requests => '200' }" apply_manifest(pp, :catch_failures => true) end end describe file($conf_file) do it { is_expected.to be_file } - it { is_expected.to contain 'KeepAlive On' } + it { is_expected.to contain 'KeepAlive Off' } it { is_expected.to contain 'KeepAliveTimeout 30' } it { is_expected.to contain 'MaxKeepAliveRequests 200' } end From d67afdec30ae7a9b51617fb918b167bce05245e5 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 20 Apr 2016 14:12:08 +0100 Subject: [PATCH 0914/2267] (maint) update apache::default_mods tests to work on debian 7 Debian 7 and Ubuntu 12.04's init scripts will refuse to restart the service if the configuration is broken. So this commit adds an explicit configuration step to shutdown the apache before the test. --- spec/acceptance/default_mods_spec.rb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 3f28526966..1c10d02b5e 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -20,6 +20,13 @@ class { 'apache': end describe 'no default mods and failing' do + before :all do + pp = <<-PP + include apache::params + class { 'apache': default_mods => false, service_ensure => stopped, } + PP + apply_manifest(pp) + end # Using puppet_apply as a helper it 'should apply with errors' do pp = <<-EOS @@ -39,15 +46,9 @@ class { 'apache': apply_manifest(pp, { :expect_failures => true }) end - # Are these the same? describe service($service_name) do it { is_expected.not_to be_running } end - describe "service #{$service_name}" do - it 'should not be running' do - shell("pidof #{$service_name}", {:acceptable_exit_codes => 1}) - end - end end describe 'alternative default mods' do From b0bd3ed1c37835cbdbb4e8f101f1eb03bdbb8d26 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 14 Apr 2016 15:24:48 -0700 Subject: [PATCH 0915/2267] Release prep 1.9.0 --- CHANGELOG.md | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 2 +- 2 files changed, 76 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58cd91ae62..40d313a278 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,78 @@ +## Supported Release 1.9.0 +### Summary + + +#### Features +- Added `apache_version` fact +- Added `apache::balancer::target` attribute +- Added `apache::fastcgi::server::pass_header` attribute +- Added ability for `apache::fastcgi::server::host` using sockets +- Added `apache::root_directory_options` attribute +- Added for `apache::mod::ldap`: + - `ldap_shared_cache_size` + - `ldap_cache_entries` + - `ldap_cache_ttl` + - `ldap_opcache_entries` + - `ldap_opcache_ttl` +- Added `apache::mod::pagespeed::package_ensure` attribute +- Added `apache::mod::passenger` attributes: + - `passenger_log_level` + - `manage_repo` +- Added upstream repo for `apache::mod::passenger` +- Added `apache::mod::proxy_fcgi` class +- Added `apache::mod::security` attributes: + - `audit_log_parts` + - `secpcrematchlimit` + - `secpcrematchlimitrecursion` + - `secdefaultaction` + - `anomaly_score_blocking` + - `inbound_anomaly_threshold` + - `outbound_anomaly_threshold` +- Added `apache::mod::ssl` attributes: + - `ssl_mutex` + - `apache_version` +- Added ubuntu 16.04 support +- Added `apache::mod::authnz_ldap::package_name` attribute +- Added `apache::mod::ldap::package_name` attribute +- Added `apache::mod::proxy::package_name` attribute +- Added `apache::vhost` attributes: + - `ssl_proxy_check_peen_expire` + - `ssl_proxy_protocol` + - `logroot_owner` + - `logroot_group` + - `setenvifnocase` + - `passenger_user` + - `passenger_high_performance` + - `jk_mounts` + - `fastcgi_idle_timeout` + - `modsec_disable_msgs` + - `modsec_disable_tags` +- Added ability for 2.4-style `RequireAll|RequireNone|RequireAny` directory permissions +- Added ability for includes in vhost directory +- Added directory values: + - `AuthMerging` + - `MellonSPMetadataFile` + +#### Bugfixes +- Fixed apache mod setup for event/worker failing syntax +- Fixed concat deprecation warnings +- Fixed pagespeed mod +- Fixed service restart on mod update +- Fixed mod dir purging to happen after package installs +- Fixed various `apache::mod::*` file modes +- Fixed `apache::mod::authnz_ldap` parameter `verifyServerCert` to be `verify_server_cert` +- Fixed loadfile name in `apache::mod::fcgid` +- Fixed `apache::mod::remoteip` to fail on apache < 2.4 (because it is not available) +- Fixed `apache::mod::ssl::ssl_honorcipherorder` interpolation +- Lint fixes +- Strict variable fixes +- Fixed `apache::vhost` attribute `redirectmatch_status` to be optional +- Fixed SSLv3 on by default in mod\_nss +- Fixed mod\_rpaf directive names in template +- Fixed mod\_worker needing MaxClients with ThreadLimit +- Fixed quoting on vhost php\_value +- Fixed xml2enc for proxy\_html on debian + ## Supported Release 1.8.1 ### Summary This release includes bug fixes and a documentation update. diff --git a/metadata.json b/metadata.json index dde60f9115..972f456d07 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.8.1", + "version": "1.9.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 0a75a48a271e9cb1b42d4c032a60901702173f15 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 20 Apr 2016 19:34:18 -0700 Subject: [PATCH 0916/2267] Updates CHANGELOG with newly added features and bugfix --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 40d313a278..4b1da63b53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,6 +52,13 @@ - Added directory values: - `AuthMerging` - `MellonSPMetadataFile` +- Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to `apache::mod::security` class + - `critical_anomaly_score` + - `error_anomaly_score` + - `warning_anomaly_score` + - `notice_anomaly_score` +- Adds ability to configure `info_path` in `apache::mod::info` class +- Adds ability to configure `verify_config` in `apache::vhost::custom` #### Bugfixes - Fixed apache mod setup for event/worker failing syntax @@ -72,6 +79,7 @@ - Fixed mod\_worker needing MaxClients with ThreadLimit - Fixed quoting on vhost php\_value - Fixed xml2enc for proxy\_html on debian +- Fixed a problem where the apache service restarts too fast ## Supported Release 1.8.1 ### Summary From 2e0bad61051a78d174c78d91ca19e9a1f885ffb0 Mon Sep 17 00:00:00 2001 From: jostmart Date: Sun, 24 Apr 2016 10:49:48 +0200 Subject: [PATCH 0917/2267] Update _block.erb Deny access to .ht and .hg, which are created by mercurial hg. --- templates/vhost/_block.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_block.erb b/templates/vhost/_block.erb index d0776829da..b07f685e42 100644 --- a/templates/vhost/_block.erb +++ b/templates/vhost/_block.erb @@ -3,7 +3,7 @@ ## Block access statements <% if @block.include? 'scm' -%> # Block access to SCM directories. - + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> From b27225e1a080a0f8d99e1f6a5368129c94d4e44e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCssel?= Date: Mon, 25 Apr 2016 12:16:01 +0200 Subject: [PATCH 0918/2267] dont fail if mpm_module is itk, apache_version >= 2.4 and class apache::mod::prefork is not defined include apache::mod::prefork in apache::mod::itk instead because cant include apache::mod::prefork before class apache "Warning: Scope(Class[Apache::Mod::Prefork]): Could not look up qualified variable '::apache::apache_version'; class ::apache has not been evaluated" "Error: Could not find dependency Exec[mkdir ] for File[/prefork.conf] at apache/manifests/mod/prefork.pp:44" --- manifests/mod/itk.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 2d5bf04c1c..56edf7e68e 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -25,7 +25,7 @@ } } else { if ! defined(Class['apache::mod::prefork']) { - fail('apache::mod::prefork is a prerequisite for apache::mod::itk, please arrange for it to be included.') + include ::apache::mod::prefork } } } From 4cd01b321150fa3626925df3f70f98084f319c99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCssel?= Date: Tue, 26 Apr 2016 12:34:56 +0200 Subject: [PATCH 0919/2267] Revert "MODULES-2956: Enable options within location block on proxy_match" this commit removes the location directive in _proxy.erb proxy: remove workaround for old broken clients 99add117df452d2c513a3a7c36d9fd0416e696b9 this commit sets options in the location directive in _proxy.erb MODULES-2956: Enable options within location block on proxy_match db5b0bfb09959622ea1c6cc299b58057b94c588f setting options-hash in proxy_pass or proxy_match now leads to syntax errors in Apache like "AuthBasicProvider not allowed here" --- README.md | 4 +--- spec/defines/vhost_spec.rb | 12 ------------ templates/vhost/_proxy.erb | 5 ----- 3 files changed, 1 insertion(+), 20 deletions(-) diff --git a/README.md b/README.md index 74b5183152..b077251b55 100644 --- a/README.md +++ b/README.md @@ -2435,7 +2435,7 @@ Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs ##### `proxy_pass` -Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. Parameters and location options can optionally be added as an array. +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2444,8 +2444,6 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, - { 'path' => '/c', 'url' => 'http://backend-a/c', - 'options' => {'Require'=>'valid-user', 'AuthType'=>'Kerberos', 'AuthName'=>'Kerberos Login'}}, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 89113bb0b5..40ebcc7872 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -274,11 +274,6 @@ 'retry' => '0', 'timeout' => '5' }, - 'options' => { - 'Require' =>'valid-user', - 'AuthType' =>'Kerberos', - 'AuthName' =>'"Kerberos Login"' - }, 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1'], } ], @@ -517,13 +512,6 @@ /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo/) } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - /Require valid-user/) } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - /AuthType Kerberos/) } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - /AuthName "Kerberos Login"/) } - it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 4e36361ca1..96004d1175 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -41,11 +41,6 @@ SetEnv <%= setenv_var %> <%- end -%> <%- end -%> - <%- if proxy['options'] -%> - <%- proxy['options'].keys.sort.each do |key| -%> - <%= key %> <%= proxy['options'][key] %> - <%- end -%> - <%- end -%> <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> From ee14e6f94be34431ef43c4b345517c6c6b3adde1 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Thu, 28 Apr 2016 12:08:47 +0200 Subject: [PATCH 0920/2267] mod_event: do not set parameters twice --- README.md | 2 +- manifests/mod/event.pp | 4 ++-- spec/classes/mod/event_spec.rb | 36 +++++++++++++++++++++++++++++++--- templates/mod/event.conf.erb | 10 ++++++++-- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 74b5183152..dc7b9754ad 100644 --- a/README.md +++ b/README.md @@ -1366,7 +1366,7 @@ Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::e **Parameters within `apache::mod::event`**: - `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. -- `maxclients` (_Apache 2.3.12 or older_: `maxrequestworkers`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. +- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. - `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. - `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. - `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index 6c70589a35..d423073e78 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -1,16 +1,16 @@ class apache::mod::event ( $startservers = '2', $maxclients = '150', + $maxrequestworkers = undef, $minsparethreads = '25', $maxsparethreads = '75', $threadsperchild = '25', $maxrequestsperchild = '0', + $maxconnectionsperchild = undef, $serverlimit = '25', $apache_version = $::apache::apache_version, $threadlimit = '64', $listenbacklog = '511', - $maxrequestworkers = '250', - $maxconnectionsperchild = '0', ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index dd0a427eaf..00291a5f98 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -59,7 +59,7 @@ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } - context "Test mpm_event params" do + context "Test mpm_event new params" do let :params do { :serverlimit => '0', @@ -78,17 +78,47 @@ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients\s*2/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild\s*6/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) } end + context "Test mpm_event old style params" do + let :params do + { + :serverlimit => '0', + :startservers => '1', + :maxclients => '2', + :minsparethreads => '3', + :maxsparethreads => '4', + :threadsperchild => '5', + :maxrequestsperchild => '6', + :threadlimit => '7', + :listenbacklog => '8', + :maxrequestworkers => :undef, + :maxconnectionsperchild => :undef, + } + end + + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers\s*9/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild\s*10/) } + end + context "with Apache version < 2.4" do let :params do { diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index 970ce088ce..da7682fb4d 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -1,13 +1,19 @@ ServerLimit <%= @serverlimit %> StartServers <%= @startservers %> + <%- if @maxrequestworkers -%> + MaxRequestWorkers <%= @maxrequestworkers %> + <%- else -%> MaxClients <%= @maxclients %> + <%- end -%> MinSpareThreads <%= @minsparethreads %> MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> + <%- if @maxconnectionsperchild -%> + MaxConnectionsPerChild <%= @maxconnectionsperchild %> + <%- else -%> MaxRequestsPerChild <%= @maxrequestsperchild %> + <%- end -%> ThreadLimit <%= @threadlimit %> ListenBacklog <%= @listenbacklog %> - MaxRequestWorkers <%= @maxrequestworkers %> - MaxConnectionsPerChild <%= @maxconnectionsperchild %> From 9f3c2a003c4be242d591960741d01ac4b6f1d587 Mon Sep 17 00:00:00 2001 From: Leo Antunes Date: Thu, 28 Apr 2016 19:24:14 +0200 Subject: [PATCH 0921/2267] Add simple support + ProxyAddHeaders (#1427) * vhost: add support for block in directories In order to allow "require" statements inside the blocks without introducing code duplication, the template for "require" handling has beenrefactored into a subtemplate of its own. This subtemplate accesses the current block being processed (be it a or ) (ab)using a scope variable _template_scope, which is in turn a hash with a single variable :item, to workaround puppet's "thou shall not reset variables". * vhost: add support for ProxyAddHeaders directive * vhost: add documentation for Limit directive --- README.md | 26 ++++++++++++ manifests/vhost.pp | 2 + spec/acceptance/vhost_spec.rb | 2 + spec/defines/vhost_spec.rb | 17 ++++++++ templates/vhost/_directories.erb | 68 +++++--------------------------- templates/vhost/_proxy.erb | 7 ++++ templates/vhost/_require.erb | 62 +++++++++++++++++++++++++++++ 7 files changed, 125 insertions(+), 59 deletions(-) create mode 100644 templates/vhost/_require.erb diff --git a/README.md b/README.md index 74b5183152..54a4084999 100644 --- a/README.md +++ b/README.md @@ -2346,6 +2346,12 @@ Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod Setting this parameter to true enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to false sets this directive to 'Off'. +##### `proxy_add_headers` + +Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). Valid Options: Boolean. Default: false. + +This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. + ##### `proxy_error_override` Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: false. @@ -3045,6 +3051,26 @@ apache::vhost { 'sample.example.net': } ``` +###### `limit` + +Creates a [Limit](https://httpd.apache.org/docs/current/mod/core.html#limit) block inside the Directory block, which can also contain `require` directives. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/docroot', + directories => [ + { path => '/', + provider => 'location', + limit => [ + { methods => 'GET HEAD' + require => ['valid-user'] + }, + ], + }, + ], +} +``` + ###### `mellon_enable` Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index d4b1e8677c..3845075c12 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -80,6 +80,7 @@ $no_proxy_uris = [], $no_proxy_uris_match = [], $proxy_preserve_host = false, + $proxy_add_headers = undef, $proxy_error_override = false, $redirect_source = '/', $redirect_dest = undef, @@ -749,6 +750,7 @@ # - $proxy_pass # - $proxy_pass_match # - $proxy_preserve_host + # - $proxy_add_headers # - $no_proxy_uris if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { concat::fragment { "${name}-proxy": diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 36d4f42c59..f8b01c570c 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -115,6 +115,7 @@ class { 'apache': } it { is_expected.to contain "ProxyPass" } it { is_expected.to contain "ProxyPreserveHost On" } it { is_expected.to contain "ProxyErrorOverride On" } + it { is_expected.not_to contain "ProxyAddHeaders" } it { is_expected.not_to contain "" } end end @@ -142,6 +143,7 @@ class { 'apache': } it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" } it { is_expected.to contain "ProxyPreserveHost On" } it { is_expected.to contain "ProxyErrorOverride On" } + it { is_expected.not_to contain "ProxyAddHeaders" } it { is_expected.not_to contain "" } end end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 89113bb0b5..6df7c8e311 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -237,6 +237,14 @@ { 'path' => '/var/www/files/output_filtered', 'set_output_filter' => 'output_filter', }, + { 'path' => '/var/www/files', + 'provider' => 'location', + 'limit' => [ + { 'methods' => 'GET HEAD', + 'require' => ['valid-user'] + }, + ], + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -302,6 +310,7 @@ 'no_proxy_uris' => '/foo', 'no_proxy_uris_match' => '/foomatch', 'proxy_preserve_host' => true, + 'proxy_add_headers' => true, 'proxy_error_override' => true, 'redirect_source' => '/bar', 'redirect_dest' => '/', @@ -496,6 +505,10 @@ :content => /^\s+DirectoryIndex\sdisabled$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+SetOutputFilter\soutput_filter$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /\s+\s*Require valid-user\s*<\/Limit>/m ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } @@ -513,6 +526,10 @@ /SetEnv proxy-nokeepalive 1/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /noquery interpolate/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyPreserveHost On/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyAddHeaders On/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 789ade537c..50561e863f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -1,5 +1,6 @@ <% if @_directories and ! @_directories.empty? -%> + <%- scope.setvar('_template_scope', {}) -%> ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> @@ -56,65 +57,14 @@ AllowOverride None <%- end -%> <%- end -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - <%- if directory['require'] && directory['require'] != '' && directory['require'] !~ /unmanaged/i -%> - <%- if directory['require'].is_a?(Hash) -%> - <%- case directory['require']['enforce'].downcase -%> - <%- when 'all','none','any' then -%> - > - <%- Array(directory['require']['requires']).each do |req| -%> - Require <%= req.strip %> - <%- end -%> - > - <%- else -%> - <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> - <%- end -%> - <%- else -%> - <%- Array(directory['require']).each do |req| -%> - Require <%= req %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if directory['auth_require'] -%> - Require <%= directory['auth_require'] %> - <%- end -%> - <%- if !(directory['require'] && directory['require'] != '') && directory['require'] !~ /unmanaged/i && !(directory['auth_require']) -%> - Require all granted - <%- end -%> - <%- else -%> - <%- if directory['auth_require'] -%> - Require <%= directory['auth_require'] %> - <%- end -%> - <%- if directory['order'] and directory['order'] != '' -%> - Order <%= Array(directory['order']).join(',') %> - <%- else -%> - Order allow,deny - <%- end -%> - <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> - <%- if directory['deny'].kind_of?(Array) -%> - <%- Array(directory['deny']).each do |restrict| -%> - Deny <%= restrict %> - <%- end -%> - <%- else -%> - Deny <%= directory['deny'] %> - <%- end -%> - <%- end -%> - <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> - <%- if directory['allow'].kind_of?(Array) -%> - <%- Array(directory['allow']).each do |access| -%> - Allow <%= access %> - <%- end -%> - <%- else -%> - Allow <%= directory['allow'] %> - <%- end -%> - <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> - <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> - Deny from all - <%- else -%> - Allow from all - <%- end -%> - <%- if directory['satisfy'] and directory['satisfy'] != '' -%> - Satisfy <%= directory['satisfy'] %> + <%- scope.lookupvar('_template_scope')[:item] = directory -%> +<%= scope.function_template(["apache/vhost/_require.erb"]) -%> + <%- if directory['limit'] && directory['limit'] != '' -%> + <%- Array(directory['limit']).each do |lim| -%> + > + <%- scope.lookupvar('_template_scope')[:item] = lim -%> + <%= scope.function_template(["apache/vhost/_require.erb"]) -%> + <%- end -%> <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 4e36361ca1..bd151c6a71 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -8,6 +8,13 @@ <% else -%> ProxyPreserveHost Off <%- end -%> +<%- if defined?(@proxy_add_headers) -%> + <%- if @proxy_add_headers -%> + ProxyAddHeaders On + <%- else -%> + ProxyAddHeaders Off + <%- end -%> +<%- end -%> <% if @proxy_error_override -%> ProxyErrorOverride On <%- end -%> diff --git a/templates/vhost/_require.erb b/templates/vhost/_require.erb new file mode 100644 index 0000000000..d6252deeb2 --- /dev/null +++ b/templates/vhost/_require.erb @@ -0,0 +1,62 @@ +<%- _item = scope.lookupvar('_template_scope')[:item] -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%> + <%- if _item['require'].is_a?(Hash) -%> + <%- case _item['require']['enforce'].downcase -%> + <%- when 'all','none','any' then -%> + > + <%- Array(_item['require']['requires']).each do |req| -%> + Require <%= req.strip %> + <%- end -%> + > + <%- else -%> + <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> + <%- end -%> + <%- else -%> + <%- Array(_item['require']).each do |req| -%> + Require <%= req %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if !(_item['require'] && _item['require'] != '') && _item['require'] !~ /unmanaged/i && !(_item['auth_require']) -%> + Require all granted + <%- end -%> +<%- else -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if _item['order'] and _item['order'] != '' -%> + Order <%= Array(_item['order']).join(',') %> + <%- else -%> + Order allow,deny + <%- end -%> + <%- if _item['deny'] and ! [ false, 'false', '' ].include?(_item['deny']) -%> + <%- if _item['deny'].kind_of?(Array) -%> + <%- Array(_item['deny']).each do |restrict| -%> + Deny <%= restrict %> + <%- end -%> + <%- else -%> + Deny <%= _item['deny'] %> + <%- end -%> + <%- end -%> + <%- if _item['allow'] and ! [ false, 'false', '' ].include?(_item['allow']) -%> + <%- if _item['allow'].kind_of?(Array) -%> + <%- Array(_item['allow']).each do |access| -%> + Allow <%= access %> + <%- end -%> + <%- else -%> + Allow <%= _item['allow'] %> + <%- end -%> + <%- elsif [ 'from all', 'from All' ].include?(_item['deny']) -%> + <%- elsif ! _item['deny'] and [ false, 'false', '' ].include?(_item['allow']) -%> + Deny from all + <%- else -%> + Allow from all + <%- end -%> + <%- if _item['satisfy'] and _item['satisfy'] != '' -%> + Satisfy <%= _item['satisfy'] %> + <%- end -%> +<%- end -%> From 9f779b43f569185bca89469444c6cfd21d6dcb83 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Sat, 30 Apr 2016 00:29:52 +0200 Subject: [PATCH 0922/2267] Revert "changed rpaf Configuration Directives: RPAF -> RPAF_" This reverts commit 8ca7a6697ab907803789b2aa63e304f19e3497d3. These changes are completely incompatible with mod_rpaf as provided in Ubuntu 12.04 and Debian Jessie and Wheezy, and break the Apache configuration and consequently the Puppet agent run. I suspect these changes were made to be compatible with one of the mod_rpaf forks (https://github.com/gnif/mod_rpaf) but I don't see how a "random" fork should have precedence over, and break modules distributed on the official channels. --- spec/classes/mod/rpaf_spec.rb | 24 ++++++++++++------------ templates/mod/rpaf.conf.erb | 14 +++++++------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index ef41fcd350..13f0e6c8c0 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -22,25 +22,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/mods-available/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end context "on a FreeBSD OS" do @@ -62,25 +62,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end context "on a Gentoo OS" do @@ -102,25 +102,25 @@ it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/modules.d/rpaf.conf', }) } - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_enable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_sethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_proxyIPs 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAF_header X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end end diff --git a/templates/mod/rpaf.conf.erb b/templates/mod/rpaf.conf.erb index e0ed8dce8d..56e2398b55 100644 --- a/templates/mod/rpaf.conf.erb +++ b/templates/mod/rpaf.conf.erb @@ -1,15 +1,15 @@ # Enable reverse proxy add forward -RPAF_enable On -# RPAF_sethostname will, when enabled, take the incoming X-Host header and +RPAFenable On +# RPAFsethostname will, when enabled, take the incoming X-Host header and # update the virtual host settings accordingly. This allows to have the same # hostnames as in the "real" configuration for the forwarding proxy. <% if @sethostname -%> -RPAF_sethostname On +RPAFsethostname On <% else -%> -RPAF_sethostname Off +RPAFsethostname Off <% end -%> # Which IPs are forwarding requests to us -RPAF_proxyIPs <%= Array(@proxy_ips).join(" ") %> -# Setting RPAF_header allows you to change the header name to parse from the +RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %> +# Setting RPAFheader allows you to change the header name to parse from the # default X-Forwarded-For to something of your choice. -RPAF_header <%= @header %> +RPAFheader <%= @header %> From 192d89427ade170a9c76fc0df0bcda0786c0cb53 Mon Sep 17 00:00:00 2001 From: Andreas Ntaflos Date: Sat, 30 Apr 2016 00:46:20 +0200 Subject: [PATCH 0923/2267] Allow setting KeepAlive related options per vhost Introduce the parameters vhost::keepalive, vhost::keepalive_timeout and vhost::max_keepalive_requests, which are all undef by default, meaning the server-wide KeepAlive options will be in effect. This way the KeepAlive settings can be changed on a per-vhost basis. Includes updated documentation and basic spec tests. --- README.md | 20 +++++++++++++++++++- manifests/vhost.pp | 19 +++++++++++++++++++ spec/defines/vhost_spec.rb | 17 +++++++++++++---- templates/vhost/_keepalive_options.erb | 9 +++++++++ 4 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 templates/vhost/_keepalive_options.erb diff --git a/README.md b/README.md index 54a4084999..819a1eb72c 100644 --- a/README.md +++ b/README.md @@ -2206,6 +2206,24 @@ apache::vhost { 'sample.example.net': } ``` +##### `keepalive` + +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. Valid options: 'Off', 'On' and `undef`. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. + +Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host. + +##### `keepalive_timeout` + +Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. + +This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. + +##### `max_keepalive_requests` + +Limits the number of requests allowed per connection to the virtual host. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. + +This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. + ##### `auth_kerb` Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: false. @@ -3192,7 +3210,7 @@ apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', - require => { + require => { enforce => 'all', require => ['group', 'not host host.example.com'], }, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 3845075c12..88e9c1b071 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -149,6 +149,9 @@ $krb_verify_kdc = 'on', $krb_servicename = 'HTTP', $krb_save_credentials = 'off', + $keepalive = undef, + $keepalive_timeout = undef, + $max_keepalive_requests = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -264,6 +267,10 @@ validate_re($ssl_proxy_check_peer_expire,'(^on$|^off$)',"${ssl_proxy_check_peer_expire} is not permitted for ssl_proxy_check_peer_expire. Allowed values are 'on' or 'off'.") } + if $keepalive { + validate_re($keepalive,'(^on$|^off$)',"${keepalive} is not permitted for keepalive. Allowed values are 'on' or 'off'.") + } + # Input validation ends if $ssl and $ensure == 'present' { @@ -1051,6 +1058,18 @@ } } + # Template uses: + # - $keepalive + # - $keepalive_timeout + # - $max_keepalive_requests + if $keepalive or $keepalive_timeout or $max_keepalive_requests { + concat::fragment { "${name}-keepalive_options": + target => "${priority_real}${filename}.conf", + order => 350, + content => template('apache/vhost/_keepalive_options.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6df7c8e311..6e72b00081 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -201,7 +201,7 @@ 'path' => '/var/www/files', 'provider' => 'files', 'require' => - { + { 'enforce' => 'all', 'requires' => ['all-valid1', 'all-valid2'], }, @@ -210,7 +210,7 @@ 'path' => '/var/www/files', 'provider' => 'files', 'require' => - { + { 'enforce' => 'none', 'requires' => ['none-valid1', 'none-valid2'], }, @@ -219,7 +219,7 @@ 'path' => '/var/www/files', 'provider' => 'files', 'require' => - { + { 'enforce' => 'any', 'requires' => ['any-valid1', 'any-valid2'], }, @@ -395,7 +395,10 @@ 'krb_authoritative' => 'off', 'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'], 'krb_5keytab' => '/tmp/keytab5', - 'krb_local_user_mapping' => 'off' + 'krb_local_user_mapping' => 'off', + 'keepalive' => 'on', + 'keepalive_timeout' => '100', + 'max_keepalive_requests' => '1000', } end let :facts do @@ -600,6 +603,12 @@ :content => /^\s+KrbSaveCredentials\soff$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbVerifyKDC\son$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + :content => /^\s+KeepAlive\son$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + :content => /^\s+KeepAliveTimeout\s100$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( + :content => /^\s+MaxKeepAliveRequests\s1000$/)} end context 'vhost with multiple ip addresses' do let :params do diff --git a/templates/vhost/_keepalive_options.erb b/templates/vhost/_keepalive_options.erb new file mode 100644 index 0000000000..d14f5ed155 --- /dev/null +++ b/templates/vhost/_keepalive_options.erb @@ -0,0 +1,9 @@ +<%- if @keepalive -%> + KeepAlive <%= @keepalive %> +<%- end -%> +<%- if @keepalive_timeout -%> + KeepAliveTimeout <%= @keepalive_timeout %> +<%- end -%> +<%- if @max_keepalive_requests -%> + MaxKeepAliveRequests <%= @max_keepalive_requests %> +<%- end -%> From 510562e572cc78c0fdcf7a7241c34e5870dd229f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sat, 30 Apr 2016 10:34:44 +0200 Subject: [PATCH 0924/2267] Set actual path to apachectl on FreeBSD. This unbreaks snippets verification. --- manifests/params.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index 60e184a962..0a6f547199 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -51,6 +51,8 @@ if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' + } elsif $::operatingsystem == 'FreeBSD' { + $verify_command = '/usr/local/sbin/apachectl -t' } else { $verify_command = '/usr/sbin/apachectl -t' } From 3f4e1cf0929c1d9f2271ed9e96f6ed7f14d6d393 Mon Sep 17 00:00:00 2001 From: Jairo Junior Date: Wed, 20 Apr 2016 17:10:11 -0300 Subject: [PATCH 0925/2267] Add support for mod_cluster, an httpd-based load balancer. --- README.md | 27 ++++++++ manifests/mod/cluster.pp | 38 +++++++++++ spec/classes/mod/cluster_spec.rb | 105 +++++++++++++++++++++++++++++++ templates/mod/cluster.conf.erb | 23 +++++++ 4 files changed, 193 insertions(+) create mode 100644 manifests/mod/cluster.pp create mode 100644 spec/classes/mod/cluster_spec.rb create mode 100644 templates/mod/cluster.conf.erb diff --git a/README.md b/README.md index 1b861f56a4..cc806b248e 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ [`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap +[`apache::mod::cluster`]: #class-apachemodcluster [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::event`]: #class-apachemodevent [`apache::mod::ext_filter`]: #class-apachemodext_filter @@ -1273,6 +1274,7 @@ The following Apache modules have supported classes, many of which allow for par * `cache` * `cgi` * `cgid` +* `cluster` (see [`apache::mod::cluster`][]) * `dav` * `dav_fs` * `dav_svn`\* @@ -1428,6 +1430,31 @@ Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to gener - `package_name`: Default: `undef`. - `verify_server_cert`: Default: `undef`. +##### Class: `apache::mod::cluster` + +**Note**: There is no official package available for mod\_cluster and thus it must be made available by means outside of the control of the apache module. Binaries can be found at http://mod-cluster.jboss.org/ + +``` puppet +class { '::apache::mod::cluster': + ip => '172.17.0.1', + allowed_network => '172.17.0.', + balancer_name => 'mycluster', + version => '1.3.1' +} +``` + +**Parameters within `apache::mod::cluster`**: + +- `port`: mod_cluster listen port. Default: '6666'. +- `server_advertise`: Whether the server should advertise. Default: true. +- `manager_allowed_network`: Network allowed to access the mod_cluster_manager. Default: '127.0.0.1'. +- `keep_alive_timeout`: Keep-alive timeout. Default: 60. +- `max_keep_alive_requests`: Max number of requests kept alive. Default: 0 +- `enable_mcpm_receive`: Whether MCPM should be enabled: Default: true. +- `ip`: Listen ip address.. +- `allowed_network`: Balanced members network. +- `version`: mod_cluster version. >= 1.3.0 is required for httpd 2.4. + ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. diff --git a/manifests/mod/cluster.pp b/manifests/mod/cluster.pp new file mode 100644 index 0000000000..a3a9f6c631 --- /dev/null +++ b/manifests/mod/cluster.pp @@ -0,0 +1,38 @@ +class apache::mod::cluster ( + $allowed_network, + $balancer_name, + $ip, + $version, + $enable_mcpm_receive = true, + $port = '6666', + $keep_alive_timeout = 60, + $manager_allowed_network = '127.0.0.1', + $max_keep_alive_requests = 0, + $server_advertise = true, +) { + + include ::apache + + ::apache::mod { 'proxy': } + ::apache::mod { 'proxy_ajp': } + ::apache::mod { 'manager': } + ::apache::mod { 'proxy_cluster': } + ::apache::mod { 'advertise': } + + if (versioncmp($version, '1.3.0') >= 0 ) { + ::apache::mod { 'cluster_slotmem': } + } else { + ::apache::mod { 'slotmem': } + } + + file {'cluster.conf': + ensure => file, + path => "${::apache::mod_dir}/cluster.conf", + mode => $::apache::file_mode, + content => template('apache/mod/cluster.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + +} diff --git a/spec/classes/mod/cluster_spec.rb b/spec/classes/mod/cluster_spec.rb new file mode 100644 index 0000000000..b5f74bac7d --- /dev/null +++ b/spec/classes/mod/cluster_spec.rb @@ -0,0 +1,105 @@ +require 'spec_helper' + +describe 'apache::mod::cluster', :type => :class do + context 'on a RedHat OS Release 7 with mod version = 1.3.0' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + let(:params) { + { + :allowed_network => '172.17.0', + :balancer_name => 'mycluster', + :ip => '172.17.0.1', + :version => '1.3.0' + } + } + + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_apache__mod('proxy') } + it { is_expected.to contain_apache__mod('proxy_ajp') } + it { is_expected.to contain_apache__mod('manager') } + it { is_expected.to contain_apache__mod('proxy_cluster') } + it { is_expected.to contain_apache__mod('advertise') } + it { is_expected.to contain_apache__mod('cluster_slotmem') } + + it { is_expected.to contain_file('cluster.conf') } + end + + context 'on a RedHat OS Release 7 with mod version > 1.3.0' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + let(:params) { + { + :allowed_network => '172.17.0', + :balancer_name => 'mycluster', + :ip => '172.17.0.1', + :version => '1.3.1' + } + } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_apache__mod('proxy') } + it { is_expected.to contain_apache__mod('proxy_ajp') } + it { is_expected.to contain_apache__mod('manager') } + it { is_expected.to contain_apache__mod('proxy_cluster') } + it { is_expected.to contain_apache__mod('advertise') } + it { is_expected.to contain_apache__mod('cluster_slotmem') } + + it { is_expected.to contain_file('cluster.conf') } + end + + context 'on a RedHat OS Release 6 with mod version < 1.3.0' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + let(:params) { + { + :allowed_network => '172.17.0', + :balancer_name => 'mycluster', + :ip => '172.17.0.1', + :version => '1.2.0' + } + } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_apache__mod('proxy') } + it { is_expected.to contain_apache__mod('proxy_ajp') } + it { is_expected.to contain_apache__mod('manager') } + it { is_expected.to contain_apache__mod('proxy_cluster') } + it { is_expected.to contain_apache__mod('advertise') } + it { is_expected.to contain_apache__mod('slotmem') } + + it { is_expected.to contain_file('cluster.conf') } + end +end diff --git a/templates/mod/cluster.conf.erb b/templates/mod/cluster.conf.erb new file mode 100644 index 0000000000..6a998a0e96 --- /dev/null +++ b/templates/mod/cluster.conf.erb @@ -0,0 +1,23 @@ +Listen <%= @ip %>:<%= @port %> +:<%= @port %>> + + Order deny,allow + Deny from all + Allow from <%= @allowed_network %> + + + KeepAliveTimeout <%= @keep_alive_timeout %> + MaxKeepAliveRequests <%= @max_keep_alive_requests %> + EnableMCPMReceive <%= scope.function_bool2httpd([@enable_mcpm_receive]) %> + + ManagerBalancerName <%= @balancer_name %> + ServerAdvertise <%= scope.function_bool2httpd([@server_advertise]) %> + + + SetHandler mod_cluster-manager + Order deny,allow + Deny from all + Allow from <%= @manager_allowed_network %> + + + From 9995c24db29f09070aaebf4bb86dcd26caa56a0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Mo=CC=88ding?= Date: Fri, 22 Apr 2016 20:56:31 +0200 Subject: [PATCH 0926/2267] Set DAV parameters in a directory block --- README.md | 12 ++++++++++++ spec/defines/vhost_spec.rb | 11 +++++++++++ templates/vhost/_directories.erb | 9 +++++++++ 3 files changed, 32 insertions(+) diff --git a/README.md b/README.md index 1b861f56a4..abbe15542f 100644 --- a/README.md +++ b/README.md @@ -2938,6 +2938,18 @@ ProxyStatus On', } ``` +###### `dav` + +Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either `On`, `Off` or the name of the provider. A value of `On` enables the default filesystem provider implemented by the `mod_dav_fs` module. + +###### `dav_depth_infinity` + +Sets the value for [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity), which is used to enable the processing of `PROPFIND` requests having a `Depth: Infinity` header. + +###### `dav_min_timeout` + +Sets the value for [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout), which sets the time the server holds a lock on a DAV resource. The value should be the number of seconds to set. + ###### `deny` Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 06b1d5a10d..95b1f32b8b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -245,6 +245,11 @@ }, ], }, + { 'path' => '/var/www/dav', + 'dav' => 'filesystem', + 'dav_depth_infinity' => true, + 'dav_min_timeout' => '600', + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -507,6 +512,12 @@ :content => /^\s+$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /\s+\s*Require valid-user\s*<\/Limit>/m ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Dav\sfilesystem$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+DavDepthInfinity\sOn$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+DavMinTimeout\s600$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 50561e863f..df2690c431 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -115,6 +115,15 @@ ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> <%- end -%> <%- end -%> + <%- if directory['dav'] -%> + Dav <%= directory['dav'] %> + <%- if directory['dav_depth_infinity'] -%> + DavDepthInfinity <%= scope.function_bool2httpd([directory['dav_depth_infinity']]) %> + <%- end -%> + <%- if directory['dav_min_timeout'] -%> + DavMinTimeout <%= directory['dav_min_timeout'] %> + <%- end -%> + <%- end -%> <%- if directory['auth_type'] -%> AuthType <%= directory['auth_type'] %> <%- end -%> From 00db1f929d952dcf6569e3b5ce69a559f69218c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCssel?= Date: Mon, 25 Apr 2016 14:27:46 +0200 Subject: [PATCH 0927/2267] add additional directories options for LDAP Auth * AuthLDAPURL as auth_ldap_url * AUTHLDAPBindDN as auth_ldap_bind_dn * AuthLDAPBindPassword as auth_ldap_bind_password * AuthLDAPGroupAttribute as auth_ldap_group_attribute * AuthLDAPGroupAttributeIsDN as auth_ldap_group_attribute_is_dn add documentation in README for additional directories options LDAP Auth --- README.md | 20 ++++++++++++++++++++ templates/vhost/_directories.erb | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/README.md b/README.md index 74b5183152..87f4a84cf8 100644 --- a/README.md +++ b/README.md @@ -2889,6 +2889,26 @@ Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_ Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined +###### `auth_ldap_url` + +Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl), which determines URL of LDAP-server(s) if AuthBasicProvider 'ldap' is used + +###### `auth_ldap_bind_dn` + +Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used + +###### `auth_ldap_bind_password` + +Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used + +###### `auth_ldap_group_attribute` + +Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. defaults are: "member" and "uniquemember" + +###### `auth_ldap_group_attribute_is_dn` + +Sets value for [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn), specifies if member of a ldapgroup is a dn or simple username. When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. valid values are: "on" or "off" + ###### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 789ade537c..9d9381f83a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -207,6 +207,26 @@ <%- if directory['auth_merging'] -%> AuthMerging <%= directory['auth_merging'] %> <%- end -%> + <%- if directory['auth_ldap_url'] -%> + AuthLDAPURL <%= directory['auth_ldap_url'] %> + <%- end -%> + <%- if directory['auth_ldap_bind_dn'] -%> + AuthLDAPBindDN <%= directory['auth_ldap_bind_dn'] %> + <%- end -%> + <%- if directory['auth_ldap_bind_password'] -%> + AuthLDAPBindPassword <%= directory['auth_ldap_bind_password'] %> + <%- end -%> + <%- if directory['auth_ldap_group_attribute'] -%> + <%- Array(directory['auth_ldap_group_attribute']).each do |groupattr| -%> + AuthLDAPGroupAttribute <%= groupattr %> + <%- end -%> + <%- end -%> + <%- if directory['auth_ldap_group_attribute_is_dn'] == 'off' -%> + AuthLDAPGroupAttributeIsDN Off + <%- end -%> + <%- if directory['auth_ldap_group_attribute_is_dn'] == 'on' -%> + AuthLDAPGroupAttributeIsDN On + <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> <%- end -%> From b044e5905269f4c37ac337277d43cd98204ed589 Mon Sep 17 00:00:00 2001 From: Sebastian Reitenbach Date: Sat, 7 May 2016 23:18:55 +0200 Subject: [PATCH 0928/2267] Only set SSLCompression when it is set to true. The default for SSLCompression in Apache is 'Off' anyways, see: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression therefore there is no real need to add that into the config file. This will prevent problems on Apache versions that have linked against SSL libraries that do not have SSLCompression enabled. There, even SSLCompression Off will lead to: H00526: Syntax error on line 14 of /etc/apache2/modules/ssl.conf: Setting Compression mode unsupported; not implemented by the SSL library and prevents Apache startup Add some spec tests for that behaviour, depending on whether Apache version >= 2.4 or not, since the template also differentiates. --- spec/classes/mod/ssl_spec.rb | 40 ++++++++++++++++++++++++++++++++++++ templates/mod/ssl.conf.erb | 2 ++ 2 files changed, 42 insertions(+) diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f76377e859..6b0d8def3e 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -133,6 +133,46 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)} end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + context 'ssl_compression with default value' do + it { is_expected.not_to contain_file('ssl.conf').with_content(/^ SSLCompression Off$/)} + end + + context 'setting ssl_compression to true' do + let :params do + { + :ssl_compression => true, + } + end + it { is_expected.not_to contain_file('ssl.conf').with_content(/^ SSLCompression On$/)} + end + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + context 'ssl_compression with default value' do + it { is_expected.not_to contain_file('ssl.conf').with_content(/^ SSLCompression Off$/)} + end + + context 'setting ssl_compression to true' do + let :params do + { + :apache_version => '2.4', + :ssl_compression => true, + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLCompression On$/)} + end + end + context 'setting ssl_pass_phrase_dialog' do let :params do { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 15aab10d78..68ad179a72 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -12,7 +12,9 @@ SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Mutex <%= @_ssl_mutex %> + <%- if @ssl_compression -%> SSLCompression <%= scope.function_bool2httpd([@ssl_compression]) %> + <%- end -%> <%- else -%> SSLMutex <%= @_ssl_mutex %> <%- end -%> From cd3ff1394bc59a09c914dc522a2dc71d3bd5e492 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Wed, 11 May 2016 10:36:25 -0700 Subject: [PATCH 0929/2267] Release Prep for 1.10.0 --- CHANGELOG.md | 22 ++++++++++++++++++++-- metadata.json | 6 +----- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b1da63b53..4025bdba7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,25 @@ -## Supported Release 1.9.0 -### Summary +## Supported Release 1.10.0 +#### Summary +This release fixes backwards compatibilty bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. +#### Features +- Allow setting KeepAlive related options per vhost + - `apache::vhost::keepalive` + - `apache::vhost::keepalive_timeout` + - `apache::vhost::max_keepalive_requests` +- Adds new class `apache::mod::cluster` +#### Bugfixes +- MODULES-2890: Allow php_version != 5 +- MODULES-2890: mod::php: Explicit test on jessie +- MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial +- MODULES-2890: Fix mod_php SetHandler and cleanup +- Fixed trailing slash in lib_path on Suse +- Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0. +- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0. +- Set actual path to apachectl on FreeBSD. Fixes snippets verification. + +## Supported Release 1.9.0 [DELETED] #### Features - Added `apache_version` fact - Added `apache::balancer::target` attribute diff --git a/metadata.json b/metadata.json index 972f456d07..a82bccc323 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.9.0", + "version": "1.10.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -69,10 +69,6 @@ } ], "requirements": [ - { - "name": "pe", - "version_requirement": ">= 3.7.0 < 2015.4.0" - }, { "name": "puppet", "version_requirement": ">= 3.0.0 < 5.0.0" From 8190e96122ee6cc789b7e85fa1c17b3dbad6fea7 Mon Sep 17 00:00:00 2001 From: Timo Goebel Date: Tue, 10 May 2016 09:08:07 +0200 Subject: [PATCH 0930/2267] mod_event: parameters can be unset --- README.md | 16 +++++++------- spec/classes/mod/event_spec.rb | 38 ++++++++++++++++++++++++++++++---- templates/mod/event.conf.erb | 18 ++++++++++++++-- 3 files changed, 58 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index c35cee3d04..2f2fd50d53 100644 --- a/README.md +++ b/README.md @@ -1367,14 +1367,14 @@ Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::e **Parameters within `apache::mod::event`**: -- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. -- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. -- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. -- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. -- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. -- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. -- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. -- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. +- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. Setting this to 'false' removes the parameter. +- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. Setting these to 'false' removes the parameters. +- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. Setting these to 'false' removes the parameters. +- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. Setting these to 'false' removes the parameters. +- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. Setting this to 'false' removes the parameter. +- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. Setting this to 'false' removes the parameter. +- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. Setting this to 'false' removes the parameter. +- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to 'false' removes the parameter. ##### Class: `apache::mod::auth_cas` diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 00291a5f98..b010d4c024 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -78,11 +78,11 @@ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) } @@ -115,8 +115,38 @@ it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers\s*9/) } - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild\s*10/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild/) } + end + + context "Test mpm_event false params" do + let :params do + { + :serverlimit => false, + :startservers => false, + :maxclients => false, + :minsparethreads => false, + :maxsparethreads => false, + :threadsperchild => false, + :maxrequestsperchild => false, + :threadlimit => false, + :listenbacklog => false, + :maxrequestworkers => false, + :maxconnectionsperchild => false, + } + end + + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ServerLimit/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*StartServers/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxClients/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MinSpareThreads/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxSpareThreads/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ThreadsPerChild/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestsPerChild/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ThreadLimit/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*ListenBacklog/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxRequestWorkers/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').without_content(/^\s*MaxConnectionsPerChild/) } end context "with Apache version < 2.4" do diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index da7682fb4d..bca707c932 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -1,19 +1,33 @@ + <%- if @serverlimit -%> ServerLimit <%= @serverlimit %> + <%- end -%> + <%- if @startservers -%> StartServers <%= @startservers %> + <%- end -%> <%- if @maxrequestworkers -%> MaxRequestWorkers <%= @maxrequestworkers %> - <%- else -%> + <%- elsif @maxclients -%> MaxClients <%= @maxclients %> <%- end -%> + <%- if @minsparethreads -%> MinSpareThreads <%= @minsparethreads %> + <%- end -%> + <%- if @maxsparethreads -%> MaxSpareThreads <%= @maxsparethreads %> + <%- end -%> + <%- if @threadsperchild -%> ThreadsPerChild <%= @threadsperchild %> + <%- end -%> <%- if @maxconnectionsperchild -%> MaxConnectionsPerChild <%= @maxconnectionsperchild %> - <%- else -%> + <%- elsif @maxrequestsperchild -%> MaxRequestsPerChild <%= @maxrequestsperchild %> <%- end -%> + <%- if @threadlimit -%> ThreadLimit <%= @threadlimit %> + <%- end -%> + <%- if @listenbacklog -%> ListenBacklog <%= @listenbacklog %> + <%- end -%> From 3209a5e90d4f0664f558999a48277fdd86fe7c7e Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 13 May 2016 12:34:12 -0700 Subject: [PATCH 0931/2267] (maint) Disables mod_pagespeed tests for Debian 7 Because libc6 package on Debian Wheezy repo is old, and Pagespeed needs newer. --- spec/acceptance/mod_pagespeed_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 009df6a101..6d3a8c8823 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,7 +1,8 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::pagespeed class' do +# Don't run this test on Debian < 8, because Debian doesn't like updating packages and Pagespeed doesn't like old packages. +describe 'apache::mod::pagespeed class', :unless => (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') do context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS From ece000357b5ac30ae50f355b9f09605826df4c5d Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Mon, 16 May 2016 09:16:50 +0100 Subject: [PATCH 0932/2267] Remove duplicate shib2 hash element Prevents warning under Puppet 4: The key 'shib2' is declared more than once at modules/apache/manifests/params.pp:241:21 --- manifests/params.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 55682f3bb6..6a9f14919d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -248,7 +248,6 @@ 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', - 'shib2' => 'libapache2-mod-shib2', } if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 { $shib2_lib = 'mod_shib_22.so' From cf95d5179325889348931cd1d6fcea400ee85ce0 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Mon, 16 May 2016 09:58:27 -0700 Subject: [PATCH 0933/2267] (maint) Skip pagespeed tests on Ubuntu lucid too --- spec/acceptance/mod_pagespeed_spec.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 6d3a8c8823..602c78c2f0 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,8 +1,11 @@ require 'spec_helper_acceptance' require_relative './version.rb' -# Don't run this test on Debian < 8, because Debian doesn't like updating packages and Pagespeed doesn't like old packages. -describe 'apache::mod::pagespeed class', :unless => (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') do +# Don't run this test on Debian < 8 or Ubuntu < 12, because Debian doesn't like +# updating packages and Pagespeed doesn't like old packages. +describe 'apache::mod::pagespeed class', :unless => + ((fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') < '12')) do context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS From 18a76027c7f23f94c37ed2f27944b789f14e5a44 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Mon, 16 May 2016 10:06:50 -0700 Subject: [PATCH 0934/2267] (maint) Update README to warn about Pagespeed's evolving reqs --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c35cee3d04..8f5f8d59cc 100644 --- a/README.md +++ b/README.md @@ -1606,6 +1606,8 @@ Installs and manages [`mod_pagespeed`][], a Google module that rewrites web page While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. +**Note:** Verify that your system is compatible with the latest Google Pagespeed requirements. + **Parameters within `apache::mod::pagespeed`**: - `inherit_vhost_config`: Default: 'on'. From 1eb9f9e429db852b5a43c8c1123688142cbddb06 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 17 May 2016 13:13:08 -0700 Subject: [PATCH 0935/2267] (maint) Skip proxy_html tests due to missing pkgs --- README.md | 2 +- spec/acceptance/mod_proxy_html_spec.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8f5f8d59cc..479b20aa1e 100644 --- a/README.md +++ b/README.md @@ -3682,7 +3682,7 @@ The [`apache::mod::passenger`][] class is not installing as the the EL6 reposito ### RHEL/CentOS 7 -The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. ### General diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index f87d825837..ce8aad6f3d 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -1,7 +1,8 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::proxy_html class' do +# Don't run proxy_html tests on RHEL7 because the yum repos are missing packages required by it. +describe 'apache::mod::proxy_html class', :unless => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7') do context "default proxy_html config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do From f6049966734886b6d160420322c269a47a7357da Mon Sep 17 00:00:00 2001 From: Sebastian Gerhards Date: Fri, 6 May 2016 12:29:55 +0200 Subject: [PATCH 0936/2267] Add class apache::vhosts to create apache::vhost resources --- README.md | 24 +++++++++++++++++++++++ manifests/vhosts.pp | 6 ++++++ spec/acceptance/vhosts_spec.rb | 32 +++++++++++++++++++++++++++++++ spec/classes/vhosts_spec.rb | 35 ++++++++++++++++++++++++++++++++++ 4 files changed, 97 insertions(+) create mode 100644 manifests/vhosts.pp create mode 100644 spec/acceptance/vhosts_spec.rb create mode 100644 spec/classes/vhosts_spec.rb diff --git a/README.md b/README.md index 2f2fd50d53..b65cc6a920 100644 --- a/README.md +++ b/README.md @@ -741,6 +741,7 @@ apache::balancer { 'puppet01': - [**Public classes**](#public-classes) - [Class: apache](#class-apache) - [Class: apache::dev](#class-apachedev) + - [Class: apache::vhosts](#class-apachevhosts) - [Classes: apache::mod::\*](#classes-apachemodname) - [**Private classes**](#private-classes) - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) @@ -1247,6 +1248,29 @@ The default value is determined by your operating system: > **Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. +#### Class: `apache::vhosts` + +Creates [`apache::vhost`][] defined types. + +**Parameters within `apache::vhosts`**: + +- `vhosts`: A [hash][] where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters. Default: '{}' + +> **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts]. + +For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, you can declare the class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }': + +``` puppet +class { 'apache::vhosts': + vhosts => { + 'custom_vhost_1' => { + 'docroot' => '/var/www/custom_vhost_1', + 'port' => '81', + }, + }, +} +``` + #### Classes: `apache::mod::` Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp new file mode 100644 index 0000000000..cf212c4b12 --- /dev/null +++ b/manifests/vhosts.pp @@ -0,0 +1,6 @@ +class apache::vhosts ( + $vhosts = {}, +) { + include ::apache + create_resources('apache::vhost', $vhosts) +} diff --git a/spec/acceptance/vhosts_spec.rb b/spec/acceptance/vhosts_spec.rb new file mode 100644 index 0000000000..d8fb062f9d --- /dev/null +++ b/spec/acceptance/vhosts_spec.rb @@ -0,0 +1,32 @@ +require 'spec_helper_acceptance' +require_relative './version.rb' + +describe 'apache::vhosts class' do + context 'custom vhosts defined via class apache::vhosts' do + it 'should create custom vhost config files' do + pp = <<-EOS + class { 'apache::vhosts': + vhosts => { + 'custom_vhost_1' => { + 'docroot' => '/var/www/custom_vhost_1', + 'port' => '81', + }, + 'custom_vhost_2' => { + 'docroot' => '/var/www/custom_vhost_2', + 'port' => '82', + }, + }, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-custom_vhost_1.conf") do + it { is_expected.to contain '' } + end + + describe file("#{$vhost_dir}/25-custom_vhost_2.conf") do + it { is_expected.to contain '' } + end + end +end diff --git a/spec/classes/vhosts_spec.rb b/spec/classes/vhosts_spec.rb new file mode 100644 index 0000000000..3220079405 --- /dev/null +++ b/spec/classes/vhosts_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' + +describe 'apache::vhosts', :type => :class do + context 'on all OSes' do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'with custom vhosts parameter' do + let :params do { + :vhosts => { + 'custom_vhost_1' => { + 'docroot' => '/var/www/custom_vhost_1', + 'port' => '81', + }, + 'custom_vhost_2' => { + 'docroot' => '/var/www/custom_vhost_2', + 'port' => '82', + }, + }, + } + end + it { is_expected.to contain_apache__vhost('custom_vhost_1') } + it { is_expected.to contain_apache__vhost('custom_vhost_2') } + end + end +end From f5a20d78027132301510e59749be4710049bc092 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 19 May 2016 10:32:53 +0200 Subject: [PATCH 0937/2267] Add apache::mod::proxy_wstunnel --- manifests/mod/proxy_wstunnel.pp | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 manifests/mod/proxy_wstunnel.pp diff --git a/manifests/mod/proxy_wstunnel.pp b/manifests/mod/proxy_wstunnel.pp new file mode 100644 index 0000000000..57e6f1e801 --- /dev/null +++ b/manifests/mod/proxy_wstunnel.pp @@ -0,0 +1,4 @@ +class apache::mod::proxy_wstunnel { + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel'] + ::apache::mod { 'proxy_wstunnel': } +} From cc7bda1faa7b444b1a833d628873a6113297abc3 Mon Sep 17 00:00:00 2001 From: Chris Throup Date: Thu, 19 May 2016 10:14:22 +0100 Subject: [PATCH 0938/2267] (MODULES-3388) Include mpm_module classes instead of class declaration Change the use of an empty class declaration to an include statement. This enables the relevant mpm_module to be safely declared elsewhere with custom parameters. --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 194c1741e9..4c04aeac21 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -366,7 +366,7 @@ all => $default_confd_files } if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans - class { "::apache::mod::${mpm_module}": } + include "::apache::mod::${mpm_module}" } $default_vhost_ensure = $default_vhost ? { From 7fb558f1f04741e97dd38330539bbac0abb550a9 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Fri, 20 May 2016 14:00:29 +0100 Subject: [PATCH 0939/2267] Add minimal testing for proxy_wstunnel --- manifests/mod/proxy_wstunnel.pp | 1 + spec/classes/mod/proxy_wstunnel.rb | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 spec/classes/mod/proxy_wstunnel.rb diff --git a/manifests/mod/proxy_wstunnel.pp b/manifests/mod/proxy_wstunnel.pp index 57e6f1e801..290954b742 100644 --- a/manifests/mod/proxy_wstunnel.pp +++ b/manifests/mod/proxy_wstunnel.pp @@ -1,4 +1,5 @@ class apache::mod::proxy_wstunnel { + include ::apache, ::apache::mod::proxy Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel'] ::apache::mod { 'proxy_wstunnel': } } diff --git a/spec/classes/mod/proxy_wstunnel.rb b/spec/classes/mod/proxy_wstunnel.rb new file mode 100644 index 0000000000..5af217a05f --- /dev/null +++ b/spec/classes/mod/proxy_wstunnel.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe 'apache::mod::proxy_wstunnel', :type => :class do + it_behaves_like "a mod class, without including apache" +end From 06b5cf21741e2b758fff45d8cc3cf11185ed4952 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Fri, 20 May 2016 15:26:48 +0200 Subject: [PATCH 0940/2267] mod_dumpio configuration New module class for dumpio with parameters for enabling input and/or output dumping. ```puppet class{'apache': default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::diskio': disk_io_input => 'On', disk_io_output => 'Off', } ``` * https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html --- README.md | 24 +++++++++++++++- manifests/mod/dumpio.pp | 20 +++++++++++++ spec/classes/mod/dumpio_spec.rb | 51 +++++++++++++++++++++++++++++++++ templates/mod/dumpio.conf.erb | 3 ++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 manifests/mod/dumpio.pp create mode 100644 spec/classes/mod/dumpio_spec.rb create mode 100644 templates/mod/dumpio.conf.erb diff --git a/README.md b/README.md index ba7553dfc9..633d1f2d1b 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster [`apache::mod::disk_cache`]: #class-apachemoddisk_cache +[`apache::mod::dumpio`]: #class-apachemoddumpio [`apache::mod::event`]: #class-apachemodevent [`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip @@ -160,7 +161,7 @@ [`mod_authnz_external`]: https://github.com/phokz/mod-auth-external [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html -[`mod_cache_disk`]: https://httpd.apache.org/docs/current/mod/mod_cache_disk.html +[`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html [`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html @@ -1306,6 +1307,7 @@ The following Apache modules have supported classes, many of which allow for par * `dev` * `dir`\* * `disk_cache` (see [`apache::mod::disk_cache`][]) +* `dumpio` (see [`apache::mod::dumpio`][]) * `event` (see [`apache::mod::event`][]) * `expires` * `ext_filter` (see [`apache::mod::ext_filter`][]) @@ -1384,6 +1386,26 @@ class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } ``` +##### Class: `apache::mod::diskio` + +Installs and configures [`mod_diskio`][]. + +```puppet +class{'apache': + default_mods => false, + log_level => 'dumpio:trace7', +} +class{'apache::mod::diskio': + disk_io_input => 'On', + disk_io_output => 'Off', +} +``` + + +**Parameters withing `apache::mod::diskio`**: + +- `dump_io_input`: Dump all input data to the error log. Must be `On` or `Off`, defaults to `Off` +- `dump_io_output`: Dump all output data to the error log. Must be `On` or `Off`, defaults to `Off` ##### Class: `apache::mod::event` diff --git a/manifests/mod/dumpio.pp b/manifests/mod/dumpio.pp new file mode 100644 index 0000000000..4886666255 --- /dev/null +++ b/manifests/mod/dumpio.pp @@ -0,0 +1,20 @@ +class apache::mod::dumpio( + $dump_io_input = 'Off', + $dump_io_output = 'Off', +) { + + validate_re(downcase($dump_io_input), '^(on|off)$', "${dump_io_input} is not supported for dump_io_input. Allowed values are 'On' and 'Off'.") + validate_re(downcase($dump_io_output), '^(on|off)$', "${dump_io_output} is not supported for dump_io_output. Allowed values are 'On' and 'Off'.") + + ::apache::mod { 'dumpio': } + file{'dumpio.conf': + ensure => file, + path => "${::apache::mod_dir}/dumpio.conf", + mode => $::apache::file_mode, + content => template('apache/mod/dumpio.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + +} diff --git a/spec/classes/mod/dumpio_spec.rb b/spec/classes/mod/dumpio_spec.rb new file mode 100644 index 0000000000..106b23af0c --- /dev/null +++ b/spec/classes/mod/dumpio_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe 'apache::mod::dumpio', :type => :class do + context "on a Debian OS" do + let :pre_condition do + 'class{"apache": + default_mods => false, + mod_dir => "/tmp/junk", + }' + end + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "default configuration fore parameters" do + it { should compile } + it { should contain_class('apache::mod::dumpio') } + it { should contain_file("dumpio.conf").with_path("/tmp/junk/dumpio.conf") } + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"Off"$/)} + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"Off"$/)} + end + context "with dumpio_input set to On" do + let :params do + { + :dump_io_input => 'On', + } + end + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"On"$/)} + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"Off"$/)} + end + context "with dumpio_ouput set to On" do + let :params do + { + :dump_io_output => 'On', + } + end + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOInput\s+"Off"$/)} + it { should contain_file("dumpio.conf").with_content(/^\s*DumpIOOutput\s+"On"$/)} + end + end +end diff --git a/templates/mod/dumpio.conf.erb b/templates/mod/dumpio.conf.erb new file mode 100644 index 0000000000..29c34e2a5c --- /dev/null +++ b/templates/mod/dumpio.conf.erb @@ -0,0 +1,3 @@ +# https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html +DumpIOInput "<%= @dump_io_input %>" +DumpIOOutput "<%= @dump_io_output %>" From 7fd334bfbb4606173cb7ea33dad61b8ec0f9c999 Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Thu, 19 May 2016 16:01:33 +0200 Subject: [PATCH 0941/2267] apache::balancer now respects apache::confd_dir Previously with a configuration of ``` class{'apache': confd_dir => '/my/directory': } balancer{'myb':} ``` balencer would create a file incorrectly in the default location */etc/apache2/conf.d/balancer_myb.conf* balencer now uses the value *apache::confd_dir*. A test case has been added for this bug. --- manifests/balancer.pp | 2 +- spec/defines/balancer_spec.rb | 32 ++++++++++++++++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 65f6352a32..0d2439bfe2 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -52,7 +52,7 @@ if $target { $_target = $target } else { - $_target = "${::apache::params::confd_dir}/balancer_${name}.conf" + $_target = "${::apache::confd_dir}/balancer_${name}.conf" } concat { "apache_balancer_${name}": diff --git a/spec/defines/balancer_spec.rb b/spec/defines/balancer_spec.rb index 4a1477b13d..65df6d3730 100644 --- a/spec/defines/balancer_spec.rb +++ b/spec/defines/balancer_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper' describe 'apache::balancer', :type => :define do - let :pre_condition do - 'include apache' + let :title do + 'myapp' end let :facts do { @@ -17,17 +17,29 @@ :is_pe => false, } end - describe "accept a target parameter and use it" do - let :title do - 'myapp' + describe 'apache pre_condition with defaults' do + let :pre_condition do + 'include apache' end - let :params do - { - :target => '/tmp/myapp.conf' - } + describe "accept a target parameter and use it" do + let :params do + { + :target => '/tmp/myapp.conf' + } + end + it { should contain_concat('apache_balancer_myapp').with({ + :path => "/tmp/myapp.conf", + })} + end + end + describe 'apache pre_condition with conf_dir set' do + let :pre_condition do + 'class{"apache": + confd_dir => "/junk/path" + }' end it { should contain_concat('apache_balancer_myapp').with({ - :path => "/tmp/myapp.conf", + :path => "/junk/path/balancer_myapp.conf", })} end end From 7deaad212cd77dca887229b46fe92df08908d082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20M=C3=B6rner?= Date: Fri, 20 May 2016 17:35:59 +0200 Subject: [PATCH 0942/2267] fix and make 2.4 require docu more readable When using the new Apache 2.4 Require(Any|All|None) syntax in puppet the hash value for this is named requires in the code and not require. Further more the array with require examples was not really easy readable. --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba7553dfc9..2e62b18723 100644 --- a/README.md +++ b/README.md @@ -3274,8 +3274,12 @@ apache::vhost { 'sample.example.net': directories => [ { path => '/path/to/directory', require => { - enforce => 'all', - require => ['group', 'not host host.example.com'], + enforce => 'any', + requires => [ + 'ip 1.2.3.4', + 'not host host.example.com', + 'user xyz', + ], }, }, ], From 338f777e47d774b9c50f76a3f512dab1fb305d93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Mo=CC=88ding?= Date: Tue, 24 May 2016 06:16:28 +0200 Subject: [PATCH 0943/2267] Manage default root directory access rights --- README.md | 4 ++++ manifests/init.pp | 3 +++ spec/classes/apache_spec.rb | 16 ++++++++++++++++ templates/httpd.conf.erb | 8 ++++++++ 4 files changed, 31 insertions(+) diff --git a/README.md b/README.md index ba7553dfc9..9a91a1c8a7 100644 --- a/README.md +++ b/README.md @@ -1193,6 +1193,10 @@ Sets the desired permissions mode for config files, in symbolic or numeric notat Array of the desired options for the / directory in httpd.conf. Defaults to 'FollowSymLinks'. +##### `root_directory_secured` + +Sets the default access policy for the / directory in httpd.conf. A value of 'false' allows access to all resources that are missing a more specific access policy. A value of 'true' denies access to all resources by default. In this case more specific rules must be used to allow access to these resources (e.g. in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). Valid options: Boolean. Default: false. + ##### `vhost_dir` Changes your virtual host configuration files' location. Default: determined by your operating system. diff --git a/manifests/init.pp b/manifests/init.pp index 4c04aeac21..005479f068 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -81,6 +81,7 @@ $mime_types_additional = $::apache::params::mime_types_additional, $file_mode = $::apache::params::file_mode, $root_directory_options = $::apache::params::root_directory_options, + $root_directory_secured = false, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -89,6 +90,7 @@ validate_bool($service_enable) validate_bool($service_manage) validate_bool($use_optional_includes) + validate_bool($root_directory_secured) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', @@ -343,6 +345,7 @@ # - $server_signature # - $trace_enable # - $rewrite_lock + # - $root_directory_secured file { "${::apache::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 2fe53f409c..6eef4ba249 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -852,6 +852,22 @@ end it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options -Indexes -FollowSymLinks} } end + context 'with a custom root_directory_secured parameter and Apache < 2.4' do + let :params do { + :apache_version => '2.2', + :root_directory_secured => true + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Order deny,allow\n\s+Deny from all} } + end + context 'with a custom root_directory_secured parameter and Apache >= 2.4' do + let :params do { + :apache_version => '2.4', + :root_directory_secured => true + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Require all denied} } + end context 'default vhost defaults' do it { is_expected.to contain_apache__vhost('default').with_ensure('present') } it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 448d1fec55..21184179ff 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -33,6 +33,14 @@ AccessFileName .htaccess Options <%= Array(@root_directory_options).join(' ') %> AllowOverride None +<%- if @root_directory_secured -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied +<%- else -%> + Order deny,allow + Deny from all +<%- end -%> +<%- end -%> <% if @default_charset -%> From 6842f5c46e893dd88f5e3c654bc5f2408b0cd07f Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 25 May 2016 19:24:59 +0100 Subject: [PATCH 0944/2267] Update tests to pass with puppet 4.5 and test properly --- spec/classes/params_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index d02209497b..32ccd313c9 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -15,10 +15,8 @@ :is_pe => false, } end - it { is_expected.to contain_apache__params } - it "Should not contain any resources" do - should have_resource_count(0) - end + it { is_expected.to compile.with_all_deps } + it { is_expected.to have_resource_count(0) } end end From 2bfffdd1d3b537e9998ede122f6a42e2d6ceaf40 Mon Sep 17 00:00:00 2001 From: Matthias Pigulla Date: Tue, 7 Jun 2016 00:17:23 +0200 Subject: [PATCH 0945/2267] Add apache::mod::socache_shmcb so it can be included multiple times --- manifests/mod/socache_shmcb.pp | 3 +++ manifests/mod/ssl.pp | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 manifests/mod/socache_shmcb.pp diff --git a/manifests/mod/socache_shmcb.pp b/manifests/mod/socache_shmcb.pp new file mode 100644 index 0000000000..7bfb4c6b57 --- /dev/null +++ b/manifests/mod/socache_shmcb.pp @@ -0,0 +1,3 @@ +class apache::mod::socache_shmcb { + ::apache::mod { 'socache_shmcb': } +} \ No newline at end of file diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7a220e8345..a2d9c9055d 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -72,7 +72,7 @@ } if versioncmp($_apache_version, '2.4') >= 0 { - ::apache::mod { 'socache_shmcb': } + include ::apache::mod::socache_shmcb } # Template uses From a74bdea8f648a79fc05568badac084269e151d91 Mon Sep 17 00:00:00 2001 From: Lotte-Sara Laan Date: Tue, 7 Jun 2016 22:41:21 +0200 Subject: [PATCH 0946/2267] Added support for apache 2.4 on Amazon Linux It's now possible to use the default_mods parameter in combination with apache_version 2.4 on an Amazon Linux system --- manifests/mod.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 347179d40b..8958d1276f 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -50,7 +50,12 @@ if $package { $_package = $package } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack - $_package = $mod_packages[$mod] + if ($::apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/) { + # On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4 + $_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2') + } else { + $_package = $mod_packages[$mod] + } } else { $_package = undef } From 4b9f9a03de0c2ab7cd558b1092e11b0f6e4f652c Mon Sep 17 00:00:00 2001 From: Kimo Rosenbaum Date: Thu, 7 Apr 2016 15:10:50 -0700 Subject: [PATCH 0947/2267] Wrap mod_security directives in an IfModule --- templates/vhost/_security.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb index 7f61da2eb2..9e9492f183 100644 --- a/templates/vhost/_security.erb +++ b/templates/vhost/_security.erb @@ -1,3 +1,4 @@ + <% if @modsec_disable_vhost -%> SecRuleEngine Off <% end -%> @@ -36,3 +37,4 @@ <% if @modsec_body_limit -%> SecRequestBodyLimit <%= @modsec_body_limit %> <% end -%> + From 08bdf034d4ec68cea9b54c247917b0a3ee5166f7 Mon Sep 17 00:00:00 2001 From: cd Date: Mon, 13 Jun 2016 13:29:58 +0100 Subject: [PATCH 0948/2267] variety of xenial fixes --- README.md | 3 +++ manifests/mod/dav_svn.pp | 2 +- manifests/mpm.pp | 10 +++++++-- spec/acceptance/mod_dav_svn_spec.rb | 2 +- spec/acceptance/mod_passenger_spec.rb | 9 ++++++++ spec/acceptance/mod_php_spec.rb | 31 +++++++++++++++++++++------ spec/acceptance/mod_suphp_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 2 +- 8 files changed, 48 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 419ca939f7..cd9f2e513f 100644 --- a/README.md +++ b/README.md @@ -3704,6 +3704,9 @@ The Apache module relies heavily on templates to enable the [`apache::vhost`][] The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. +### Ubuntu 16.04 +The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages. + ### RHEL/CentOS 5 The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 6d2912155b..071535c11c 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -6,7 +6,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04' and $::operatingsystemmajrelease != '16.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 1535409101..b5a009610e 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -66,12 +66,18 @@ } } + if $mpm == 'itk' and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' { + $packagename = 'libapache2-mpm-itk' + } else { + $packagename = "apache2-mpm-${mpm}" + } + if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' { - package { "apache2-mpm-${mpm}": + package { $packagename: ensure => present, } if $::apache::mod_enable_dir { - Package["apache2-mpm-${mpm}"] { + Package[$packagename] { before => File[$::apache::mod_enable_dir], } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 9abd12aed2..9a030c54f5 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -4,7 +4,7 @@ describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do case fact('osfamily') when 'Debian' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' or fact('operatingsystemmajrelease') == '16.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 5798545ea2..4761d2c5bf 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -23,6 +23,10 @@ passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' passenger_ruby = '/usr/bin/ruby' passenger_default_ruby = '/usr/bin/ruby' + when '16.04' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' else # This may or may not work on Ubuntu releases other than the above passenger_root = '/usr' @@ -118,6 +122,9 @@ class { 'apache::mod::passenger': } when '14.04' it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } it { is_expected.not_to contain "/PassengerRuby/" } + when '16.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } else # This may or may not work on Ubuntu releases other than the above it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } @@ -152,6 +159,7 @@ class { 'apache::mod::passenger': } # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain # these two lines unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) expect(r.stdout).to match(/### Processes: [0-9]+/) expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) @@ -170,6 +178,7 @@ class { 'apache::mod::passenger': } # spacing may vary expect(r.stdout).to match(/[\-]+ General information [\-]+/) if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index f9919646f0..96de640404 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -31,8 +31,14 @@ class { 'apache::mod::php': } it { is_expected.to be_running } end - describe file("#{$mod_dir}/php5.conf") do - it { is_expected.to contain "DirectoryIndex index.php" } + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { is_expected.to contain "DirectoryIndex index.php" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { is_expected.to contain "DirectoryIndex index.php" } + end end it 'should answer to php.example.com' do @@ -105,9 +111,14 @@ class {'apache::mod::php': EOS apply_manifest(pp, :catch_failures => true) end - - describe file("#{$mod_dir}/php5.conf") do - it { should contain "# somecontent" } + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { should contain "# somecontent" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end end end @@ -125,8 +136,14 @@ class {'apache::mod::php': apply_manifest(pp, :catch_failures => true) end - describe file("#{$mod_dir}/php5.conf") do - it { should contain "# somecontent" } + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { should contain "# somecontent" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end end end diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index fb23b504d5..07486677f1 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::suphp class', :if => fact('operatingsystem') == 'Ubuntu' do +describe 'apache::mod::suphp class', :if => (fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemmajrelease') != '16.04') do context "default suphp config" do it 'succeeds in puppeting suphp' do pp = <<-EOS diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index f8b01c570c..2bb7d1e027 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -794,7 +794,7 @@ class { 'apache': } it { is_expected.to be_file } if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' it { is_expected.not_to contain 'NameVirtualHost test.server' } - elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/ + elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10|16\.04)/ it { is_expected.not_to contain 'NameVirtualHost test.server' } elsif fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '8' it { is_expected.not_to contain 'NameVirtualHost test.server' } From 86b2df3ebfc894184f4f0b206c3905d182037d23 Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Wed, 20 Apr 2016 15:11:01 -0400 Subject: [PATCH 0949/2267] Support the newer mod_auth_cas config options mod_auth_cas supports a number of per-directory options https://github.com/Jasig/mod_auth_cas/blob/master/README#L333-384 A number of the options aren't supported in directory stanzas despite what the documentation suggests. The options are supported globally and in vhost configurations, so they're supported there accordingly. https://github.com/Jasig/mod_auth_cas/blob/master/README#L386-413 --- README.md | 41 +++++++++++++++++++ manifests/mod/auth_cas.pp | 35 ++++++++++------- manifests/vhost.pp | 20 ++++++++++ templates/mod/auth_cas.conf.erb | 15 +++++++ templates/vhost/_auth_cas.erb | 67 ++++++++++++++++++++++++++++++++ templates/vhost/_directories.erb | 23 +++++++++++ 6 files changed, 186 insertions(+), 15 deletions(-) create mode 100644 templates/vhost/_auth_cas.erb diff --git a/README.md b/README.md index cd9f2e513f..1ad6caa667 100644 --- a/README.md +++ b/README.md @@ -1414,6 +1414,10 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe **Parameters within `apache::mod::auth_cas`**: +- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML + validation is enabled. Default: CAS_ +- `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`. + Default: , - `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: undef. - `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: undef. - `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: undef. @@ -1424,8 +1428,11 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe - `cas_idle_timeout`: Default: undef. - `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. - `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: undef. +- `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas. +- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). Default: off - `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: undef. - `cas_validate_depth`: Limits the depth for chained certificate validation. Default: undef. +- `cas_validate_saml`: Parse response from CAS server for SAML. Default: Off - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. @@ -2104,6 +2111,40 @@ Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. Default: an empty [array][]. +##### `cas_attribute_prefix` + +Adds a header with the value of this header being the attribute values when SAML validation is enabled. Defaults to +the value set by [`apache::mod::auth_cas`][] + +##### `cas_attribute_delimiter` + +The delimiter between attribute values in the header created by `cas_attribute_prefix`. Defaults to the value +set by [`apache::mod::auth_cas`][] + +##### `cas_login_url` + +Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and +don't have an active session. Defaults to the value set by [`apache::mod::auth_cas`][] + +##### `cas_scrub_request_headers` + +Remove inbound request headers that may have special meaning within mod_auth_cas. Defaults to the value +set by [`apache::mod::auth_cas`][] + +##### `cas_sso_enabled` + +Enables experimental support for single sign out (may mangle POST data). Defaults to the value +set by [`apache::mod::auth_cas`][] + +##### `cas_validate_saml` + +Parse response from CAS server for SAML. Defaults to the value set by [`apache::mod::auth_cas`][] + +##### `cas_validate_url` + +Sets the URL to use when validating a client-presented ticket in an HTTP query string. Defaults to the value set by +[`apache::mod::auth_cas`][] + ##### `custom_fragment` Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: undef. diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index 2b5338d1e6..3bba643a08 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -1,21 +1,26 @@ class apache::mod::auth_cas ( $cas_login_url, $cas_validate_url, - $cas_cookie_path = $::apache::params::cas_cookie_path, - $cas_version = 2, - $cas_debug = 'Off', - $cas_validate_depth = undef, - $cas_certificate_path = undef, - $cas_proxy_validate_url = undef, - $cas_root_proxied_as = undef, - $cas_cookie_entropy = undef, - $cas_timeout = undef, - $cas_idle_timeout = undef, - $cas_cache_clean_interval = undef, - $cas_cookie_domain = undef, - $cas_cookie_http_only = undef, - $cas_authoritative = undef, - $suppress_warning = false, + $cas_cookie_path = $::apache::params::cas_cookie_path, + $cas_version = 2, + $cas_debug = 'Off', + $cas_validate_depth = undef, + $cas_certificate_path = undef, + $cas_proxy_validate_url = undef, + $cas_root_proxied_as = undef, + $cas_cookie_entropy = undef, + $cas_timeout = undef, + $cas_idle_timeout = undef, + $cas_cache_clean_interval = undef, + $cas_cookie_domain = undef, + $cas_cookie_http_only = undef, + $cas_authoritative = undef, + $cas_validate_saml = undef, + $cas_sso_enabled = undef, + $cas_attribute_prefix = undef, + $cas_attribute_delimiter = undef, + $cas_scrub_request_headers = undef, + $suppress_warning = false, ) inherits ::apache::params { validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 88e9c1b071..4d74706ce2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -152,6 +152,13 @@ $keepalive = undef, $keepalive_timeout = undef, $max_keepalive_requests = undef, + $cas_attribute_prefix = undef, + $cas_attribute_delimiter = undef, + $cas_scrub_request_headers = undef, + $cas_sso_enabled = undef, + $cas_login_url = undef, + $cas_validate_url = undef, + $cas_validate_saml = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -345,6 +352,9 @@ # Is apache::mod::shib enabled (or apache::mod['shib2']) $shibboleth_enabled = defined(Apache::Mod['shib2']) + # Is apache::mod::cas enabled (or apache::mod['cas']) + $cas_enabled = defined(Apache::Mod['auth_cas']) + if $access_log and !$access_logs { if $access_log_file { $_logs_dest = "${logroot}/${access_log_file}" @@ -1070,6 +1080,16 @@ } } + # Template uses: + # - $cas_* + if $cas_enabled { + concat::fragment { "${name}-auth_cas": + target => "${priority_real}${filename}.conf", + order => 350, + content => template('apache/vhost/_auth_cas.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/templates/mod/auth_cas.conf.erb b/templates/mod/auth_cas.conf.erb index 926bd65f52..8fd696f18a 100644 --- a/templates/mod/auth_cas.conf.erb +++ b/templates/mod/auth_cas.conf.erb @@ -38,3 +38,18 @@ CASCookieHttpOnly <%= @cas_cookie_http_only %> <% if @cas_authoritative -%> CASAuthoritative <%= @cas_authoritative %> <% end -%> +<%- if @cas_sso_enabled -%> +CASSSOEnabled On +<%- end -%> +<%- if @cas_validate_saml -%> +CASValidateSAML On +<%- end -%> +<%- if @cas_attribute_prefix -%> +CASAttributePrefix <%= @cas_attribute_prefix %> +<%- end -%> +<%- if @cas_attribute_delimiter -%> +CASAttributeDelimiter <%= @cas_attribute_delimiter %> +<%- end -%> +<%- if @cas_scrub_request_headers -%> +CASAttributeDelimiter On +<%- end -%> diff --git a/templates/vhost/_auth_cas.erb b/templates/vhost/_auth_cas.erb new file mode 100644 index 0000000000..fa26c00626 --- /dev/null +++ b/templates/vhost/_auth_cas.erb @@ -0,0 +1,67 @@ +<% if @cas_enabled -%> + + # mod_auth_cas configuration + <%- if @cas_cookie_path -%> + CASCookiePath <%= @cas_cookie_path %> + <%- end -%> + <%- if @cas_login_url -%> + CASLoginURL <%= @cas_login_url %> + <%- end -%> + <%- if @cas_validate_url -%> + CASValidateURL <%= @cas_validate_url %> + <%- end -%> + <%- if @cas_version -%> + CASVersion <%= @cas_version %> + <%- end -%> + <%- if @cas_debug -%> + CASDebug <%= @cas_debug %> + <%- end -%> + <%- if @cas_certificate_path -%> + CASCertificatePath <%= @cas_certificate_path %> + <%- end -%> + <%- if @cas_proxy_validate_url -%> + CASProxyValidateURL <%= @cas_proxy_validate_url %> + <%- end -%> + <%- if @cas_validate_depth -%> + CASValidateDepth <%= @cas_validate_depth %> + <%- end -%> + <%- if @cas_root_proxied_as -%> + CASRootProxiedAs <%= @cas_root_proxied_as %> + <%- end -%> + <%- if @cas_cookie_entropy -%> + CASCookieEntropy <%= @cas_cookie_entropy %> + <%- end -%> + <%- if @cas_timeout -%> + CASTimeout <%= @cas_timeout %> + <%- end -%> + <%- if @cas_idle_timeout -%> + CASIdleTimeout <%= @cas_idle_timeout %> + <%- end -%> + <%- if @cas_cache_clean_interval -%> + CASCacheCleanInterval <%= @cas_cache_clean_interval %> + <%- end -%> + <%- if @cas_cookie_domain -%> + CASCookieDomain <%= @cas_cookie_domain %> + <%- end -%> + <%- if @cas_cookie_http_only -%> + CASCookieHttpOnly <%= @cas_cookie_http_only %> + <%- end -%> + <%- if @cas_authoritative -%> + CASAuthoritative <%= @cas_authoritative %> + <%- end -%> + <%- if @cas_sso_enabled -%> + CASSSOEnabled On + <%- end -%> + <%- if @cas_validate_saml -%> + CASValidateSAML On + <%- end -%> + <%- if @cas_attribute_prefix -%> + CASAttributePrefix <%= @cas_attribute_prefix %> + <%- end -%> + <%- if @cas_attribute_delimiter -%> + CASAttributeDelimiter <%= @cas_attribute_delimiter %> + <%- end -%> + <%- if @cas_scrub_request_headers -%> + CASAttributeDelimiter On + <%- end -%> +<%- end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index df2690c431..416cf16fc8 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -240,6 +240,29 @@ ShibUseHeaders <%= directory['shib_use_headers'] %> <%- end -%> <%- end -%> + <%- if @cas_enabled -%> + <%- if directory['cas_scope'] -%> + CASScope <%= directory['cas_scope'] %> + <%- end -%> + <%- if directory['cas_renew'] -%> + CASRenew <%= directory['cas_renew'] %> + <%- end -%> + <%- if directory['cas_gateway'] -%> + CASGateway <%= directory['cas_gateway'] %> + <%- end -%> + <%- if directory['cas_cookie'] -%> + CASCookie <%= directory['cas_cookie'] %> + <%- end -%> + <%- if directory['cas_secure_cookie'] -%> + CASSecureCookie <%= directory['cas_secure_cookie'] %> + <%- end -%> + <%- if directory['cas_gateway_cookie'] -%> + CASGatewayCookie <%= directory['cas_gateway_cookie'] %> + <%- end -%> + <%- if directory['cas_authn_header'] -%> + CASAuthNHeader <%= directory['cas_authn_header'] %> + <%- end -%> + <%- end -%> <%- if directory['mellon_enable'] -%> MellonEnable "<%= directory['mellon_enable'] %>" <%- if directory['mellon_endpoint_path'] -%> From 816d32292424df890a613e71e89c84a530b36f8e Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 17 Jun 2016 11:18:19 +0200 Subject: [PATCH 0950/2267] Fix /etc/modsecurity perms to match package --- manifests/mod/security.pp | 6 +++--- spec/classes/mod/security_spec.rb | 14 ++++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index a4fe57f89a..f502729f6c 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -61,9 +61,9 @@ file { $modsec_dir: ensure => directory, - owner => $::apache::params::user, - group => $::apache::params::group, - mode => '0555', + owner => 'root', + group => 'root', + mode => '0755', purge => true, force => true, recurse => true, diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 7a0ba8f299..a10aa5c2c4 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -30,9 +30,10 @@ it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', - :path => '/etc/httpd/modsecurity.d', - :owner => 'apache', - :group => 'apache' + :path => '/etc/httpd/modsecurity.d', + :owner => 'root', + :group => 'root', + :mode => '0755', ) } it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with( :ensure => 'directory', @@ -83,9 +84,10 @@ it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/modsecurity').with( :ensure => 'directory', - :path => '/etc/modsecurity', - :owner => 'www-data', - :group => 'www-data' + :path => '/etc/modsecurity', + :owner => 'root', + :group => 'root', + :mode => '0755', ) } it { should contain_file('/etc/modsecurity/activated_rules').with( :ensure => 'directory', From e9852b125260191ef15b8b6fcb5b0735b7045c64 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 17 Jun 2016 12:56:46 +0200 Subject: [PATCH 0951/2267] Fix PassengerRoot under Debian stretch (#1478) --- manifests/params.pp | 56 +++++++-------------------------------------- 1 file changed, 8 insertions(+), 48 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 6a9f14919d..d67246c868 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -317,54 +317,14 @@ $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef - case $::operatingsystem { - 'Ubuntu': { - case $::lsbdistrelease { - '12.04': { - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef - } - '14.04': { - $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - $passenger_ruby = undef - $passenger_default_ruby = '/usr/bin/ruby' - } - '16.04': { - $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - $passenger_ruby = undef - $passenger_default_ruby = '/usr/bin/ruby' - } - default: { - # The following settings may or may not work on Ubuntu releases not - # supported by this module. - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef - } - } - } - 'Debian': { - case $::lsbdistcodename { - 'wheezy': { - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef - } - 'jessie': { - $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - $passenger_ruby = undef - $passenger_default_ruby = '/usr/bin/ruby' - } - default: { - # The following settings may or may not work on Debian releases not - # supported by this module. - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef - } - } - } + if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '14.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0) { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } else { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' } $wsgi_socket_prefix = undef } elsif $::osfamily == 'FreeBSD' { From 03ddd21f2c078dbd44eefc47990914eef15b84f5 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Fri, 17 Jun 2016 13:00:44 +0200 Subject: [PATCH 0952/2267] (maint) Fix a typo in CHANGELOG formatting Signed-off-by: Julien Pivotto --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4025bdba7f..c87e4b1793 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -324,7 +324,7 @@ This release has many new features and bugfixes, including the ability to option - Add `root_group` to `apache::mod::php` - Add `apache::mod::proxy_connect` class - Add `apache::mod::security` class - - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes parameters to `apache::mod::ssl` (MODULES-1719) + - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes` parameters to `apache::mod::ssl` (MODULES-1719) - Add `status_path` parameter to `apache::mod::status` - Add `apache_version` parameter to `apache::mod::version` - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) From a0da0296365396537e651728291237fbce260905 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Fri, 17 Jun 2016 13:12:55 +0200 Subject: [PATCH 0953/2267] (maint) Fix a typo in CHANGELOG: compatibilty Signed-off-by: Julien Pivotto --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c87e4b1793..1897558375 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ## Supported Release 1.10.0 #### Summary -This release fixes backwards compatibilty bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. +This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. #### Features - Allow setting KeepAlive related options per vhost From dbd04c0e11703ab57e8f8e743997da386d07ddf7 Mon Sep 17 00:00:00 2001 From: cd Date: Fri, 17 Jun 2016 13:02:04 +0100 Subject: [PATCH 0954/2267] Update _block.erb --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 36d4f42c59..8b95c429bb 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1292,7 +1292,7 @@ class { 'apache': } describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } - it { is_expected.to contain '' } + it { is_expected.to contain '' } end end From 6cebe98fe92f0894425ad4289939a32ffedeaf51 Mon Sep 17 00:00:00 2001 From: TP Honey Date: Fri, 17 Jun 2016 14:58:49 +0100 Subject: [PATCH 0955/2267] Add wsgi script aliases match (#1485) Add WSGIScriptAliasesMatch support and associated documentation --- README.md | 1 + manifests/vhost.pp | 4 ++++ spec/acceptance/vhost_spec.rb | 2 ++ spec/defines/vhost_spec.rb | 3 +++ templates/vhost/_wsgi.erb | 7 +++++++ 5 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 250149a688..6fa55c6e8b 100644 --- a/README.md +++ b/README.md @@ -2846,6 +2846,7 @@ Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). * `wsgi_daemon_process_options`. _Optional._ Default: undef. * `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: undef. * `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: undef. +* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: undef * `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: undef, leading Apache to use its default value of 'Off'. * `wsgi_chunked_request`: Enables support for chunked requests. Default: undef. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4d74706ce2..319fdd143f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -108,6 +108,7 @@ $wsgi_import_script = undef, $wsgi_import_script_options = undef, $wsgi_process_group = undef, + $wsgi_script_aliases_match = undef, $wsgi_script_aliases = undef, $wsgi_pass_authorization = undef, $wsgi_chunked_request = undef, @@ -213,6 +214,9 @@ if $wsgi_script_aliases { validate_hash($wsgi_script_aliases) } + if $wsgi_script_aliases_match { + validate_hash($wsgi_script_aliases_match) + } if $wsgi_daemon_process_options { validate_hash($wsgi_daemon_process_options) } diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 9e52c82063..bb4b83c2be 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1312,6 +1312,7 @@ class { 'apache::mod::wsgi': } wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_script_aliases_match => { '/test/([^/*])' => '/test1' }, wsgi_pass_authorization => 'On', } EOS @@ -1334,6 +1335,7 @@ class { 'apache::mod::wsgi': } wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_script_aliases_match => { '/test/([^/*])' => '/test1' }, wsgi_pass_authorization => 'On', wsgi_chunked_request => 'On', } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 95b1f32b8b..aa40798a25 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -359,6 +359,9 @@ 'wsgi_script_aliases' => { '/' => '/var/www/demo.wsgi' }, + 'wsgi_script_aliases_match' => { + '^/test/(^[/*)' => '/var/www/demo.wsgi' + }, 'wsgi_pass_authorization' => 'On', 'custom_fragment' => '#custom string', 'itk' => { diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index 9f01d40910..a49828fdc9 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -12,6 +12,13 @@ <% if @wsgi_process_group -%> WSGIProcessGroup <%= @wsgi_process_group %> <% end -%> +<% if @wsgi_script_aliases_match and ! @wsgi_script_aliases_match.empty? -%> + <%- @wsgi_script_aliases_match.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases_match[key] != ''-%> + WSGIScriptAliasMatch <%= key %> "<%= @wsgi_script_aliases_match[key] %>" + <%- end -%> + <%- end -%> +<% end -%> <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> <%- @wsgi_script_aliases.keys.sort.each do |key| -%> <%- if key != '' and @wsgi_script_aliases[key] != ''-%> From a38324b005035079869c42e4484dbe682e5d856a Mon Sep 17 00:00:00 2001 From: Jonathan Tripathy Date: Fri, 17 Jun 2016 17:01:44 +0100 Subject: [PATCH 0956/2267] MODULES-3476 - Updated regex in apache_version custom fact to work with EL5. --- lib/facter/apache_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index 2790627307..2e211c9873 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -2,7 +2,7 @@ setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') - %r{^Server version: Apache\/([\w\.]+) $([\w ]*)$}.match(apache_version)[1] + %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] end end end From c9f81660be2e73e031571187a34e974448a3fe79 Mon Sep 17 00:00:00 2001 From: Jeoffrey Bauvin Date: Tue, 21 Jun 2016 08:52:34 +0200 Subject: [PATCH 0957/2267] Fix non breaking space --- templates/mod/remoteip.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/remoteip.conf.erb b/templates/mod/remoteip.conf.erb index b4518f9b04..e10ebb51c8 100644 --- a/templates/mod/remoteip.conf.erb +++ b/templates/mod/remoteip.conf.erb @@ -3,7 +3,7 @@ RemoteIPHeader <%= @header %> <%- if @proxy_ips -%> # Declare client intranet IP addresses trusted to present -# the RemoteIPHeader value +# the RemoteIPHeader value <%- [@proxy_ips].flatten.each do |proxy| -%> RemoteIPInternalProxy <%= proxy %> <%- end -%> From cb6c2847f3fc2ffa686af031a8a865bdb10fd8d1 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Wed, 8 Jun 2016 15:53:00 -0400 Subject: [PATCH 0958/2267] Add mod/auth_cas params cas_cookie_path_mode cas_validate_server --- README.md | 5 +++++ manifests/mod/auth_cas.pp | 4 +++- templates/mod/auth_cas.conf.erb | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6fa55c6e8b..7faaf07f56 100644 --- a/README.md +++ b/README.md @@ -1424,17 +1424,22 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe - `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: undef. - `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: undef. - `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: undef. +- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user. Default: OS dependent. +- `cas_cookie_path_mode`: The mode of `cas_cookie_path`. Default: '0750'. - `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. - `cas_idle_timeout`: Default: undef. - `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. +- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. Default: undef. - `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: undef. - `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas. - `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). Default: off - `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: undef. - `cas_validate_depth`: Limits the depth for chained certificate validation. Default: undef. - `cas_validate_saml`: Parse response from CAS server for SAML. Default: Off +- `cas_validate_server`: Should we validate the cert of the CAS server (depreciated in 1.1 - RedHat 7). Default: undef. - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. +- `suppress_warning`: Don't wine about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). Default: false. ##### Class: `apache::mod::auth_mellon` diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index 3bba643a08..673cfb103d 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -2,8 +2,10 @@ $cas_login_url, $cas_validate_url, $cas_cookie_path = $::apache::params::cas_cookie_path, + $cas_cookie_path_mode = '0750', $cas_version = 2, $cas_debug = 'Off', + $cas_validate_server = undef, $cas_validate_depth = undef, $cas_certificate_path = undef, $cas_proxy_validate_url = undef, @@ -35,7 +37,7 @@ file { $cas_cookie_path: ensure => directory, before => File['auth_cas.conf'], - mode => '0750', + mode => $cas_cookie_path_mode, owner => $apache::user, group => $apache::group, } diff --git a/templates/mod/auth_cas.conf.erb b/templates/mod/auth_cas.conf.erb index 8fd696f18a..b59c5357fe 100644 --- a/templates/mod/auth_cas.conf.erb +++ b/templates/mod/auth_cas.conf.erb @@ -11,6 +11,9 @@ CASCertificatePath <%= @cas_certificate_path %> <% if @cas_proxy_validate_url -%> CASProxyValidateURL <%= @cas_proxy_validate_url %> <% end -%> +<% if @cas_validate_server -%> +CASValidateServer <%= @cas_validate_server %> +<% end -%> <% if @cas_validate_depth -%> CASValidateDepth <%= @cas_validate_depth %> <% end -%> From 5e39c890f4673bc3b0837f5953acb644188e65db Mon Sep 17 00:00:00 2001 From: TP Honey Date: Wed, 29 Jun 2016 11:44:52 +0100 Subject: [PATCH 0959/2267] {maint} modulesync 0794b2c (#1493) --- .puppet-lint.rc | 5 ----- CONTRIBUTING.md | 6 ++---- Rakefile | 4 ++-- 3 files changed, 4 insertions(+), 11 deletions(-) delete mode 100644 .puppet-lint.rc diff --git a/.puppet-lint.rc b/.puppet-lint.rc deleted file mode 100644 index 0b3cfad25d..0000000000 --- a/.puppet-lint.rc +++ /dev/null @@ -1,5 +0,0 @@ ---relative ---no-single_quote_string_with_variables-check ---no-80chars-check ---no-class_inherits_from_params_class-check ---no-documentation-check diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bfeaa701ca..3c3f1e7999 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -208,11 +208,9 @@ review. Additional Resources ==================== -* [Getting additional help](http://puppetlabs.com/community/get-help) +* [Getting additional help](http://puppet.com/community/get-help) -* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) - -* [Patchwork](https://patchwork.puppetlabs.com) +* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) * [General GitHub documentation](http://help.github.com/) diff --git a/Rakefile b/Rakefile index 1e2be6663c..af59fcf5c0 100644 --- a/Rakefile +++ b/Rakefile @@ -4,12 +4,12 @@ require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') -PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') -PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp", "bundle/**/*", "vendor/**/*"] desc 'Generate pooler nodesets' task :gen_nodeset do From 933c7b0a3a203949029e1cdb2a28ea7986179ed4 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 17 Jun 2016 15:26:15 +0200 Subject: [PATCH 0960/2267] Allow to override all SecDefaultAction attributes --- README.md | 2 +- manifests/mod/security.pp | 18 ++++++++++++++++++ spec/classes/mod/security_spec.rb | 12 +++++++++--- templates/mod/security_crs.conf.erb | 4 ++-- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 83adb68230..e88585126e 100644 --- a/README.md +++ b/README.md @@ -1817,7 +1817,7 @@ ${modsec\_dir}/activated\_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. - `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. -- `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. +- `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. Fuller values can be set too like "log,auditlog,deny,status:406,tag:'SLA 24/7'" - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index a4fe57f89a..70955e941e 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -21,6 +21,11 @@ ) inherits ::apache::params { include ::apache + $_secdefaultaction = $secdefaultaction ? { + /log/ => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog + default => "${secdefaultaction},log", + } + if $::osfamily == 'FreeBSD' { fail('FreeBSD is not currently supported') } @@ -80,6 +85,19 @@ notify => Class['apache::service'], } + # Template uses: + # - $_secdefaultaction + # - $critical_anomaly_score + # - $error_anomaly_score + # - $warning_anomaly_score + # - $notice_anomaly_score + # - $inbound_anomaly_threshold + # - $outbound_anomaly_threshold + # - $anomaly_score_blocking + # - $allowed_methods + # - $content_types + # - $restricted_extensions + # - $restricted_headers file { "${modsec_dir}/security_crs.conf": ensure => file, content => template('apache/mod/security_crs.conf.erb'), diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 7a0ba8f299..bc26130bb7 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -47,10 +47,13 @@ describe 'with parameters' do let :params do - { :audit_log_parts => "ABCDZ" + { + :audit_log_parts => "ABCDZ", + :secdefaultaction => "deny,status:406,nolog,auditlog" } end it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } + it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } end end @@ -100,10 +103,13 @@ describe 'with parameters' do let :params do - { :audit_log_parts => "ACEZ" + { + :audit_log_parts => "ABCDZ", + :secdefaultaction => "deny,status:406,nolog,auditlog" } end - it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ACEZ$} } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } + it { should contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } end end diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index d5eb70a249..ff55effb3c 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -63,8 +63,8 @@ SecComponentSignature "OWASP_CRS/2.2.6" # Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html # Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction # -SecDefaultAction "phase:1,<%= @secdefaultaction -%>,log" -SecDefaultAction "phase:2,<%= @secdefaultaction -%>,log" +SecDefaultAction "phase:1,<%= @_secdefaultaction -%>" +SecDefaultAction "phase:2,<%= @_secdefaultaction -%>" # # -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- From d249ff4ca4e444e32eab0b8eb11ed4feda672afd Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 17 Jun 2016 16:27:29 +0200 Subject: [PATCH 0961/2267] Add audit_log_relevant_status parameter to apache::mod::security --- README.md | 1 + manifests/mod/security.pp | 1 + spec/classes/mod/security_spec.rb | 14 ++++++++++---- templates/mod/security.conf.erb | 2 +- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e88585126e..519e23453b 100644 --- a/README.md +++ b/README.md @@ -1820,6 +1820,7 @@ ${modsec\_dir}/activated\_rules. - `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. Fuller values can be set too like "log,auditlog,deny,status:406,tag:'SLA 24/7'" - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' +- `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. Defaults: '^(?:5|4(?!04))'. - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' - `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. - `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 70955e941e..c5d9f0b5a2 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -3,6 +3,7 @@ $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $audit_log_relevant_status = '^(?:5|4(?!04))', $audit_log_parts = $::apache::params::modsec_audit_log_parts, $secpcrematchlimit = $::apache::params::secpcrematchlimit, $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index bc26130bb7..c117959e25 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -27,6 +27,7 @@ it { should contain_file('security.conf').with( :path => '/etc/httpd/conf.modules.d/security.conf' ) } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', @@ -48,10 +49,12 @@ describe 'with parameters' do let :params do { - :audit_log_parts => "ABCDZ", - :secdefaultaction => "deny,status:406,nolog,auditlog" + :audit_log_relevant_status => "^(?:5|4(?!01|04))", + :audit_log_parts => "ABCDZ", + :secdefaultaction => "deny,status:406,nolog,auditlog", } end + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!01\|04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } end @@ -83,6 +86,7 @@ it { should contain_file('security.conf').with( :path => '/etc/apache2/mods-available/security.conf' ) } + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } it { should contain_file('/etc/modsecurity').with( :ensure => 'directory', @@ -104,10 +108,12 @@ describe 'with parameters' do let :params do { - :audit_log_parts => "ABCDZ", - :secdefaultaction => "deny,status:406,nolog,auditlog" + :audit_log_relevant_status => "^(?:5|4(?!01|04))", + :audit_log_parts => "ABCDZ", + :secdefaultaction => "deny,status:406,nolog,auditlog", } end + it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!01\|04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } it { should contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } end diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 1ffd30bb9c..5df57dffed 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -49,7 +49,7 @@ SecResponseBodyLimitAction ProcessPartial SecDebugLogLevel 0 SecAuditEngine RelevantOnly - SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogRelevantStatus "<%= @audit_log_relevant_status %>" SecAuditLogParts <%= @audit_log_parts %> SecAuditLogType Serial SecArgumentSeparator & From c14800cc5857be868fa1e0d02f79862a7b863fa8 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 21 Jun 2016 15:32:42 +0200 Subject: [PATCH 0962/2267] Allow absolute path to $apache::mod::security::activated_rules --- README.md | 2 +- manifests/security/rule_link.pp | 7 ++++++- spec/classes/mod/security_spec.rb | 22 ++++++++++++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 519e23453b..9ee2778fc0 100644 --- a/README.md +++ b/README.md @@ -1808,7 +1808,7 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b **Parameters within `apache::mod::security`**: -- `activated_rules`: An [array][] of rules from the `modsec_crs_path` to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. +- `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. - `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. - `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' - `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp index a56a2d97f0..7edb1f442e 100644 --- a/manifests/security/rule_link.pp +++ b/manifests/security/rule_link.pp @@ -3,10 +3,15 @@ $parts = split($title, '/') $filename = $parts[-1] + $target = $title ? { + /^\// => $title, + default => "${::apache::params::modsec_crs_path}/${title}", + } + file { $filename: ensure => 'link', path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", - target => "${::apache::params::modsec_crs_path}/${title}", + target => $target , require => File["${::apache::mod::security::modsec_dir}/activated_rules"], notify => Class['apache::service'], } diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index c117959e25..b37ebad470 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -45,10 +45,17 @@ :path => '/etc/httpd/modsecurity.d/security_crs.conf' ) } it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', + ) } describe 'with parameters' do let :params do { + :activated_rules => [ + '/tmp/foo/bar.conf', + ], :audit_log_relevant_status => "^(?:5|4(?!01|04))", :audit_log_parts => "ABCDZ", :secdefaultaction => "deny,status:406,nolog,auditlog", @@ -57,6 +64,10 @@ it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!01\|04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } + it { should contain_file('bar.conf').with( + :path => '/etc/httpd/modsecurity.d/activated_rules/bar.conf', + :target => '/tmp/foo/bar.conf', + ) } end end @@ -104,10 +115,17 @@ :path => '/etc/modsecurity/security_crs.conf' ) } it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', + ) } describe 'with parameters' do let :params do { + :activated_rules => [ + '/tmp/foo/bar.conf', + ], :audit_log_relevant_status => "^(?:5|4(?!01|04))", :audit_log_parts => "ABCDZ", :secdefaultaction => "deny,status:406,nolog,auditlog", @@ -116,6 +134,10 @@ it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!01\|04$\)"$} } it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } it { should contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } + it { should contain_file('bar.conf').with( + :path => '/etc/modsecurity/activated_rules/bar.conf', + :target => '/tmp/foo/bar.conf', + ) } end end From 4b83ad211d6aa439ec4e2b1f8124275285665641 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 21 Jun 2016 11:22:44 +0200 Subject: [PATCH 0963/2267] Allow to set SecAuditLog --- README.md | 12 ++++++++++++ manifests/vhost.pp | 30 +++++++++++++++++++++++++++++- spec/classes/mod/security_spec.rb | 1 + spec/defines/vhost_spec.rb | 23 +++++++++++++++++++++++ templates/vhost/_security.erb | 3 +++ 5 files changed, 68 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 83adb68230..a6179b1a22 100644 --- a/README.md +++ b/README.md @@ -2470,6 +2470,18 @@ apache::vhost { 'sample.example.net': } ``` +##### `modsec_audit_log` & `modsec_audit_log_file` & `modsec_audit_log_pipe` + +Determines how to send mod_security audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). + +If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. Default: undef. + +If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. Default: undef. + +If `modsec_audit_log` is true, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. Default: false. + +When none of those parameters is set, the global audit log is used (i.e. ''/var/log/apache2/modsec\_audit.log'' on Debian and derivatives, ''/var/log/httpd/modsec\_audit.log'' on others). + ##### `no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 319fdd143f..15286b6941 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -61,6 +61,9 @@ $error_log_file = undef, $error_log_pipe = undef, $error_log_syslog = undef, + $modsec_audit_log = undef, + $modsec_audit_log_file = undef, + $modsec_audit_log_pipe = undef, $error_documents = [], $fallbackresource = undef, $scriptalias = undef, @@ -177,6 +180,9 @@ validate_bool($ip_based) validate_bool($access_log) validate_bool($error_log) + if $modsec_audit_log != undef { + validate_bool($modsec_audit_log) + } validate_bool($ssl) validate_bool($default_vhost) validate_bool($ssl_proxyengine) @@ -243,6 +249,10 @@ fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") } + if $modsec_audit_log_file and $modsec_audit_log_pipe { + fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") + } + if $fallbackresource { validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') } @@ -397,6 +407,23 @@ } } + if $modsec_audit_log == false { + $modsec_audit_log_destination = undef + } elsif $modsec_audit_log_file { + $modsec_audit_log_destination = "${logroot}/${modsec_audit_log_file}" + } elsif $modsec_audit_log_pipe { + $modsec_audit_log_destination = $modsec_audit_log_pipe + } elsif $modsec_audit_log { + if $ssl { + $modsec_audit_log_destination = "${logroot}/${name}_security_ssl.log" + } else { + $modsec_audit_log_destination = "${logroot}/${name}_security.log" + } + } else { + $modsec_audit_log_destination = undef + } + + if $ip { $_ip = enclose_ipv6($ip) if $port { @@ -1044,7 +1071,8 @@ # - $modsec_disable_msgs # - $modsec_disable_tags # - $modsec_body_limit - if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags { + # - $modsec_audit_log_destination + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination { concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index a10aa5c2c4..6752d61fdf 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -1,3 +1,4 @@ + require 'spec_helper' describe 'apache::mod::security', :type => :class do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index aa40798a25..6f85b622b3 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -584,6 +584,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-security') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } it { is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( :content => /^\s+JkMount\s+\/\*\s+tcnode1$/)} @@ -713,6 +714,28 @@ it { is_expected.to_not contain_concat__fragment('NameVirtualHost *:80') } end + context 'modsec_audit_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'modsec_audit_log' => true, + } + end + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-security').with( + :content => /^\s*SecAuditLog "\/var\/log\/apache2\/rspec\.example\.com_security\.log"$/ ) } + end + context 'modsec_audit_log_file' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'modsec_audit_log_file' => 'foo.log', + } + end + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-security').with( + :content => /\s*SecAuditLog "\/var\/log\/apache2\/foo.log"$/ ) } + end context 'set only aliases' do let :params do { diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb index 9e9492f183..dc35c78af1 100644 --- a/templates/vhost/_security.erb +++ b/templates/vhost/_security.erb @@ -2,6 +2,9 @@ <% if @modsec_disable_vhost -%> SecRuleEngine Off <% end -%> +<% if @modsec_audit_log_destination -%> + SecAuditLog "<%= @modsec_audit_log_destination %>" +<% end -%> <% if @_modsec_disable_ids.is_a?(Hash) -%> <% @_modsec_disable_ids.each do |location,rules| -%> > From bbb4b14440f5f30e225782ad11bae32d8e60ee28 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 5 Jul 2016 15:40:59 +0200 Subject: [PATCH 0964/2267] Don't sql_injection_attacks.data, done since 2012 --- manifests/params.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index d67246c868..e443acef4a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -174,7 +174,6 @@ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', 'base_rules/modsecurity_40_generic_attacks.data', - 'base_rules/modsecurity_41_sql_injection_attacks.data', 'base_rules/modsecurity_50_outbound.data', 'base_rules/modsecurity_50_outbound_malware.data', 'base_rules/modsecurity_crs_20_protocol_violations.conf', @@ -283,7 +282,6 @@ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', 'base_rules/modsecurity_40_generic_attacks.data', - 'base_rules/modsecurity_41_sql_injection_attacks.data', 'base_rules/modsecurity_50_outbound.data', 'base_rules/modsecurity_50_outbound_malware.data', 'base_rules/modsecurity_crs_20_protocol_violations.conf', From 2d3420f48841b8f3c026c3dbddb443245d0a5f64 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Fri, 8 Jul 2016 13:33:58 +0100 Subject: [PATCH 0965/2267] (MODULES-3581) modulesync [067d08a] --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index e490bc9b98..9b5b2146b3 100644 --- a/Gemfile +++ b/Gemfile @@ -16,10 +16,11 @@ group :development, :unit_tests do gem 'json', :require => false gem 'metadata-json-lint', :require => false gem 'puppet_facts', :require => false - gem 'puppet-blacksmith', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'rspec-puppet', '>= 2.3.2', :require => false gem 'simplecov', :require => false + gem 'puppet-blacksmith', :require => false + gem 'rest-client', '~> 1.8.0', :require => false end group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') From 5e8dd7a4bcec6b846ba01f0f77ecebd0c1a81da7 Mon Sep 17 00:00:00 2001 From: Martin Pfeifer Date: Thu, 2 Jun 2016 14:45:43 +0200 Subject: [PATCH 0966/2267] add force option to confd file resource --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index 194c1741e9..50f208cf84 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -172,6 +172,7 @@ ensure => directory, recurse => true, purge => $purge_confd, + force => $purge_confd, notify => Class['Apache::Service'], require => Package['httpd'], } From d370c7b666df77bc572d02f610aa0d276a57df47 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 8 Jul 2016 11:18:17 +0200 Subject: [PATCH 0967/2267] Sync security_crs.conf with latest upstream This effectively add some variables: - real_ip, dos_burst_time_slice, dos_counter_threshold, dos_block_timeout: DOS protection - anomaly_score, sql_injection_score, xss_score, inbound_anomaly_score, outbound_anomaly_score: Initial scores --- templates/mod/security_crs.conf.erb | 60 ++++++++++++++++------------- 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index ff55effb3c..cae4519156 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -1,20 +1,20 @@ # --------------------------------------------------------------- -# Core ModSecurity Rule Set ver.2.2.6 +# Core ModSecurity Rule Set ver.2.2.9 # Copyright (C) 2006-2012 Trustwave All rights reserved. # -# The OWASP ModSecurity Core Rule Set is distributed under +# The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # -# -- [[ Recommended Base Configuration ]] ------------------------------------------------- +# -- [[ Recommended Base Configuration ]] ------------------------------------------------- # # The configuration directives/settings in this file are used to control # the OWASP ModSecurity CRS. These settings do **NOT** configure the main # ModSecurity settings such as: -# +# # - SecRuleEngine # - SecRequestBodyAccess # - SecAuditEngine @@ -23,7 +23,7 @@ # You should use the modsecurity.conf-recommended file that comes with the # ModSecurity source code archive. # -# Ref: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended +# Ref: https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended # @@ -34,9 +34,9 @@ # # - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. # -# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecComponentSignature +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature # -SecComponentSignature "OWASP_CRS/2.2.6" +SecComponentSignature "OWASP_CRS/2.2.9" # @@ -51,7 +51,7 @@ SecComponentSignature "OWASP_CRS/2.2.6" # -- [[ Collaborative Detection Mode ]] -- # This is a "delayed blocking" mode of operation where each matching rule will inherit # the "pass" action and will only contribute to anomaly scores. Transactional blocking -# can be applied +# can be applied # # -- [[ Alert Logging Control ]] -- # You have three options - @@ -61,7 +61,7 @@ SecComponentSignature "OWASP_CRS/2.2.6" # - To log *only* to the Apache error_log file use: "log,noauditlog" # # Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html -# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDefaultAction # SecDefaultAction "phase:1,<%= @_secdefaultaction -%>" SecDefaultAction "phase:2,<%= @_secdefaultaction -%>" @@ -98,7 +98,7 @@ SecAction \ # -# -- [[ Collaborative Detection Scoring Threshold Levels ]] ------------------------------ +# -- [[ Collaborative Detection Scoring Initialization and Threshold Levels ]] ------------------------------ # # These variables are used in macro expansion in the 49 inbound blocking and 59 # outbound blocking files. @@ -107,18 +107,23 @@ SecAction \ # operators. If you have an earlier version, edit the 49/59 files directly to # set the appropriate anomaly score levels. # -# You should set the score to the proper threshold you would prefer. If set to "5" -# it will work similarly to previous Mod CRS rules and will create an event in the error_log -# file if there are any rules that match. If you would like to lessen the number of events -# generated in the error_log file, you should increase the anomaly score threshold to -# something like "20". This would only generate an event in the error_log file if -# there are multiple lower severity rule matches or if any 1 higher severity item matches. +# You should set the score level (rule 900003) to the proper threshold you +# would prefer. If set to "5" it will work similarly to previous Mod CRS rules +# and will create an event in the error_log file if there are any rules that +# match. If you would like to lessen the number of events generated in the +# error_log file, you should increase the anomaly score threshold to something +# like "20". This would only generate an event in the error_log file if there +# are multiple lower severity rule matches or if any 1 higher severity item matches. # SecAction \ "id:'900002', \ phase:1, \ t:none, \ - setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \ + setvar:tx.anomaly_score=0, \ + setvar:tx.sql_injection_score=0, \ + setvar:tx.xss_score=0, \ + setvar:tx.inbound_anomaly_score=0, \ + setvar:tx.outbound_anomaly_score=0, \ nolog, \ pass" @@ -127,12 +132,13 @@ SecAction \ "id:'900003', \ phase:1, \ t:none, \ + setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \ setvar:tx.outbound_anomaly_score_level=<%= @outbound_anomaly_threshold -%>, \ nolog, \ pass" -# +# # -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- # # This is a collaborative detection mode where each rule will increment an overall @@ -156,7 +162,7 @@ SecAction \ # -- [[ GeoIP Database ]] ----------------------------------------------------------------- # # There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. -# +# # You must first download the MaxMind GeoIP Lite City DB - # # http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz @@ -193,12 +199,12 @@ SecAction \ # -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- # # Set the following policy settings here and they will be propagated to the 23 rules -# file (modsecurity_common_23_request_limits.conf) by using macro expansion. +# file (modsecurity_common_23_request_limits.conf) by using macro expansion. # If you run into false positives, you can adjust the settings here. # # Only the max number of args is uncommented by default as there are a high rate # of false positives. Uncomment the items you wish to set. -# +# # # -- Maximum number of arguments in request limited SecAction \ @@ -262,7 +268,7 @@ SecAction \ # # Set the following policy settings here and they will be propagated to the 30 rules -# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. +# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. # If you run into false positves, you can adjust the settings here. # SecAction \ @@ -284,7 +290,7 @@ SecAction \ # The purpose of these settings is to send CSP response headers to # Mozilla FireFox users so that you can enforce how dynamic content # is used. CSP usage helps to prevent XSS attacks against your users. -# +# # Reference Link: # # https://developer.mozilla.org/en/Security/CSP @@ -292,7 +298,7 @@ SecAction \ # Uncomment this SecAction line if you want use CSP enforcement. # You need to set the appropriate directives and settings for your site/domain and # and activate the CSP file in the experimental_rules directory. -# +# # Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html # #SecAction \ @@ -320,7 +326,7 @@ SecAction \ "id:'900014', \ phase:1, \ t:none, \ - setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \ + setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#', \ setvar:'tx.brute_force_burst_time_slice=60', \ setvar:'tx.brute_force_counter_threshold=10', \ setvar:'tx.brute_force_block_timeout=300', \ @@ -337,7 +343,7 @@ SecAction \ # - Request Threshold: request # threshold to trigger a burst # - Block Period: temporary block timeout # -#SecAction \ +SecAction \ "id:'900015', \ phase:1, \ t:none, \ @@ -424,5 +430,7 @@ SecRule &TX:REAL_IP "@eq 0" \ t:none, \ initcol:global=global, \ initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ + setvar:tx.real_ip=%{remote_addr}, \ nolog, \ pass" + From 9c456473d1e42858186a8ad4bd5385a7afb6aca3 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 15 Jul 2016 14:21:58 +0200 Subject: [PATCH 0968/2267] Remove CAS comment The CAS directives are explicit (they start with CAS), and the comment was seen even without any CAS option set --- templates/vhost/_auth_cas.erb | 2 -- 1 file changed, 2 deletions(-) diff --git a/templates/vhost/_auth_cas.erb b/templates/vhost/_auth_cas.erb index fa26c00626..2f4787b73a 100644 --- a/templates/vhost/_auth_cas.erb +++ b/templates/vhost/_auth_cas.erb @@ -1,6 +1,4 @@ <% if @cas_enabled -%> - - # mod_auth_cas configuration <%- if @cas_cookie_path -%> CASCookiePath <%= @cas_cookie_path %> <%- end -%> From 0c7bd6daa6382bea79edf1598b879c23a6eebaed Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 15 Jul 2016 15:44:14 +0200 Subject: [PATCH 0969/2267] Fix typo in README about limit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2eb4fb0d28..5a9f400c54 100644 --- a/README.md +++ b/README.md @@ -3237,7 +3237,7 @@ apache::vhost { 'sample.example.net': { path => '/', provider => 'location', limit => [ - { methods => 'GET HEAD' + { methods => 'GET HEAD', require => ['valid-user'] }, ], From e58d6cacab53da679f3aa5b8d6ab1888cc916b48 Mon Sep 17 00:00:00 2001 From: Simon Rondelez Date: Wed, 20 Jul 2016 19:09:44 +0200 Subject: [PATCH 0970/2267] Patch httpoxy thry mod_security (#1506) --- templates/mod/security.conf.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 5df57dffed..5505f2140a 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -34,6 +34,9 @@ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + SecRule &REQUEST_HEADERS:Proxy "@gt 0" "id:1000005,log,deny,msg:'httpoxy denied'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" From f5d2f9ab2b0353d04b42584bec49c88f39570b9e Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 27 Jul 2016 15:43:44 +0100 Subject: [PATCH 0971/2267] (MAINT) Update for modulesync_config 72d19f184 --- .gitignore | 3 ++- .travis.yml | 2 +- Gemfile | 19 ++++++++++--------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index dd126f2fb2..0cd25de9af 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,8 @@ pkg/ Gemfile.lock vendor/ -spec/fixtures/ +spec/fixtures/manifests/ +spec/fixtures/modules/ .vagrant/ .bundle/ coverage/ diff --git a/.travis.yml b/.travis.yml index 4e2c66df32..f631db04fb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ matrix: script: bundle exec rake beaker services: docker sudo: required - - rvm: 2.1.6 + - rvm: 2.1.9 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" - rvm: 2.1.5 diff --git a/Gemfile b/Gemfile index 9b5b2146b3..c7da908d9f 100644 --- a/Gemfile +++ b/Gemfile @@ -13,14 +13,12 @@ def location_for(place, version = nil) end group :development, :unit_tests do - gem 'json', :require => false - gem 'metadata-json-lint', :require => false - gem 'puppet_facts', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '>= 2.3.2', :require => false - gem 'simplecov', :require => false - gem 'puppet-blacksmith', :require => false - gem 'rest-client', '~> 1.8.0', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', '>= 3.4.0', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false end group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') @@ -31,10 +29,13 @@ group :system_tests do gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) end +# json_pure 2.0.2 added a requirement on ruby >= 2. We pin to json_pure 2.0.1 +# if using ruby 1.x +gem 'json_pure', '<=2.0.1', :require => false if RUBY_VERSION =~ /^1\./ + gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) - if File.exists? "#{__FILE__}.local" eval(File.read("#{__FILE__}.local"), binding) end From de601567515abc50bc5f02474e8da8ac64e3b5da Mon Sep 17 00:00:00 2001 From: John Dixon Date: Fri, 29 Jul 2016 16:48:45 -0400 Subject: [PATCH 0972/2267] permit config of auth_dbd, include dbd, allow AuthnProviderAlias There was previously no facility to configure dbd for use with authn_dbd. I want to keep the apache config I required within the scope of this module. --- README.md | 28 ++++++++++++++ manifests/mod/authn_dbd.pp | 30 +++++++++++++++ manifests/mod/dbd.pp | 3 ++ spec/classes/mod/authn_dbd_spec.rb | 62 ++++++++++++++++++++++++++++++ templates/mod/authn_dbd.conf.erb | 17 ++++++++ 5 files changed, 140 insertions(+) create mode 100644 manifests/mod/authn_dbd.pp create mode 100644 manifests/mod/dbd.pp create mode 100644 spec/classes/mod/authn_dbd_spec.rb create mode 100644 templates/mod/authn_dbd.conf.erb diff --git a/README.md b/README.md index 5a9f400c54..15e9eda5cd 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ [`apache::mod::alias`]: #class-apachemodalias [`apache::mod::auth_cas`]: #class-apachemodauth_cas [`apache::mod::auth_mellon`]: #class-apachemodauth_mellon +[`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster [`apache::mod::disk_cache`]: #class-apachemoddisk_cache @@ -159,7 +160,9 @@ [`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas [`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html [`mod_authnz_external`]: https://github.com/phokz/mod-auth-external +[`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html [`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html [`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html [`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html @@ -1295,6 +1298,7 @@ The following Apache modules have supported classes, many of which allow for par * `auth_mellon`\* (see [`apache::mod::auth_mellon`][]) * `auth_kerb` * `authn_core` +* `authn_dbd`\* (see [`apache::mod::authn_dbd`][]) * `authn_file` * `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][]) * `authz_default` @@ -1307,6 +1311,7 @@ The following Apache modules have supported classes, many of which allow for par * `dav` * `dav_fs` * `dav_svn`\* +* `dbd` * `deflate\` * `dev` * `dir`\* @@ -1483,6 +1488,29 @@ class{ 'apache::mod::auth_mellon': - `mellon_post_size`: Maximum size of post requests. Default: undef. - `mellon_post_count`: Maximum number of post requests. Default: undef. +##### Class: `apache::mod::authn_dbd` + +Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally creates AuthnProviderAlias. + +``` puppet +class { 'apache::mod::authn_dbd': + $authn_dbd_params => + 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth', + $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s', + $authn_dbd_alias => 'db_auth', +} +``` + +** Parameters within `apache::mod::authn_dbd` +- `authn_dbd_alias`: Name for the AuthnProviderAlias. +- `authn_dbd_dbdriver`: Which db driver to use. Default: mysql. +- `authn_dbd_exptime`: corresponds to DBDExptime. Default: 300. +- `authn_dbd_keep`: corresponds to DBDKeep. Default: 8. +- `authn_dbd_max`: corresponds to DBDMax. Default: 20. +- `authn_dbd_min`: corresponds to DBDMin. Default: 4. +- `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string. +- `authn_dbd_query`: is the query used to test a user and password for authentication. + ##### Class: `apache::mod::authnz_ldap` Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration. diff --git a/manifests/mod/authn_dbd.pp b/manifests/mod/authn_dbd.pp new file mode 100644 index 0000000000..be6ff3e55f --- /dev/null +++ b/manifests/mod/authn_dbd.pp @@ -0,0 +1,30 @@ +class apache::mod::authn_dbd ( + $authn_dbd_params, + $authn_dbd_dbdriver = 'mysql', + $authn_dbd_query = undef, + $authn_dbd_min = '4', + $authn_dbd_max = '20', + $authn_dbd_keep = '8', + $authn_dbd_exptime = '300', + $authn_dbd_alias = undef, +) inherits ::apache::params { + include ::apache + include ::apache::mod::dbd + ::apache::mod { 'authn_dbd': } + + if $authn_dbd_alias { + include ::apache::mod::authn_core + } + + # Template uses + # - All variables beginning with authn_dbd + file { 'authn_dbd.conf': + ensure => file, + path => "${::apache::mod_dir}/authn_dbd.conf", + mode => $::apache::file_mode, + content => template('apache/mod/authn_dbd.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Class['Apache::Service'], + } +} diff --git a/manifests/mod/dbd.pp b/manifests/mod/dbd.pp new file mode 100644 index 0000000000..547acc77df --- /dev/null +++ b/manifests/mod/dbd.pp @@ -0,0 +1,3 @@ +class apache::mod::dbd { + ::apache::mod { 'dbd': } +} diff --git a/spec/classes/mod/authn_dbd_spec.rb b/spec/classes/mod/authn_dbd_spec.rb new file mode 100644 index 0000000000..4e101d1b5d --- /dev/null +++ b/spec/classes/mod/authn_dbd_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe 'apache::mod::authn_dbd', :type => :class do + context "default params" do + let :params do + { + :authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth', + } + end + + it_behaves_like "a mod class, without including apache" + end + + context "default configuration with parameters" do + let :params do + { + :authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth', + :authn_dbd_alias => 'db_authn', + :authn_dbd_query => 'SELECT password FROM authn WHERE username = %s' + } + end + + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("authn_dbd") } + it { is_expected.to contain_apache__mod("dbd") } + it { is_expected.to contain_file("authn_dbd.conf").with_path('/etc/apache2/mods-available/authn_dbd.conf') } + end + + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("authn_dbd") } + it { is_expected.to contain_apache__mod("dbd") } + it { is_expected.to contain_file("authn_dbd.conf").with_path('/etc/httpd/conf.d/authn_dbd.conf') } + end + end +end diff --git a/templates/mod/authn_dbd.conf.erb b/templates/mod/authn_dbd.conf.erb new file mode 100644 index 0000000000..e04fb3ec43 --- /dev/null +++ b/templates/mod/authn_dbd.conf.erb @@ -0,0 +1,17 @@ +#Database Management +DBDriver <%= @authn_dbd_dbdriver %> + +#Connection string: database name and login credentials +DBDParams "<%= @authn_dbd_params %>" + +#Parameters for Connection Pool Management +DBDMin <%= @authn_dbd_min %> +DBDMax <%= @authn_dbd_max %> +DBDKeep <%= @authn_dbd_keep %> +DBDExptime <%= @authn_dbd_exptime %> + +<%- if @authn_dbd_alias -%> +> + AuthDBDUserPWQuery "<%= @authn_dbd_query %>" + +<%- end -%> From d7b3e44e5d892a715bb8a321c95fe0c551d33576 Mon Sep 17 00:00:00 2001 From: James Glenn Date: Thu, 4 Aug 2016 17:28:09 -0500 Subject: [PATCH 0973/2267] MODULES-3689 - change case --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a9f400c54..73977901a9 100644 --- a/README.md +++ b/README.md @@ -3353,7 +3353,7 @@ apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', - require => 'IP 10.17.42.23', + require => 'ip 10.17.42.23', } ], } From 913e94b7cc994f605becebebfe0f5109f847437d Mon Sep 17 00:00:00 2001 From: Christoph Maser Date: Fri, 12 Aug 2016 13:54:41 +0200 Subject: [PATCH 0974/2267] MODULES-1556 move $error_log, $scriptalias, $access_log_file to params pp and make them class parameters. Change templates/httpd.conf.erb to allow paths pipes or syslog for error log --- README.md | 38 ++++++++++++++++++++++ manifests/init.pp | 69 +++++++++++++--------------------------- manifests/params.pp | 15 +++++++++ templates/httpd.conf.erb | 4 +++ 4 files changed, 79 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 73977901a9..6c9a2ae3f8 100644 --- a/README.md +++ b/README.md @@ -1240,6 +1240,44 @@ The default value is determined by your operating system: You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. +##### `error_log` + +The name of the error log file for the main server instance + +The default value is determined by your operating system: + +- **Debian**: 'error.log' +- **FreeBSD**: 'httpd-error.log' +- **Gentoo**: 'error.log' +- **Red Hat**: 'error_log' +- **Suse**: 'error.log' + +If the string starts with / or | or syslog: the full path will be set. Otherwise the filename will be prefixed with $logroot + +##### `scriptalias` + +Directory to use for global script alias + +The default value is determined by your operating system: + +- **Debian**: '/usr/lib/cgi-bin' +- **FreeBSD**: '/usr/local/www/apache24/cgi-bin' +- **Gentoo**: 'var/www/localhost/cgi-bin' +- **Red Hat**: '/var/www/cgi-bin' +- **Suse**: '/usr/lib/cgi-bin' + +##### `access_log_file` + +The name of the access log file for the main server instance + +The default value is determined by your operating system: + +- **Debian**: 'error.log' +- **FreeBSD**: 'httpd-access.log' +- **Gentoo**: 'access.log' +- **Red Hat**: 'access_log' +- **Suse**: 'access.log' + #### Class: `apache::dev` Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: diff --git a/manifests/init.pp b/manifests/init.pp index e3894cfffe..5293da0d17 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -82,6 +82,9 @@ $file_mode = $::apache::params::file_mode, $root_directory_options = $::apache::params::root_directory_options, $root_directory_secured = false, + $error_log = $::apache::params::error_log, + $scriptalias = $::apache::params::scriptalias, + $access_log_file = $::apache::params::access_log_file, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -258,60 +261,32 @@ } if $::apache::conf_dir and $::apache::params::conf_file { - case $::osfamily { - 'debian': { - $error_log = 'error.log' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - } - 'redhat': { - $error_log = 'error_log' - $scriptalias = '/var/www/cgi-bin' - $access_log_file = 'access_log' - } - 'freebsd': { - $error_log = 'httpd-error.log' - $scriptalias = '/usr/local/www/apache24/cgi-bin' - $access_log_file = 'httpd-access.log' - } 'gentoo': { - $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' - $scriptalias = '/var/www/localhost/cgi-bin' - $access_log_file = 'access.log' - - if is_array($default_mods) { - if versioncmp($apache_version, '2.4') >= 0 { - if defined('apache::mod::ssl') { - ::portage::makeconf { 'apache2_modules': - content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), - } - } else { - ::portage::makeconf { 'apache2_modules': - content => concat($default_mods, 'authz_core'), - } + if $::osfamily == 'gentoo' { + $error_documents_path = '/usr/share/apache2/error' + if is_array($default_mods) { + if versioncmp($apache_version, '2.4') >= 0 { + if defined('apache::mod::ssl') { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), } } else { ::portage::makeconf { 'apache2_modules': - content => $default_mods, + content => concat($default_mods, 'authz_core'), } } - } - - file { [ - '/etc/apache2/modules.d/.keep_www-servers_apache-2', - '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' - ]: - ensure => absent, - require => Package['httpd'], + } else { + ::portage::makeconf { 'apache2_modules': + content => $default_mods, + } } } - 'Suse': { - $error_log = 'error.log' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - } - default: { - fail("Unsupported osfamily ${::osfamily}") + + file { [ + '/etc/apache2/modules.d/.keep_www-servers_apache-2', + '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' + ]: + ensure => absent, + require => Package['httpd'], } } diff --git a/manifests/params.pp b/manifests/params.pp index d67246c868..9ef16de83d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -193,6 +193,9 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf', ] + $error_log = 'error_log' + $scriptalias = '/var/www/cgi-bin' + $access_log_file = 'access_log' } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -249,6 +252,9 @@ 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', } + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 { $shib2_lib = 'mod_shib_22.so' } else { @@ -393,6 +399,9 @@ $docroot = '/usr/local/www/apache24/data' $alias_icons_path = '/usr/local/www/apache24/icons' $error_documents_path = '/usr/local/www/apache24/error' + $error_log = 'httpd-error.log' + $scriptalias = '/usr/local/www/apache24/cgi-bin' + $access_log_file = 'httpd-access.log' } elsif $::osfamily == 'Gentoo' { $user = 'apache' $group = 'apache' @@ -457,6 +466,9 @@ $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $pidfile = '/var/run/apache2.pid' + $error_log = 'error.log' + $scriptalias = '/var/www/localhost/cgi-bin' + $access_log_file = 'access.log' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' $group = 'wwwrun' @@ -509,6 +521,9 @@ $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' # # Passenger-specific settings diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 21184179ff..4445d75ff8 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -51,7 +51,11 @@ AddDefaultCharset <%= @default_charset %> DefaultType <%= @default_type %> <%- end -%> HostnameLookups Off +<%- if /^[|\/]/.match(@error_log) || /^syslog:/.match(@error_log) -%> +ErrorLog "<%= @error_log %>" +<%- else -%> ErrorLog "<%= @logroot %>/<%= @error_log %>" +<%- end -%> LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> <%- if @allow_encoded_slashes -%> From d14e1a83e7e778fc6a000f8b28124fdb36834c43 Mon Sep 17 00:00:00 2001 From: ygt-davidstirling Date: Thu, 18 Aug 2016 18:59:09 +0100 Subject: [PATCH 0975/2267] mod_passenger: PassengerMaxInstancesPerApp option (#1503) * mod_passenger: allow PassengerMaxInstancesPerApp being set * Readme: passenger_max_instances_per_app parameter description. --- README.md | 4 ++++ manifests/mod/passenger.pp | 2 ++ spec/classes/mod/passenger_spec.rb | 6 ++++++ templates/mod/passenger.conf.erb | 3 +++ 4 files changed, 15 insertions(+) diff --git a/README.md b/README.md index 2c6e6851b1..fd2faa00ae 100644 --- a/README.md +++ b/README.md @@ -2553,6 +2553,10 @@ Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/refe Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. +##### `passenger_max_instances_per_app` + +Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application. + ##### `passenger_start_timeout` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e127d78267..1df3126ef0 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -14,6 +14,7 @@ $passenger_default_ruby = $::apache::params::passenger_default_ruby, $passenger_max_pool_size = undef, $passenger_min_instances = undef, + $passenger_max_instances_per_app = undef, $passenger_use_global_queue = undef, $passenger_app_env = undef, $passenger_log_file = undef, @@ -87,6 +88,7 @@ # - $passenger_default_ruby # - $passenger_max_pool_size # - $passenger_min_instances + # - $passenger_max_instances_per_app # - $passenger_high_performance # - $passenger_max_requests # - $passenger_spawn_method diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index e9e754202c..3f485b42ab 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -98,6 +98,12 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMinInstances 5$/) } end + describe "with passenger_max_instances_per_app => 8" do + let :params do + { :passenger_max_instances_per_app => 8 } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxInstancesPerApp 8$/) } + end describe "with rack_autodetect => on" do let :params do { :rack_autodetect => 'on' } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 6eac6fe649..770cb34e0c 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -19,6 +19,9 @@ <%- if @passenger_min_instances -%> PassengerMinInstances <%= @passenger_min_instances %> <%- end -%> + <%- if @passenger_max_instances_per_app -%> + PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %> + <%- end -%> <%- if @passenger_pool_idle_time -%> PassengerPoolIdleTime <%= @passenger_pool_idle_time %> <%- end -%> From 484f8565d579f732689a06a1011d3e1c3eb9322c Mon Sep 17 00:00:00 2001 From: Richard Pijnenburg Date: Mon, 15 Aug 2016 11:21:20 +0100 Subject: [PATCH 0976/2267] Allow the proxy_via setting to be configured Previously it was hardcoded, this patch makes it configurable. --- README.md | 1 + manifests/mod/proxy.pp | 1 + templates/mod/proxy.conf.erb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 73977901a9..fbd5f97ad6 100644 --- a/README.md +++ b/README.md @@ -1730,6 +1730,7 @@ Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its conf - `apache_version`: Default: `undef`. - `package_name`: Default: `undef`. - `proxy_requests`: Default: 'Off'. +- `proxy_via`: Default: 'On'. ##### Class: `apache::mod::php` diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index b69a17e9d9..ce82cb3a89 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -3,6 +3,7 @@ $allow_from = undef, $apache_version = undef, $package_name = undef, + $proxy_via = 'On', ) { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) diff --git a/templates/mod/proxy.conf.erb b/templates/mod/proxy.conf.erb index 06fe547140..d023c14e53 100644 --- a/templates/mod/proxy.conf.erb +++ b/templates/mod/proxy.conf.erb @@ -23,5 +23,5 @@ # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block - ProxyVia On + ProxyVia <%= @proxy_via %> From 0a5f98b449c0210a3ac8a50df4387b600f2b3614 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 25 Aug 2016 16:13:15 +0200 Subject: [PATCH 0977/2267] Update modulesync_config [0d59329] --- .rubocop.yml | 508 ++++++++++++++++++++++ .travis.yml | 5 +- Gemfile | 23 +- Rakefile | 4 - spec/acceptance/nodesets/centos-7-x64.yml | 2 +- 5 files changed, 527 insertions(+), 15 deletions(-) create mode 100644 .rubocop.yml diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000000..5aadd1b64f --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,508 @@ +require: rubocop-rspec +AllCops: + TargetRubyVersion: 1.9 + Include: + - ./**/*.rb + Exclude: + - vendor/**/* + - .vendor/**/* + - pkg/**/* + - spec/fixtures/**/* +Lint/ConditionPosition: + Enabled: True + +Lint/ElseLayout: + Enabled: True + +Lint/UnreachableCode: + Enabled: True + +Lint/UselessComparison: + Enabled: True + +Lint/EnsureReturn: + Enabled: True + +Lint/HandleExceptions: + Enabled: True + +Lint/LiteralInCondition: + Enabled: True + +Lint/ShadowingOuterLocalVariable: + Enabled: True + +Lint/LiteralInInterpolation: + Enabled: True + +Style/HashSyntax: + Enabled: True + +Style/RedundantReturn: + Enabled: True + +Lint/AmbiguousOperator: + Enabled: True + +Lint/AssignmentInCondition: + Enabled: True + +Style/SpaceBeforeComment: + Enabled: True + +Style/AndOr: + Enabled: True + +Style/RedundantSelf: + Enabled: True + +# Method length is not necessarily an indicator of code quality +Metrics/MethodLength: + Enabled: False + +# Module length is not necessarily an indicator of code quality +Metrics/ModuleLength: + Enabled: False + +Style/WhileUntilModifier: + Enabled: True + +Lint/AmbiguousRegexpLiteral: + Enabled: True + +Lint/Eval: + Enabled: True + +Lint/BlockAlignment: + Enabled: True + +Lint/DefEndAlignment: + Enabled: True + +Lint/EndAlignment: + Enabled: True + +Lint/DeprecatedClassMethods: + Enabled: True + +Lint/Loop: + Enabled: True + +Lint/ParenthesesAsGroupedExpression: + Enabled: True + +Lint/RescueException: + Enabled: True + +Lint/StringConversionInInterpolation: + Enabled: True + +Lint/UnusedBlockArgument: + Enabled: True + +Lint/UnusedMethodArgument: + Enabled: True + +Lint/UselessAccessModifier: + Enabled: True + +Lint/UselessAssignment: + Enabled: True + +Lint/Void: + Enabled: True + +Style/AccessModifierIndentation: + Enabled: True + +Style/AccessorMethodName: + Enabled: True + +Style/Alias: + Enabled: True + +Style/AlignArray: + Enabled: True + +Style/AlignHash: + Enabled: True + +Style/AlignParameters: + Enabled: True + +Metrics/BlockNesting: + Enabled: True + +Style/AsciiComments: + Enabled: True + +Style/Attr: + Enabled: True + +Style/BracesAroundHashParameters: + Enabled: True + +Style/CaseEquality: + Enabled: True + +Style/CaseIndentation: + Enabled: True + +Style/CharacterLiteral: + Enabled: True + +Style/ClassAndModuleCamelCase: + Enabled: True + +Style/ClassAndModuleChildren: + Enabled: False + +Style/ClassCheck: + Enabled: True + +# Class length is not necessarily an indicator of code quality +Metrics/ClassLength: + Enabled: False + +Style/ClassMethods: + Enabled: True + +Style/ClassVars: + Enabled: True + +Style/WhenThen: + Enabled: True + +Style/WordArray: + Enabled: True + +Style/UnneededPercentQ: + Enabled: True + +Style/Tab: + Enabled: True + +Style/SpaceBeforeSemicolon: + Enabled: True + +Style/TrailingBlankLines: + Enabled: True + +Style/SpaceInsideBlockBraces: + Enabled: True + +Style/SpaceInsideBrackets: + Enabled: True + +Style/SpaceInsideHashLiteralBraces: + Enabled: True + +Style/SpaceInsideParens: + Enabled: True + +Style/LeadingCommentSpace: + Enabled: True + +Style/SpaceBeforeFirstArg: + Enabled: True + +Style/SpaceAfterColon: + Enabled: True + +Style/SpaceAfterComma: + Enabled: True + +Style/SpaceAfterMethodName: + Enabled: True + +Style/SpaceAfterNot: + Enabled: True + +Style/SpaceAfterSemicolon: + Enabled: True + +Style/SpaceAroundEqualsInParameterDefault: + Enabled: True + +Style/SpaceAroundOperators: + Enabled: True + +Style/SpaceBeforeBlockBraces: + Enabled: True + +Style/SpaceBeforeComma: + Enabled: True + +Style/CollectionMethods: + Enabled: True + +Style/CommentIndentation: + Enabled: True + +Style/ColonMethodCall: + Enabled: True + +Style/CommentAnnotation: + Enabled: True + +# 'Complexity' is very relative +Metrics/CyclomaticComplexity: + Enabled: False + +Style/ConstantName: + Enabled: True + +Style/Documentation: + Enabled: False + +Style/DefWithParentheses: + Enabled: True + +Style/PreferredHashMethods: + Enabled: True + +Style/DotPosition: + EnforcedStyle: trailing + +Style/DoubleNegation: + Enabled: True + +Style/EachWithObject: + Enabled: True + +Style/EmptyLineBetweenDefs: + Enabled: True + +Style/IndentArray: + Enabled: True + +Style/IndentHash: + Enabled: True + +Style/IndentationConsistency: + Enabled: True + +Style/IndentationWidth: + Enabled: True + +Style/EmptyLines: + Enabled: True + +Style/EmptyLinesAroundAccessModifier: + Enabled: True + +Style/EmptyLiteral: + Enabled: True + +# Configuration parameters: AllowURI, URISchemes. +Metrics/LineLength: + Enabled: False + +Style/MethodCallParentheses: + Enabled: True + +Style/MethodDefParentheses: + Enabled: True + +Style/LineEndConcatenation: + Enabled: True + +Style/TrailingWhitespace: + Enabled: True + +Style/StringLiterals: + Enabled: True + +Style/TrailingCommaInArguments: + Enabled: True + +Style/TrailingCommaInLiteral: + Enabled: True + +Style/GlobalVars: + Enabled: True + +Style/GuardClause: + Enabled: True + +Style/IfUnlessModifier: + Enabled: True + +Style/MultilineIfThen: + Enabled: True + +Style/NegatedIf: + Enabled: True + +Style/NegatedWhile: + Enabled: True + +Style/Next: + Enabled: True + +Style/SingleLineBlockParams: + Enabled: True + +Style/SingleLineMethods: + Enabled: True + +Style/SpecialGlobalVars: + Enabled: True + +Style/TrivialAccessors: + Enabled: True + +Style/UnlessElse: + Enabled: True + +Style/VariableInterpolation: + Enabled: True + +Style/VariableName: + Enabled: True + +Style/WhileUntilDo: + Enabled: True + +Style/EvenOdd: + Enabled: True + +Style/FileName: + Enabled: True + +Style/For: + Enabled: True + +Style/Lambda: + Enabled: True + +Style/MethodName: + Enabled: True + +Style/MultilineTernaryOperator: + Enabled: True + +Style/NestedTernaryOperator: + Enabled: True + +Style/NilComparison: + Enabled: True + +Style/FormatString: + Enabled: True + +Style/MultilineBlockChain: + Enabled: True + +Style/Semicolon: + Enabled: True + +Style/SignalException: + Enabled: True + +Style/NonNilCheck: + Enabled: True + +Style/Not: + Enabled: True + +Style/NumericLiterals: + Enabled: True + +Style/OneLineConditional: + Enabled: True + +Style/OpMethod: + Enabled: True + +Style/ParenthesesAroundCondition: + Enabled: True + +Style/PercentLiteralDelimiters: + Enabled: True + +Style/PerlBackrefs: + Enabled: True + +Style/PredicateName: + Enabled: True + +Style/RedundantException: + Enabled: True + +Style/SelfAssignment: + Enabled: True + +Style/Proc: + Enabled: True + +Style/RaiseArgs: + Enabled: True + +Style/RedundantBegin: + Enabled: True + +Style/RescueModifier: + Enabled: True + +# based on https://github.com/voxpupuli/modulesync_config/issues/168 +Style/RegexpLiteral: + EnforcedStyle: percent_r + Enabled: True + +Lint/UnderscorePrefixedVariableName: + Enabled: True + +Metrics/ParameterLists: + Enabled: False + +Lint/RequireParentheses: + Enabled: True + +Style/SpaceBeforeFirstArg: + Enabled: True + +Style/ModuleFunction: + Enabled: True + +Lint/Debugger: + Enabled: True + +Style/IfWithSemicolon: + Enabled: True + +Style/Encoding: + Enabled: True + +Style/BlockDelimiters: + Enabled: True + +Style/MultilineBlockLayout: + Enabled: True + +# 'Complexity' is very relative +Metrics/AbcSize: + Enabled: False + +# 'Complexity' is very relative +Metrics/PerceivedComplexity: + Enabled: False + +Lint/UselessAssignment: + Enabled: True + +Style/ClosingParenthesisIndentation: + Enabled: False + +# RSpec + +# We don't use rspec in this way +RSpec/DescribeClass: + Enabled: False + +# Example length is not necessarily an indicator of code quality +RSpec/ExampleLength: + Enabled: False + +RSpec/NamedSubject: + Enabled: False diff --git a/.travis.yml b/.travis.yml index f631db04fb..e313d879d3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,9 +19,12 @@ matrix: script: bundle exec rake beaker services: docker sudo: required + - rvm: 2.3.1 + bundler_args: --without system_tests + env: PUPPET_GEM_VERSION="~> 4.0" - rvm: 2.1.9 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + env: PUPPET_GEM_VERSION="~> 4.0" - rvm: 2.1.5 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" diff --git a/Gemfile b/Gemfile index c7da908d9f..ff29118928 100644 --- a/Gemfile +++ b/Gemfile @@ -4,21 +4,23 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, version = nil) if place =~ /^(git[:@][^#]*)#(.*)/ - [version, { :git => $1, :branch => $2, :require => false}].compact + [version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false}] + ['>= 0', { :path => File.expand_path($1), :require => false }] else - [place, version, { :require => false}].compact + [place, version, { :require => false }].compact end end group :development, :unit_tests do - gem 'metadata-json-lint', :require => false - gem 'puppet_facts', :require => false - gem 'puppet-blacksmith', '>= 3.4.0', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '>= 2.3.2', :require => false - gem 'simplecov', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', '>= 3.4.0', :require => false + gem 'puppetlabs_spec_helper', '>= 1.2.1', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'rspec-puppet-facts', :require => false + gem 'simplecov', :require => false + gem 'parallel_tests', :require => false end group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') @@ -32,6 +34,9 @@ end # json_pure 2.0.2 added a requirement on ruby >= 2. We pin to json_pure 2.0.1 # if using ruby 1.x gem 'json_pure', '<=2.0.1', :require => false if RUBY_VERSION =~ /^1\./ +# rubocop 0.42.0 requires ruby >=2 +gem 'rubocop', '0.41.2', :require => false if RUBY_VERSION =~ /^1\./ +gem 'rubocop-rspec', '~> 1.6', :require => false if RUBY_VERSION >= '2.3.0' gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) diff --git a/Rakefile b/Rakefile index af59fcf5c0..f4c70b8d35 100644 --- a/Rakefile +++ b/Rakefile @@ -2,14 +2,10 @@ require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppetlabs_spec_helper/rake_tasks' -PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') -PuppetLint.configuration.send('disable_140chars') -PuppetLint.configuration.send('disable_class_inherits_from_params_class') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') -PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp", "bundle/**/*", "vendor/**/*"] desc 'Generate pooler nodesets' task :gen_nodeset do diff --git a/spec/acceptance/nodesets/centos-7-x64.yml b/spec/acceptance/nodesets/centos-7-x64.yml index 1a40c8950f..5eebdefbfa 100644 --- a/spec/acceptance/nodesets/centos-7-x64.yml +++ b/spec/acceptance/nodesets/centos-7-x64.yml @@ -3,7 +3,7 @@ HOSTS: roles: - agent - default - platform: redhat-7-x86_64 + platform: el-7-x86_64 hypervisor: vagrant box: puppetlabs/centos-7.2-64-nocm CONFIG: From 728af498ba62a1829f64047b399fa4ad034e995b Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Thu, 25 Aug 2016 17:27:04 +0200 Subject: [PATCH 0978/2267] Override lint warning on compatibility requirement --- manifests/mod/authnz_ldap.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 0bcd1b887c..033c1be514 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,3 +1,4 @@ +# lint:ignore:variable_is_lowercase required for compatibility class apache::mod::authnz_ldap ( $verify_server_cert = true, $verifyServerCert = undef, @@ -30,3 +31,4 @@ notify => Class['apache::service'], } } +# lint:endignore From ad7a237c0ba0d2d4f53ada81e75b0161a33f3153 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Fri, 26 Aug 2016 09:28:58 +0200 Subject: [PATCH 0979/2267] Update modulesync_config [a3fe424] --- .travis.yml | 4 +- Gemfile | 60 ++++---- Gemfile.lock.bak | 362 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 395 insertions(+), 31 deletions(-) create mode 100644 Gemfile.lock.bak diff --git a/.travis.yml b/.travis.yml index e313d879d3..4e549bf77a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,13 +7,13 @@ script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 2.1.6 + - rvm: 2.3.1 dist: trusty env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04 script: bundle exec rake beaker services: docker sudo: required - - rvm: 2.1.6 + - rvm: 2.3.1 dist: trusty env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7 script: bundle exec rake beaker diff --git a/Gemfile b/Gemfile index ff29118928..c97275bd82 100644 --- a/Gemfile +++ b/Gemfile @@ -2,44 +2,46 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -def location_for(place, version = nil) - if place =~ /^(git[:@][^#]*)#(.*)/ - [version, { :git => $1, :branch => $2, :require => false }].compact - elsif place =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false }] +def location_from_env(env, default_location = []) + if location = ENV[env] + if location =~ /^((?:git|https?)[:@][^#]*)#(.*)/ + [{ :git => $1, :branch => $2, :require => false }] + elsif location =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [location, { :require => false }] + end else - [place, version, { :require => false }].compact + default_location end end group :development, :unit_tests do - gem 'metadata-json-lint', :require => false - gem 'puppet_facts', :require => false - gem 'puppet-blacksmith', '>= 3.4.0', :require => false - gem 'puppetlabs_spec_helper', '>= 1.2.1', :require => false - gem 'rspec-puppet', '>= 2.3.2', :require => false - gem 'rspec-puppet-facts', :require => false - gem 'simplecov', :require => false - gem 'parallel_tests', :require => false + gem 'metadata-json-lint' + gem 'puppet_facts' + gem 'puppet-blacksmith', '>= 3.4.0' + gem 'puppetlabs_spec_helper', '>= 1.2.1' + gem 'rspec-puppet', '>= 2.3.2' + gem 'rspec-puppet-facts' + gem 'simplecov' + gem 'parallel_tests' + gem 'rubocop', '0.41.2' if RUBY_VERSION < '2.0.0' + gem 'rubocop' if RUBY_VERSION >= '2.0.0' + gem 'rubocop-rspec', '~> 1.6' if RUBY_VERSION >= '2.3.0' + gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' end group :system_tests do - gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') - gem 'beaker', *location_for(ENV['BEAKER_VERSION']) - gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'master_manipulator', :require => false - gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) + gem 'beaker', *location_from_env('BEAKER_VERSION', []) if RUBY_VERSION >= '2.3.0' + gem 'beaker', *location_from_env('BEAKER_VERSION', ['< 3']) if RUBY_VERSION < '2.3.0' + gem 'beaker-rspec', *location_from_env('BEAKER_RSPEC_VERSION', ['>= 3.4']) + gem 'serverspec' + gem 'beaker-puppet_install_helper' + gem 'master_manipulator' + gem 'beaker-hostgenerator', *location_from_env('BEAKER_HOSTGENERATOR_VERSION', []) end -# json_pure 2.0.2 added a requirement on ruby >= 2. We pin to json_pure 2.0.1 -# if using ruby 1.x -gem 'json_pure', '<=2.0.1', :require => false if RUBY_VERSION =~ /^1\./ -# rubocop 0.42.0 requires ruby >=2 -gem 'rubocop', '0.41.2', :require => false if RUBY_VERSION =~ /^1\./ -gem 'rubocop-rspec', '~> 1.6', :require => false if RUBY_VERSION >= '2.3.0' - -gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) -gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) +gem 'facter', *location_from_env('FACTER_GEM_VERSION') +gem 'puppet', *location_from_env('PUPPET_GEM_VERSION') if File.exists? "#{__FILE__}.local" eval(File.read("#{__FILE__}.local"), binding) diff --git a/Gemfile.lock.bak b/Gemfile.lock.bak new file mode 100644 index 0000000000..a070814e8d --- /dev/null +++ b/Gemfile.lock.bak @@ -0,0 +1,362 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (2.2.8) + addressable (2.4.0) + ast (2.3.0) + aws-sdk-v1 (1.66.0) + json (~> 1.4) + nokogiri (>= 1.4.4) + beaker (2.50.0) + aws-sdk-v1 (~> 1.57) + beaker-answers (~> 0.0) + beaker-hiera (~> 0.0) + beaker-hostgenerator + beaker-pe (~> 0.0) + docker-api + fission (~> 0.4) + fog (~> 1.25, < 1.35.0) + fog-google (~> 0.0.9) + google-api-client (~> 0.8, < 0.9.5) + hocon (~> 1.0) + in-parallel (~> 0.1) + inifile (~> 2.0) + json (~> 1.8) + mime-types (~> 2.99) + minitest (~> 5.4) + net-scp (~> 1.2) + net-ssh (~> 2.9) + open_uri_redirections (~> 0.2.1) + rbvmomi (~> 1.8, < 1.9.0) + rsync (~> 1.0.9) + stringify-hash (~> 0.0) + unf (~> 0.1) + beaker-answers (0.11.0) + hocon (~> 1.0) + require_all (~> 1.3.2) + stringify-hash (~> 0.0.0) + beaker-hiera (0.1.1) + stringify-hash (~> 0.0.0) + beaker-hostgenerator (0.7.3) + deep_merge (~> 1.0) + stringify-hash (~> 0.0.0) + beaker-pe (0.9.0) + stringify-hash (~> 0.0.0) + beaker-puppet_install_helper (0.4.4) + beaker (~> 2.0) + beaker-rspec (5.6.0) + beaker (~> 2.0) + rspec + serverspec (~> 2) + specinfra (~> 2) + builder (3.2.2) + deep_merge (1.1.1) + diff-lcs (1.2.5) + docile (1.1.5) + docker-api (1.31.0) + excon (>= 0.38.0) + json + domain_name (0.5.20160615) + unf (>= 0.0.5, < 1.0.0) + excon (0.52.0) + facter (2.4.6) + CFPropertyList (~> 2.2.6) + facterdb (0.3.6) + facter + jgrep + faraday (0.9.2) + multipart-post (>= 1.2, < 3) + fission (0.5.0) + CFPropertyList (~> 2.2) + fog (1.34.0) + fog-atmos + fog-aws (>= 0.6.0) + fog-brightbox (~> 0.4) + fog-core (~> 1.32) + fog-dynect (~> 0.0.2) + fog-ecloud (~> 0.1) + fog-google (>= 0.0.2) + fog-json + fog-local + fog-powerdns (>= 0.1.1) + fog-profitbricks + fog-radosgw (>= 0.0.2) + fog-riakcs + fog-sakuracloud (>= 0.0.4) + fog-serverlove + fog-softlayer + fog-storm_on_demand + fog-terremark + fog-vmfusion + fog-voxel + fog-xml (~> 0.1.1) + ipaddress (~> 0.5) + nokogiri (~> 1.5, >= 1.5.11) + fog-atmos (0.1.0) + fog-core + fog-xml + fog-aws (0.11.0) + fog-core (~> 1.38) + fog-json (~> 1.0) + fog-xml (~> 0.1) + ipaddress (~> 0.8) + fog-brightbox (0.11.0) + fog-core (~> 1.22) + fog-json + inflecto (~> 0.0.2) + fog-core (1.42.0) + builder + excon (~> 0.49) + formatador (~> 0.2) + fog-dynect (0.0.3) + fog-core + fog-json + fog-xml + fog-ecloud (0.3.0) + fog-core + fog-xml + fog-google (0.0.9) + fog-core + fog-json + fog-xml + fog-json (1.0.2) + fog-core (~> 1.0) + multi_json (~> 1.10) + fog-local (0.3.0) + fog-core (~> 1.27) + fog-powerdns (0.1.1) + fog-core (~> 1.27) + fog-json (~> 1.0) + fog-xml (~> 0.1) + fog-profitbricks (0.0.5) + fog-core + fog-xml + nokogiri + fog-radosgw (0.0.5) + fog-core (>= 1.21.0) + fog-json + fog-xml (>= 0.0.1) + fog-riakcs (0.1.0) + fog-core + fog-json + fog-xml + fog-sakuracloud (1.7.5) + fog-core + fog-json + fog-serverlove (0.1.2) + fog-core + fog-json + fog-softlayer (1.1.3) + fog-core + fog-json + fog-storm_on_demand (0.1.1) + fog-core + fog-json + fog-terremark (0.1.0) + fog-core + fog-xml + fog-vmfusion (0.1.0) + fission + fog-core + fog-voxel (0.1.0) + fog-core + fog-xml + fog-xml (0.1.2) + fog-core + nokogiri (~> 1.5, >= 1.5.11) + formatador (0.2.5) + google-api-client (0.9.4) + addressable (~> 2.3) + googleauth (~> 0.5) + httpclient (~> 2.7) + hurley (~> 0.1) + memoist (~> 0.11) + mime-types (>= 1.6) + representable (~> 2.3.0) + retriable (~> 2.0) + thor (~> 0.19) + googleauth (0.5.1) + faraday (~> 0.9) + jwt (~> 1.4) + logging (~> 2.0) + memoist (~> 0.12) + multi_json (~> 1.11) + os (~> 0.9) + signet (~> 0.7) + hiera (3.2.1) + hocon (1.1.2) + http-cookie (1.0.2) + domain_name (~> 0.5) + httpclient (2.8.2.2) + hurley (0.2) + in-parallel (0.1.15) + inflecto (0.0.2) + inifile (2.0.2) + ipaddress (0.8.3) + jgrep (1.4.1) + json + json (1.8.3) + json_pure (2.0.2) + jwt (1.5.4) + little-plugger (1.1.4) + logging (2.1.0) + little-plugger (~> 1.1) + multi_json (~> 1.10) + master_manipulator (1.2.3) + beaker (~> 2.7, >= 2.7.0) + multi_json + mcollective-client (2.9.0) + json + stomp + systemu + memoist (0.15.0) + metaclass (0.0.4) + metadata-json-lint (0.0.11) + json + spdx-licenses (~> 1.0) + mime-types (2.99.2) + mini_portile2 (2.1.0) + minitest (5.9.0) + mocha (1.1.0) + metaclass (~> 0.0.1) + multi_json (1.12.1) + multipart-post (2.0.0) + net-scp (1.2.1) + net-ssh (>= 2.6.5) + net-ssh (2.9.4) + net-telnet (0.1.1) + netrc (0.11.0) + nokogiri (1.6.8) + mini_portile2 (~> 2.1.0) + pkg-config (~> 1.1.7) + open_uri_redirections (0.2.1) + os (0.9.6) + parallel (1.9.0) + parallel_tests (2.7.1) + parallel + parser (2.3.1.2) + ast (~> 2.2) + pkg-config (1.1.7) + powerpack (0.1.1) + puppet (4.5.3) + CFPropertyList (~> 2.2.6) + facter (> 2.0, < 4) + hiera (>= 2.0, < 4) + json_pure + puppet-blacksmith (3.4.0) + puppet (>= 2.7.16) + rest-client (~> 1.8.0) + puppet-lint (2.0.2) + puppet-syntax (2.1.0) + rake + puppet_facts (0.2.1) + puppetlabs_spec_helper (1.2.1) + mocha (~> 1.0) + puppet-lint (~> 2.0) + puppet-syntax (~> 2.0) + rspec-puppet (~> 2.0) + rainbow (2.1.0) + rake (11.2.2) + rbvmomi (1.8.2) + builder + nokogiri (>= 1.4.1) + trollop + representable (2.3.0) + uber (~> 0.0.7) + require_all (1.3.3) + rest-client (1.8.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 3.0) + netrc (~> 0.7) + retriable (2.1.0) + rspec (3.5.0) + rspec-core (~> 3.5.0) + rspec-expectations (~> 3.5.0) + rspec-mocks (~> 3.5.0) + rspec-core (3.5.2) + rspec-support (~> 3.5.0) + rspec-expectations (3.5.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.5.0) + rspec-its (1.2.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.5.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.5.0) + rspec-puppet (2.4.0) + rspec + rspec-puppet-facts (1.6.1) + facter + facterdb (>= 0.3.0) + json + mcollective-client + puppet + rspec-support (3.5.0) + rsync (1.0.9) + rubocop (0.42.0) + parser (>= 2.3.1.1, < 3.0) + powerpack (~> 0.1) + rainbow (>= 1.99.1, < 3.0) + ruby-progressbar (~> 1.7) + unicode-display_width (~> 1.0, >= 1.0.1) + rubocop-rspec (1.6.0) + rubocop (>= 0.42.0) + ruby-progressbar (1.8.1) + serverspec (2.36.0) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.53) + sfl (2.2) + signet (0.7.3) + addressable (~> 2.3) + faraday (~> 0.9) + jwt (~> 1.5) + multi_json (~> 1.10) + simplecov (0.12.0) + docile (~> 1.1.0) + json (>= 1.8, < 3) + simplecov-html (~> 0.10.0) + simplecov-html (0.10.0) + spdx-licenses (1.1.0) + specinfra (2.61.1) + net-scp + net-ssh (>= 2.7, < 4.0) + net-telnet + sfl + stomp (1.4.3) + stringify-hash (0.0.2) + systemu (2.6.5) + thor (0.19.1) + trollop (2.1.2) + uber (0.0.15) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.2) + unicode-display_width (1.1.0) + +PLATFORMS + ruby + +DEPENDENCIES + beaker + beaker-hostgenerator + beaker-puppet_install_helper + beaker-rspec (>= 3.4) + facter + master_manipulator + metadata-json-lint + parallel_tests + puppet + puppet-blacksmith (>= 3.4.0) + puppet_facts + puppetlabs_spec_helper (>= 1.2.1) + rspec-puppet (>= 2.3.2) + rspec-puppet-facts + rubocop-rspec (~> 1.6) + serverspec + simplecov + +BUNDLED WITH + 1.12.5 From c8eb3b079a583a638763995b027b74b15521eed7 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 26 Aug 2016 10:05:41 -0700 Subject: [PATCH 0980/2267] removes Gemfile.lock.bak --- Gemfile.lock.bak | 362 ----------------------------------------------- 1 file changed, 362 deletions(-) delete mode 100644 Gemfile.lock.bak diff --git a/Gemfile.lock.bak b/Gemfile.lock.bak deleted file mode 100644 index a070814e8d..0000000000 --- a/Gemfile.lock.bak +++ /dev/null @@ -1,362 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - CFPropertyList (2.2.8) - addressable (2.4.0) - ast (2.3.0) - aws-sdk-v1 (1.66.0) - json (~> 1.4) - nokogiri (>= 1.4.4) - beaker (2.50.0) - aws-sdk-v1 (~> 1.57) - beaker-answers (~> 0.0) - beaker-hiera (~> 0.0) - beaker-hostgenerator - beaker-pe (~> 0.0) - docker-api - fission (~> 0.4) - fog (~> 1.25, < 1.35.0) - fog-google (~> 0.0.9) - google-api-client (~> 0.8, < 0.9.5) - hocon (~> 1.0) - in-parallel (~> 0.1) - inifile (~> 2.0) - json (~> 1.8) - mime-types (~> 2.99) - minitest (~> 5.4) - net-scp (~> 1.2) - net-ssh (~> 2.9) - open_uri_redirections (~> 0.2.1) - rbvmomi (~> 1.8, < 1.9.0) - rsync (~> 1.0.9) - stringify-hash (~> 0.0) - unf (~> 0.1) - beaker-answers (0.11.0) - hocon (~> 1.0) - require_all (~> 1.3.2) - stringify-hash (~> 0.0.0) - beaker-hiera (0.1.1) - stringify-hash (~> 0.0.0) - beaker-hostgenerator (0.7.3) - deep_merge (~> 1.0) - stringify-hash (~> 0.0.0) - beaker-pe (0.9.0) - stringify-hash (~> 0.0.0) - beaker-puppet_install_helper (0.4.4) - beaker (~> 2.0) - beaker-rspec (5.6.0) - beaker (~> 2.0) - rspec - serverspec (~> 2) - specinfra (~> 2) - builder (3.2.2) - deep_merge (1.1.1) - diff-lcs (1.2.5) - docile (1.1.5) - docker-api (1.31.0) - excon (>= 0.38.0) - json - domain_name (0.5.20160615) - unf (>= 0.0.5, < 1.0.0) - excon (0.52.0) - facter (2.4.6) - CFPropertyList (~> 2.2.6) - facterdb (0.3.6) - facter - jgrep - faraday (0.9.2) - multipart-post (>= 1.2, < 3) - fission (0.5.0) - CFPropertyList (~> 2.2) - fog (1.34.0) - fog-atmos - fog-aws (>= 0.6.0) - fog-brightbox (~> 0.4) - fog-core (~> 1.32) - fog-dynect (~> 0.0.2) - fog-ecloud (~> 0.1) - fog-google (>= 0.0.2) - fog-json - fog-local - fog-powerdns (>= 0.1.1) - fog-profitbricks - fog-radosgw (>= 0.0.2) - fog-riakcs - fog-sakuracloud (>= 0.0.4) - fog-serverlove - fog-softlayer - fog-storm_on_demand - fog-terremark - fog-vmfusion - fog-voxel - fog-xml (~> 0.1.1) - ipaddress (~> 0.5) - nokogiri (~> 1.5, >= 1.5.11) - fog-atmos (0.1.0) - fog-core - fog-xml - fog-aws (0.11.0) - fog-core (~> 1.38) - fog-json (~> 1.0) - fog-xml (~> 0.1) - ipaddress (~> 0.8) - fog-brightbox (0.11.0) - fog-core (~> 1.22) - fog-json - inflecto (~> 0.0.2) - fog-core (1.42.0) - builder - excon (~> 0.49) - formatador (~> 0.2) - fog-dynect (0.0.3) - fog-core - fog-json - fog-xml - fog-ecloud (0.3.0) - fog-core - fog-xml - fog-google (0.0.9) - fog-core - fog-json - fog-xml - fog-json (1.0.2) - fog-core (~> 1.0) - multi_json (~> 1.10) - fog-local (0.3.0) - fog-core (~> 1.27) - fog-powerdns (0.1.1) - fog-core (~> 1.27) - fog-json (~> 1.0) - fog-xml (~> 0.1) - fog-profitbricks (0.0.5) - fog-core - fog-xml - nokogiri - fog-radosgw (0.0.5) - fog-core (>= 1.21.0) - fog-json - fog-xml (>= 0.0.1) - fog-riakcs (0.1.0) - fog-core - fog-json - fog-xml - fog-sakuracloud (1.7.5) - fog-core - fog-json - fog-serverlove (0.1.2) - fog-core - fog-json - fog-softlayer (1.1.3) - fog-core - fog-json - fog-storm_on_demand (0.1.1) - fog-core - fog-json - fog-terremark (0.1.0) - fog-core - fog-xml - fog-vmfusion (0.1.0) - fission - fog-core - fog-voxel (0.1.0) - fog-core - fog-xml - fog-xml (0.1.2) - fog-core - nokogiri (~> 1.5, >= 1.5.11) - formatador (0.2.5) - google-api-client (0.9.4) - addressable (~> 2.3) - googleauth (~> 0.5) - httpclient (~> 2.7) - hurley (~> 0.1) - memoist (~> 0.11) - mime-types (>= 1.6) - representable (~> 2.3.0) - retriable (~> 2.0) - thor (~> 0.19) - googleauth (0.5.1) - faraday (~> 0.9) - jwt (~> 1.4) - logging (~> 2.0) - memoist (~> 0.12) - multi_json (~> 1.11) - os (~> 0.9) - signet (~> 0.7) - hiera (3.2.1) - hocon (1.1.2) - http-cookie (1.0.2) - domain_name (~> 0.5) - httpclient (2.8.2.2) - hurley (0.2) - in-parallel (0.1.15) - inflecto (0.0.2) - inifile (2.0.2) - ipaddress (0.8.3) - jgrep (1.4.1) - json - json (1.8.3) - json_pure (2.0.2) - jwt (1.5.4) - little-plugger (1.1.4) - logging (2.1.0) - little-plugger (~> 1.1) - multi_json (~> 1.10) - master_manipulator (1.2.3) - beaker (~> 2.7, >= 2.7.0) - multi_json - mcollective-client (2.9.0) - json - stomp - systemu - memoist (0.15.0) - metaclass (0.0.4) - metadata-json-lint (0.0.11) - json - spdx-licenses (~> 1.0) - mime-types (2.99.2) - mini_portile2 (2.1.0) - minitest (5.9.0) - mocha (1.1.0) - metaclass (~> 0.0.1) - multi_json (1.12.1) - multipart-post (2.0.0) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (2.9.4) - net-telnet (0.1.1) - netrc (0.11.0) - nokogiri (1.6.8) - mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) - open_uri_redirections (0.2.1) - os (0.9.6) - parallel (1.9.0) - parallel_tests (2.7.1) - parallel - parser (2.3.1.2) - ast (~> 2.2) - pkg-config (1.1.7) - powerpack (0.1.1) - puppet (4.5.3) - CFPropertyList (~> 2.2.6) - facter (> 2.0, < 4) - hiera (>= 2.0, < 4) - json_pure - puppet-blacksmith (3.4.0) - puppet (>= 2.7.16) - rest-client (~> 1.8.0) - puppet-lint (2.0.2) - puppet-syntax (2.1.0) - rake - puppet_facts (0.2.1) - puppetlabs_spec_helper (1.2.1) - mocha (~> 1.0) - puppet-lint (~> 2.0) - puppet-syntax (~> 2.0) - rspec-puppet (~> 2.0) - rainbow (2.1.0) - rake (11.2.2) - rbvmomi (1.8.2) - builder - nokogiri (>= 1.4.1) - trollop - representable (2.3.0) - uber (~> 0.0.7) - require_all (1.3.3) - rest-client (1.8.0) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 3.0) - netrc (~> 0.7) - retriable (2.1.0) - rspec (3.5.0) - rspec-core (~> 3.5.0) - rspec-expectations (~> 3.5.0) - rspec-mocks (~> 3.5.0) - rspec-core (3.5.2) - rspec-support (~> 3.5.0) - rspec-expectations (3.5.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-its (1.2.0) - rspec-core (>= 3.0.0) - rspec-expectations (>= 3.0.0) - rspec-mocks (3.5.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.5.0) - rspec-puppet (2.4.0) - rspec - rspec-puppet-facts (1.6.1) - facter - facterdb (>= 0.3.0) - json - mcollective-client - puppet - rspec-support (3.5.0) - rsync (1.0.9) - rubocop (0.42.0) - parser (>= 2.3.1.1, < 3.0) - powerpack (~> 0.1) - rainbow (>= 1.99.1, < 3.0) - ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) - rubocop-rspec (1.6.0) - rubocop (>= 0.42.0) - ruby-progressbar (1.8.1) - serverspec (2.36.0) - multi_json - rspec (~> 3.0) - rspec-its - specinfra (~> 2.53) - sfl (2.2) - signet (0.7.3) - addressable (~> 2.3) - faraday (~> 0.9) - jwt (~> 1.5) - multi_json (~> 1.10) - simplecov (0.12.0) - docile (~> 1.1.0) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.0) - spdx-licenses (1.1.0) - specinfra (2.61.1) - net-scp - net-ssh (>= 2.7, < 4.0) - net-telnet - sfl - stomp (1.4.3) - stringify-hash (0.0.2) - systemu (2.6.5) - thor (0.19.1) - trollop (2.1.2) - uber (0.0.15) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.2) - unicode-display_width (1.1.0) - -PLATFORMS - ruby - -DEPENDENCIES - beaker - beaker-hostgenerator - beaker-puppet_install_helper - beaker-rspec (>= 3.4) - facter - master_manipulator - metadata-json-lint - parallel_tests - puppet - puppet-blacksmith (>= 3.4.0) - puppet_facts - puppetlabs_spec_helper (>= 1.2.1) - rspec-puppet (>= 2.3.2) - rspec-puppet-facts - rubocop-rspec (~> 1.6) - serverspec - simplecov - -BUNDLED WITH - 1.12.5 From 416d759e28dd0cde565c2ada5fc835bbe609dcb8 Mon Sep 17 00:00:00 2001 From: Matthew Gyurgyik Date: Fri, 19 Aug 2016 13:24:58 -0400 Subject: [PATCH 0981/2267] move IncludeOptional to bottom of configuration --- templates/mod/security.conf.erb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 5505f2140a..abb629febb 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -1,13 +1,4 @@ - # ModSecurity Core Rules Set configuration -<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> - IncludeOptional <%= @modsec_dir %>/*.conf - IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf -<%- else -%> - Include <%= @modsec_dir %>/*.conf - Include <%= @modsec_dir %>/activated_rules/*.conf -<%- end -%> - # Default recommended configuration SecRuleEngine <%= @modsec_secruleengine %> SecRequestBodyAccess On @@ -71,4 +62,13 @@ SecUploadDir /var/lib/mod_security <% end -%> SecUploadKeepFiles Off + + # ModSecurity Core Rules Set configuration +<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> + IncludeOptional <%= @modsec_dir %>/*.conf + IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf +<%- else -%> + Include <%= @modsec_dir %>/*.conf + Include <%= @modsec_dir %>/activated_rules/*.conf +<%- end -%> From e26b1a6f3bd011b14186a2d10a3c66c9c197956c Mon Sep 17 00:00:00 2001 From: Christoph Berg Date: Thu, 15 Sep 2016 15:24:45 +0200 Subject: [PATCH 0982/2267] Allow no_proxy_uris to be used within proxy_pass Previously, proxy_pass and proxy_pass_match configuration blocks did not support using no_proxy_uris and no_proxy_uris_match. These parameters required the use of proxy_dest, but mixing proxy_pass and proxy_dest results in undesired duplication of ProxyPass config lines. Fix by allowing no_proxy_uris and no_proxy_uris_match to be used within proxy_pass and proxy_pass_match configuration blocks. --- README.md | 2 ++ spec/defines/vhost_spec.rb | 4 ++++ templates/vhost/_proxy.erb | 12 ++++++++++++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index fd2faa00ae..37afea3c43 100644 --- a/README.md +++ b/README.md @@ -2620,6 +2620,8 @@ apache::vhost { 'site.name.fdqn': 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, { 'path' => '/g', 'url' => 'http://backend-g/', 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, + { 'path' => '/h', 'url' => 'http://backend-h/h', + 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, ], } ``` diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6f85b622b3..a8d7c9287e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -273,6 +273,8 @@ 'path' => '/a', 'url' => 'http://backend-a/', 'keywords' => ['noquery', 'interpolate'], + 'no_proxy_uris' => ['/a/foo', '/a/bar'], + 'no_proxy_uris_match' => ['/a/foomatch'], 'reverse_cookies' => [ { 'path' => '/a', @@ -295,6 +297,8 @@ 'path' => '/a', 'url' => 'http://backend-a/', 'keywords' => ['noquery', 'interpolate'], + 'no_proxy_uris' => ['/a/foo', '/a/bar'], + 'no_proxy_uris_match' => ['/a/foomatch'], 'params' => { 'retry' => '0', 'timeout' => '5' diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 5e20f9f0f5..79f36cf047 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -19,6 +19,12 @@ ProxyErrorOverride On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> + <%- Array(proxy['no_proxy_uris']).each do |uri| -%> + ProxyPass <%= uri %> ! + <%- end -%> + <%- Array(proxy['no_proxy_uris_match']).each do |uri| -%> + ProxyPassMatch <%= uri %> ! + <%- end -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> @@ -50,6 +56,12 @@ <%- end -%> <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> + <%- Array(proxy['no_proxy_uris']).each do |uri| -%> + ProxyPass <%= uri %> ! + <%- end -%> + <%- Array(proxy['no_proxy_uris_match']).each do |uri| -%> + ProxyPassMatch <%= uri %> ! + <%- end -%> ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> From 112cd4ea2b4ac21188cb726b89859dc9601afd81 Mon Sep 17 00:00:00 2001 From: Michael Watters Date: Thu, 15 Sep 2016 15:44:04 -0400 Subject: [PATCH 0983/2267] Bug - Port numbers must be quoted The default port numbers for apache must be quoted to avoid errors when running a catalog in the puppet agent. --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e3894cfffe..47d2dbcb8b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -384,7 +384,7 @@ ::apache::vhost { 'default': ensure => $default_vhost_ensure, - port => 80, + port => '80', docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, @@ -400,7 +400,7 @@ } ::apache::vhost { 'default-ssl': ensure => $default_ssl_vhost_ensure, - port => 443, + port => '443', ssl => true, docroot => $docroot, scriptalias => $scriptalias, From 6f0209ad4ba2d5c81f2f5d04c66fefae95080d68 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 21 Sep 2016 10:39:37 +0300 Subject: [PATCH 0984/2267] Don't write empty servername for vhost to template If an empty servername is given to a vhost, it shouldn't be written to the configuration file. Else we'll end up with an invalid configuration and httpd will fail to start. It is actually valid not to have a Servername, and in this case, httpd will route only based on the IP. --- spec/acceptance/vhost_spec.rb | 28 ++++++++++++++++++++++++++++ templates/vhost/_file_header.erb | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index bb4b83c2be..715b1a80ac 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -727,6 +727,34 @@ class { 'apache': } it { is_expected.to be_file } it { is_expected.not_to contain 'NameVirtualHost test.server' } end + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain "ServerName test.server" } + end + end + + describe 'ip_based and no servername' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + ip_based => true, + servername => '', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file($ports_file) do + it { is_expected.to be_file } + it { is_expected.not_to contain 'NameVirtualHost test.server' } + end + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.not_to contain "ServerName" } + end end describe 'add_listen' do diff --git a/templates/vhost/_file_header.erb b/templates/vhost/_file_header.erb index 5fd636a1e9..4cf7629ebf 100644 --- a/templates/vhost/_file_header.erb +++ b/templates/vhost/_file_header.erb @@ -4,7 +4,7 @@ # ************************************ > -<% if @servername -%> +<% if @servername and not @servername.empty? -%> ServerName <%= @servername %> <% end -%> <% if @serveradmin -%> From bd6812fa8ec213396d9068837b28e6f3a8a6d3f7 Mon Sep 17 00:00:00 2001 From: Alex De Castro Araujo Date: Wed, 21 Sep 2016 17:52:56 -0300 Subject: [PATCH 0985/2267] Settings to control modcluster request size --- README.md | 4 +++ manifests/mod/security.pp | 48 +++++++++++++++++------------ templates/mod/security.conf.erb | 6 ++-- templates/mod/security_crs.conf.erb | 2 +- 4 files changed, 36 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index fd2faa00ae..58f953b911 100644 --- a/README.md +++ b/README.md @@ -1834,6 +1834,10 @@ ${modsec\_dir}/activated\_rules. - `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. - `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '3'. - `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '2'. +- `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request. Default: '255'. +- `secrequestbodylimit`: Sets the maximum request body size ModSecurity will accept for buffering.. Default: '13107200'. +- `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported in the request. Default: '131072'. +- `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity will store in memory. Default: '131072' ##### Class: `apache::mod::wsgi` diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 95596dd538..d1effa9cff 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -1,24 +1,28 @@ class apache::mod::security ( - $crs_package = $::apache::params::modsec_crs_package, - $activated_rules = $::apache::params::modsec_default_rules, - $modsec_dir = $::apache::params::modsec_dir, - $modsec_secruleengine = $::apache::params::modsec_secruleengine, - $audit_log_relevant_status = '^(?:5|4(?!04))', - $audit_log_parts = $::apache::params::modsec_audit_log_parts, - $secpcrematchlimit = $::apache::params::secpcrematchlimit, - $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, - $allowed_methods = 'GET HEAD POST OPTIONS', - $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', - $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', - $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', - $secdefaultaction = 'deny', - $anomaly_score_blocking = 'off', - $inbound_anomaly_threshold = '5', - $outbound_anomaly_threshold = '4', - $critical_anomaly_score = '5', - $error_anomaly_score = '4', - $warning_anomaly_score = '3', - $notice_anomaly_score = '2', + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, + $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $audit_log_relevant_status = '^(?:5|4(?!04))', + $audit_log_parts = $::apache::params::modsec_audit_log_parts, + $secpcrematchlimit = $::apache::params::secpcrematchlimit, + $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, + $allowed_methods = 'GET HEAD POST OPTIONS', + $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', + $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', + $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', + $secdefaultaction = 'deny', + $anomaly_score_blocking = 'off', + $inbound_anomaly_threshold = '5', + $outbound_anomaly_threshold = '4', + $critical_anomaly_score = '5', + $error_anomaly_score = '4', + $warning_anomaly_score = '3', + $notice_anomaly_score = '2', + $secrequestmaxnumargs = '255', + $secrequestbodylimit = '13107200', + $secrequestbodynofileslimit = '131072', + $secrequestbodyinmemorylimit = '131072', ) inherits ::apache::params { include ::apache @@ -53,6 +57,9 @@ # - $audit_log_parts # - secpcrematchlimit # - secpcrematchlimitrecursion + # - secrequestbodylimit + # - secrequestbodynofileslimit + # - secrequestbodyinmemorylimit file { 'security.conf': ensure => file, content => template('apache/mod/security.conf.erb'), @@ -99,6 +106,7 @@ # - $content_types # - $restricted_extensions # - $restricted_headers + # - $secrequestmaxnumargs file { "${modsec_dir}/security_crs.conf": ensure => file, content => template('apache/mod/security_crs.conf.erb'), diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 5505f2140a..c422e0ef51 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -13,9 +13,9 @@ SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" - SecRequestBodyLimit 13107200 - SecRequestBodyNoFilesLimit 131072 - SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimit <%= @secrequestbodylimit %> + SecRequestBodyNoFilesLimit <%= @secrequestbodynofileslimit %> + SecRequestBodyInMemoryLimit <%= @secrequestbodyinmemorylimit %> SecRequestBodyLimitAction Reject SecRule REQBODY_ERROR "!@eq 0" \ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index cae4519156..641daac3ed 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -211,7 +211,7 @@ SecAction \ "id:'900006', \ phase:1, \ t:none, \ - setvar:tx.max_num_args=255, \ + setvar:tx.max_num_args=<%= @secrequestmaxnumargs %>, \ nolog, \ pass" From 7c11de24390dfa4e045b980929aed1dd73ce6219 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Wed, 10 Aug 2016 09:41:51 +0100 Subject: [PATCH 0986/2267] SuSE 11 test improvements --- lib/facter/apache_version.rb | 5 +++++ manifests/params.pp | 2 +- spec/acceptance/class_spec.rb | 23 +++++++++++++++++------ spec/acceptance/nodesets/suse.yml | 25 +++++++++++++++++++++++++ spec/acceptance/version.rb | 14 +++++++++++++- 5 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 spec/acceptance/nodesets/suse.yml diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index 2e211c9873..bb0b4ac9ff 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -2,6 +2,11 @@ setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') + puts "Matching apachectl '#{apache_version}'" + %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] + elsif Facter::Util::Resolution.which('apache2ctl') + apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1') + puts "Matching apache2ctl '#{apache_version}'" %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] end end diff --git a/manifests/params.pp b/manifests/params.pp index e443acef4a..3b51fb0352 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,7 +49,7 @@ $modsec_audit_log_parts = 'ABIJDEFHZ' - if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::osfamily == 'Suse') { $verify_command = '/usr/sbin/apache2ctl -t' } elsif $::operatingsystem == 'FreeBSD' { $verify_command = '/usr/local/sbin/apachectl -t' diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index aff79eb082..3908cce84e 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -3,14 +3,25 @@ describe 'apache class' do context 'default parameters' do - let(:pp) do - <<-EOS - class { 'apache': } - EOS - end - # Run it twice and test for idempotency + let(:pp) { "class { 'apache': }" } + it_behaves_like "a idempotent resource" + describe 'apache_version fact' do + before :all do + apply_manifest("include apache", :catch_failures => true) + version_check_pp = <<-EOS + notice("apache_version = >${apache_version}<") + EOS + @result = apply_manifest(version_check_pp, :catch_failures => true) + end + + fit { + expect(@result.output).to match(/"apache_version = >#{$apache_version}<"/) + } + end + + describe package($package_name) do it { is_expected.to be_installed } end diff --git a/spec/acceptance/nodesets/suse.yml b/spec/acceptance/nodesets/suse.yml new file mode 100644 index 0000000000..b6c14b92c6 --- /dev/null +++ b/spec/acceptance/nodesets/suse.yml @@ -0,0 +1,25 @@ +--- +HOSTS: + sles-11-x86_64-agent: + roles: + - agent + - default + platform: sles-11-x86_64 + template: sles-11-x86_64 + hypervisor: vcloud + redhat-7-x86_64-master: + roles: + - master + - dashboard + - database + - agent + platform: el-7-x86_64 + template: redhat-7-x86_64 + hypervisor: vcloud +CONFIG: + nfs_server: none + consoleport: 443 + datastore: instance0 + folder: Delivery/Quality Assurance/Enterprise/Dynamic + resourcepool: delivery/Quality Assurance/Enterprise/Dynamic + pooling_api: http://vcloud.delivery.puppetlabs.net/ diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 88cf509b7b..f2e19a694f 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -69,8 +69,20 @@ $package_name = 'www-servers/apache' $error_log = 'http-error.log' + $apache_version = '2.4' +when 'Suse' + $confd_dir = '/etc/apache2/conf.d' + $mod_dir = '/etc/apache2/mods-available' + $conf_file = '/etc/apache2/httpd.conf' + $ports_file = '/etc/apache2/ports.conf' + $vhost = '/etc/apache2/sites-available/15-default.conf' + $vhost_dir = '/etc/apache2/sites-available' + $run_dir = '/var/run/apache2' + $service_name = 'apache2' + $package_name = 'apache2' + $error_log = 'http-error.log' + $apache_version = '2.4' else $apache_version = '0' end - From f942dc8abc02e3ae79e63ec49b3aeabb33626c08 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 7 Sep 2016 17:24:40 -0700 Subject: [PATCH 0987/2267] adds cond for apache versions on suse --- spec/acceptance/version.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index f2e19a694f..24461b2377 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -81,8 +81,11 @@ $service_name = 'apache2' $package_name = 'apache2' $error_log = 'http-error.log' - - $apache_version = '2.4' + if _operatingsystemrelease <= 11 + $apache_version = '2.2' + else + $apache_version = '2.4' + end else $apache_version = '0' end From 6f4d00816dab36abd007f6abaf8021ec5f84cddf Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 28 Sep 2016 07:32:13 -0700 Subject: [PATCH 0988/2267] in which failures for sles 11 are zero --- .gitignore | 2 + manifests/mod/cgid.pp | 9 ++- manifests/mod/dav_svn.pp | 29 ++++++++-- manifests/mod/passenger.pp | 73 +++++++++++++++++++---- manifests/mod/php.pp | 27 ++++++--- manifests/mod/security.pp | 20 +++++-- manifests/params.pp | 23 ++++++-- spec/acceptance/class_spec.rb | 4 +- spec/acceptance/default_mods_spec.rb | 8 +-- spec/acceptance/mod_dav_svn_spec.rb | 2 + spec/acceptance/mod_pagespeed_spec.rb | 7 ++- spec/acceptance/mod_passenger_spec.rb | 2 + spec/acceptance/mod_php_spec.rb | 8 +-- spec/acceptance/mod_security_spec.rb | 83 ++++++++++++++++----------- spec/acceptance/nodesets/suse.yml | 4 +- spec/acceptance/version.rb | 14 +++-- spec/acceptance/vhost_spec.rb | 14 ++--- spec/spec_helper_acceptance.rb | 2 + templates/mod/security.conf.erb | 6 ++ 19 files changed, 245 insertions(+), 92 deletions(-) diff --git a/.gitignore b/.gitignore index 0cd25de9af..a319988ddc 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,8 @@ Gemfile.lock vendor/ spec/fixtures/manifests/ spec/fixtures/modules/ +spec/acceptance/nodesets/ +tmp/ .vagrant/ .bundle/ coverage/ diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 891cdd75b4..9b9788f24b 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -17,7 +17,14 @@ 'freebsd' => 'cgisock', default => undef, } - ::apache::mod { 'cgid': } + + if $::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12' { + ::apache::mod { 'cgid': + lib_path => '/usr/lib64/apache2-worker', + } + } else { + ::apache::mod { 'cgid': } + } if $cgisock_path { # Template uses $cgisock_path file { 'cgid.conf': diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 071535c11c..338285aac5 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,10 +1,21 @@ class apache::mod::dav_svn ( $authz_svn_enabled = false, + $suse_lib_path = $::apache::params::suse_lib_path ) { Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] include ::apache include ::apache::mod::dav - ::apache::mod { 'dav_svn': } + if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ + package { 'subversion-server': + provider => 'zypper', + ensure => 'installed', + } + ::apache::mod {'dav_svn': + lib_path => $suse_lib_path + } + } else { + ::apache::mod { 'dav_svn': } + } if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04' and $::operatingsystemmajrelease != '16.04') { $loadfile_name = undef @@ -13,9 +24,17 @@ } if $authz_svn_enabled { - ::apache::mod { 'authz_svn': - loadfile_name => $loadfile_name, - require => Apache::Mod['dav_svn'], - } + if ($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + lib_path => $suse_lib_path, + require => Apache::Mod['dav_svn'], + } + } else { + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], + } + } } } diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 1df3126ef0..967b60e13c 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -55,6 +55,57 @@ $_lib_path = $mod_lib_path } + if $::osfamily == 'Suse' { + package {'rack': + provider => 'gem', + ensure => "1.6.4", + before => Exec['passenger'] + } + package {'rake': + provider => 'gem', + ensure => '10.5.0', + before => Exec['passenger'] + } + package {'passenger': + provider => 'gem', + ensure => 'installed', + before => Exec['passenger'] + } + package {'gcc': + provider => 'zypper', + before => Package['gcc-c++'] + } + package {'gcc43-c++': + provider => 'zypper', + before => Package['gcc-c++'] + } + package {'gcc-c++': + provider => 'rpm', + source => 'http://download.opensuse.org/repositories/home:/zhy20120210:/SLES-11-SP1-x86-64/SLE_11/x86_64/gcc-c++-4.3-62.8.x86_64.rpm', + before => Exec['passenger'], + } + package {'apache2-devel': + provider => 'zypper', + before => Exec['passenger'], + } + package {'libcurl-devel': + provider => 'zypper', + before => Exec['passenger'], + } + exec {'passenger': + command => '/usr/bin/passenger-install-apache2-module -a', + } + file {'/etc/apache2/mods-available/passenger.load': + ensure => present, + content => 'LoadModule passenger_module /usr/lib64/apache2/mod_passenger.so' + } + file {'/usr/lib64/apache2/mod_passenger.so': + target => "/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30/buildout/apache2/mod_passenger.so" + + } + + } + if $::osfamily == 'RedHat' and $manage_repo { yumrepo { 'passenger': ensure => 'present', @@ -70,16 +121,18 @@ } } - $_id = $mod_id - $_path = $mod_path - ::apache::mod { 'passenger': - package => $_package, - package_ensure => $_package_ensure, - lib => $_lib, - lib_path => $_lib_path, - id => $_id, - path => $_path, - loadfile_name => 'zpassenger.load', + unless ($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12') { + $_id = $mod_id + $_path = $mod_path + ::apache::mod { 'passenger': + package => $_package, + package_ensure => $_package_ensure, + lib => $_lib, + lib_path => $_lib_path, + id => $_id, + path => $_path, + loadfile_name => 'zpassenger.load', + } } # Template uses: diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 340549ccb1..47d88abd33 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -52,13 +52,26 @@ $_lib = "libphp${php_version}.so" $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1') - ::apache::mod { $mod: - package => $_package_name, - package_ensure => $package_ensure, - lib => $_lib, - id => "php${_php_major}_module", - path => $path, - } + if $::osfamily == 'Suse' { + $suse_lib_path = $::apache::params::suse_lib_path + ::apache::mod { $mod: + package => $_package_name, + package_ensure => $package_ensure, + lib => 'mod_php5.so', + id => "php${_php_major}_module", + path => "${suse_lib_path}/mod_php5.so", + } + } else { + ::apache::mod { $mod: + package => $_package_name, + package_ensure => $package_ensure, + lib => $_lib, + id => "php${_php_major}_module", + path => $path, + } + + } + include ::apache::mod::mime include ::apache::mod::dir diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 95596dd538..b2890d4b78 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -19,6 +19,7 @@ $error_anomaly_score = '4', $warning_anomaly_score = '3', $notice_anomaly_score = '2', + $suse_lib_path = $::apache::params::suse_lib_path, ) inherits ::apache::params { include ::apache @@ -31,10 +32,19 @@ fail('FreeBSD is not currently supported') } - ::apache::mod { 'security': - id => 'security2_module', - lib => 'mod_security2.so', - } + if $::osfamily == 'Suse' { + ::apache::mod { 'security': + id => 'security2_module', + lib_path => $suse_lib_path, + lib => 'mod_security2.so', + } + } else { + ::apache::mod { 'security': + id => 'security2_module', + lib => 'mod_security2.so', + } + } + ::apache::mod { 'unique_id_module': id => 'unique_id_module', @@ -106,6 +116,6 @@ notify => Class['apache::service'], } - apache::security::rule_link { $activated_rules: } + unless $::osfamily == "Suse" { apache::security::rule_link { $activated_rules: } } } diff --git a/manifests/params.pp b/manifests/params.pp index 3b51fb0352..841f2bcb66 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -475,9 +475,10 @@ $logroot = '/var/log/apache2' $logroot_mode = undef $lib_path = '/usr/lib64/apache2-prefork' + $suse_lib_path = '/usr/lib64/apache2' $mpm_module = 'prefork' - $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' - $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $default_ssl_cert = '/etc/ssl/servercerts/servercert.pem' + $default_ssl_key = '/etc/ssl/servercerts/serverkey.pem' $ssl_certs_dir = '/etc/ssl/certs' $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' @@ -485,12 +486,15 @@ $php_version = '5' $mod_packages = { 'auth_kerb' => 'apache2-mod_auth_kerb', - 'fcgid' => 'apache2-mod_fcgid', 'perl' => 'apache2-mod_perl', 'php5' => 'apache2-mod_php53', 'python' => 'apache2-mod_python', + 'passenger' => 'apache2-mod_passenger', + 'security' => 'apache2-mod_security2', } $mod_libs = { + 'security' => '/usr/lib64/apache2/mod_security2.so', + 'php53' => '/usr/lib64/apache2/mod_php5.so', } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -506,7 +510,14 @@ $mellon_post_directory = undef $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' - $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] + $dev_packages = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel'] + $modsec_crs_package = undef + $modsec_crs_path = undef + $modsec_default_rules = undef + $modsec_dir = '/etc/apache2/modsecurity' + $secpcrematchlimit = 1500 + $secpcrematchlimitrecursion = 1500 + $modsec_secruleengine = 'On' # # Passenger-specific settings @@ -515,9 +526,9 @@ $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef - $passenger_root = '/usr' + $passenger_root = '/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30' $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' $wsgi_socket_prefix = undef } else { diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 3908cce84e..a640e54895 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -16,8 +16,8 @@ @result = apply_manifest(version_check_pp, :catch_failures => true) end - fit { - expect(@result.output).to match(/"apache_version = >#{$apache_version}<"/) + it { + expect(@result.output).to match(/apache_version = >#{$apache_version}.* false, } apache::vhost { 'defaults.example.com': - docroot => '/var/www/defaults', + docroot => '#{$docroot}/defaults', aliases => { alias => '/css', - path => '/var/www/css', + path => '#{$docroot}/css', }, setenv => 'TEST1 one', } @@ -65,10 +65,10 @@ class { 'apache': ], } apache::vhost { 'defaults.example.com': - docroot => '/var/www/defaults', + docroot => '#{$docroot}/defaults', aliases => { alias => '/css', - path => '/var/www/css', + path => '#{$docroot}/css', }, setenv => 'TEST1 one', } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 9a030c54f5..a3473f3cab 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -13,6 +13,8 @@ authz_svn_load_file = 'dav_svn_authz_svn.load' when 'FreeBSD' authz_svn_load_file = 'dav_svn_authz_svn.load' + when 'Suse' + authz_svn_load_file = 'dav_svn_authz_svn.load' end context "default dav_svn config" do diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 602c78c2f0..ea92ab5b83 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -5,7 +5,8 @@ # updating packages and Pagespeed doesn't like old packages. describe 'apache::mod::pagespeed class', :unless => ((fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') < '12')) do + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') < '12') or + (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12')) do context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS @@ -41,10 +42,10 @@ class { 'apache::mod::pagespeed': } apache::vhost { 'pagespeed.example.com': port => '80', - docroot => '/var/www/pagespeed', + docroot => '#{$docroot}/pagespeed', } host { 'pagespeed.example.com': ip => '127.0.0.1', } - file { '/var/www/pagespeed/index.html': + file { '#{$docroot}/pagespeed/index.html': ensure => file, content => "\n\n\n
Hello World!
\n\n", } diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 4761d2c5bf..533d71533d 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -60,6 +60,8 @@ passenger_module_path = 'modules/mod_passenger.so' rackapp_user = 'apache' rackapp_group = 'apache' + when 'SLES' + conf_file = "#{$mod_dir}/passenger.conf" end pp_rackapp = <<-EOS diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 96de640404..02a1954eaa 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -11,10 +11,10 @@ class { 'apache': class { 'apache::mod::php': } apache::vhost { 'php.example.com': port => '80', - docroot => '/var/www/php', + docroot => '#{$docroot}/php', } host { 'php.example.com': ip => '127.0.0.1', } - file { '/var/www/php/index.php': + file { '#{$docroot}/php/index.php': ensure => file, content => "\\n", } @@ -60,14 +60,14 @@ class { 'apache::mod::php': } apache::vhost { 'php.example.com': port => '80', - docroot => '/var/www/php', + docroot => '#{$docroot}/php', php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, php_flags => { 'display_errors' => 'on', }, php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, php_admin_flags => { 'engine' => 'on', }, } host { 'php.example.com': ip => '127.0.0.1', } - file { '/var/www/php/index.php5': + file { '#{$docroot}/php/index.php5': ensure => file, content => "\\n", } diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 8a12296079..0f1b5c4bb2 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -2,6 +2,13 @@ require_relative './version.rb' describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) do + + if fact('osfamily') == 'Suse' + $docroot = "/srv/www" + else + $docroot = "/var/www" + end + context "default mod_security config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do @@ -29,9 +36,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } @@ -69,8 +76,10 @@ class { 'apache::mod::security': } end end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end end @@ -84,9 +93,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } @@ -107,8 +116,10 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end it 'should disable mod_security per vhost' do @@ -117,7 +128,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', modsec_disable_vhost => true, } EOS @@ -140,9 +151,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } @@ -163,8 +174,10 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end it 'should disable mod_security per vhost' do @@ -173,7 +186,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', modsec_disable_ips => [ '127.0.0.1' ], } EOS @@ -196,13 +209,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } - file { '/var/www/html/index2.html': + file { '#{$docroot}/html/index2.html': ensure => file, content => 'Page 2', } @@ -223,8 +236,10 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end it 'should disable mod_security per vhost' do @@ -233,7 +248,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', modsec_disable_ids => [ '950007' ], } EOS @@ -257,13 +272,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } - file { '/var/www/html/index2.html': + file { '#{$docroot}/html/index2.html': ensure => file, content => 'Page 2', } @@ -284,8 +299,10 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end it 'should disable mod_security per vhost' do @@ -294,7 +311,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', modsec_disable_msgs => [ 'Blind SQL Injection Attack' ], } EOS @@ -318,13 +335,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', } - file { '/var/www/html/index.html': + file { '#{$docroot}/html/index.html': ensure => file, content => 'Index page', } - file { '/var/www/html/index2.html': + file { '#{$docroot}/html/index2.html': ensure => file, content => 'Page 2', } @@ -345,8 +362,10 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + unless fact('osfamily') == 'Suse' + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end it 'should disable mod_security per vhost' do @@ -355,7 +374,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '/var/www/html', + docroot => '#{$docroot}/html', modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION' ], } EOS diff --git a/spec/acceptance/nodesets/suse.yml b/spec/acceptance/nodesets/suse.yml index b6c14b92c6..ac04926992 100644 --- a/spec/acceptance/nodesets/suse.yml +++ b/spec/acceptance/nodesets/suse.yml @@ -6,7 +6,7 @@ HOSTS: - default platform: sles-11-x86_64 template: sles-11-x86_64 - hypervisor: vcloud + hypervisor: virtualbox redhat-7-x86_64-master: roles: - master @@ -15,7 +15,7 @@ HOSTS: - agent platform: el-7-x86_64 template: redhat-7-x86_64 - hypervisor: vcloud + hypervisor: virtualbox CONFIG: nfs_server: none consoleport: 443 diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index 24461b2377..f69b56cc52 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -10,6 +10,7 @@ $vhost_dir = '/etc/httpd/conf.d' $vhost = '/etc/httpd/conf.d/15-default.conf' $run_dir = '/var/run/httpd' + $docroot = '/var/www' $service_name = 'httpd' $package_name = 'httpd' $error_log = 'error_log' @@ -31,6 +32,7 @@ $vhost = '/etc/apache2/sites-available/15-default.conf' $vhost_dir = '/etc/apache2/sites-enabled' $run_dir = '/var/run/apache2' + $docroot = '/var/www' $service_name = 'apache2' $package_name = 'apache2' $error_log = 'error.log' @@ -52,6 +54,7 @@ $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' $vhost_dir = '/usr/local/etc/apache24/Vhosts' $run_dir = '/var/run/apache24' + $docroot = '/var/www' $service_name = 'apache24' $package_name = 'apache24' $error_log = 'http-error.log' @@ -65,6 +68,7 @@ $vhost = '/etc/apache2/vhosts.d/15-default.conf' $vhost_dir = '/etc/apache2/vhosts.d' $run_dir = '/var/run/apache2' + $docroot = '/var/www' $service_name = 'apache2' $package_name = 'www-servers/apache' $error_log = 'http-error.log' @@ -78,13 +82,15 @@ $vhost = '/etc/apache2/sites-available/15-default.conf' $vhost_dir = '/etc/apache2/sites-available' $run_dir = '/var/run/apache2' + $docroot = '/srv/www' $service_name = 'apache2' $package_name = 'apache2' - $error_log = 'http-error.log' - if _operatingsystemrelease <= 11 - $apache_version = '2.2' + if _operatingsystemrelease < 12 + $apache_version = '2.2' + $error_log = 'error.log' else - $apache_version = '2.4' + $apache_version = '2.4' + $error_log = 'http-error.log' end else $apache_version = '0' diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index bb4b83c2be..db3be92402 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -45,14 +45,14 @@ class { 'apache': } context 'default vhost with ssl' do it 'should create default vhost configs' do pp = <<-EOS - file { '#{$run_dir}': + file { '#{$vhost_dir}': ensure => 'directory', recurse => true, } class { 'apache': default_ssl_vhost => true, - require => File['#{$run_dir}'], + require => File['#{$vhost_dir}'], } EOS apply_manifest(pp, :catch_failures => true) @@ -72,7 +72,7 @@ class { 'apache': it 'should configure an apache vhost' do pp = <<-EOS class { 'apache': } - file { '#{$run_dir}': + file { '/var/www': ensure => 'directory', recurse => true, } @@ -80,7 +80,7 @@ class { 'apache': } apache::vhost { 'first.example.com': port => '80', docroot => '/var/www/first', - require => File['#{$run_dir}'], + require => File['/var/www'], } EOS apply_manifest(pp, :catch_failures => true) @@ -1075,7 +1075,7 @@ class { 'apache': } action => 'php-fastcgi', } EOS - pp = pp + "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian' + pp = pp + "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian' || fact('osfamily') == 'Suse' apply_manifest(pp, :catch_failures => true) end @@ -1109,7 +1109,7 @@ class { 'apache': service_ensure => stopped, } end describe 'rack_base_uris' do - if (fact('osfamily') != 'RedHat') + unless fact('osfamily') == 'RedHat' or (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12') it 'applies cleanly' do test = lambda do pp = <<-EOS @@ -1320,7 +1320,7 @@ class { 'apache::mod::wsgi': } end end - context 'on everything but lucid', :unless => fact('lsbdistcodename') == 'lucid' do + context 'on everything but lucid', :unless => (fact('lsbdistcodename') == 'lucid' or (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12')) do it 'import_script applies cleanly' do pp = <<-EOS class { 'apache': } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index b6ec0b5856..5d93612afc 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -5,6 +5,8 @@ run_puppet_install_helper RSpec.configure do |c| + c.filter_run :focus => true + c.run_all_when_everything_filtered = true # apache on Ubuntu 10.04 and 12.04 doesn't like IPv6 VirtualHosts, so we skip ipv6 tests on those systems if fact('operatingsystem') == 'Ubuntu' and (fact('operatingsystemrelease') == '10.04' or fact('operatingsystemrelease') == '12.04') c.filter_run_excluding :ipv6 => true diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 5505f2140a..298e27e78b 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -63,6 +63,12 @@ SecTmpDir /var/cache/modsecurity SecDataDir /var/cache/modsecurity SecUploadDir /var/cache/modsecurity +<%- elsif scope.lookupvar('::osfamily') == 'Suse' -%> + SecDebugLog /var/log/apache2/modsec_debug.log + SecAuditLog /var/log/apache2/modsec_audit.log + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security + SecUploadDir /var/lib/mod_security <% else -%> SecDebugLog /var/log/httpd/modsec_debug.log SecAuditLog /var/log/httpd/modsec_audit.log From a776e2f5aa2c8cf7dc38ea708e8a1f746b575efe Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 28 Sep 2016 10:08:42 -0700 Subject: [PATCH 0989/2267] in which final touches are added --- manifests/mod/passenger.pp | 51 ----------------------- manifests/mod/php.pp | 2 +- manifests/mod/security.pp | 4 +- manifests/params.pp | 3 +- spec/acceptance/class_spec.rb | 1 - spec/acceptance/default_mods_spec.rb | 8 ++-- spec/acceptance/mod_dav_svn_spec.rb | 6 +-- spec/acceptance/mod_pagespeed_spec.rb | 4 +- spec/acceptance/mod_passenger_spec.rb | 2 - spec/acceptance/mod_php_spec.rb | 8 ++-- spec/acceptance/mod_security_spec.rb | 59 ++++++++++++--------------- spec/acceptance/version.rb | 13 +++--- spec/acceptance/vhost_spec.rb | 4 +- 13 files changed, 49 insertions(+), 116 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 967b60e13c..9c8fb14cf3 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -55,57 +55,6 @@ $_lib_path = $mod_lib_path } - if $::osfamily == 'Suse' { - package {'rack': - provider => 'gem', - ensure => "1.6.4", - before => Exec['passenger'] - } - package {'rake': - provider => 'gem', - ensure => '10.5.0', - before => Exec['passenger'] - } - package {'passenger': - provider => 'gem', - ensure => 'installed', - before => Exec['passenger'] - } - package {'gcc': - provider => 'zypper', - before => Package['gcc-c++'] - } - package {'gcc43-c++': - provider => 'zypper', - before => Package['gcc-c++'] - } - package {'gcc-c++': - provider => 'rpm', - source => 'http://download.opensuse.org/repositories/home:/zhy20120210:/SLES-11-SP1-x86-64/SLE_11/x86_64/gcc-c++-4.3-62.8.x86_64.rpm', - before => Exec['passenger'], - } - package {'apache2-devel': - provider => 'zypper', - before => Exec['passenger'], - } - package {'libcurl-devel': - provider => 'zypper', - before => Exec['passenger'], - } - exec {'passenger': - command => '/usr/bin/passenger-install-apache2-module -a', - } - file {'/etc/apache2/mods-available/passenger.load': - ensure => present, - content => 'LoadModule passenger_module /usr/lib64/apache2/mod_passenger.so' - } - file {'/usr/lib64/apache2/mod_passenger.so': - target => "/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30/buildout/apache2/mod_passenger.so" - - } - - } - if $::osfamily == 'RedHat' and $manage_repo { yumrepo { 'passenger': ensure => 'present', diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 47d88abd33..16c39873f7 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -52,7 +52,7 @@ $_lib = "libphp${php_version}.so" $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1') - if $::osfamily == 'Suse' { + if $::operatingsystem == 'SLES' { $suse_lib_path = $::apache::params::suse_lib_path ::apache::mod { $mod: package => $_package_name, diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index b2890d4b78..e8431684b0 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -32,7 +32,7 @@ fail('FreeBSD is not currently supported') } - if $::osfamily == 'Suse' { + if $::operatingsystem == 'SLES' { ::apache::mod { 'security': id => 'security2_module', lib_path => $suse_lib_path, @@ -116,6 +116,6 @@ notify => Class['apache::service'], } - unless $::osfamily == "Suse" { apache::security::rule_link { $activated_rules: } } + unless $::operatingsystem == "SLES" { apache::security::rule_link { $activated_rules: } } } diff --git a/manifests/params.pp b/manifests/params.pp index 841f2bcb66..2c0edf2e4c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,7 +49,7 @@ $modsec_audit_log_parts = 'ABIJDEFHZ' - if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::osfamily == 'Suse') { + if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::operatingsystem == 'SLES') { $verify_command = '/usr/sbin/apache2ctl -t' } elsif $::operatingsystem == 'FreeBSD' { $verify_command = '/usr/local/sbin/apachectl -t' @@ -489,7 +489,6 @@ 'perl' => 'apache2-mod_perl', 'php5' => 'apache2-mod_php53', 'python' => 'apache2-mod_python', - 'passenger' => 'apache2-mod_passenger', 'security' => 'apache2-mod_security2', } $mod_libs = { diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index a640e54895..d67b1a878c 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -21,7 +21,6 @@ } end - describe package($package_name) do it { is_expected.to be_installed } end diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 6fb21b907b..66790d2ffd 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -34,10 +34,10 @@ class { 'apache': default_mods => false, } apache::vhost { 'defaults.example.com': - docroot => '#{$docroot}/defaults', + docroot => '#{$doc_root}/defaults', aliases => { alias => '/css', - path => '#{$docroot}/css', + path => '#{$doc_root}/css', }, setenv => 'TEST1 one', } @@ -65,10 +65,10 @@ class { 'apache': ], } apache::vhost { 'defaults.example.com': - docroot => '#{$docroot}/defaults', + docroot => '#{$doc_root}/defaults', aliases => { alias => '/css', - path => '#{$docroot}/css', + path => '#{$doc_root}/css', }, setenv => 'TEST1 one', } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index a3473f3cab..8b26a6b99f 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -9,11 +9,7 @@ else authz_svn_load_file = 'authz_svn.load' end - when 'RedHat' - authz_svn_load_file = 'dav_svn_authz_svn.load' - when 'FreeBSD' - authz_svn_load_file = 'dav_svn_authz_svn.load' - when 'Suse' + else authz_svn_load_file = 'dav_svn_authz_svn.load' end diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index ea92ab5b83..74d507745b 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -42,10 +42,10 @@ class { 'apache::mod::pagespeed': } apache::vhost { 'pagespeed.example.com': port => '80', - docroot => '#{$docroot}/pagespeed', + docroot => '#{$doc_root}/pagespeed', } host { 'pagespeed.example.com': ip => '127.0.0.1', } - file { '#{$docroot}/pagespeed/index.html': + file { '#{$doc_root}/pagespeed/index.html': ensure => file, content => "\n\n\n
Hello World!
\n\n", } diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 533d71533d..4761d2c5bf 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -60,8 +60,6 @@ passenger_module_path = 'modules/mod_passenger.so' rackapp_user = 'apache' rackapp_group = 'apache' - when 'SLES' - conf_file = "#{$mod_dir}/passenger.conf" end pp_rackapp = <<-EOS diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 02a1954eaa..cff4a4dbad 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -11,10 +11,10 @@ class { 'apache': class { 'apache::mod::php': } apache::vhost { 'php.example.com': port => '80', - docroot => '#{$docroot}/php', + docroot => '#{$doc_root}/php', } host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$docroot}/php/index.php': + file { '#{$doc_root}/php/index.php': ensure => file, content => "\\n", } @@ -60,14 +60,14 @@ class { 'apache::mod::php': } apache::vhost { 'php.example.com': port => '80', - docroot => '#{$docroot}/php', + docroot => '#{$doc_root}/php', php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, php_flags => { 'display_errors' => 'on', }, php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, php_admin_flags => { 'engine' => 'on', }, } host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$docroot}/php/index.php5': + file { '#{$doc_root}/php/index.php5': ensure => file, content => "\\n", } diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 0f1b5c4bb2..c6fa220898 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -2,13 +2,6 @@ require_relative './version.rb' describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) do - - if fact('osfamily') == 'Suse' - $docroot = "/srv/www" - else - $docroot = "/var/www" - end - context "default mod_security config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do @@ -36,9 +29,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } @@ -76,7 +69,7 @@ class { 'apache::mod::security': } end end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -93,9 +86,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } @@ -116,7 +109,7 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -128,7 +121,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', modsec_disable_vhost => true, } EOS @@ -151,9 +144,9 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } @@ -174,7 +167,7 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -186,7 +179,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', modsec_disable_ips => [ '127.0.0.1' ], } EOS @@ -209,13 +202,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } - file { '#{$docroot}/html/index2.html': + file { '#{$doc_root}/html/index2.html': ensure => file, content => 'Page 2', } @@ -236,7 +229,7 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -248,7 +241,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', modsec_disable_ids => [ '950007' ], } EOS @@ -272,13 +265,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } - file { '#{$docroot}/html/index2.html': + file { '#{$doc_root}/html/index2.html': ensure => file, content => 'Page 2', } @@ -299,7 +292,7 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -311,7 +304,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', modsec_disable_msgs => [ 'Blind SQL Injection Attack' ], } EOS @@ -335,13 +328,13 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', } - file { '#{$docroot}/html/index.html': + file { '#{$doc_root}/html/index.html': ensure => file, content => 'Index page', } - file { '#{$docroot}/html/index2.html': + file { '#{$doc_root}/html/index2.html': ensure => file, content => 'Page 2', } @@ -362,7 +355,7 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - unless fact('osfamily') == 'Suse' + unless fact('operatingsystem') == 'SLES' it 'should block query with SQL' do shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end @@ -374,7 +367,7 @@ class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', - docroot => '#{$docroot}/html', + docroot => '#{$doc_root}/html', modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION' ], } EOS diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index f69b56cc52..fac4071e60 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -10,7 +10,7 @@ $vhost_dir = '/etc/httpd/conf.d' $vhost = '/etc/httpd/conf.d/15-default.conf' $run_dir = '/var/run/httpd' - $docroot = '/var/www' + $doc_root = '/var/www' $service_name = 'httpd' $package_name = 'httpd' $error_log = 'error_log' @@ -32,7 +32,7 @@ $vhost = '/etc/apache2/sites-available/15-default.conf' $vhost_dir = '/etc/apache2/sites-enabled' $run_dir = '/var/run/apache2' - $docroot = '/var/www' + $doc_root = '/var/www' $service_name = 'apache2' $package_name = 'apache2' $error_log = 'error.log' @@ -54,7 +54,7 @@ $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' $vhost_dir = '/usr/local/etc/apache24/Vhosts' $run_dir = '/var/run/apache24' - $docroot = '/var/www' + $doc_root = '/var/www' $service_name = 'apache24' $package_name = 'apache24' $error_log = 'http-error.log' @@ -68,7 +68,7 @@ $vhost = '/etc/apache2/vhosts.d/15-default.conf' $vhost_dir = '/etc/apache2/vhosts.d' $run_dir = '/var/run/apache2' - $docroot = '/var/www' + $doc_root = '/var/www' $service_name = 'apache2' $package_name = 'www-servers/apache' $error_log = 'http-error.log' @@ -82,15 +82,14 @@ $vhost = '/etc/apache2/sites-available/15-default.conf' $vhost_dir = '/etc/apache2/sites-available' $run_dir = '/var/run/apache2' - $docroot = '/srv/www' + $doc_root = '/srv/www' $service_name = 'apache2' $package_name = 'apache2' + $error_log = 'error.log' if _operatingsystemrelease < 12 $apache_version = '2.2' - $error_log = 'error.log' else $apache_version = '2.4' - $error_log = 'http-error.log' end else $apache_version = '0' diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index db3be92402..d4b2e3edf1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -45,14 +45,14 @@ class { 'apache': } context 'default vhost with ssl' do it 'should create default vhost configs' do pp = <<-EOS - file { '#{$vhost_dir}': + file { '#{$run_dir}': ensure => 'directory', recurse => true, } class { 'apache': default_ssl_vhost => true, - require => File['#{$vhost_dir}'], + require => File['#{$run_dir}'], } EOS apply_manifest(pp, :catch_failures => true) From f8bc69b3db9f3c70426d2828eb2cc7d48271f08c Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Thu, 29 Sep 2016 08:06:44 -0700 Subject: [PATCH 0990/2267] in which lint errors are fixed --- manifests/mod/dav_svn.pp | 6 +++--- manifests/mod/security.pp | 8 ++++---- spec/classes/mod/dav_svn_spec.rb | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 338285aac5..b7d4d81a07 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,14 +1,14 @@ class apache::mod::dav_svn ( $authz_svn_enabled = false, - $suse_lib_path = $::apache::params::suse_lib_path ) { Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] include ::apache include ::apache::mod::dav if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ + $suse_lib_path = $::apache::params::suse_lib_path package { 'subversion-server': + ensure => 'installed', provider => 'zypper', - ensure => 'installed', } ::apache::mod {'dav_svn': lib_path => $suse_lib_path @@ -27,7 +27,7 @@ if ($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ ::apache::mod { 'authz_svn': loadfile_name => $loadfile_name, - lib_path => $suse_lib_path, + lib_path => $suse_lib_path, require => Apache::Mod['dav_svn'], } } else { diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index e8431684b0..77a3c85906 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -19,7 +19,6 @@ $error_anomaly_score = '4', $warning_anomaly_score = '3', $notice_anomaly_score = '2', - $suse_lib_path = $::apache::params::suse_lib_path, ) inherits ::apache::params { include ::apache @@ -33,10 +32,11 @@ } if $::operatingsystem == 'SLES' { + $suse_lib_path = $::apache::params::suse_lib_path ::apache::mod { 'security': - id => 'security2_module', + id => 'security2_module', lib_path => $suse_lib_path, - lib => 'mod_security2.so', + lib => 'mod_security2.so', } } else { ::apache::mod { 'security': @@ -116,6 +116,6 @@ notify => Class['apache::service'], } - unless $::operatingsystem == "SLES" { apache::security::rule_link { $activated_rules: } } + unless $::operatingsystem == 'SLES' { apache::security::rule_link { $activated_rules: } } } diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 1eb06b22c5..426b547f2a 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -16,7 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } From 571bc4e627f3cb905f06beda25e8fe82eccbba3f Mon Sep 17 00:00:00 2001 From: Philipp Dallig Date: Thu, 4 Aug 2016 15:02:22 +0200 Subject: [PATCH 0991/2267] Add passenger_nodejs + passenger_sticky_sessions + passenger_startup_file --- README.md | 12 ++++++++++++ manifests/vhost.pp | 14 ++++++++++++-- spec/defines/vhost_spec.rb | 3 +++ templates/vhost/_passenger.erb | 9 +++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fd2faa00ae..e705695520 100644 --- a/README.md +++ b/README.md @@ -2573,6 +2573,18 @@ Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/refe Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Valid options: 'true', 'false'. Default: undef. +##### `passenger_nodejs` + +Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), the NodeJS interpreter to use for the application, on this virtual host. + +##### `passenger_sticky_sessions` + +Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. Valid options: 'true', 'false'. Default: undef. + +##### `passenger_startup_file` + +Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. + ##### `php_flags & values` Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 15286b6941..5644ba82ca 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -135,6 +135,9 @@ $passenger_pre_start = undef, $passenger_user = undef, $passenger_high_performance = undef, + $passenger_nodejs = undef, + $passenger_sticky_sessions = undef, + $passenger_startup_file = undef, $add_default_charset = undef, $modsec_disable_vhost = undef, $modsec_disable_ids = undef, @@ -292,6 +295,10 @@ validate_re($keepalive,'(^on$|^off$)',"${keepalive} is not permitted for keepalive. Allowed values are 'on' or 'off'.") } + if $passenger_sticky_sessions { + validate_bool($passenger_sticky_sessions) + } + # Input validation ends if $ssl and $ensure == 'present' { @@ -316,7 +323,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { include ::apache::mod::passenger } @@ -1046,7 +1053,10 @@ # - $passenger_start_timeout # - $passenger_pre_start # - $passenger_user - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user { + # - $passenger_nodejs + # - $passenger_sticky_sessions + # - $passenger_startup_file + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 6f85b622b3..48cff58e38 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -387,6 +387,9 @@ 'passenger_pre_start' => 'http://localhost/myapp', 'passenger_high_performance' => true, 'passenger_user' => 'sandbox', + 'passenger_nodejs' => '/usr/bin/node', + 'passenger_sticky_sessions' => true, + 'passenger_startup_file' => 'bin/www', 'add_default_charset' => 'UTF-8', 'jk_mounts' => [ { 'mount' => '/*', 'worker' => 'tcnode1', }, diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index becea9c4d0..a380016b3b 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -22,3 +22,12 @@ <% if @passenger_high_performance -%> PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %> <% end -%> +<% if @passenger_nodejs -%> + PassengerNodejs <%= @passenger_nodejs -%> +<% end -%> +<% if @passenger_sticky_sessions -%> + PassengerStickySessions <%= scope.function_bool2httpd([@passenger_sticky_sessions]) %> +<% end -%> +<% if @passenger_startup_file -%> + PassengerStartupFile <%= @passenger_startup_file -%> +<% end -%> From 9aca087be157ed16ab15212e7d1e086f149075fb Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 7 Jul 2016 17:05:54 +0200 Subject: [PATCH 0992/2267] Auto load Apache::Mod[slotmem_shm] and Apache::Mod[lbmethod_byrequests] with proxy_balancer on 2.4 --- README.md | 14 ++++++++++++++ manifests/balancer.pp | 8 ++++++++ manifests/mod/proxy_balancer.pp | 7 ++++++- spec/defines/balancer_spec.rb | 27 +++++++++++++++++++++++++++ spec/defines/balancermember_spec.rb | 6 ++++-- 5 files changed, 59 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index fd2faa00ae..f38610ad7d 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ [`apache::mod::peruser`]: #class-apachemodperuser [`apache::mod::prefork`]: #class-apachemodprefork [`apache::mod::proxy`]: #class-apachemodproxy +[`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html [`apache::mod::security`]: #class-apachemodsecurity @@ -733,10 +734,13 @@ If you need to use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_ apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', + 'lbmethod' => 'bytraffic', }, } ``` +Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balancer documentation](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). + ## Reference - [**Public classes**](#public-classes) @@ -1336,6 +1340,7 @@ The following Apache modules have supported classes, many of which allow for par * `prefork`\* * `proxy`\* (see [`apache::mod::proxy`][]) * `proxy_ajp` +* `proxy_balancer`\* (see [`apache::mod::proxy_balancer`][]) * `proxy_balancer` * `proxy_html` (see [`apache::mod::proxy_html`][]) * `proxy_http` @@ -1731,6 +1736,15 @@ Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its conf - `package_name`: Default: `undef`. - `proxy_requests`: Default: 'Off'. +##### Class: `apache::mod::proxy_balancer` + +Installs and manages [`mod_proxy_balancer`][], which provides load balancing. + +**Parameters within `apache::mod::proxy_balancer`**: + +- `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. + - On Apache >= 2.4, `mod_slotmem_shm` is loaded. + ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 0d2439bfe2..41db8a8dc8 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -49,6 +49,14 @@ ) { include ::apache::mod::proxy_balancer + if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 { + $lbmethod = $proxy_set['lbmethod'] ? { + undef => 'byrequests', + default => $proxy_set['lbmethod'], + } + ensure_resource('apache::mod', "lbmethod_${lbmethod}") + } + if $target { $_target = $target } else { diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp index 5a0768d8d0..a225ce3396 100644 --- a/manifests/mod/proxy_balancer.pp +++ b/manifests/mod/proxy_balancer.pp @@ -1,7 +1,12 @@ -class apache::mod::proxy_balancer { +class apache::mod::proxy_balancer( + $apache_version = $::apache::apache_version, +) { include ::apache::mod::proxy include ::apache::mod::proxy_http + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mod { 'slotmem_shm': } + } Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer'] Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer'] diff --git a/spec/defines/balancer_spec.rb b/spec/defines/balancer_spec.rb index 65df6d3730..3b43e3fd7a 100644 --- a/spec/defines/balancer_spec.rb +++ b/spec/defines/balancer_spec.rb @@ -30,6 +30,16 @@ it { should contain_concat('apache_balancer_myapp').with({ :path => "/tmp/myapp.conf", })} + it { should_not contain_apache__mod('slotmem_shm') } + it { should_not contain_apache__mod('lbmethod_byrequests') } + end + context "on jessie" do + let(:facts) { super().merge({ + :operatingsystemrelease => '8', + :lsbdistcodename => 'jessie', + }) } + it { should contain_apache__mod('slotmem_shm') } + it { should contain_apache__mod('lbmethod_byrequests') } end end describe 'apache pre_condition with conf_dir set' do @@ -42,4 +52,21 @@ :path => "/junk/path/balancer_myapp.conf", })} end + + describe 'with lbmethod and with apache::mod::proxy_balancer::apache_version set' do + let :pre_condition do + 'class{"apache::mod::proxy_balancer": + apache_version => "2.4" + }' + end + let :params do + { + :proxy_set => { + 'lbmethod' => 'bytraffic', + }, + } + end + it { should contain_apache__mod('slotmem_shm') } + it { should contain_apache__mod('lbmethod_bytraffic') } + end end diff --git a/spec/defines/balancermember_spec.rb b/spec/defines/balancermember_spec.rb index d99f99686e..6221290a28 100644 --- a/spec/defines/balancermember_spec.rb +++ b/spec/defines/balancermember_spec.rb @@ -19,7 +19,8 @@ end describe "allows multiple balancermembers with the same url" do let :pre_condition do - 'apache::balancer {"balancer":} + 'include apache + apache::balancer {"balancer":} apache::balancer {"balancer-external":} apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} ' @@ -38,7 +39,8 @@ end describe "allows balancermember with a different target" do let :pre_condition do - 'apache::balancer {"balancername": target => "/etc/apache/balancer.conf"} + 'include apache + apache::balancer {"balancername": target => "/etc/apache/balancer.conf"} apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancername"} ' end From 49f8bf579ee2211da4a36bd9c93b4ce7c2a14a09 Mon Sep 17 00:00:00 2001 From: Guy Vandenbergh Date: Thu, 6 Oct 2016 14:38:37 +0200 Subject: [PATCH 0993/2267] Add rpaf.conf template parameter Enable usage of different rpaf.conf file (e.g. rpaf forks 0.6.1 https://github.com/gnif/mod_rpaf) --- manifests/mod/rpaf.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index cb65483605..b9afa149f2 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -1,7 +1,8 @@ class apache::mod::rpaf ( $sethostname = true, $proxy_ips = [ '127.0.0.1' ], - $header = 'X-Forwarded-For' + $header = 'X-Forwarded-For', + $template = 'apache/mod/rpaf.conf.erb' ) { include ::apache ::apache::mod { 'rpaf': } @@ -14,7 +15,7 @@ ensure => file, path => "${::apache::mod_dir}/rpaf.conf", mode => $::apache::file_mode, - content => template('apache/mod/rpaf.conf.erb'), + content => template($template), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], From 964317d5df86d655912b1a65afca97606c9ae739 Mon Sep 17 00:00:00 2001 From: Guy Vandenbergh Date: Thu, 6 Oct 2016 16:17:40 +0200 Subject: [PATCH 0994/2267] Add path to shibboleth lib Shibboleth can be installed in very different location using different names depending on the version, os... We add a parameter to specify the location of the current shibboleth library path. --- manifests/mod/shib.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index 4b00889260..c1fda9324f 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -1,5 +1,6 @@ class apache::mod::shib ( $suppress_warning = false, + $mod_full_path = undef, ) { include ::apache if $::osfamily == 'RedHat' and ! $suppress_warning { @@ -9,7 +10,7 @@ $mod_shib = 'shib2' apache::mod {$mod_shib: - id => 'mod_shib', + id => 'mod_shib', + path => $mod_full_path, } - } From 35096a6d8fd17edea599eeaa60bc4ca2a4f06b5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 6 Oct 2016 19:16:41 +0200 Subject: [PATCH 0995/2267] Simplify MPM setup on FreeBSD (#1497) * MPM backend are dynamic on FreeBSD since 2015. This makes it easy to switch MPM. https://svnweb.freebsd.org/ports?view=revision&revision=378215 * Get rid of now useless variable. * No more true. --- README.md | 2 -- manifests/package.pp | 30 +----------------------------- 2 files changed, 1 insertion(+), 31 deletions(-) diff --git a/README.md b/README.md index fd2faa00ae..a6a0456868 100644 --- a/README.md +++ b/README.md @@ -1081,8 +1081,6 @@ You must set this to false to explicitly declare the following classes with cust - [`apache::mod::prefork`][] - [`apache::mod::worker`][] -> **Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. - ##### `package_ensure` Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. diff --git a/manifests/package.pp b/manifests/package.pp index 5c59f2546d..7c95f99800 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -12,54 +12,26 @@ 'FreeBSD': { case $mpm_module { 'prefork': { - $set = 'MPM_PREFORK' - $unset = 'MPM_WORKER MPM_EVENT' } 'worker': { - $set = 'MPM_WORKER' - $unset = 'MPM_PREFORK MPM_EVENT' } 'event': { - $set = 'MPM_EVENT' - $unset = 'MPM_PREFORK MPM_WORKER' } 'itk': { - $set = undef - $unset = undef package { 'www/mod_mpm_itk': ensure => installed, } } default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } } - - # Configure ports to have apache build options set correctly - if $set { - file_line { 'apache SET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_SET_FORCE=${set}", - match => '^apache24_SET_FORCE=.*', - before => Package['httpd'], - } - file_line { 'apache UNSET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_UNSET_FORCE=${unset}", - match => '^apache24_UNSET_FORCE=.*', - before => Package['httpd'], - } - } - $apache_package = $::apache::apache_name } default: { - $apache_package = $::apache::apache_name } } package { 'httpd': ensure => $ensure, - name => $apache_package, + name => $::apache::apache_name, notify => Class['Apache::Service'], } } From 022ce44e15682b6bc3d7ba7f2aaf9ef2f4471d8d Mon Sep 17 00:00:00 2001 From: gerhardsam Date: Thu, 6 Oct 2016 19:34:50 +0200 Subject: [PATCH 0996/2267] Rename spec for apache::mod::disk_cache (#1509) Fixes spec tests for apache::mod::disk_cache --- .../mod/{disk_cache.rb => disk_cache_spec.rb} | 98 +++++++++++-------- 1 file changed, 56 insertions(+), 42 deletions(-) rename spec/classes/mod/{disk_cache.rb => disk_cache_spec.rb} (50%) diff --git a/spec/classes/mod/disk_cache.rb b/spec/classes/mod/disk_cache_spec.rb similarity index 50% rename from spec/classes/mod/disk_cache.rb rename to spec/classes/mod/disk_cache_spec.rb index 263b4cac64..ebb5ef6a97 100644 --- a/spec/classes/mod/disk_cache.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -1,10 +1,7 @@ require 'spec_helper' describe 'apache::mod::disk_cache', :type => :class do - let :pre_condition do - 'include apache' - end - context "on a Debian OS", :compile do + context "on a Debian OS" do let :facts do { :id => 'root', @@ -19,28 +16,35 @@ } end context "with Apache version < 2.4" do - let :params do - { - :apache_version => '2.2', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.2", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - + it { should compile } + it { should contain_class('apache::mod::disk_cache') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } end context "with Apache version >= 2.4" do - let :params do - { - :apache_version => '2.4', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.4", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - + it { should compile } + it { should contain_class('apache::mod::disk_cache') } + it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } end end - context "on a RedHat 6-based OS", :compile do + context "on a RedHat 6-based OS" do let :facts do { :id => 'root', @@ -54,27 +58,29 @@ } end context "with Apache version < 2.4" do - let :params do - { - :apache_version => '2.2', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.2", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } end context "with Apache version >= 2.4" do - let :params do - { - :apache_version => '2.4', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.4", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } end end - context "on a FreeBSD OS", :compile do + context "on a FreeBSD OS" do let :facts do { :id => 'root', @@ -88,24 +94,32 @@ } end context "with Apache version < 2.4" do - let :params do - { - :apache_version => '2.2', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.2", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - + it { should compile } + it { should contain_class('apache::mod::disk_cache') } + it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } end context "with Apache version >= 2.4" do - let :params do - { - :apache_version => '2.4', - } + let :pre_condition do + 'class{ "apache": + apache_version => "2.4", + default_mods => ["cache"], + mod_dir => "/tmp/junk", + }' end - + it { should compile } + it { should contain_class('apache::mod::disk_cache') } + it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } end end end From 9aac67edc655418359d4a5a5741c8734bfe75774 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Mon, 10 Oct 2016 14:17:33 +0100 Subject: [PATCH 0997/2267] Update modulesync_config [51f469d] Additionally this finally cleanes up the spec_helper.rb --- .gitignore | 2 -- .sync.yml | 18 ++++++++++++- .travis.yml | 4 +-- spec/spec_helper.rb | 54 ++++----------------------------------- spec/spec_helper_local.rb | 37 +++++++++++++++++++++++++++ 5 files changed, 61 insertions(+), 54 deletions(-) create mode 100644 spec/spec_helper_local.rb diff --git a/.gitignore b/.gitignore index a319988ddc..0cd25de9af 100644 --- a/.gitignore +++ b/.gitignore @@ -4,8 +4,6 @@ Gemfile.lock vendor/ spec/fixtures/manifests/ spec/fixtures/modules/ -spec/acceptance/nodesets/ -tmp/ .vagrant/ .bundle/ coverage/ diff --git a/.sync.yml b/.sync.yml index e5f5f79bae..29a1aafa7b 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,7 +1,23 @@ --- .travis.yml: + includes: + - rvm: 2.3.1 + env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" + bundler_args: --without system_tests + - rvm: 2.1.9 + env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" + bundler_args: --without system_tests + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + bundler_args: --without system_tests + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" + bundler_args: --without system_tests + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" + bundler_args: --without system_tests Rakefile: extra_disabled_lint_checks: - 'disable_only_variable_string' spec/spec_helper.rb: - unmanaged: true + allow_deprecations: true diff --git a/.travis.yml b/.travis.yml index 4e549bf77a..6b0a0975f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,10 +21,10 @@ matrix: sudo: required - rvm: 2.3.1 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" + env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - rvm: 2.1.9 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" + env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - rvm: 2.1.5 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e61b185c1a..22d5d689f4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,52 +1,8 @@ +#This file is generated by ModuleSync, do not edit. require 'puppetlabs_spec_helper/module_spec_helper' -RSpec.configure do |c| - c.before :each do - # Ensure that we don't accidentally cache facts and environment - # between test cases. - Facter::Util::Loader.any_instance.stubs(:load_all) - Facter.clear - Facter.clear_messages - - # Store any environment variables away to be restored later - @old_env = {} - ENV.each_key {|k| @old_env[k] = ENV[k]} - - if ENV['STRICT_VARIABLES'] == 'yes' - Puppet.settings[:strict_variables]=true - end - end -end - -RSpec.configure do |config| - config.filter_run focus: true - config.run_all_when_everything_filtered = true -end - -shared_examples :compile, :compile => true do - it { should compile.with_all_deps } -end - -shared_examples 'a mod class, without including apache' do - let :facts do - { - :id => 'root', - :lsbdistcodename => 'squeeze', - :kernel => 'Linux', - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '6', - :operatingsystemmajrelease => nil, - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :concat_basedir => '/dne', - :is_pe => false, - :hardwaremodel => 'x86_64', - } - end - it { should compile.with_all_deps } -end - -RSpec.configure do |config| - config.filter_run focus: true - config.run_all_when_everything_filtered = true +# put local configuration and setup into spec_helper_local +begin + require 'spec_helper_local' +rescue LoadError end diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb new file mode 100644 index 0000000000..113ab7f6f4 --- /dev/null +++ b/spec/spec_helper_local.rb @@ -0,0 +1,37 @@ +RSpec.configure do |c| + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + end +end + +RSpec.configure do |config| + config.filter_run focus: true + config.run_all_when_everything_filtered = true +end + +shared_examples :compile, :compile => true do + it { should compile.with_all_deps } +end + +shared_examples 'a mod class, without including apache' do + let :facts do + { + :id => 'root', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => nil, + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + :hardwaremodel => 'x86_64', + } + end + it { should compile.with_all_deps } +end From 29c4f2bc58fca274447081dbdf9c66237d0acb78 Mon Sep 17 00:00:00 2001 From: Niels Laukens Date: Fri, 14 Oct 2016 14:11:16 +0200 Subject: [PATCH 0998/2267] Notify Apache of new symlink The notify was present in the regular vhost.pp manifest, but not in the vhost/custom.pp manifest --- manifests/vhost/custom.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp index e46b4c4d81..cfb06c273e 100644 --- a/manifests/vhost/custom.pp +++ b/manifests/vhost/custom.pp @@ -34,6 +34,7 @@ group => $::apache::params::root_group, mode => $::apache::file_mode, require => Apache::Custom_config[$filename], + notify => Class['apache::service'], } } } From 378fd4b7f30406dc4e2efc8d008005febc8caf82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 18 Oct 2016 17:05:09 +0200 Subject: [PATCH 0999/2267] Do not set ssl_certs_dir on FreeBSD The previous directory does NOT contain certificates by default, resulting in an error when starting apache if certificates are elsewhere: ~~~ [Tue Oct 18 16:34:17.074516 2016] [ssl:emerg] [pid 57102:tid 34397585408] AH01896: Unable to determine list of acceptable CA certificates for client authentication ~~~ While here, sync the README which was outdated. --- README.md | 2 +- manifests/params.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3e36448770..10d6081c7f 100644 --- a/README.md +++ b/README.md @@ -3678,7 +3678,7 @@ Specifies the location of the SSL certification directory. Default: Depends on t - **Debian:** '/etc/ssl/certs' - **Red Hat:** '/etc/pki/tls/certs' -- **FreeBSD:** '/usr/local/etc/apache22' +- **FreeBSD:** undef - **Gentoo:** '/etc/ssl/apache2' ##### `ssl_chain` diff --git a/manifests/params.pp b/manifests/params.pp index 613cb8c8c0..1f9f60a806 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -355,7 +355,7 @@ $dev_packages = undef $default_ssl_cert = '/usr/local/etc/apache24/server.crt' $default_ssl_key = '/usr/local/etc/apache24/server.key' - $ssl_certs_dir = '/usr/local/etc/apache24' + $ssl_certs_dir = undef $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58' From b253993decdceb16a6d54cb3b83acbec5dd86129 Mon Sep 17 00:00:00 2001 From: Jon-Paul Lindquist Date: Tue, 18 Oct 2016 13:41:00 -0700 Subject: [PATCH 1000/2267] Adding requirement for httpd package Adding requirement for httpd package to $modsec_dir file resource to fix bug MODULES-3985 --- manifests/mod/security.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 77a3c85906..80c92d755f 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -83,6 +83,7 @@ purge => true, force => true, recurse => true, + require => Package['httpd'], } file { "${modsec_dir}/activated_rules": From 3333e7f9dc6432e960e9b60542f7629ad7906dc7 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Tue, 18 Oct 2016 13:44:42 -0700 Subject: [PATCH 1001/2267] (FM-5739) removes mocha stubbing --- spec/spec_helper_local.rb | 2 + spec/unit/apache_version_spec.rb | 12 +-- spec/unit/provider/a2mod/gentoo_spec.rb | 108 ++++++++++++------------ 3 files changed, 62 insertions(+), 60 deletions(-) diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 113ab7f6f4..d861a1c49a 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -11,6 +11,8 @@ RSpec.configure do |config| config.filter_run focus: true config.run_all_when_everything_filtered = true + #as soon as psh is updated, the following line can be removed + config.mock_with :rspec end shared_examples :compile, :compile => true do diff --git a/spec/unit/apache_version_spec.rb b/spec/unit/apache_version_spec.rb index c62339da41..2036449fd9 100644 --- a/spec/unit/apache_version_spec.rb +++ b/spec/unit/apache_version_spec.rb @@ -8,9 +8,9 @@ describe 'apache_version' do context 'with value' do before :each do - Facter::Util::Resolution.stubs(:which).with('apachectl').returns(true) - Facter::Util::Resolution.stubs(:exec).with('apachectl -v 2>&1').returns('Server version: Apache/2.4.16 (Unix) - Server built: Jul 31 2015 15:53:26') + expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } + expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') {'Server version: Apache/2.4.16 (Unix) + Server built: Jul 31 2015 15:53:26'} end it do expect(Facter.fact(:apache_version).value).to eq('2.4.16') @@ -21,9 +21,9 @@ describe 'apache_version with empty OS' do context 'with value' do before :each do - Facter::Util::Resolution.stubs(:which).with('apachectl').returns(true) - Facter::Util::Resolution.stubs(:exec).with('apachectl -v 2>&1').returns('Server version: Apache/2.4.6 () - Server built: Nov 21 2015 05:34:59') + expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } + expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') {'Server version: Apache/2.4.6 () + Server built: Nov 21 2015 05:34:59' } end it do expect(Facter.fact(:apache_version).value).to eq('2.4.6') diff --git a/spec/unit/provider/a2mod/gentoo_spec.rb b/spec/unit/provider/a2mod/gentoo_spec.rb index e472745e92..1bccc94d17 100644 --- a/spec/unit/provider/a2mod/gentoo_spec.rb +++ b/spec/unit/provider/a2mod/gentoo_spec.rb @@ -15,19 +15,19 @@ describe "when fetching modules" do before do - @filetype = mock() + @filetype = double() end it "should return a sorted array of the defined parameters" do - @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) - provider_class.expects(:filetype).returns(@filetype) + expect(@filetype).to receive(:read) { %Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n} } + expect(provider_class).to receive(:filetype) { @filetype } expect(provider_class.modules).to eq(%w{bar baz foo}) end it "should cache the module list" do - @filetype.expects(:read).once.returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) - provider_class.expects(:filetype).once.returns(@filetype) + expect(@filetype).to receive(:read).once { %Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n} } + expect(provider_class).to receive(:filetype).once { @filetype } 2.times { expect(provider_class.modules).to eq(%w{bar baz foo}) } end @@ -42,121 +42,121 @@ describe "when prefetching" do it "should match providers to resources" do - provider = mock("ssl_provider", :name => "ssl") - resource = mock("ssl_resource") + provider = double("ssl_provider", :name => "ssl") + resource = double("ssl_resource") resource.expects(:provider=).with(provider) - provider_class.expects(:instances).returns([provider]) + expect(provider_class).to receive(:instances) { [provider] } provider_class.prefetch("ssl" => resource) end end describe "when flushing" do before :each do - @filetype = mock() - @filetype.stubs(:backup) - provider_class.expects(:filetype).at_least_once.returns(@filetype) + @filetype = double() + allow(@filetype).to receive(:backup) + allow(provider_class).to receive(:filetype).at_least(:once) { @filetype } - @info = mock() - @info.stubs(:[]).with(:name).returns("info") - @info.stubs(:provider=) + @info = double() + allow(@info).to receive(:[]).with(:name) { "info" } + allow(@info).to receive(:provider=) - @mpm = mock() - @mpm.stubs(:[]).with(:name).returns("mpm") - @mpm.stubs(:provider=) + @mpm = double() + allow(@mpm).to receive(:[]).with(:name) { "mpm" } + allow(@mpm).to receive(:provider=) - @ssl = mock() - @ssl.stubs(:[]).with(:name).returns("ssl") - @ssl.stubs(:provider=) + @ssl = double() + allow(@ssl).to receive(:[]).with(:name) { "ssl" } + allow(@ssl).to receive(:provider=) end it "should add modules whose ensure is present" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} } + expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D INFO"}) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) provider_class.flush end it "should remove modules whose ensure is present" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO"}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS=""}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-D INFO"} } + expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS=""}) - @info.stubs(:should).with(:ensure).returns(:absent) - @info.stubs(:provider=) + allow(@info).to receive(:should).with(:ensure) { :absent } + allow(@info).to receive(:provider=) provider_class.prefetch("info" => @info) provider_class.flush end it "should not modify providers without resources" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO -D MPM"}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-D INFO -D MPM"} } + expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"}) - @info.stubs(:should).with(:ensure).returns(:absent) + allow(@info).to receive(:should).with(:ensure) { :absent } provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) + allow(@ssl).to receive(:should).with(:ensure) { :present } provider_class.prefetch("ssl" => @ssl) provider_class.flush end it "should write the modules in sorted order" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} } + expect(@filetype).to receive(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"}) - @mpm.stubs(:should).with(:ensure).returns(:present) + allow(@mpm).to receive(:should).with(:ensure) { :present } provider_class.prefetch("mpm" => @mpm) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) + allow(@ssl).to receive(:should).with(:ensure) { :present } provider_class.prefetch("ssl" => @ssl) provider_class.flush end it "should write the records back once" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} } + expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) + allow(@ssl).to receive(:should).with(:ensure) { :present } provider_class.prefetch("ssl" => @ssl) provider_class.flush end it "should only modify the line containing APACHE2_OPTS" do - @filetype.expects(:read).at_least_once.returns(%Q{# Comment\nAPACHE2_OPTS=""\n# Another comment}) - @filetype.expects(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{# Comment\nAPACHE2_OPTS=""\n# Another comment} } + expect(@filetype).to receive(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment}) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) provider_class.flush end it "should restore any arbitrary arguments" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-Y -D MPM -X"}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-Y -D MPM -X"} } + expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"}) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) provider_class.flush end it "should backup the file once if changes were made" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) - @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS=""} } + expect(@filetype).to receive(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) + allow(@ssl).to receive(:should).with(:ensure) { :present } provider_class.prefetch("ssl" => @ssl) @filetype.unstub(:backup) @@ -165,13 +165,13 @@ end it "should not write the file or run backups if no changes were made" do - @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"}) - @filetype.expects(:write).never + expect(@filetype).to receive(:read).at_least(:once) { %Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"} } + expect(@filetype).to receive(:write).never - @info.stubs(:should).with(:ensure).returns(:present) + allow(@info).to receive(:should).with(:ensure) { :present } provider_class.prefetch("info" => @info) - @ssl.stubs(:should).with(:ensure).returns(:present) + allow(@ssl).to receive(:should).with(:ensure) { :present } provider_class.prefetch("ssl" => @ssl) @filetype.unstub(:backup) From 4342ae5895188cd72ca58dac36893ce145afd251 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Wed, 19 Oct 2016 18:06:38 +0100 Subject: [PATCH 1002/2267] (MODULES-3983) Update parallel_tests for ruby 2.0.0 --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index c97275bd82..8222ef0a7a 100644 --- a/Gemfile +++ b/Gemfile @@ -24,7 +24,8 @@ group :development, :unit_tests do gem 'rspec-puppet', '>= 2.3.2' gem 'rspec-puppet-facts' gem 'simplecov' - gem 'parallel_tests' + gem 'parallel_tests', '< 2.10.0' if RUBY_VERSION < '2.0.0' + gem 'parallel_tests' if RUBY_VERSION >= '2.0.0' gem 'rubocop', '0.41.2' if RUBY_VERSION < '2.0.0' gem 'rubocop' if RUBY_VERSION >= '2.0.0' gem 'rubocop-rspec', '~> 1.6' if RUBY_VERSION >= '2.3.0' From bf9f0d04bb48649c3f5b32a1a7da0ecf89960999 Mon Sep 17 00:00:00 2001 From: Stephen Benjamin Date: Thu, 20 Oct 2016 08:27:14 -0400 Subject: [PATCH 1003/2267] Move ssl.conf to main conf directory on EL7 This is solving a problem with the SSL configuration on a Red Hat-based OS that results in a duplicate 'Listen 443' statement after a package update, causing Apache to no longer start. The mod_ssl packaging ships a default ssl.conf in apache's main conf dir, that among other things, contains 'Listen 443'. However, this module puts all the Listen statements in ports.conf centralized. Generally this is no problem, because the module would purge the conf directory. Apache hums along happily -- until the apache package gets an update and it restores the default ssl.conf into /etc/httpd/conf.d/ssl.conf as no such file exists by the name on EL7 (the module's ssl.conf goes into conf.modules.d). Apache will then fail to start with this error until puppet runs again: Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443 The RPM won't overwrite the file if it's changed, but it does put it back when removed. So to avoid this problem, this change moves the ssl.conf to the Apache conf dir on EL7. That replaces the one created by the RPM. When the package is updated, it won't touch the ssl.conf and apache will continue to work. --- manifests/init.pp | 1 + manifests/mod/ssl.pp | 2 +- manifests/params.pp | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5293da0d17..a2782507da 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -68,6 +68,7 @@ $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, $log_formats = {}, + $ssl_file = $::apache::params::ssl_file, $ports_file = $::apache::params::ports_file, $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index a2d9c9055d..2e5a2edf49 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -90,7 +90,7 @@ # $_apache_version file { 'ssl.conf': ensure => file, - path => "${::apache::mod_dir}/ssl.conf", + path => $::apache::ssl_file, mode => $::apache::file_mode, content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], diff --git a/manifests/params.pp b/manifests/params.pp index 1f9f60a806..85958d2996 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -74,6 +74,7 @@ $vhost_dir = "${httpd_dir}/conf.d" $vhost_enable_dir = undef $conf_file = 'httpd.conf' + $ssl_file = "${confd_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = 'run/httpd.pid' $logroot = '/var/log/httpd' @@ -210,6 +211,7 @@ $vhost_dir = "${httpd_dir}/sites-available" $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'apache2.conf' + $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = "\${APACHE_PID_FILE}" $logroot = '/var/log/apache2' @@ -346,6 +348,7 @@ $vhost_dir = "${httpd_dir}/Vhosts" $vhost_enable_dir = undef $conf_file = 'httpd.conf' + $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = '/var/run/httpd.pid' $logroot = '/var/log/apache24' @@ -415,6 +418,7 @@ $vhost_dir = "${httpd_dir}/vhosts.d" $vhost_enable_dir = undef $conf_file = 'httpd.conf' + $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/apache2' $logroot_mode = undef @@ -482,6 +486,7 @@ $vhost_dir = "${httpd_dir}/sites-available" $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'httpd.conf' + $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' From 70d0e06caa8a23d588d855edb1e2d32b09950865 Mon Sep 17 00:00:00 2001 From: floek Date: Mon, 4 Jul 2016 09:56:31 +0200 Subject: [PATCH 1004/2267] Support Apache 2.4 on SLES 12 --- manifests/version.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index 527dc6d38d..17092ac6bf 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -36,7 +36,12 @@ $default = '2.4' } 'Suse': { - $default = '2.2' + if ($::operatingsystemmajrelease == '12') { + $default = '2.4' + } else { + $default = '2.2' + } + } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") From 17db8f6b1550f9ee12e8e77e1c6d199b7bac3e8f Mon Sep 17 00:00:00 2001 From: floek Date: Thu, 7 Jul 2016 15:31:21 +0200 Subject: [PATCH 1005/2267] Suse has prefork per default --- manifests/mod/cgi.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 91352e8c8d..018d5acbfd 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,6 +1,7 @@ class apache::mod::cgi { case $::osfamily { 'FreeBSD': {} + 'Suse': {} default: { Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] } From 1729c0e8a89e38756b37260519c4d4d1f46df153 Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Thu, 27 Oct 2016 12:04:37 +0100 Subject: [PATCH 1006/2267] Additional SLES fix for version fact --- manifests/version.pp | 3 +-- spec/classes/mod/ssl_spec.rb | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/manifests/version.pp b/manifests/version.pp index 17092ac6bf..dbe67f7dc7 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -36,12 +36,11 @@ $default = '2.4' } 'Suse': { - if ($::operatingsystemmajrelease == '12') { + if $::operatingsystem == 'SLES' and $::operatingsystemrelease == '12' { $default = '2.4' } else { $default = '2.2' } - } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 6b0d8def3e..f787496313 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -103,7 +103,7 @@ { :osfamily => 'Suse', :operatingsystem => 'SLES', - :operatingsystemrelease => '11.2', + :operatingsystemrelease => '12', :concat_basedir => '/dne', :id => 'root', :kernel => 'Linux', From 2b543e83252b9676fe9ff255e7c0bb2b19909b7b Mon Sep 17 00:00:00 2001 From: Tom Downes Date: Fri, 28 Oct 2016 16:49:30 -0500 Subject: [PATCH 1007/2267] 1. Allow user to specify alternative package and library names from the default. If left undef, they remain the values set in params.pp. 2. Fix parameter alignment. --- manifests/mod/shib.pp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp index c1fda9324f..318a3a3407 100644 --- a/manifests/mod/shib.pp +++ b/manifests/mod/shib.pp @@ -1,6 +1,8 @@ class apache::mod::shib ( $suppress_warning = false, - $mod_full_path = undef, + $mod_full_path = undef, + $package_name = undef, + $mod_lib = undef, ) { include ::apache if $::osfamily == 'RedHat' and ! $suppress_warning { @@ -10,7 +12,9 @@ $mod_shib = 'shib2' apache::mod {$mod_shib: - id => 'mod_shib', - path => $mod_full_path, + id => 'mod_shib', + path => $mod_full_path, + package => $package_name, + lib => $mod_lib, } } From 81f1c12ae9c912615183a3a5592deeff7b50187d Mon Sep 17 00:00:00 2001 From: Ira Abramov Date: Tue, 1 Nov 2016 17:11:17 +0200 Subject: [PATCH 1008/2267] Adding support for the PassengerDataBufferDir parameter --- manifests/mod/passenger.pp | 1 + templates/mod/passenger.conf.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 9c8fb14cf3..f40901c1ae 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -19,6 +19,7 @@ $passenger_app_env = undef, $passenger_log_file = undef, $passenger_log_level = undef, + $passenger_data_buffer_dir = undef, $manage_repo = true, $mod_package = undef, $mod_package_ensure = undef, diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 770cb34e0c..03ff534d25 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -55,4 +55,7 @@ <%- if @passenger_log_level -%> PassengerLogLevel <%= @passenger_log_level %> <%- end -%> + <%- if @passenger_data_buffer_dir -%> + PassengerDataBufferDir <%= @passenger_data_buffer_dir %> + <%- end -%> From d810408dcfc3d10f05ac0d2d8b565d9c2f7eb67f Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 2 Nov 2016 16:00:38 -0700 Subject: [PATCH 1009/2267] mocha version update for test hanging issue --- .travis.yml | 3 +++ Gemfile | 2 ++ 2 files changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index 6b0a0975f2..e279ee3cb8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,9 @@ sudo: false language: ruby cache: bundler script: "bundle exec rake validate lint spec" +#Inserting below due to the following issue: https://github.com/travis-ci/travis-ci/issues/3531#issuecomment-88311203 +before_install: + - gem update bundler matrix: fast_finish: true include: diff --git a/Gemfile b/Gemfile index 8222ef0a7a..3abe8bf456 100644 --- a/Gemfile +++ b/Gemfile @@ -23,6 +23,7 @@ group :development, :unit_tests do gem 'puppetlabs_spec_helper', '>= 1.2.1' gem 'rspec-puppet', '>= 2.3.2' gem 'rspec-puppet-facts' + gem 'mocha', '< 1.2.0' gem 'simplecov' gem 'parallel_tests', '< 2.10.0' if RUBY_VERSION < '2.0.0' gem 'parallel_tests' if RUBY_VERSION >= '2.0.0' @@ -34,6 +35,7 @@ end group :system_tests do gem 'beaker', *location_from_env('BEAKER_VERSION', []) if RUBY_VERSION >= '2.3.0' gem 'beaker', *location_from_env('BEAKER_VERSION', ['< 3']) if RUBY_VERSION < '2.3.0' + gem 'beaker-pe' if RUBY_VERSION >= '2.3.0' gem 'beaker-rspec', *location_from_env('BEAKER_RSPEC_VERSION', ['>= 3.4']) gem 'serverspec' gem 'beaker-puppet_install_helper' From 8085a9f8efb0feff7cc5374eb617e1bd4a1563df Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 7 Nov 2016 15:42:45 -0800 Subject: [PATCH 1010/2267] excludes dav_svn tests --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 8b26a6b99f..2b15225094 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do +describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') || (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') < '11') do case fact('osfamily') when 'Debian' if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' or fact('operatingsystemmajrelease') == '16.04' From b71aba6c44e7c4eb996c7a77b1ed388e6651f206 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 7 Nov 2016 16:08:18 -0800 Subject: [PATCH 1011/2267] adjusts mod package name for SLES 10 --- manifests/params.pp | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 1f9f60a806..1f9776ee70 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -496,13 +496,23 @@ $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $php_version = '5' - $mod_packages = { - 'auth_kerb' => 'apache2-mod_auth_kerb', - 'perl' => 'apache2-mod_perl', - 'php5' => 'apache2-mod_php53', - 'python' => 'apache2-mod_python', - 'security' => 'apache2-mod_security2', - } + if $::operatingsystemrelease < '11' { + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php5', + 'python' => 'apache2-mod_python', + 'security' => 'apache2-mod_security2', + } + } else { + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php53', + 'python' => 'apache2-mod_python', + 'security' => 'apache2-mod_security2', + } + } $mod_libs = { 'security' => '/usr/lib64/apache2/mod_security2.so', 'php53' => '/usr/lib64/apache2/mod_php5.so', From 5ed1b42c23b3a85110100f02ca353aa35eff37b0 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 7 Nov 2016 16:21:18 -0800 Subject: [PATCH 1012/2267] remove mod_security tests for sles 10 --- spec/acceptance/mod_security_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index c6fa220898..095cce9da0 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) do +describe 'apache::mod::security class', :unless => (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy')) || (fact('operatingsystem') == 'SLES' and fact('operatingsystemrelease') < '11') do context "default mod_security config" do if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ it 'adds epel' do From b8d8967cf14438fe553c764f070af03aa7fee06c Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 8 Nov 2016 15:08:08 -0800 Subject: [PATCH 1013/2267] (MODULES-3704) Update gemfile template to be identical --- Gemfile | 103 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 35 deletions(-) diff --git a/Gemfile b/Gemfile index 3abe8bf456..8871c66381 100644 --- a/Gemfile +++ b/Gemfile @@ -2,50 +2,83 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -def location_from_env(env, default_location = []) - if location = ENV[env] - if location =~ /^((?:git|https?)[:@][^#]*)#(.*)/ - [{ :git => $1, :branch => $2, :require => false }] - elsif location =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false }] - else - [location, { :require => false }] - end +# Determines what type of gem is requested based on place_or_version. +def gem_type(place_or_version) + if place_or_version =~ /^git:/ + :git + elsif place_or_version =~ /^file:/ + :file else - default_location + :gem end end -group :development, :unit_tests do - gem 'metadata-json-lint' - gem 'puppet_facts' - gem 'puppet-blacksmith', '>= 3.4.0' - gem 'puppetlabs_spec_helper', '>= 1.2.1' - gem 'rspec-puppet', '>= 2.3.2' - gem 'rspec-puppet-facts' - gem 'mocha', '< 1.2.0' - gem 'simplecov' - gem 'parallel_tests', '< 2.10.0' if RUBY_VERSION < '2.0.0' - gem 'parallel_tests' if RUBY_VERSION >= '2.0.0' - gem 'rubocop', '0.41.2' if RUBY_VERSION < '2.0.0' - gem 'rubocop' if RUBY_VERSION >= '2.0.0' - gem 'rubocop-rspec', '~> 1.6' if RUBY_VERSION >= '2.3.0' - gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' +# Find a location or specific version for a gem. place_or_version can be a +# version, which is most often used. It can also be git, which is specified as +# `git://somewhere.git#branch`. You can also use a file source location, which +# is specified as `file://some/location/on/disk`. +def location_for(place_or_version, fake_version = nil) + if place_or_version =~ /^(git[:@][^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place_or_version =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place_or_version, { :require => false }] + end +end + +# Used for gem conditionals +supports_windows = false + +group :development do + gem 'puppet-lint', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', '>= 3.4.0', :require => false, :platforms => 'ruby' + gem 'puppetlabs_spec_helper', '>= 1.2.1', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'rspec-puppet-facts', :require => false + gem 'mocha', '< 1.2.0', :require => false + gem 'simplecov', :require => false + gem 'parallel_tests', '< 2.10.0', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') + gem 'parallel_tests', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.0.0') + gem 'rubocop', '0.41.2', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') + gem 'rubocop', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.0.0') + gem 'rubocop-rspec', '~> 1.6', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') + gem 'pry', :require => false + gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') end + group :system_tests do - gem 'beaker', *location_from_env('BEAKER_VERSION', []) if RUBY_VERSION >= '2.3.0' - gem 'beaker', *location_from_env('BEAKER_VERSION', ['< 3']) if RUBY_VERSION < '2.3.0' - gem 'beaker-pe' if RUBY_VERSION >= '2.3.0' - gem 'beaker-rspec', *location_from_env('BEAKER_RSPEC_VERSION', ['>= 3.4']) - gem 'serverspec' - gem 'beaker-puppet_install_helper' - gem 'master_manipulator' - gem 'beaker-hostgenerator', *location_from_env('BEAKER_HOSTGENERATOR_VERSION', []) + gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '~> 2.20') if supports_windows + gem 'beaker', *location_for(ENV['BEAKER_VERSION']) if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') and ! supports_windows + gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '< 3') if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3.0') and ! supports_windows + gem 'beaker-pe', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') + gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') if ! supports_windows + gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '~> 5.1') if supports_windows + gem 'beaker-puppet_install_helper', :require => false + gem 'master_manipulator', :require => false + gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) end -gem 'facter', *location_from_env('FACTER_GEM_VERSION') -gem 'puppet', *location_from_env('PUPPET_GEM_VERSION') +gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) +# Only explicitly specify Facter/Hiera if a version has been specified. +# Otherwise it can lead to strange bundler behavior. If you are seeing weird +# gem resolution behavior, try setting `DEBUG_RESOLVER` environment variable +# to `1` and then run bundle install. +gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) if ENV['FACTER_GEM_VERSION'] +gem 'hiera', *location_for(ENV['HIERA_GEM_VERSION']) if ENV['HIERA_GEM_VERSION'] + + +# Evaluate Gemfile.local if it exists if File.exists? "#{__FILE__}.local" eval(File.read("#{__FILE__}.local"), binding) end + +# Evaluate ~/.gemfile if it exists +if File.exists?(File.join(Dir.home, '.gemfile')) + eval(File.read(File.join(Dir.home, '.gemfile')), binding) +end + +# vim:ft=ruby From bbc35cc01be5abfaa077f9c9debfe15abefecdb6 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 9 Nov 2016 11:39:49 -0800 Subject: [PATCH 1014/2267] proxypassmatch not supported on sles 10 apache --- manifests/params.pp | 10 ++- spec/acceptance/vhost_spec.rb | 130 ++++++++++++++++++---------------- 2 files changed, 74 insertions(+), 66 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 1f9776ee70..a16b7ef08a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -489,8 +489,13 @@ $lib_path = '/usr/lib64/apache2-prefork' $suse_lib_path = '/usr/lib64/apache2' $mpm_module = 'prefork' - $default_ssl_cert = '/etc/ssl/servercerts/servercert.pem' - $default_ssl_key = '/etc/ssl/servercerts/serverkey.pem' + if $::operatingsystemrelease < '11' { + $default_ssl_cert = '/etc/apache2/ssl.crt/snakeoil-rsa.crt' + $default_ssl_key = '/etc/apache2/ssl.key/snakeoil-rsa.key' + } else { + $default_ssl_cert = '/etc/ssl/servercerts/servercert.pem' + $default_ssl_key = '/etc/ssl/servercerts/serverkey.pem' + } $ssl_certs_dir = '/etc/ssl/certs' $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' @@ -502,7 +507,6 @@ 'perl' => 'apache2-mod_perl', 'php5' => 'apache2-mod_php5', 'python' => 'apache2-mod_python', - 'security' => 'apache2-mod_security2', } } else { $mod_packages = { diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 8adbde53bf..89f1af27d8 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -120,31 +120,33 @@ class { 'apache': } end end - context 'new proxy vhost on port 80' do - it 'should configure an apache proxy vhost' do - pp = <<-EOS - class { 'apache': } - apache::vhost { 'proxy.example.com': - port => '80', - docroot => '/var/www/proxy', - proxy_pass_match => [ - { 'path' => '/foo', 'url' => 'http://backend-foo/'}, - ], - proxy_preserve_host => true, - proxy_error_override => true, - } - EOS - apply_manifest(pp, :catch_failures => true) - end + unless (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') <= '10') + context 'new proxy vhost on port 80' do + it 'should configure an apache proxy vhost' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'proxy.example.com': + port => '80', + docroot => '#{$docroot}/proxy', + proxy_pass_match => [ + { 'path' => '/foo', 'url' => 'http://backend-foo/'}, + ], + proxy_preserve_host => true, + proxy_error_override => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe file("#{$vhost_dir}/25-proxy.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain "ServerName proxy.example.com" } - it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" } - it { is_expected.to contain "ProxyPreserveHost On" } - it { is_expected.to contain "ProxyErrorOverride On" } - it { is_expected.not_to contain "ProxyAddHeaders" } - it { is_expected.not_to contain "" } + describe file("#{$vhost_dir}/25-proxy.example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName proxy.example.com" } + it { is_expected.to contain "ProxyPassMatch /foo http://backend-foo/" } + it { is_expected.to contain "ProxyPreserveHost On" } + it { is_expected.to contain "ProxyErrorOverride On" } + it { is_expected.not_to contain "ProxyAddHeaders" } + it { is_expected.not_to contain "" } + end end end @@ -664,47 +666,49 @@ class { 'apache': default_vhost => false, } end end - context 'proxy_pass_match for alternative vhost' do - it 'should configure a local vhost and a proxy vhost' do - apply_manifest(%{ - class { 'apache': default_vhost => false, } - apache::vhost { 'localhost': - docroot => '/var/www/local', - ip => '127.0.0.1', - port => '8888', - } - apache::listen { '*:80': } - apache::vhost { 'proxy.example.com': - docroot => '/var/www', - port => '80', - add_listen => false, - proxy_pass_match => { - 'path' => '/', - 'url' => 'http://localhost:8888/subdir/', - }, - } - host { 'proxy.example.com': ip => '127.0.0.1', } - file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } - file { '/var/www/local/subdir/index.html': - ensure => file, - content => "Hello from localhost\\n", - } - }, :catch_failures => true) - end + unless (fact('operatingsystem') == 'SLES' and fact('operatingsystemmajorrelease') <= '10') + context 'proxy_pass_match for alternative vhost' do + it 'should configure a local vhost and a proxy vhost' do + apply_manifest(%{ + class { 'apache': default_vhost => false, } + apache::vhost { 'localhost': + docroot => '/var/www/local', + ip => '127.0.0.1', + port => '8888', + } + apache::listen { '*:80': } + apache::vhost { 'proxy.example.com': + docroot => '/var/www', + port => '80', + add_listen => false, + proxy_pass_match => { + 'path' => '/', + 'url' => 'http://localhost:8888/subdir/', + }, + } + host { 'proxy.example.com': ip => '127.0.0.1', } + file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } + file { '/var/www/local/subdir/index.html': + ensure => file, + content => "Hello from localhost\\n", + } + }, :catch_failures => true) + end - describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { should be_enabled } + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } end - it { is_expected.to be_running } - end - it 'should get a response from the back end' do - shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| - expect(r.stdout).to eq("Hello from localhost\n") - expect(r.exit_code).to eq(0) + it 'should get a response from the back end' do + shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| + expect(r.stdout).to eq("Hello from localhost\n") + expect(r.exit_code).to eq(0) + end end end end @@ -1348,7 +1352,7 @@ class { 'apache::mod::wsgi': } end end - context 'on everything but lucid', :unless => (fact('lsbdistcodename') == 'lucid' or (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12')) do + context 'on everything but lucid', :unless => (fact('lsbdistcodename') == 'lucid' or fact('operatingsystem') == 'SLES') do it 'import_script applies cleanly' do pp = <<-EOS class { 'apache': } From fbba758d89520eabe6787c69a549563af90e3c65 Mon Sep 17 00:00:00 2001 From: Ira Abramov Date: Mon, 14 Nov 2016 14:30:17 +0200 Subject: [PATCH 1015/2267] Add documentation for the new option as well. --- README.md | 1 + manifests/mod/passenger.pp | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 10d6081c7f..9cc2625b23 100644 --- a/README.md +++ b/README.md @@ -1692,6 +1692,7 @@ Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensur - `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. - `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: undef. - `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. +- `passenger_data_buffer_dir` Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). Default: undef. ##### Class: `apache::mod::ldap` diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index f40901c1ae..ead0700afa 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -100,6 +100,7 @@ # - $passenger_log_file # - $passenger_log_level # - $passenger_app_env + # - $passenger_data_buffer_dir # - $rack_autodetect # - $rails_autodetect file { 'passenger.conf': From b3ebce2b902c2aa62da8336cd816172fde5837b3 Mon Sep 17 00:00:00 2001 From: iamspido Date: Wed, 16 Nov 2016 12:15:35 +0100 Subject: [PATCH 1016/2267] Fix vhost template fix vhost template file causing unexpected tIDENTIFIER --- templates/vhost/_require.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhost/_require.erb b/templates/vhost/_require.erb index d6252deeb2..9ad7805393 100644 --- a/templates/vhost/_require.erb +++ b/templates/vhost/_require.erb @@ -2,8 +2,8 @@ <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%> <%- if _item['require'].is_a?(Hash) -%> - <%- case _item['require']['enforce'].downcase -%> - <%- when 'all','none','any' then -%> + <%- case _item['require']['enforce'].downcase + when 'all','none','any' then -%> > <%- Array(_item['require']['requires']).each do |req| -%> Require <%= req.strip %> From 3cb0be0c8cca59f9c44334f1d5d4da62098d96b5 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Thu, 17 Nov 2016 10:29:36 +0200 Subject: [PATCH 1017/2267] Validate wsgi_chunked_request parameter for vhost Same as with wsgi_pass_authorization, it only accepts on and off as values (ignoring the case). So this introduces a similar validation for wsgi_chunked_request. --- manifests/vhost.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5644ba82ca..1a97823834 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -209,6 +209,12 @@ Allowed values are 'on' and 'off'.") } + if $wsgi_chunked_request { + validate_re(downcase($wsgi_chunked_request), '^(on|off)$', + "${wsgi_chunked_request} is not supported for wsgi_chunked_request. + Allowed values are 'on' and 'off'.") + } + # Deprecated backwards-compatibility if $rewrite_base { warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') From a3f4d1519dca042e56d3c8310b702a3516db7d66 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 14 Nov 2016 22:01:04 -0800 Subject: [PATCH 1018/2267] sles 12 support --- .gitignore | 1 + manifests/mod/cgi.pp | 10 +- manifests/mod/cgid.pp | 11 +- manifests/mod/dav_svn.pp | 26 +-- manifests/mod/info.pp | 15 +- manifests/mod/passenger.pp | 2 +- manifests/mod/php.pp | 3 +- manifests/mod/prefork.pp | 8 +- manifests/mod/security.pp | 21 +-- manifests/mod/ssl.pp | 16 +- manifests/mod/worker.pp | 13 +- manifests/mpm.pp | 47 +++-- manifests/params.pp | 32 ++-- manifests/version.pp | 2 +- spec/acceptance/mod_pagespeed_spec.rb | 2 +- spec/acceptance/mod_php_spec.rb | 248 +++++++++++++------------- spec/acceptance/vhost_spec.rb | 7 +- 17 files changed, 255 insertions(+), 209 deletions(-) diff --git a/.gitignore b/.gitignore index 0cd25de9af..25cb3cc50f 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ coverage/ log/ .idea/ *.iml +tmp/ diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 018d5acbfd..b03e8f05d5 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,11 +1,17 @@ class apache::mod::cgi { case $::osfamily { 'FreeBSD': {} - 'Suse': {} default: { Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] } } - ::apache::mod { 'cgi': } + if $::osfamily == 'Suse' { + ::apache::mod { 'cgi': + lib_path => '/usr/lib64/apache2-prefork' + } + } else { + ::apache::mod { 'cgi': } + } + } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 9b9788f24b..7d38197132 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -18,13 +18,14 @@ default => undef, } - if $::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12' { + if $::osfamily == 'Suse' { ::apache::mod { 'cgid': - lib_path => '/usr/lib64/apache2-worker', - } - } else { - ::apache::mod { 'cgid': } + lib_path => '/usr/lib64/apache2-worker' } + } else { + ::apache::mod { 'cgid': } + } + if $cgisock_path { # Template uses $cgisock_path file { 'cgid.conf': diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index b7d4d81a07..35d5417b52 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,17 +5,13 @@ include ::apache include ::apache::mod::dav if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ - $suse_lib_path = $::apache::params::suse_lib_path package { 'subversion-server': ensure => 'installed', provider => 'zypper', } - ::apache::mod {'dav_svn': - lib_path => $suse_lib_path - } - } else { - ::apache::mod { 'dav_svn': } - } + } + + ::apache::mod { 'dav_svn': } if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04' and $::operatingsystemmajrelease != '16.04') { $loadfile_name = undef @@ -24,17 +20,9 @@ } if $authz_svn_enabled { - if ($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ - ::apache::mod { 'authz_svn': - loadfile_name => $loadfile_name, - lib_path => $suse_lib_path, - require => Apache::Mod['dav_svn'], - } - } else { - ::apache::mod { 'authz_svn': - loadfile_name => $loadfile_name, - require => Apache::Mod['dav_svn'], - } - } + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], + } } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 5f4ffa7c95..5af7b8d96b 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -6,7 +6,20 @@ ){ include ::apache $_apache_version = pick($apache_version, $apache::apache_version) - apache::mod { 'info': } + + if $::osfamily == 'Suse' { + if defined(Class['::apache::mod::worker']){ + $suse_path = '/usr/lib64/apache2-worker' + } else { + $suse_path = '/usr/lib64/apache2-prefork' + } + ::apache::mod { 'info': + lib_path => $suse_path + } + } else { + ::apache::mod { 'info': } + } + # Template uses $allow_from, $_apache_version file { 'info.conf': ensure => file, diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 9c8fb14cf3..a5febd69d1 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -70,7 +70,7 @@ } } - unless ($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12') { + unless ($::operatingsystem == 'SLES') { $_id = $mod_id $_path = $mod_path ::apache::mod { 'passenger': diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 16c39873f7..7743b083e0 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -53,13 +53,12 @@ $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1') if $::operatingsystem == 'SLES' { - $suse_lib_path = $::apache::params::suse_lib_path ::apache::mod { $mod: package => $_package_name, package_ensure => $package_ensure, lib => 'mod_php5.so', id => "php${_php_major}_module", - path => "${suse_lib_path}/mod_php5.so", + path => "${::apache::lib_path}/mod_php5.so", } } else { ::apache::mod { $mod: diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 85d8b84d4c..c09ede4de6 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -60,11 +60,17 @@ } } } - 'debian', 'freebsd', 'Suse' : { + 'debian', 'freebsd': { ::apache::mpm{ 'prefork': apache_version => $apache_version, } } + 'Suse': { + ::apache::mpm{ 'prefork': + apache_version => $apache_version, + lib_path => '/usr/lib64/apache2-prefork', + } + } 'gentoo': { ::portage::makeconf { 'apache2_mpms': content => 'prefork', diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 80c92d755f..d4f67c1f11 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -31,19 +31,14 @@ fail('FreeBSD is not currently supported') } - if $::operatingsystem == 'SLES' { - $suse_lib_path = $::apache::params::suse_lib_path - ::apache::mod { 'security': - id => 'security2_module', - lib_path => $suse_lib_path, - lib => 'mod_security2.so', - } - } else { - ::apache::mod { 'security': - id => 'security2_module', - lib => 'mod_security2.so', - } - } + if ($::osfamily == 'Suse' and $::operatingsystemrelease < '11') { + fail('SLES 10 is not currently supported.') + } + + ::apache::mod { 'security': + id => 'security2_module', + lib => 'mod_security2.so', + } ::apache::mod { 'unique_id_module': diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index a2d9c9055d..1d827e48ed 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -67,8 +67,20 @@ 'Suse' => '/var/lib/apache2/ssl_scache(512000)' } - ::apache::mod { 'ssl': - package => $package_name, + if $::osfamily == 'Suse' { + if defined(Class['::apache::mod::worker']){ + $suse_path = '/usr/lib64/apache2-worker' + } else { + $suse_path = '/usr/lib64/apache2-worker' + } + ::apache::mod { 'ssl': + package => $package_name, + lib_path => $suse_path + } + } else { + ::apache::mod { 'ssl': + package => $package_name, + } } if versioncmp($_apache_version, '2.4') >= 0 { diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 9e417e0c41..c9e01600ee 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -103,7 +103,7 @@ case $::osfamily { 'redhat': { if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mpm{ 'worker': + ::apache::mpm { 'worker': apache_version => $apache_version, } } @@ -118,11 +118,18 @@ } } } - 'debian', 'freebsd', 'Suse': { - ::apache::mpm{ 'worker': + 'debian', 'freebsd': { + ::apache::mpm { 'worker': apache_version => $apache_version, } } + 'Suse': { + ::apache::mpm { 'worker': + apache_version => $apache_version, + lib_path => '/usr/lib64/apache2-worker', + } + } + 'gentoo': { ::portage::makeconf { 'apache2_mpms': content => 'worker', diff --git a/manifests/mpm.pp b/manifests/mpm.pp index b5a009610e..1fe9684e77 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -13,19 +13,36 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if versioncmp($apache_version, '2.4') >= 0 { - file { "${mod_dir}/${mpm}.load": - ensure => file, - path => "${mod_dir}/${mpm}.load", - content => "LoadModule ${_id} ${_path}\n", - require => [ - Package['httpd'], - Exec["mkdir ${mod_dir}"], - ], - before => File[$mod_dir], - notify => Class['apache::service'], + if $::osfamily == 'Suse' { + #mpms on Suse 12 don't use .so libraries so create a placeholder load file + if versioncmp($apache_version, '2.4') >= 0 { + file { "${mod_dir}/${mpm}.load": + ensure => file, + path => "${mod_dir}/${mpm}.load", + content => '', + require => [ + Package['httpd'], + Exec["mkdir ${mod_dir}"], + ], + before => File[$mod_dir], + notify => Class['apache::service'], + } + } + } else { + if versioncmp($apache_version, '2.4') >= 0 { + file { "${mod_dir}/${mpm}.load": + ensure => file, + path => "${mod_dir}/${mpm}.load", + content => "LoadModule ${_id} ${_path}\n", + require => [ + Package['httpd'], + Exec["mkdir ${mod_dir}"], + ], + before => File[$mod_dir], + notify => Class['apache::service'], + } + } } - } case $::osfamily { 'debian': { @@ -120,10 +137,8 @@ } } - if versioncmp($apache_version, '2.4') < 0 { - package { "apache2-${mpm}": - ensure => present, - } + package { "apache2-${mpm}": + ensure => present, } } default: { diff --git a/manifests/params.pp b/manifests/params.pp index a16b7ef08a..36e3afa41c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -486,37 +486,33 @@ $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' $logroot_mode = undef - $lib_path = '/usr/lib64/apache2-prefork' - $suse_lib_path = '/usr/lib64/apache2' + $lib_path = '/usr/lib64/apache2' #changes for some modules based on mpm $mpm_module = 'prefork' - if $::operatingsystemrelease < '11' { - $default_ssl_cert = '/etc/apache2/ssl.crt/snakeoil-rsa.crt' - $default_ssl_key = '/etc/apache2/ssl.key/snakeoil-rsa.key' - } else { - $default_ssl_cert = '/etc/ssl/servercerts/servercert.pem' - $default_ssl_key = '/etc/ssl/servercerts/serverkey.pem' - } + $default_ssl_cert = '/etc/apache2/ssl.crt/server.crt' + $default_ssl_key = '/etc/apache2/ssl.key/server.key' $ssl_certs_dir = '/etc/ssl/certs' $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $php_version = '5' - if $::operatingsystemrelease < '11' { + if $::operatingsystemrelease < '11' or $::operatingsystemrelease >= '12' { $mod_packages = { 'auth_kerb' => 'apache2-mod_auth_kerb', 'perl' => 'apache2-mod_perl', 'php5' => 'apache2-mod_php5', 'python' => 'apache2-mod_python', + 'security' => 'apache2-mod_security2', + 'worker' => 'apache2-worker' } - } else { - $mod_packages = { - 'auth_kerb' => 'apache2-mod_auth_kerb', - 'perl' => 'apache2-mod_perl', - 'php5' => 'apache2-mod_php53', - 'python' => 'apache2-mod_python', - 'security' => 'apache2-mod_security2', - } + } else { + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php53', + 'python' => 'apache2-mod_python', + 'security' => 'apache2-mod_security2', } + } $mod_libs = { 'security' => '/usr/lib64/apache2/mod_security2.so', 'php53' => '/usr/lib64/apache2/mod_php5.so', diff --git a/manifests/version.pp b/manifests/version.pp index dbe67f7dc7..2d33a5f4fb 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -36,7 +36,7 @@ $default = '2.4' } 'Suse': { - if $::operatingsystem == 'SLES' and $::operatingsystemrelease == '12' { + if $::operatingsystem == 'SLES' and $::operatingsystemrelease >= '12' { $default = '2.4' } else { $default = '2.2' diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 74d507745b..c88d594484 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -6,7 +6,7 @@ describe 'apache::mod::pagespeed class', :unless => ((fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') or (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') < '12') or - (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12')) do + (fact('operatingsystem') == 'SLES' )) do context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index cff4a4dbad..45b901fae9 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,150 +1,152 @@ require 'spec_helper_acceptance' require_relative './version.rb' -describe 'apache::mod::php class' do - context "default php config" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::php': } - apache::vhost { 'php.example.com': - port => '80', - docroot => '#{$doc_root}/php', - } - host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$doc_root}/php/index.php': - ensure => file, - content => "\\n", - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { should be_enabled } +unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemrelease') == '12.0') + describe 'apache::mod::php class' do + context "default php config" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::php': } + apache::vhost { 'php.example.com': + port => '80', + docroot => '#{$doc_root}/php', + } + host { 'php.example.com': ip => '127.0.0.1', } + file { '#{$doc_root}/php/index.php': + ensure => file, + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) end - it { is_expected.to be_running } - end - if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') - describe file("#{$mod_dir}/php7.0.conf") do - it { is_expected.to contain "DirectoryIndex index.php" } + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } end - else - describe file("#{$mod_dir}/php5.conf") do - it { is_expected.to contain "DirectoryIndex index.php" } + + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { is_expected.to contain "DirectoryIndex index.php" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { is_expected.to contain "DirectoryIndex index.php" } + end end - end - it 'should answer to php.example.com' do - shell("/usr/bin/curl php.example.com:80") do |r| - expect(r.stdout).to match(/PHP Version/) - expect(r.exit_code).to eq(0) + it 'should answer to php.example.com' do + shell("/usr/bin/curl php.example.com:80") do |r| + expect(r.stdout).to match(/PHP Version/) + expect(r.exit_code).to eq(0) + end end end - end - context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::php': - extensions => ['.php','.php5'], - } - apache::vhost { 'php.example.com': - port => '80', - docroot => '#{$doc_root}/php', - php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, - php_flags => { 'display_errors' => 'on', }, - php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, - php_admin_flags => { 'engine' => 'on', }, - } - host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$doc_root}/php/index.php5': - ensure => file, - content => "\\n", - } - EOS - apply_manifest(pp, :catch_failures => true) - end + context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::php': + extensions => ['.php','.php5'], + } + apache::vhost { 'php.example.com': + port => '80', + docroot => '#{$doc_root}/php', + php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, + php_flags => { 'display_errors' => 'on', }, + php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, + php_admin_flags => { 'engine' => 'on', }, + } + host { 'php.example.com': ip => '127.0.0.1', } + file { '#{$doc_root}/php/index.php5': + ensure => file, + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { should be_enabled } + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } end - it { is_expected.to be_running } - end - describe file("#{$vhost_dir}/25-php.example.com.conf") do - it { is_expected.to contain " php_flag display_errors on" } - it { is_expected.to contain " php_value include_path \".:/usr/share/pear:/usr/bin/php\"" } - it { is_expected.to contain " php_admin_flag engine on" } - it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } - end + describe file("#{$vhost_dir}/25-php.example.com.conf") do + it { is_expected.to contain " php_flag display_errors on" } + it { is_expected.to contain " php_value include_path \".:/usr/share/pear:/usr/bin/php\"" } + it { is_expected.to contain " php_admin_flag engine on" } + it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } + end - it 'should answer to php.example.com' do - shell("/usr/bin/curl php.example.com:80") do |r| - expect(r.stdout).to match(/\/usr\/share\/pear\//) - expect(r.exit_code).to eq(0) + it 'should answer to php.example.com' do + shell("/usr/bin/curl php.example.com:80") do |r| + expect(r.stdout).to match(/\/usr\/share\/pear\//) + expect(r.exit_code).to eq(0) + end end end - end - context "provide custom config file" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class {'apache': - mpm_module => 'prefork', - } - class {'apache::mod::php': - content => '# somecontent', - } - EOS - apply_manifest(pp, :catch_failures => true) - end - if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') - describe file("#{$mod_dir}/php7.0.conf") do - it { should contain "# somecontent" } + context "provide custom config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + } + EOS + apply_manifest(pp, :catch_failures => true) end - else - describe file("#{$mod_dir}/php5.conf") do - it { should contain "# somecontent" } + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { should contain "# somecontent" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end end end - end - - context "provide content and template config file" do - it 'succeeds in puppeting php' do - pp= <<-EOS - class {'apache': - mpm_module => 'prefork', - } - class {'apache::mod::php': - content => '# somecontent', - template => 'apache/mod/php5.conf.erb', - } - EOS - apply_manifest(pp, :catch_failures => true) - end - if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') - describe file("#{$mod_dir}/php7.0.conf") do - it { should contain "# somecontent" } + context "provide content and template config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + template => 'apache/mod/php5.conf.erb', + } + EOS + apply_manifest(pp, :catch_failures => true) end - else - describe file("#{$mod_dir}/php5.conf") do - it { should contain "# somecontent" } + + if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') + describe file("#{$mod_dir}/php7.0.conf") do + it { should contain "# somecontent" } + end + else + describe file("#{$mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end end end - end + end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 89f1af27d8..bf90df19e3 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -10,6 +10,9 @@ class { 'apache': default_ssl_vhost => false, service_ensure => stopped } + if ($::osfamily == 'Suse') { + exec { '/usr/bin/gensslcert': } + } EOS apply_manifest(pp, :catch_failures => true) @@ -830,6 +833,8 @@ class { 'apache': } it { is_expected.not_to contain 'NameVirtualHost test.server' } elsif fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '8' it { is_expected.not_to contain 'NameVirtualHost test.server' } + elsif fact('operatingsystem') == 'SLES' and fact('operatingsystemrelease') >= '12' + it { is_expected.not_to contain 'NameVirtualHost test.server' } else it { is_expected.to contain 'NameVirtualHost test.server' } end @@ -1141,7 +1146,7 @@ class { 'apache': service_ensure => stopped, } end describe 'rack_base_uris' do - unless fact('osfamily') == 'RedHat' or (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') < '12') + unless fact('osfamily') == 'RedHat' or fact('operatingsystem') == 'SLES' it 'applies cleanly' do test = lambda do pp = <<-EOS From e77d58bb7f032dffa8fc4da40c08d22ee81e5068 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Tue, 22 Nov 2016 11:45:01 -0800 Subject: [PATCH 1019/2267] fixes version errors and small fix for suse ssl --- spec/acceptance/vhost_spec.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index bf90df19e3..200a83d22e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -8,10 +8,12 @@ class { 'apache': default_vhost => false, default_ssl_vhost => false, - service_ensure => stopped + service_ensure => stopped, } if ($::osfamily == 'Suse') { - exec { '/usr/bin/gensslcert': } + exec { '/usr/bin/gensslcert': + require => Class['apache'], + } } EOS @@ -312,7 +314,7 @@ class { 'apache': pp = <<-EOS class { 'apache': } - if versioncmp($apache::apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } } else { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } @@ -360,7 +362,7 @@ class { 'apache': } pp = <<-EOS class { 'apache': } - if versioncmp($apache::apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } } else { $_files_match_directory = [ From 54ee3e30be0bfd7187191aed39e5a426163912be Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 23 Nov 2016 13:11:26 -0800 Subject: [PATCH 1020/2267] adds to conditional to allow for empty servername --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5644ba82ca..6d8dbc1d7d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -450,7 +450,7 @@ } else { $listen_addr_port = undef $nvh_addr_port = $name - if ! $servername { + if ! $servername and $servername != '' { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") } } From ff121fd6c3f102d9cadd43bb6dc80bd3f186f000 Mon Sep 17 00:00:00 2001 From: Stephen Benjamin Date: Mon, 28 Nov 2016 14:56:50 -0500 Subject: [PATCH 1021/2267] README update to account for location of ssl.conf on Red Hat OS's --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9cc2625b23..0d45ee9c23 100644 --- a/README.md +++ b/README.md @@ -1849,7 +1849,7 @@ Defining this class enables Shibboleth-specific parameters in `apache::vhost` in ##### Class: `apache::mod::ssl` -Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this ssl.conf is placed in the module configuration directory, however on Red Hat-based operating systems it is placed in the confd directory (/etc/httpd/conf.d), the same location the RPM stores the configuration. **Parameters within `apache::mod::ssl`**: From e33c956a59523cdd1b5e2b47c6925e0d6d5322f1 Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 22 Oct 2014 21:39:59 +1300 Subject: [PATCH 1022/2267] Add SSL stapling It is possible to set a global default stapling on/off Per vhost this can be overridden. Based on initial pull request by David Teirney --- README.md | 24 ++++++++++++++++++++++++ manifests/mod/ssl.pp | 12 ++++++++++++ manifests/vhost.pp | 7 +++++++ spec/classes/mod/ssl_spec.rb | 17 +++++++++++++++++ templates/mod/ssl.conf.erb | 4 ++++ templates/vhost/_ssl.erb | 9 +++++++++ 6 files changed, 73 insertions(+) diff --git a/README.md b/README.md index 9cc2625b23..f5393d9979 100644 --- a/README.md +++ b/README.md @@ -1179,6 +1179,12 @@ Determines whether Puppet manages the HTTPD service's state. Valid options: Bool Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: undef, which uses the [default Puppet behavior][Service attribute restart]. +##### `ssl_stapling` + +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: false. It is possible to override this on a vhost level. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + ##### `timeout` Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. @@ -3785,6 +3791,24 @@ Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.h Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: true. +##### `ssl_stapling` + +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean or undef. Default: undef, meaning use what is set globally. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + +##### `ssl_stapling_timeout` + +Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive. No default. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + +##### `ssl_stapling_return_errors` + +Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. No default. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + #### Defined type: FastCGI Server This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index cd67431996..c89c894568 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -9,6 +9,7 @@ $ssl_pass_phrase_dialog = 'builtin', $ssl_random_seed_bytes = '512', $ssl_sessioncachetimeout = '300', + $ssl_stapling = false, $ssl_mutex = undef, $apache_version = undef, $package_name = undef, @@ -67,6 +68,16 @@ 'Suse' => '/var/lib/apache2/ssl_scache(512000)' } + validate_bool($ssl_stapling) + + $stapling_cache = $::osfamily ? { + 'debian' => "\${APACHE_RUN_DIR}/ocsp(32768)", + 'redhat' => '/run/httpd/ssl_stapling(32768)', + 'freebsd' => '/var/run/ssl_stapling(32768)', + 'gentoo' => '/var/run/ssl_stapling(32768)', + 'Suse' => '/var/lib/apache2/ssl_stapling(32768)', + } + if $::osfamily == 'Suse' { if defined(Class['::apache::mod::worker']){ $suse_path = '/usr/lib64/apache2-worker' @@ -96,6 +107,7 @@ # $ssl_options # $ssl_openssl_conf_cmd # $session_cache + # $stapling_cache # $ssl_mutex # $ssl_random_seed_bytes # $ssl_sessioncachetimeout diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 6d8dbc1d7d..c5b0fc729c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -34,6 +34,9 @@ $ssl_options = undef, $ssl_openssl_conf_cmd = undef, $ssl_proxyengine = false, + $ssl_stapling = undef, + $ssl_stapling_timeout = undef, + $ssl_stapling_return_errors = undef, $priority = undef, $default_vhost = false, $servername = $name, @@ -189,6 +192,9 @@ validate_bool($ssl) validate_bool($default_vhost) validate_bool($ssl_proxyengine) + if $ssl_stapling != undef { + validate_bool($ssl_stapling) + } if $rewrites { validate_array($rewrites) unless empty($rewrites) { @@ -919,6 +925,7 @@ # - $ssl_verify_depth # - $ssl_options # - $ssl_openssl_conf_cmd + # - $ssl_stapling # - $apache_version if $ssl { concat::fragment { "${name}-ssl": diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f787496313..07c7f680d7 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -151,6 +151,14 @@ end it { is_expected.not_to contain_file('ssl.conf').with_content(/^ SSLCompression On$/)} end + context 'setting ssl_stapling to true' do + let :params do + { + :ssl_stapling => true, + } + end + it { is_expected.not_to contain_file('ssl.conf').with_content(/^ SSLUseStapling/)} + end end context "with Apache version >= 2.4" do let :params do @@ -171,6 +179,15 @@ end it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLCompression On$/)} end + context 'setting ssl_stapling to true' do + let :params do + { + :apache_version => '2.4', + :ssl_stapling => true, + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLUseStapling On$/)} + end end context 'setting ssl_pass_phrase_dialog' do diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 68ad179a72..c7b4cd9177 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -20,6 +20,10 @@ <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> SSLHonorCipherOrder <%= scope.function_bool2httpd([@_ssl_honorcipherorder]) %> +<% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> + SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %> + SSLStaplingCache "shmcb:<%= @stapling_cache %>" +<% end -%> SSLCipherSuite <%= @ssl_cipher %> SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 797435cc19..baf18a8970 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -43,4 +43,13 @@ <%- if @ssl_openssl_conf_cmd -%> SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> <%- end -%> + <%- if not @ssl_stapling.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %> + <%- end -%> + <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %> + <%- end -%> + <%- if @ssl_stapling_return_errors && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLStaplingReturnResponderErrors <%= @ssl_stapling_return_errors %> + <%- end -%> <% end -%> From 8606dac52c80415f67f65b1d28d3b39c7dc57159 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 30 Nov 2016 13:40:43 +0100 Subject: [PATCH 1023/2267] mod_proxy_balancer manager --- README.md | 4 ++ manifests/mod/proxy_balancer.pp | 19 ++++- spec/classes/mod/proxy_balancer_spec.rb | 95 +++++++++++++++++++++++++ templates/mod/proxy_balancer.conf.erb | 10 +++ 4 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 spec/classes/mod/proxy_balancer_spec.rb create mode 100644 templates/mod/proxy_balancer.conf.erb diff --git a/README.md b/README.md index 9cc2625b23..529e98edbd 100644 --- a/README.md +++ b/README.md @@ -1808,9 +1808,13 @@ Installs and manages [`mod_proxy_balancer`][], which provides load balancing. **Parameters within `apache::mod::proxy_balancer`**: +- `manager`: Determines whether to enable balancer manager support. Default: `false`. +- `manager_path`: The server location of the balancer manager. Default: '/balancer-manager'. +- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer-manager`. Default: ['127.0.0.1','::1']. - `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. - On Apache >= 2.4, `mod_slotmem_shm` is loaded. + ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp index a225ce3396..fdb4b831ad 100644 --- a/manifests/mod/proxy_balancer.pp +++ b/manifests/mod/proxy_balancer.pp @@ -1,6 +1,12 @@ class apache::mod::proxy_balancer( + $manager = false, + $manager_path = '/balancer-manager', + $allow_from = ['127.0.0.1','::1'], $apache_version = $::apache::apache_version, ) { + validate_bool($manager) + validate_string($manager_path) + validate_array($allow_from) include ::apache::mod::proxy include ::apache::mod::proxy_http @@ -11,5 +17,16 @@ Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer'] Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer'] ::apache::mod { 'proxy_balancer': } - + if $manager { + include ::apache::mod::status + file { 'proxy_balancer.conf': + ensure => file, + path => "${::apache::mod_dir}/proxy_balancer.conf", + mode => $::apache::file_mode, + content => template('apache/mod/proxy_balancer.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + } } diff --git a/spec/classes/mod/proxy_balancer_spec.rb b/spec/classes/mod/proxy_balancer_spec.rb new file mode 100644 index 0000000000..d646ba7500 --- /dev/null +++ b/spec/classes/mod/proxy_balancer_spec.rb @@ -0,0 +1,95 @@ +require 'spec_helper' + +# Helper function for testing the contents of `proxy_balancer.conf` +def balancer_manager_conf_spec(allow_from, manager_path) + it do + is_expected.to contain_file("proxy_balancer.conf").with_content( + "\n"\ + " SetHandler balancer-manager\n"\ + " Require ip #{Array(allow_from).join(' ')}\n"\ + "\n" + ) + end +end + +describe 'apache::mod::proxy_balancer', :type => :class do + let :pre_condition do + [ + 'include apache::mod::proxy', + ] + end + it_behaves_like "a mod class, without including apache" + + context "default configuration with default parameters" do + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8', + :concat_basedir => '/dne', + :lsbdistcodename => 'jessie', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_apache__mod("proxy_balancer") } + + it { is_expected.to_not contain_file("proxy_balancer.conf") } + it { is_expected.to_not contain_file("proxy_balancer.conf symlink") } + + end + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_apache__mod("proxy_balancer") } + + it { is_expected.to_not contain_file("proxy_balancer.conf") } + it { is_expected.to_not contain_file("proxy_balancer.conf symlink") } + + end + end + + context "default configuration with custom parameters $manager => true, $allow_from => ['10.10.10.10','11.11.11.11'], $status_path => '/custom-manager'" do + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8', + :concat_basedir => '/dne', + :lsbdistcodename => 'jessie', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :params do + { + :manager => true, + :allow_from => ['10.10.10.10','11.11.11.11'], + :manager_path => '/custom-manager', + } + end + + balancer_manager_conf_spec(["10.10.10.10", "11.11.11.11"], "/custom-manager") + + end + end +end diff --git a/templates/mod/proxy_balancer.conf.erb b/templates/mod/proxy_balancer.conf.erb new file mode 100644 index 0000000000..c1f37be8e4 --- /dev/null +++ b/templates/mod/proxy_balancer.conf.erb @@ -0,0 +1,10 @@ +> + SetHandler balancer-manager + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> + Order deny,allow + Deny from all + Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> + From 77b79919d189650df5e48599aea86caae6c9c32c Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 1 Dec 2016 11:36:44 -0800 Subject: [PATCH 1024/2267] (MODULES-3631) msync Gemfile for 1.9 frozen strings --- .gitignore | 1 - Gemfile | 25 +++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 25cb3cc50f..0cd25de9af 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,3 @@ coverage/ log/ .idea/ *.iml -tmp/ diff --git a/Gemfile b/Gemfile index 8871c66381..8a568f6a5a 100644 --- a/Gemfile +++ b/Gemfile @@ -32,33 +32,34 @@ supports_windows = false group :development do gem 'puppet-lint', :require => false - gem 'metadata-json-lint', :require => false + gem 'metadata-json-lint', :require => false, :platforms => 'ruby' gem 'puppet_facts', :require => false gem 'puppet-blacksmith', '>= 3.4.0', :require => false, :platforms => 'ruby' gem 'puppetlabs_spec_helper', '>= 1.2.1', :require => false gem 'rspec-puppet', '>= 2.3.2', :require => false - gem 'rspec-puppet-facts', :require => false + gem 'rspec-puppet-facts', :require => false, :platforms => 'ruby' gem 'mocha', '< 1.2.0', :require => false - gem 'simplecov', :require => false - gem 'parallel_tests', '< 2.10.0', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') - gem 'parallel_tests', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.0.0') - gem 'rubocop', '0.41.2', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') - gem 'rubocop', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.0.0') - gem 'rubocop-rspec', '~> 1.6', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') + gem 'simplecov', :require => false, :platforms => 'ruby' + gem 'parallel_tests', '< 2.10.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem 'parallel_tests', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.0.0') + gem 'rubocop', '0.41.2', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem 'rubocop', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.0.0') + gem 'rubocop-rspec', '~> 1.6', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') gem 'pry', :require => false - gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.0.0') + gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') end group :system_tests do gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '~> 2.20') if supports_windows - gem 'beaker', *location_for(ENV['BEAKER_VERSION']) if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') and ! supports_windows - gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '< 3') if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3.0') and ! supports_windows - gem 'beaker-pe', :require => false if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.3.0') + gem 'beaker', *location_for(ENV['BEAKER_VERSION']) if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') and ! supports_windows + gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '< 3') if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.3.0') and ! supports_windows + gem 'beaker-pe', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') if ! supports_windows gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '~> 5.1') if supports_windows gem 'beaker-puppet_install_helper', :require => false gem 'master_manipulator', :require => false gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) + gem 'beaker-abs', *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) From f6cfa03d5bcd3d184841c614b1bfb8046a0c7d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Fri, 2 Dec 2016 14:23:59 +0100 Subject: [PATCH 1025/2267] custom facts shouldn't break structured facts Change the `puts` output to `Facter.debug` so that our structured facts remain side-effect free in normal runs, and can just be piped into tools like `jq` --- lib/facter/apache_version.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index bb0b4ac9ff..63e4e1c2b5 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -2,11 +2,11 @@ setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') - puts "Matching apachectl '#{apache_version}'" + Facter.debug "Matching apachectl '#{apache_version}'" %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] elsif Facter::Util::Resolution.which('apache2ctl') apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1') - puts "Matching apache2ctl '#{apache_version}'" + Facter.debug "Matching apache2ctl '#{apache_version}'" %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] end end From b16618649e72617e41faab423a0c40510a5ea47d Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Sat, 3 Dec 2016 07:07:29 +0100 Subject: [PATCH 1026/2267] Avoid relative classname inclusion Including a class by a relative name might lead to unexpected results; in addition to that there is also a small performance penalty. Signed-off-by: Julien Pivotto --- examples/apache.pp | 12 ++++++------ examples/dev.pp | 2 +- examples/init.pp | 2 +- examples/mod_load_params.pp | 2 +- examples/mods.pp | 2 +- examples/mods_custom.pp | 2 +- examples/php.pp | 4 ++-- examples/vhost.pp | 2 +- examples/vhost_directories.pp | 2 +- examples/vhost_filter.pp | 2 +- examples/vhost_ip_based.pp | 2 +- examples/vhost_proxypass.pp | 2 +- examples/vhost_ssl.pp | 2 +- examples/vhosts_without_listen.pp | 2 +- manifests/fastcgi/server.pp | 2 +- 15 files changed, 21 insertions(+), 21 deletions(-) diff --git a/examples/apache.pp b/examples/apache.pp index 0d4543564c..18ec55311b 100644 --- a/examples/apache.pp +++ b/examples/apache.pp @@ -1,6 +1,6 @@ -include apache -include apache::mod::php -include apache::mod::cgi -include apache::mod::userdir -include apache::mod::disk_cache -include apache::mod::proxy_http +include ::apache +include ::apache::mod::php +include ::apache::mod::cgi +include ::apache::mod::userdir +include ::apache::mod::disk_cache +include ::apache::mod::proxy_http diff --git a/examples/dev.pp b/examples/dev.pp index 6c4f95571d..5616e32bad 100644 --- a/examples/dev.pp +++ b/examples/dev.pp @@ -1 +1 @@ -include apache::mod::dev +include ::apache::mod::dev diff --git a/examples/init.pp b/examples/init.pp index b3f9f13aac..33911073b0 100644 --- a/examples/init.pp +++ b/examples/init.pp @@ -1 +1 @@ -include apache +include ::apache diff --git a/examples/mod_load_params.pp b/examples/mod_load_params.pp index 0e84c5efbf..fa43132b73 100644 --- a/examples/mod_load_params.pp +++ b/examples/mod_load_params.pp @@ -1,7 +1,7 @@ # Tests the path and identifier parameters for the apache::mod class # Base class for clarity: -class { 'apache': } +class { '::apache': } # Exaple parameter usage: diff --git a/examples/mods.pp b/examples/mods.pp index 59362bd9a0..699638248d 100644 --- a/examples/mods.pp +++ b/examples/mods.pp @@ -3,7 +3,7 @@ # Base class. Declares default vhost on port 80 and default ssl # vhost on port 443 listening on all interfaces and serving # $apache::docroot, and declaring our default set of modules. -class { 'apache': +class { '::apache': default_mods => true, } diff --git a/examples/mods_custom.pp b/examples/mods_custom.pp index 0ae699c73d..4098c83aae 100644 --- a/examples/mods_custom.pp +++ b/examples/mods_custom.pp @@ -3,7 +3,7 @@ # Base class. Declares default vhost on port 80 and default ssl # vhost on port 443 listening on all interfaces and serving # $apache::docroot, and declaring a custom set of modules. -class { 'apache': +class { '::apache': default_mods => [ 'info', 'alias', diff --git a/examples/php.pp b/examples/php.pp index 1d926bfb46..ee187717e7 100644 --- a/examples/php.pp +++ b/examples/php.pp @@ -1,4 +1,4 @@ -class { 'apache': +class { '::apache': mpm_module => 'prefork', } -include apache::mod::php +include ::apache::mod::php diff --git a/examples/vhost.pp b/examples/vhost.pp index 486570f815..1b9b08e127 100644 --- a/examples/vhost.pp +++ b/examples/vhost.pp @@ -5,7 +5,7 @@ # Base class. Declares default vhost on port 80 and default ssl # vhost on port 443 listening on all interfaces and serving # $apache::docroot -class { 'apache': } +class { '::apache': } # Most basic vhost apache::vhost { 'first.example.com': diff --git a/examples/vhost_directories.pp b/examples/vhost_directories.pp index b8953ee321..df5a2d52a1 100644 --- a/examples/vhost_directories.pp +++ b/examples/vhost_directories.pp @@ -1,7 +1,7 @@ # Base class. Declares default vhost on port 80 and default ssl # vhost on port 443 listening on all interfaces and serving # $apache::docroot -class { 'apache': } +class { '::apache': } # Example from README adapted. apache::vhost { 'readme.example.net': diff --git a/examples/vhost_filter.pp b/examples/vhost_filter.pp index ca1a8bbe03..1a66b856b7 100644 --- a/examples/vhost_filter.pp +++ b/examples/vhost_filter.pp @@ -1,5 +1,5 @@ # Base class. Declares default vhost on port 80 with filters. -class { 'apache': } +class { '::apache': } # Example from README adapted. apache::vhost { 'readme.example.net': diff --git a/examples/vhost_ip_based.pp b/examples/vhost_ip_based.pp index dc0fa4f33b..249c4199c0 100644 --- a/examples/vhost_ip_based.pp +++ b/examples/vhost_ip_based.pp @@ -3,7 +3,7 @@ # Base class. Turn off the default vhosts; we will be declaring # all vhosts below. -class { 'apache': +class { '::apache': default_vhost => false, } diff --git a/examples/vhost_proxypass.pp b/examples/vhost_proxypass.pp index e911f85f9d..458dbd4092 100644 --- a/examples/vhost_proxypass.pp +++ b/examples/vhost_proxypass.pp @@ -5,7 +5,7 @@ # Base class. Declares default vhost on port 80 and default ssl # vhost on port 443 listening on all interfaces and serving # $apache::docroot -class { 'apache': } +class { '::apache': } # Most basic vhost with proxy_pass apache::vhost { 'first.example.com': diff --git a/examples/vhost_ssl.pp b/examples/vhost_ssl.pp index 8e7a2b279e..53989ff1b6 100644 --- a/examples/vhost_ssl.pp +++ b/examples/vhost_ssl.pp @@ -3,7 +3,7 @@ # Base class. Turn off the default vhosts; we will be declaring # all vhosts below. -class { 'apache': +class { '::apache': default_vhost => false, } diff --git a/examples/vhosts_without_listen.pp b/examples/vhosts_without_listen.pp index e7d6cc036c..0e97a0221f 100644 --- a/examples/vhosts_without_listen.pp +++ b/examples/vhosts_without_listen.pp @@ -4,7 +4,7 @@ # Base class. Turn off the default vhosts; we will be declaring # all vhosts below. -class { 'apache': +class { '::apache': default_vhost => false, } diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index 3493194917..78363062ba 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -7,7 +7,7 @@ $file_type = 'application/x-httpd-php', $pass_header = undef, ) { - include apache::mod::fastcgi + include ::apache::mod::fastcgi Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] From a99981246daa1bf6ac14d0d64dea4d238a55d280 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Sat, 3 Dec 2016 07:11:50 +0100 Subject: [PATCH 1027/2267] Add missing trailing commas As per style guide v2.0, there must be trailing commas after all resource attributes and parameter definitions. Signed-off-by: Julien Pivotto --- examples/vhost.pp | 4 ++-- examples/vhost_proxypass.pp | 4 ++-- manifests/custom_config.pp | 2 +- manifests/init.pp | 8 ++++---- manifests/mod/cgi.pp | 2 +- manifests/mod/cgid.pp | 2 +- manifests/mod/deflate.pp | 4 ++-- manifests/mod/info.pp | 2 +- manifests/mod/ssl.pp | 2 +- manifests/mpm.pp | 4 ++-- manifests/params.pp | 4 ++-- manifests/vhost.pp | 2 +- 12 files changed, 20 insertions(+), 20 deletions(-) diff --git a/examples/vhost.pp b/examples/vhost.pp index 486570f815..5ac1b22c42 100644 --- a/examples/vhost.pp +++ b/examples/vhost.pp @@ -153,7 +153,7 @@ rewrite_cond => ['%{HTTPS} off'], rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'], } - ] + ], } # Rewrite a URL to lower case @@ -167,7 +167,7 @@ rewrite_map => ['lc int:tolower'], rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], } - ] + ], } apache::vhost { 'sixteenth.example.com ssl': diff --git a/examples/vhost_proxypass.pp b/examples/vhost_proxypass.pp index e911f85f9d..7df718387d 100644 --- a/examples/vhost_proxypass.pp +++ b/examples/vhost_proxypass.pp @@ -29,7 +29,7 @@ 'url' => 'http://localhost:8080/second', 'params' => { 'retry' => '0', - 'timeout' => '5' + 'timeout' => '5', } }, ], @@ -58,7 +58,7 @@ 'url' => 'http://localhost:8080/fourth', 'params' => { 'retry' => '0', - 'timeout' => '5' + 'timeout' => '5', }, 'keywords' => ['noquery', 'interpolate'] }, diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index d93c468920..188f3ba820 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -60,7 +60,7 @@ refreshonly => true, notify => Class['Apache::Service'], before => Exec["remove ${name} if invalid"], - require => Anchor['::apache::modules_set_up'] + require => Anchor['::apache::modules_set_up'], } exec { "remove ${name} if invalid": diff --git a/manifests/init.pp b/manifests/init.pp index a2782507da..1410989879 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -137,7 +137,7 @@ if $manage_group { group { $group: ensure => present, - require => Package['httpd'] + require => Package['httpd'], } } @@ -258,7 +258,7 @@ } concat::fragment { 'Apache ports header': target => $ports_file, - content => template('apache/ports_header.erb') + content => template('apache/ports_header.erb'), } if $::apache::conf_dir and $::apache::params::conf_file { @@ -284,7 +284,7 @@ file { [ '/etc/apache2/modules.d/.keep_www-servers_apache-2', - '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' + '/etc/apache2/vhosts.d/.keep_www-servers_apache-2', ]: ensure => absent, require => Package['httpd'], @@ -343,7 +343,7 @@ } } class { '::apache::default_confd_files': - all => $default_confd_files + all => $default_confd_files, } if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans include "::apache::mod::${mpm_module}" diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index b03e8f05d5..a41bb6debd 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -8,7 +8,7 @@ if $::osfamily == 'Suse' { ::apache::mod { 'cgi': - lib_path => '/usr/lib64/apache2-prefork' + lib_path => '/usr/lib64/apache2-prefork', } } else { ::apache::mod { 'cgi': } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 7d38197132..23b32dad4b 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -20,7 +20,7 @@ if $::osfamily == 'Suse' { ::apache::mod { 'cgid': - lib_path => '/usr/lib64/apache2-worker' + lib_path => '/usr/lib64/apache2-worker', } } else { ::apache::mod { 'cgid': } diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 21031c7150..70ac5be121 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -4,12 +4,12 @@ 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', - 'application/json' + 'application/json', ], $notes = { 'Input' => 'instream', 'Output' => 'outstream', - 'Ratio' => 'ratio' + 'Ratio' => 'ratio', } ) { include ::apache diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 5af7b8d96b..c6f1355e59 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -14,7 +14,7 @@ $suse_path = '/usr/lib64/apache2-prefork' } ::apache::mod { 'info': - lib_path => $suse_path + lib_path => $suse_path, } } else { ::apache::mod { 'info': } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index cd67431996..ff62bc5e9e 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -75,7 +75,7 @@ } ::apache::mod { 'ssl': package => $package_name, - lib_path => $suse_path + lib_path => $suse_path, } } else { ::apache::mod { 'ssl': diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 1fe9684e77..119fedf577 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -102,7 +102,7 @@ } 'freebsd': { class { '::apache::package': - mpm_module => $mpm + mpm_module => $mpm, } } 'gentoo': { @@ -132,7 +132,7 @@ if $mpm == 'itk' { file { "${lib_path}/mod_mpm_itk.so": ensure => link, - target => "${lib_path}/mpm_itk.so" + target => "${lib_path}/mpm_itk.so", } } } diff --git a/manifests/params.pp b/manifests/params.pp index 7089c7e921..e1ca7b3c20 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -262,7 +262,7 @@ $shib2_lib = 'mod_shib2.so' } $mod_libs = { - 'shib2' => $shib2_lib + 'shib2' => $shib2_lib, } $conf_template = 'apache/httpd.conf.erb' $keepalive = 'Off' @@ -507,7 +507,7 @@ 'php5' => 'apache2-mod_php5', 'python' => 'apache2-mod_python', 'security' => 'apache2-mod_security2', - 'worker' => 'apache2-worker' + 'worker' => 'apache2-worker', } } else { $mod_packages = { diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 6d8dbc1d7d..f5da800c21 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1086,7 +1086,7 @@ concat::fragment { "${name}-security": target => "${priority_real}${filename}.conf", order => 320, - content => template('apache/vhost/_security.erb') + content => template('apache/vhost/_security.erb'), } } From e8b9a506fcb0e8325e5eceb7e40584fdb09490c3 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 22 Sep 2016 15:56:26 +0200 Subject: [PATCH 1028/2267] Don't fail if first element of is not an hash before flattening The template is using [@rewrites].flatten.compact which maps to Puppet's delete_undef_values(flatten([])) Bump stdlib version to the one introducing `delete_undef_values'. --- manifests/vhost.pp | 3 ++- metadata.json | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 5644ba82ca..266ad7fc30 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -192,7 +192,8 @@ if $rewrites { validate_array($rewrites) unless empty($rewrites) { - validate_hash($rewrites[0]) + $rewrites_flattened = delete_undef_values(flatten([$rewrites])) + validate_hash($rewrites_flattened[0]) } } diff --git a/metadata.json b/metadata.json index a82bccc323..961c34a9d4 100644 --- a/metadata.json +++ b/metadata.json @@ -8,7 +8,7 @@ "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"puppetlabs/stdlib","version_requirement":">= 4.2.0 < 5.0.0"}, {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} ], "data_provider": null, From b910c23c29cf1c2eb102bf91bee2b976451d8d67 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Fri, 9 Dec 2016 11:27:30 +0100 Subject: [PATCH 1029/2267] apache::mod::auth_kerb requires apache::mod::authn_core (on >=2.4) --- manifests/mod/auth_kerb.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp index fe63d22d7b..4b4887fe8c 100644 --- a/manifests/mod/auth_kerb.pp +++ b/manifests/mod/auth_kerb.pp @@ -1,5 +1,6 @@ class apache::mod::auth_kerb { include ::apache + include ::apache::mod::authn_core ::apache::mod { 'auth_kerb': } } From 46b148b709f4394135ac535fb200b3d71672ef25 Mon Sep 17 00:00:00 2001 From: Ira Date: Tue, 13 Dec 2016 01:22:49 +0200 Subject: [PATCH 1030/2267] Support Passenger repo on Amazon Linux (#1549) * Adding Amazon Linux support * A slightly nicer looking fix for the base URL issue for Amazon Linux. * Let's not annoy Travis --- manifests/mod/passenger.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 85f004dc5f..35b4eff22d 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -57,9 +57,15 @@ } if $::osfamily == 'RedHat' and $manage_repo { + if $::operatingsystem == 'Amazon' { + $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6Server/$basearch' + } else { + $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' + } + yumrepo { 'passenger': ensure => 'present', - baseurl => 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch', + baseurl => $baseurl, descr => 'passenger', enabled => '1', gpgcheck => '0', From 458946744c91bab6207dd3e9c0941e94eced5cf0 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Dec 2016 21:49:12 -0200 Subject: [PATCH 1031/2267] (#MODULES-3744) Process $crs_package before $modsec_dir (#1563) Class apache::mod::security created 2 files with conflicting configs: /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf /etc/httpd/modsecurity.d/security_crs.conf File[$modsec_dir] purges this directory and creates latter file but Package[$crs_package] creates former file in the same directory This change makes the package be managed before the directory, so the former file is guaranteed to be purged --- manifests/mod/security.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 6e90af2573..ae3d847299 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -53,7 +53,10 @@ if $crs_package { package { $crs_package: ensure => 'latest', - before => File[$::apache::confd_dir], + before => [ + File[$::apache::confd_dir], + File[$modsec_dir], + ], } } From a8441912b687bfa8739fd532845dd9c06905bd20 Mon Sep 17 00:00:00 2001 From: intelradoux Date: Tue, 13 Dec 2016 01:08:28 +0100 Subject: [PATCH 1032/2267] [MODULES-1491] mod_dir is empty when instanciating apache::mod::... (#1541) Add "include ::apache" on class that needed that. Apache version also need to be "pick" so that version resolution is correct. --- manifests/mod/autoindex.pp | 1 + manifests/mod/cgid.pp | 1 + manifests/mod/dav_fs.pp | 1 + manifests/mod/disk_cache.pp | 1 + manifests/mod/dumpio.pp | 2 +- manifests/mod/event.pp | 12 ++++++++---- manifests/mod/geoip.pp | 1 + manifests/mod/itk.pp | 14 +++++++++----- manifests/mod/nss.pp | 1 + manifests/mod/peruser.pp | 2 +- manifests/mod/php.pp | 2 +- manifests/mod/prefork.pp | 12 +++++++----- manifests/mod/setenvif.pp | 1 + manifests/mod/userdir.pp | 7 +++++-- manifests/mod/worker.pp | 17 +++++++++++------ templates/mod/userdir.conf.erb | 4 ++-- 16 files changed, 52 insertions(+), 27 deletions(-) diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp index c8cd0658d8..67c7580e31 100644 --- a/manifests/mod/autoindex.pp +++ b/manifests/mod/autoindex.pp @@ -1,4 +1,5 @@ class apache::mod::autoindex { + include ::apache ::apache::mod { 'autoindex': } # Template uses no variables file { 'autoindex.conf': diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 23b32dad4b..b2cb016557 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -1,4 +1,5 @@ class apache::mod::cgid { + include ::apache case $::osfamily { 'FreeBSD': {} default: { diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index f652d4c216..60127e3f6d 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -1,4 +1,5 @@ class apache::mod::dav_fs { + include ::apache $dav_lock = $::osfamily ? { 'debian' => "\${APACHE_LOCK_DIR}/DAVLock", 'freebsd' => '/usr/local/var/DavLock', diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 051d69894c..7cd72701e4 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,6 +1,7 @@ class apache::mod::disk_cache ( $cache_root = undef, ) { + include ::apache if $cache_root { $_cache_root = $cache_root } diff --git a/manifests/mod/dumpio.pp b/manifests/mod/dumpio.pp index 4886666255..62276162d3 100644 --- a/manifests/mod/dumpio.pp +++ b/manifests/mod/dumpio.pp @@ -2,7 +2,7 @@ $dump_io_input = 'Off', $dump_io_output = 'Off', ) { - + include ::apache validate_re(downcase($dump_io_input), '^(on|off)$', "${dump_io_input} is not supported for dump_io_input. Allowed values are 'On' and 'Off'.") validate_re(downcase($dump_io_output), '^(on|off)$', "${dump_io_output} is not supported for dump_io_output. Allowed values are 'On' and 'Off'.") diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index d423073e78..a873959165 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -8,10 +8,14 @@ $maxrequestsperchild = '0', $maxconnectionsperchild = undef, $serverlimit = '25', - $apache_version = $::apache::apache_version, + $apache_version = undef, $threadlimit = '64', $listenbacklog = '511', ) { + include ::apache + + $_apache_version = pick($apache_version, $apache::apache_version) + if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') } @@ -49,15 +53,15 @@ case $::osfamily { 'redhat': { - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($_apache_version, '2.4') >= 0 { apache::mpm{ 'event': - apache_version => $apache_version, + apache_version => $_apache_version, } } } 'debian','freebsd' : { apache::mpm{ 'event': - apache_version => $apache_version, + apache_version => $_apache_version, } } 'gentoo': { diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp index 2ff5d21918..66ae887dea 100644 --- a/manifests/mod/geoip.pp +++ b/manifests/mod/geoip.pp @@ -8,6 +8,7 @@ $scan_proxy_header_field = undef, $use_last_xforwarededfor_ip = undef, ) { + include ::apache ::apache::mod { 'geoip': } # Template uses: diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 56edf7e68e..8ceb56d2ba 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -5,15 +5,19 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', - $apache_version = $::apache::apache_version, + $apache_version = undef, ) { + include ::apache + + $_apache_version = pick($apache_version, $apache::apache_version) + if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::itk and apache::mod::event on the same node') } if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') } - if versioncmp($apache_version, '2.4') < 0 { + if versioncmp($_apache_version, '2.4') < 0 { if defined(Class['apache::mod::prefork']) { fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') } @@ -59,9 +63,9 @@ package { 'httpd-itk': ensure => present, } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($_apache_version, '2.4') >= 0 { ::apache::mpm{ 'itk': - apache_version => $apache_version, + apache_version => $_apache_version, } } else { @@ -77,7 +81,7 @@ } 'debian', 'freebsd': { apache::mpm{ 'itk': - apache_version => $apache_version, + apache_version => $_apache_version, } } 'gentoo': { diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index 16c285e939..8814c9366f 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -4,6 +4,7 @@ $passwd_file = undef, $port = 8443, ) { + include ::apache include ::apache::mod::mime apache::mod { 'nss': } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index e875a5afcc..5683dd66ce 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -8,7 +8,7 @@ $expiretimeout = '120', $keepalive = 'Off', ) { - + include ::apache case $::osfamily { 'freebsd' : { fail("Unsupported osfamily ${::osfamily}") diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 7743b083e0..9b3b5b8b6c 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -9,7 +9,7 @@ $root_group = $::apache::params::root_group, $php_version = $::apache::params::php_version, ) inherits apache::params { - + include ::apache $mod = "php${php_version}" if defined(Class['::apache::mod::prefork']) { diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index c09ede4de6..f35551ce6a 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -5,12 +5,14 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', - $apache_version = $::apache::apache_version, + $apache_version = undef, ) { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') } - if versioncmp($apache_version, '2.4') < 0 { + if versioncmp($_apache_version, '2.4') < 0 { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') } @@ -44,9 +46,9 @@ case $::osfamily { 'redhat': { - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($_apache_version, '2.4') >= 0 { ::apache::mpm{ 'prefork': - apache_version => $apache_version, + apache_version => $_apache_version, } } else { @@ -62,7 +64,7 @@ } 'debian', 'freebsd': { ::apache::mpm{ 'prefork': - apache_version => $apache_version, + apache_version => $_apache_version, } } 'Suse': { diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp index 63d3e321b4..d7baf582e3 100644 --- a/manifests/mod/setenvif.pp +++ b/manifests/mod/setenvif.pp @@ -1,4 +1,5 @@ class apache::mod::setenvif { + include ::apache ::apache::mod { 'setenvif': } # Template uses no variables file { 'setenvif.conf': diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 516bb11654..11e7cd5bec 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -2,12 +2,15 @@ $home = '/home', $dir = 'public_html', $disable_root = true, - $apache_version = $::apache::apache_version, + $apache_version = undef, $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ], ) { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) + ::apache::mod { 'userdir': } - # Template uses $home, $dir, $disable_root, $apache_version + # Template uses $home, $dir, $disable_root, $_apache_version file { 'userdir.conf': ensure => file, path => "${::apache::mod_dir}/userdir.conf", diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index c9e01600ee..00a9439b31 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -62,8 +62,11 @@ $serverlimit = '25', $threadlimit = '64', $listenbacklog = '511', - $apache_version = $::apache::apache_version, + $apache_version = undef, ) { + include ::apache + $_apache_version = pick($apache_version, $apache::apache_version) + if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::worker and apache::mod::event on the same node') } @@ -102,9 +105,10 @@ case $::osfamily { 'redhat': { - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mpm { 'worker': - apache_version => $apache_version, + + if versioncmp($_apache_version, '2.4') >= 0 { + ::apache::mpm{ 'worker': + apache_version => $_apache_version, } } else { @@ -118,9 +122,10 @@ } } } + 'debian', 'freebsd': { - ::apache::mpm { 'worker': - apache_version => $apache_version, + ::apache::mpm{ 'worker': + apache_version => $_apache_version, } } 'Suse': { diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index 83263c3d02..d52583bec9 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -8,7 +8,7 @@ AllowOverride FileInfo AuthConfig Limit Indexes Options <%= @options.join(' ') %> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny @@ -16,7 +16,7 @@ <%- end -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny From 59e59e8b0f19fac0ad243cf25da5f23aaee9b3b1 Mon Sep 17 00:00:00 2001 From: scottmullaly Date: Tue, 13 Dec 2016 13:13:29 +1300 Subject: [PATCH 1033/2267] ModSec debug logs to use apache logroot parameter (#1560) --- README.md | 1 + manifests/mod/security.pp | 2 ++ spec/classes/mod/security_spec.rb | 16 ++++++++++++---- templates/mod/security.conf.erb | 8 ++++---- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 510f34d5db..cf29eeb9fb 100644 --- a/README.md +++ b/README.md @@ -1915,6 +1915,7 @@ ${modsec\_dir}/activated\_rules. - `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. Fuller values can be set too like "log,auditlog,deny,status:406,tag:'SLA 24/7'" - `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' - `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' +- `logroot`: Configures the location of audit and debug logs. Defaults to apache log directory (Redhat: /var/log/httpd Debian: /var/log/apache2) - `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. Defaults: '^(?:5|4(?!04))'. - `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' - `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index ae3d847299..4fab446500 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -1,4 +1,5 @@ class apache::mod::security ( + $logroot = $::apache::params::logroot, $crs_package = $::apache::params::modsec_crs_package, $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, @@ -61,6 +62,7 @@ } # Template uses: + # - logroot # - $modsec_dir # - $audit_log_parts # - secpcrematchlimit diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index fe2f7e78bf..28b5e2642a 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -28,8 +28,12 @@ it { should contain_file('security.conf').with( :path => '/etc/httpd/conf.modules.d/security.conf' ) } - it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$} } - it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } + it { should contain_file('security.conf') + .with_content(%r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$}) + .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) + .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$}) + .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$}) + } it { should contain_file('/etc/httpd/modsecurity.d').with( :ensure => 'directory', :path => '/etc/httpd/modsecurity.d', @@ -99,8 +103,12 @@ it { should contain_file('security.conf').with( :path => '/etc/apache2/mods-available/security.conf' ) } - it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$} } - it { should contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABIJDEFHZ$} } + it { should contain_file('security.conf') + .with_content(%r{^\s+SecAuditLogRelevantStatus "\^$\?:5\|4\(\?!04$\)"$}) + .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) + .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$}) + .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$}) + } it { should contain_file('/etc/modsecurity').with( :ensure => 'directory', :path => '/etc/modsecurity', diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index 96a325e62a..638332e52e 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -49,8 +49,8 @@ SecArgumentSeparator & SecCookieFormat 0 <%- if scope.lookupvar('::osfamily') == 'Debian' -%> - SecDebugLog /var/log/apache2/modsec_debug.log - SecAuditLog /var/log/apache2/modsec_audit.log + SecDebugLog <%= @logroot %>/modsec_debug.log + SecAuditLog <%= @logroot %>/modsec_audit.log SecTmpDir /var/cache/modsecurity SecDataDir /var/cache/modsecurity SecUploadDir /var/cache/modsecurity @@ -61,8 +61,8 @@ SecDataDir /var/lib/mod_security SecUploadDir /var/lib/mod_security <% else -%> - SecDebugLog /var/log/httpd/modsec_debug.log - SecAuditLog /var/log/httpd/modsec_audit.log + SecDebugLog <%= @logroot %>/modsec_debug.log + SecAuditLog <%= @logroot %>/modsec_audit.log SecTmpDir /var/lib/mod_security SecDataDir /var/lib/mod_security SecUploadDir /var/lib/mod_security From cc9a7a5b91a74e57bc466fa25f2c5542c0814fcf Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Tue, 13 Dec 2016 15:20:16 +0100 Subject: [PATCH 1034/2267] Add ability to set SSLStaplingReturnResponderErrors on server level --- README.md | 6 ++++++ manifests/mod/ssl.pp | 33 +++++++++++++++++++-------------- spec/classes/mod/ssl_spec.rb | 9 +++++++++ templates/mod/ssl.conf.erb | 3 +++ templates/vhost/_ssl.erb | 4 ++-- 5 files changed, 39 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index cf29eeb9fb..dde2120a45 100644 --- a/README.md +++ b/README.md @@ -1185,6 +1185,12 @@ Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/cu This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +##### `ssl_stapling_return_errors` + +Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. No default. It is possible to override this on a vhost level. + +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. + ##### `timeout` Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index dadb40edec..92c456360b 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,18 +1,19 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_cryptodevice = 'builtin', - $ssl_options = [ 'StdEnvVars' ], - $ssl_openssl_conf_cmd = undef, - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', - $ssl_honorcipherorder = true, - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seed_bytes = '512', - $ssl_sessioncachetimeout = '300', - $ssl_stapling = false, - $ssl_mutex = undef, - $apache_version = undef, - $package_name = undef, + $ssl_compression = false, + $ssl_cryptodevice = 'builtin', + $ssl_options = [ 'StdEnvVars' ], + $ssl_openssl_conf_cmd = undef, + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', + $ssl_honorcipherorder = true, + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', + $ssl_sessioncachetimeout = '300', + $ssl_stapling = false, + $ssl_stapling_return_errors = undef, + $ssl_mutex = undef, + $apache_version = undef, + $package_name = undef, ) { include ::apache include ::apache::mod::mime @@ -70,6 +71,10 @@ validate_bool($ssl_stapling) + if $ssl_stapling_return_errors != undef { + validate_bool($ssl_stapling_return_errors) + } + $stapling_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ocsp(32768)", 'redhat' => '/run/httpd/ssl_stapling(32768)', diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 07c7f680d7..10badfa033 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -188,6 +188,15 @@ end it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLUseStapling On$/)} end + context 'setting ssl_stapling_return_errors to true' do + let :params do + { + :apache_version => '2.4', + :ssl_stapling_return_errors => true, + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLStaplingReturnResponderErrors On$/)} + end end context 'setting ssl_pass_phrase_dialog' do diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index c7b4cd9177..c4475cbe8d 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -22,6 +22,9 @@ SSLHonorCipherOrder <%= scope.function_bool2httpd([@_ssl_honorcipherorder]) %> <% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %> + <%- if not @ssl_stapling_return_errors.nil? -%> + SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %> + <%- end -%> SSLStaplingCache "shmcb:<%= @stapling_cache %>" <% end -%> SSLCipherSuite <%= @ssl_cipher %> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index baf18a8970..ff82bc5bdc 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -49,7 +49,7 @@ <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %> <%- end -%> - <%- if @ssl_stapling_return_errors && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - SSLStaplingReturnResponderErrors <%= @ssl_stapling_return_errors %> + <%- if not @ssl_stapling_return_errors.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %> <%- end -%> <% end -%> From f34f900cdae41119e392942c6796b20523ba472a Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 13 Dec 2016 09:30:12 -0500 Subject: [PATCH 1035/2267] MODULES-2872 - clarified the use of "default_vhost => false" --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index cf29eeb9fb..9891d3b08c 100644 --- a/README.md +++ b/README.md @@ -323,6 +323,8 @@ class { 'apache': } ``` +> **Note**: When `default_vhost` is set to `false` you have to add at least one `apache::vhost` resource or Apache will not start. + ## Usage ### Configuring virtual hosts @@ -931,6 +933,8 @@ Configures a default virtual host when the class is declared. Valid options: Boo To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to false. +> **Note**: Apache will not start without at least one virtual host. If you set this to false be sure to configure one elsewhere. + ##### `dev_packages` Configures a specific dev package to use. Valid options: A string or array of strings. Default: Depends on the operating system. From 97da04e94c929b8f136e941f7fefac8d1eae59f9 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Tue, 13 Dec 2016 12:10:25 -0800 Subject: [PATCH 1036/2267] (MODULES-4156) adds RequestHeader directive --- templates/vhost/_directories.erb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index addd03bc87..265a593550 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -317,6 +317,14 @@ <%- end -%> <%- end -%> <%- end -%> + <% if directory['request_headers'] and ! directory['request_headers'].empty? -%> + ## Request Header rules + <%- Array(directory['request_headers']).each do |request_statement| -%> + <%- if request_statement != '' -%> + RequestHeader <%= request_statement %> + <%- end -%> + <%- end -%> + <% end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 1a8a57fa0719291525b9fef42138bc86087185b0 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 13 Dec 2016 21:08:18 -0200 Subject: [PATCH 1037/2267] (MODULES-4213) Allow global rewrite rules inheritance in vhosts (#1569) * Allow global rewrite rules inheritance in vhosts Apache module rewrite allows virtual hosts to inherit global rules if their conf files contain the directive "RewriteOptions Inherit" among rewrite rules This change includes this directive depending on a boolean parameter in apache::vhost class - rewrite_inherit - which defaults to false * Include apache::vhost::rewrite_inherit parameter info in README Parameter included in same issue and branch * Add spec test for apache::vhost::rewrite_inherit parameter * Add missing closing bracket in vhost_spec.rb * Correct alignment in vhost_spec.rb * Correct rewrite inherit content test in vhost_spec.rb * Remove spec test for apache::vhost::rewrite_inherit parameter Found no way of making spec test work with file content included by Puppet template --- README.md | 29 +++++++++++++++++++++++++++++ manifests/vhost.pp | 1 + templates/vhost/_rewrite.erb | 3 +++ 3 files changed, 33 insertions(+) diff --git a/README.md b/README.md index 9891d3b08c..a9bf306f74 100644 --- a/README.md +++ b/README.md @@ -2889,6 +2889,35 @@ apache::vhost { 'site.name.fdqn': Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions. +##### `rewrite_inherit` + +Determines whether the virtual host inherits global rewrite rules. Default: false. + +Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + , + ], + rewrite_inherit => true, +} +``` + +> **Note**: The `rewrites` parameter is **required** for this to have effect + +###### Some background + +Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives: + +``` ApacheConf +RewriteEngine On +RewriteOptions Inherit +``` + +Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html), section "Rewriting in Virtual Hosts". + ##### `scriptalias` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: undef. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 78a6191d90..b84081c925 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -103,6 +103,7 @@ $rewrite_base = undef, $rewrite_rule = undef, $rewrite_cond = undef, + $rewrite_inherit = false, $setenv = [], $setenvif = [], $setenvifnocase = [], diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb index 81e3bc4679..282733757c 100644 --- a/templates/vhost/_rewrite.erb +++ b/templates/vhost/_rewrite.erb @@ -1,6 +1,9 @@ <%- if @rewrites -%> ## Rewrite rules RewriteEngine On + <%- if @rewrite_inherit -%> + RewriteOptions Inherit + <%- end -%> <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> <%- end -%> From 03f93e5b0706fa3f47068e33f8ba80c58bab81f8 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 13 Dec 2016 16:54:29 -0700 Subject: [PATCH 1038/2267] (maint) pin fast_gettext gem for rubies < 2.1.0 --- Gemfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index 8a568f6a5a..3d46720d2f 100644 --- a/Gemfile +++ b/Gemfile @@ -47,6 +47,8 @@ group :development do gem 'rubocop-rspec', '~> 1.6', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') gem 'pry', :require => false gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem 'fast_gettext', '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem 'fast_gettext', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') end group :system_tests do From 3ba1c4b0d7321410724b1276fcca4567610f6ea9 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 13 Dec 2016 23:31:30 +0000 Subject: [PATCH 1039/2267] (MODULES-4213) Adds spec test for rewrite_inherit --- spec/defines/vhost_spec.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index af282575a5..1209946e2a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -343,6 +343,7 @@ 'rewrite_base' => '/', 'rewrite_rule' => '^index\.html$ welcome.html', 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'rewrite_inherit' => true, 'setenv' => ['FOO=/bin/true'], 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', 'setenvifnocase' => 'REMOTE_ADDR ^127.0.0.1 localhost=true', @@ -556,6 +557,8 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with( + :content => /^\s+RewriteOptions Inherit$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } it { is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( From 39f0b8e434ddb1fb094e6732c74372361b38571a Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 13 Dec 2016 22:35:49 +0000 Subject: [PATCH 1040/2267] (maint) fix a faulty conditional in vhost ssl template --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index baf18a8970..8e1fe93794 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -43,7 +43,7 @@ <%- if @ssl_openssl_conf_cmd -%> SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> <%- end -%> - <%- if not @ssl_stapling.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if (not @ssl_stapling.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%> SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %> <%- end -%> <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> From fbe126aa55419837cf887f73cc0cd275e974316c Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 22 Nov 2016 11:06:39 +0100 Subject: [PATCH 1041/2267] Move mod_env in its own class and load it when required --- README.md | 2 ++ manifests/default_mods.pp | 2 +- manifests/mod/env.pp | 3 +++ manifests/vhost.pp | 14 +++++++++++--- spec/acceptance/default_mods_spec.rb | 12 +++++++++--- spec/defines/vhost_spec.rb | 1 + 6 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 manifests/mod/env.pp diff --git a/README.md b/README.md index cf29eeb9fb..e88278257c 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,7 @@ [`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html [`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html [`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html +[`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html [`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html [`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html [`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html @@ -1363,6 +1364,7 @@ The following Apache modules have supported classes, many of which allow for par * `dir`\* * `disk_cache` (see [`apache::mod::disk_cache`][]) * `dumpio` (see [`apache::mod::dumpio`][]) +* `env` * `event` (see [`apache::mod::event`][]) * `expires` * `ext_filter` (see [`apache::mod::ext_filter`][]) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index fd057d113f..879df595c1 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -152,7 +152,7 @@ include ::apache::mod::authz_user ::apache::mod { 'authz_groupfile': } - ::apache::mod { 'env': } + include ::apache::mod::env } elsif $mods { ::apache::default_mods::load { $mods: } diff --git a/manifests/mod/env.pp b/manifests/mod/env.pp new file mode 100644 index 0000000000..b973005f4c --- /dev/null +++ b/manifests/mod/env.pp @@ -0,0 +1,3 @@ +class apache::mod::env { + ::apache::mod { 'env': } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 78a6191d90..3b7ea10a98 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -539,11 +539,19 @@ } } + # Check if mod_env is required and not yet loaded. + # create an expression to simplify the conditional check + $use_env_mod = $setenv and ! empty($setenv) + if ($use_env_mod) { + if ! defined(Class['apache::mod::env']) { + include ::apache::mod::env + } + } # Check if mod_setenvif is required and not yet loaded. # create an expression to simplify the conditional check - $use_setenv_mod = ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase)) + $use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase)) - if ($use_setenv_mod) { + if ($use_setenvif_mod) { if ! defined(Class['apache::mod::setenvif']) { include ::apache::mod::setenvif } @@ -907,7 +915,7 @@ # Template uses: # - $setenv # - $setenvif - if ($use_setenv_mod) { + if ($use_env_mod or $use_setenvif_mod) { concat::fragment { "${name}-setenv": target => "${priority_real}${filename}.conf", order => 220, diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 66790d2ffd..ab241e4551 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -34,12 +34,18 @@ class { 'apache': default_mods => false, } apache::vhost { 'defaults.example.com': - docroot => '#{$doc_root}/defaults', - aliases => { + docroot => '#{$doc_root}/defaults', + aliases => { alias => '/css', path => '#{$doc_root}/css', }, - setenv => 'TEST1 one', + directories => [ + { + 'path' => "#{$doc_root}/admin", + 'auth_basic_fake' => 'demo demopass', + } + ], + setenv => 'TEST1 one', } EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index af282575a5..9664816ab4 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -453,6 +453,7 @@ it { is_expected.to contain_class('apache::mod::fastcgi') } it { is_expected.to contain_class('apache::mod::headers') } it { is_expected.to contain_class('apache::mod::filter') } + it { is_expected.to contain_class('apache::mod::env') } it { is_expected.to contain_class('apache::mod::setenvif') } it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ 'owner' => 'root', From e9ca0ac0e5cc03c926b9a742a1df68671fd2978f Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Mon, 12 Dec 2016 20:08:51 -0700 Subject: [PATCH 1042/2267] Release 1.11.0 Prep --- CHANGELOG.md | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 5 ++-- 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1897558375..e921ccc215 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,73 @@ +## Supported Release 1.11.0 +#### Summary +This release adds SLES12 Support and many more features and bugfixes. + +#### Features +- (MODULES-4049) Adds SLES 12 Support +- Adds additional directories options for LDAP Auth + - `auth_ldap_url` + - `auth_ldap_bind_dn` + - `auth_ldap_bind_password` + - `auth_ldap_group_attribute` + - `auth_ldap_group_attribute_is_dn` +- Allows `mod_event` parameters to be unset +- Allows management of default root directory access rights +- Adds class `apache::vhosts` to create apache::vhost resources +- Adds class `apache::mod::proxy_wstunnel` +- Adds class `apache::mod::dumpio` +- Adds class `apache::mod::socache_shmcb` +- Adds class `apache::mod::authn_dbd` +- Adds support for apache 2.4 on Amazon Linux +- Support the newer `mod_auth_cas` config options +- Adds `wsgi_script_aliases_match` parameter to `apache::vhost` +- Allow to override all SecDefaultAction attributes +- Add audit_log_relevant_status parameter to apache::mod::security +- Allow absolute path to $apache::mod::security::activated_rules +- Allow setting SecAuditLog +- Adds `passenger_max_instances_per_app` to `mod::passenger` +- Allow the proxy_via setting to be configured +- Allow no_proxy_uris to be used within proxy_pass +- Add rpaf.conf template parameter to `mod::rpaf` +- Allow user to specify alternative package and library names for shibboleth module +- Allows configuration of shibboleth lib path +- Adds parameter `passenger_data_buffer_dir` to `mod::passenger` +- Adds SSL stapling +- Allows use of `balance_manager` with `mod_proxy_balancer` +- Raises lower bound of `stdlib` dependency to version 4.2 +- Adds support for Passenger repo on Amazon Linux +- Add ability to set SSLStaplingReturnResponderErrors on server level +- (MODULES-4213) Allow global rewrite rules inheritance in vhosts +- Moves `mod_env` to its own class and load it when required + +#### Bugfixes +- Deny access to .ht and .hg, which are created by mercurial hg. +- Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead. +- Only set SSLCompression when it is set to true. +- Remove duplicate shib2 hash element +- (MODULES-3388) Include mpm_module classes instead of class declaration +- Updates `apache::balancer` to respect `apache::confd_dir` +- Wrap mod_security directives in an IfModule +- Fixes to various mods for Ubuntu Xenial +- Fix /etc/modsecurity perms to match package +- Fix PassengerRoot under Debian stretch +- (MODULES-3476) Updates regex in apache_version custom fact to work with EL5 +- Dont sql_injection_attacks.data +- Add force option to confd file resource to purge directory without warnings +- Patch httpoxy through mod_security +- Fixes config ordering of IncludeOptional +- Fixes bug where port numbers were unquoted +- Fixes bug where empty servername for vhost were written to template +- Auto-load `slotmem_shm` and `lbmethod_byrequests` with `proxy_balancer` on 2.4 +- Simplify MPM setup on FreeBSD +- Adds requirement for httpd package +- Do not set ssl_certs_dir on FreeBSD +- Fixes bug that produces a duplicate `Listen 443` after a package update on EL7 +- Fixes bug where custom facts break structured facts +- Avoid relative classname inclusion +- Fixes a failure in `vhost` if the first element of `$rewrites` is not a hash +- (MODULES-3744) Process $crs_package before $modsec_dir +- (MODULES-1491) Adds `::apache` include to mods that need it + ## Supported Release 1.10.0 #### Summary This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. diff --git a/metadata.json b/metadata.json index 961c34a9d4..7bb2f12dbc 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.10.0", + "version": "1.11.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -55,7 +55,8 @@ { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11 SP1" + "11 SP1", + "12" ] }, { From aa11baed37639d37adfbb18f5431f597a6cedee8 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Thu, 15 Dec 2016 23:22:53 +0000 Subject: [PATCH 1043/2267] (maint) Fix conditional in vhost ssl template --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 1ca7cbfbb0..c92f70c87b 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -49,7 +49,7 @@ <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %> <%- end -%> - <%- if not @ssl_stapling_return_errors.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if (not @ssl_stapling_return_errors.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%> SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %> <%- end -%> <% end -%> From 90e50eedd7c8ba0d1e1c17ba678525630bb7e023 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Fri, 16 Dec 2016 15:57:46 +0000 Subject: [PATCH 1044/2267] (maint) Fix the vhost ssl template correctly this time --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index c92f70c87b..e70efebda5 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -49,7 +49,7 @@ <%- if @ssl_stapling_timeout && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> SSLStaplingResponderTimeout <%= @ssl_stapling_timeout %> <%- end -%> - <%- if (not @ssl_stapling_return_errors.nil? && scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%> + <%- if (not @ssl_stapling_return_errors.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%> SSLStaplingReturnResponderErrors <%= scope.function_bool2httpd([@ssl_stapling_return_errors]) %> <%- end -%> <% end -%> From 4d8608c32c6b2311237786d65b1009064714c968 Mon Sep 17 00:00:00 2001 From: kuchosauronad0 Date: Thu, 22 Dec 2016 09:52:00 +0100 Subject: [PATCH 1045/2267] Add FileETag --- manifests/init.pp | 1 + spec/acceptance/apache_parameters_spec.rb | 16 ++++++++++++++++ spec/classes/apache_spec.rb | 8 ++++++++ templates/httpd.conf.erb | 3 +++ 4 files changed, 28 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index 3ad7b293d3..692dc5afea 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -76,6 +76,7 @@ $server_signature = 'On', $trace_enable = 'On', $allow_encoded_slashes = undef, + $file_e_tag = undef, $package_ensure = 'installed', $use_optional_includes = $::apache::params::use_optional_includes, $use_systemd = $::apache::params::use_systemd, diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 923df6666c..bda99c5017 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -483,6 +483,22 @@ class { 'apache': end end + describe 'file_e_tag' do + it 'applys cleanly' do + pp = <<-EOS + class { 'apache': + file_e_tag => 'None', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'FileETag None' } + end + end + describe 'package_ensure' do it 'applys cleanly' do pp = <<-EOS diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6eef4ba249..321b5e4152 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -110,6 +110,14 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} } end + context "when specifying fileETag behaviour" do + let :params do + { :file_e_tag => 'None' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^FileETag None$} } + end + context "when specifying default character set" do let :params do { :default_charset => 'none' } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 4445d75ff8..4c22b17d77 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -61,6 +61,9 @@ EnableSendfile <%= @sendfile %> <%- if @allow_encoded_slashes -%> AllowEncodedSlashes <%= @allow_encoded_slashes %> <%- end -%> +<%- if @file_e_tag -%> +FileETag <%= @file_e_tag %> +<%- end -%> #Listen 80 From 6ff47c4e5a5fe84439e116820db2d34a96e125e7 Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Tue, 27 Dec 2016 15:30:39 +0100 Subject: [PATCH 1046/2267] Allow multiple ports per vhost --- README.md | 10 +++ manifests/vhost.pp | 9 +-- spec/acceptance/vhost_spec.rb | 129 ++++++++++++++++++++++++++++++++++ spec/defines/vhost_spec.rb | 74 +++++++++++++++++++ 4 files changed, 218 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ae4a81b4a9..d68ec6786e 100644 --- a/README.md +++ b/README.md @@ -440,6 +440,16 @@ apache::vhost { 'ip.example.com': } ``` +You can configure multiple ports per virtual host by using an array of ports for the [`port`][] parameter: + +``` puppet +apache::vhost { 'ip.example.com': + ip => ['127.0.0.1'], + port => ['80','8080'] + docroot => '/var/www/ip', +} +``` + To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: ``` puppet diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fbd297f250..e28dff266d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -446,10 +446,11 @@ if $ip { - $_ip = enclose_ipv6($ip) + $_ip = any2array(enclose_ipv6($ip)) if $port { - $listen_addr_port = suffix(any2array($_ip),":${port}") - $nvh_addr_port = suffix(any2array($_ip),":${port}") + $_port = any2array($port) + $listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') + $nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') } else { $listen_addr_port = undef $nvh_addr_port = $_ip @@ -460,7 +461,7 @@ } else { if $port { $listen_addr_port = $port - $nvh_addr_port = "${vhost_name}:${port}" + $nvh_addr_port = prefix(any2array($port),"${vhost_name}:") } else { $listen_addr_port = undef $nvh_addr_port = $name diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 200a83d22e..515465b9d0 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -260,6 +260,135 @@ class { 'apache': end end + context 'new vhost with multiple ports on 1 IP address' do + it 'should configure one apache vhost with 2 ports' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::vhost { 'example.com': + port => ['80','8080'], + ip => '127.0.0.1', + ip_based => true, + docroot => '/var/www/html', + } + host { 'host1.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Hello from vhost\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } + end + + describe file("#{$vhost_dir}/25-example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName example.com" } + end + + describe file($ports_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 127.0.0.1:80' } + it { is_expected.to contain 'Listen 127.0.0.1:8080' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' } + end + + it 'should answer to host1.example.com port 80' do + shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + + it 'should answer to host1.example.com port 8080' do + shell("/usr/bin/curl host1.example.com:8080", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + end + + context 'new vhost with multiple IP addresses on multiple ports' do + it 'should configure one apache vhost with 2 ip addresses and 2 ports' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::vhost { 'example.com': + port => ['80', '8080'], + ip => ['127.0.0.1','127.0.0.2'], + ip_based => true, + docroot => '/var/www/html', + } + host { 'host1.example.com': ip => '127.0.0.1', } + host { 'host2.example.com': ip => '127.0.0.2', } + file { '/var/www/html/index.html': + ensure => file, + content => "Hello from vhost\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } + end + it { is_expected.to be_running } + end + + describe file("#{$vhost_dir}/25-example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName example.com" } + end + + describe file($ports_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 127.0.0.1:80' } + it { is_expected.to contain 'Listen 127.0.0.1:8080' } + it { is_expected.to contain 'Listen 127.0.0.2:80' } + it { is_expected.to contain 'Listen 127.0.0.2:8080' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } + it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:8080' } + end + + it 'should answer to host1.example.com port 80' do + shell("/usr/bin/curl host1.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + + it 'should answer to host1.example.com port 8080' do + shell("/usr/bin/curl host1.example.com:8080", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + + it 'should answer to host2.example.com port 80' do + shell("/usr/bin/curl host2.example.com:80", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + + it 'should answer to host2.example.com port 8080' do + shell("/usr/bin/curl host2.example.com:8080", {:acceptable_exit_codes => 0}) do |r| + expect(r.stdout).to eq("Hello from vhost\n") + end + end + end + context 'new vhost with IPv6 address on port 80', :ipv6 do it 'should configure one apache vhost with an ipv6 address' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3fd94bdefc..4796f0bf2a 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -659,6 +659,80 @@ it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } end + context 'vhost with multiple ports' do + let :params do + { + 'port' => ['80', '8080'], + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } + end + + context 'vhost with multiple ip addresses, multiple ports' do + let :params do + { + 'port' => ['80', '8080'], + 'ip' => ['127.0.0.1','::1'], + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } + it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } + it { is_expected.to contain_concat__fragment('Listen [::1]:80') } + it { is_expected.to contain_concat__fragment('Listen [::1]:8080') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:8080') } + end + context 'vhost with ipv6 address' do let :params do { From 0dcfa2a0109fc98a5fae76fb55cc9f4dbbb1c48c Mon Sep 17 00:00:00 2001 From: Florian Krupicka Date: Mon, 2 Jan 2017 20:25:53 +0100 Subject: [PATCH 1047/2267] [apache::mod::cgi] Fix: ordering constraint for mod_cgi `mod_cgi` is used on other MPM implementations than just `prefork`, so we have to enforce resource ordering against these too. --- manifests/mod/cgi.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index a41bb6debd..272f0ccd05 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -2,7 +2,9 @@ case $::osfamily { 'FreeBSD': {} default: { - Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + if $::apache::mpm_module =~ /^(itk|peruser|prefork)$/ { + Class["::apache::mod::${::apache::mpm_module}"] -> Class['::apache::mod::cgi'] + } } } From 22a02ce039678bc64cf951b6c9cff6b7abc8766a Mon Sep 17 00:00:00 2001 From: Andre Schmelzer Date: Tue, 3 Jan 2017 10:47:16 +0100 Subject: [PATCH 1048/2267] Add documentation for FileETag --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index d68ec6786e..4d1d2bedf7 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,7 @@ [FastCGI]: http://www.fastcgi.com/ [FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource [`fallbackresource`]: #fallbackresource +[`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag [filter rules]: https://httpd.apache.org/docs/current/filter.html [`filters`]: #filters [`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype @@ -2377,6 +2378,12 @@ Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.ht If using fastcgi, this option sets the timeout for the server to respond. +##### `file_e_tag` + +Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files. +Valid options: 'INode', 'MTime', 'Size', 'All', 'None'. +Default: undef, which uses Apache's default setting of 'MTime Size'. + ##### `filters` [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. From 63ced3e69a1ec94c0160d2e854faf914bb220ea9 Mon Sep 17 00:00:00 2001 From: Wilson McCoubrey Date: Tue, 10 Jan 2017 10:53:26 +0000 Subject: [PATCH 1049/2267] [MODULES-4224] Implement beaker-module_install_helper Gemfile updated by modulesync PR: puppetlabs/modulesync_configs#122 --- Gemfile | 1 + spec/spec_helper_acceptance.rb | 11 +++-------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index 3d46720d2f..5820775a36 100644 --- a/Gemfile +++ b/Gemfile @@ -59,6 +59,7 @@ group :system_tests do gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') if ! supports_windows gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '~> 5.1') if supports_windows gem 'beaker-puppet_install_helper', :require => false + gem 'beaker-module_install_helper', :require => false gem 'master_manipulator', :require => false gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem 'beaker-abs', *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 5d93612afc..c652104c25 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,8 +1,11 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' require 'beaker/puppet_install_helper' +require 'beaker/module_install_helper' run_puppet_install_helper +install_module_on(hosts) +install_module_dependencies_on(hosts) RSpec.configure do |c| c.filter_run :focus => true @@ -12,9 +15,6 @@ c.filter_run_excluding :ipv6 => true end - # Project root - proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - # Readable test descriptions c.formatter = :documentation @@ -42,11 +42,6 @@ # Install module and dependencies hosts.each do |host| - copy_module_to(host, :source => proj_root, :module_name => 'apache') - - on host, puppet('module','install','puppetlabs-stdlib') - on host, puppet('module','install','puppetlabs-concat') - # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel') From 9c857600f166591fe41f33778b846a6569ecc801 Mon Sep 17 00:00:00 2001 From: Tom Kerremans Date: Tue, 27 Dec 2016 14:26:22 +0100 Subject: [PATCH 1050/2267] Add option AddCharset for Directory --- templates/vhost/_directories.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index addd03bc87..37865e7679 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -206,6 +206,9 @@ <%- if directory['force_type'] -%> ForceType <%= directory['force_type'] %> <%- end -%> + <%- if directory['add_charset'] -%> + AddCharset <%= directory['add_charset'] %> + <%- end -%> <%- if directory['ssl_options'] -%> SSLOptions <%= Array(directory['ssl_options']).join(' ') %> <%- end -%> From 4d9dde9e0a61cabe77767469804e9ed58004cbec Mon Sep 17 00:00:00 2001 From: Tom Kerremans Date: Tue, 27 Dec 2016 15:11:20 +0100 Subject: [PATCH 1051/2267] (MODULES-4248) Added documentation for add_charset --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index d68ec6786e..e2f208cf9a 100644 --- a/README.md +++ b/README.md @@ -2396,6 +2396,11 @@ apache::vhost { "$::fqdn": Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value. +#### `add_charset` + +Lets Apache set custom content character sets per directory and/or file extension + + ##### `headers` Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or undef. Default: undef. From 02d001d4f0ccdbf95cd6441632588f3ff689813d Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 5 Jan 2017 15:30:53 -0800 Subject: [PATCH 1052/2267] (MODULES-4097) Sync travis.yml --- .fixtures.yml | 1 + .gitignore | 3 +++ .sync.yml | 17 ----------------- .travis.yml | 17 ++++------------- Gemfile | 9 +++------ .../site_apache/templates/fake.conf.erb | 0 6 files changed, 11 insertions(+), 36 deletions(-) rename spec/fixtures/{modules => }/site_apache/templates/fake.conf.erb (100%) diff --git a/.fixtures.yml b/.fixtures.yml index 6eddf260f6..66ad3e5370 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,3 +5,4 @@ fixtures: portage: "git://github.com/gentoo/puppet-portage.git" symlinks: apache: "#{source_dir}" + site_apache: "#{source_dir}/spec/fixtures/site_apache" diff --git a/.gitignore b/.gitignore index 0cd25de9af..3b6ff4e363 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,6 @@ coverage/ log/ .idea/ *.iml +.yardoc +.yardwarns +doc/ diff --git a/.sync.yml b/.sync.yml index 29a1aafa7b..a397135701 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,21 +1,4 @@ --- -.travis.yml: - includes: - - rvm: 2.3.1 - env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - bundler_args: --without system_tests - - rvm: 2.1.9 - env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - bundler_args: --without system_tests - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - bundler_args: --without system_tests - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - bundler_args: --without system_tests - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" - bundler_args: --without system_tests Rakefile: extra_disabled_lint_checks: - 'disable_only_variable_string' diff --git a/.travis.yml b/.travis.yml index e279ee3cb8..4981b25921 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,7 @@ sudo: false language: ruby cache: bundler -script: "bundle exec rake validate lint spec" +script: "bundle exec rake release_checks" #Inserting below due to the following issue: https://github.com/travis-ci/travis-ci/issues/3531#issuecomment-88311203 before_install: - gem update bundler @@ -24,18 +24,9 @@ matrix: sudo: required - rvm: 2.3.1 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - - rvm: 2.1.9 + env: PUPPET_GEM_VERSION="~> 4.0" + - rvm: 2.1.7 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" STDLIB_LOG_DEPRECATIONS="false" - - rvm: 2.1.5 - bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.1.5 - bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 1.9.3 - bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 3.0" + env: PUPPET_GEM_VERSION="~> 4.0" notifications: email: false diff --git a/Gemfile b/Gemfile index 5820775a36..c8c6cd996d 100644 --- a/Gemfile +++ b/Gemfile @@ -52,12 +52,9 @@ group :development do end group :system_tests do - gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '~> 2.20') if supports_windows - gem 'beaker', *location_for(ENV['BEAKER_VERSION']) if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') and ! supports_windows - gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '< 3') if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.3.0') and ! supports_windows - gem 'beaker-pe', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') - gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '>= 3.4') if ! supports_windows - gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION'] || '~> 5.1') if supports_windows + gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '>= 3') + gem 'beaker-pe', :require => false + gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION']) gem 'beaker-puppet_install_helper', :require => false gem 'beaker-module_install_helper', :require => false gem 'master_manipulator', :require => false diff --git a/spec/fixtures/modules/site_apache/templates/fake.conf.erb b/spec/fixtures/site_apache/templates/fake.conf.erb similarity index 100% rename from spec/fixtures/modules/site_apache/templates/fake.conf.erb rename to spec/fixtures/site_apache/templates/fake.conf.erb From 1c92e7a3fa91a9293ee2ea867a6bcd1be6298e17 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 19 Jan 2017 16:10:17 -0800 Subject: [PATCH 1053/2267] (MODULES-4098) Sync the rest of the files --- .gitignore | 9 +++++++++ .project | 23 +++++++++++++++++++++++ .sync.yml | 2 ++ CONTRIBUTING.md | 3 +-- Gemfile | 1 + MAINTAINERS.md | 6 ++++++ NOTICE | 8 +++----- Rakefile | 7 +++---- 8 files changed, 48 insertions(+), 11 deletions(-) create mode 100644 .project create mode 100644 MAINTAINERS.md diff --git a/.gitignore b/.gitignore index 3b6ff4e363..f6e8b46c29 100644 --- a/.gitignore +++ b/.gitignore @@ -1,15 +1,24 @@ #This file is generated by ModuleSync, do not edit. pkg/ Gemfile.lock +Gemfile.local vendor/ spec/fixtures/manifests/ spec/fixtures/modules/ +log/ +junit/ .vagrant/ .bundle/ coverage/ log/ .idea/ +.metadata *.iml +.*.sw[op] .yardoc .yardwarns +.DS_Store +tmp/ +vendor/ doc/ + diff --git a/.project b/.project new file mode 100644 index 0000000000..51770ab1ca --- /dev/null +++ b/.project @@ -0,0 +1,23 @@ + + + puppetlabs-apache + + + + + + com.puppetlabs.geppetto.pp.dsl.ui.modulefileBuilder + + + + + org.eclipse.xtext.ui.shared.xtextBuilder + + + + + + com.puppetlabs.geppetto.pp.dsl.ui.puppetNature + org.eclipse.xtext.ui.shared.xtextNature + + diff --git a/.sync.yml b/.sync.yml index a397135701..3a20deb37b 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,4 +1,6 @@ --- +appveyor.yml: + delete: true Rakefile: extra_disabled_lint_checks: - 'disable_only_variable_string' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3c3f1e7999..990edba7e7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -43,7 +43,7 @@ Checklist (and a short version for the impatient) - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. + - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. * Preferred method: @@ -215,4 +215,3 @@ Additional Resources * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) - diff --git a/Gemfile b/Gemfile index c8c6cd996d..5d863251d6 100644 --- a/Gemfile +++ b/Gemfile @@ -49,6 +49,7 @@ group :development do gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') gem 'fast_gettext', '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') gem 'fast_gettext', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem 'rainbow', '< 2.2.0', :require => false end group :system_tests do diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 0000000000..18a33881e0 --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,6 @@ +## Maintenance + +Maintainers: + - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com` + +Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apache`. diff --git a/NOTICE b/NOTICE index c07b29dc8e..77c13089ac 100644 --- a/NOTICE +++ b/NOTICE @@ -1,8 +1,6 @@ -apache puppet module +Puppet Module - puppetlabs-apache -Copyright (C) 2012-2016 Puppet Labs, Inc. - -Puppet Labs can be contacted at: info@puppetlabs.com +Copyright 2017 Puppet, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,4 +12,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/Rakefile b/Rakefile index f4c70b8d35..3994519d9d 100644 --- a/Rakefile +++ b/Rakefile @@ -1,10 +1,9 @@ -require 'puppet_blacksmith/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-lint/tasks/puppet-lint' +require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? +PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') -PuppetLint.configuration.send('disable_documentation') -PuppetLint.configuration.send('disable_single_quote_string_with_variables') PuppetLint.configuration.send('disable_only_variable_string') desc 'Generate pooler nodesets' From 1147eb8d8c72050b41f2cb7837e74f391cec4759 Mon Sep 17 00:00:00 2001 From: Pedro Adame Date: Mon, 30 Jan 2017 13:01:35 +0100 Subject: [PATCH 1054/2267] Document mod_rewrite with the rest of modules --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d68ec6786e..dbc3abdca7 100644 --- a/README.md +++ b/README.md @@ -1871,6 +1871,10 @@ Installs and configures [`mod_reqtimeout`][]. - `timeouts`: A string or [array][] that sets the [`RequestReadTimeout`][] option. Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. +##### Class: `apache::mod::rewrite` + +Installs and enables the Apache module `mod_rewrite`. + ##### Class: `apache::mod::shib` Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a web application that consumes Shibboleth SSO identities, also known as a Shibboleth Service Provider. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). From 2e16cef6b1461c8b9b54f0c5114ac94b093c74b4 Mon Sep 17 00:00:00 2001 From: hex2a Date: Tue, 7 Feb 2017 14:58:58 +0100 Subject: [PATCH 1055/2267] (MODULES-4391) add SSLProxyVerifyDepth and SSLProxyCACertificateFile directive --- README.md | 8 ++++++++ manifests/vhost.pp | 8 ++++++++ templates/vhost/_sslproxy.erb | 6 ++++++ 3 files changed, 22 insertions(+) diff --git a/README.md b/README.md index d68ec6786e..97c67e242e 100644 --- a/README.md +++ b/README.md @@ -3800,6 +3800,14 @@ Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.ht Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: undef. +##### `ssl_proxy_verify_depth` + +Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate. (A depth of 0 means that self-signed remote server certificates are accepted only, the default depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server) Default: undef. + +##### `ssl_proxy_ca_cert` + +Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. + ##### `ssl_proxy_machine_cert` Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e28dff266d..0a6ab0cfa1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -26,6 +26,8 @@ $ssl_verify_client = undef, $ssl_verify_depth = undef, $ssl_proxy_verify = undef, + $ssl_proxy_verify_depth = undef, + $ssl_proxy_ca_cert = undef, $ssl_proxy_check_peer_cn = undef, $ssl_proxy_check_peer_name = undef, $ssl_proxy_check_peer_expire = undef, @@ -294,6 +296,10 @@ validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.") } + if $ssl_proxy_verify_depth { + validate_integer($ssl_proxy_verify_depth) + } + if $ssl_proxy_check_peer_cn { validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") } @@ -955,6 +961,8 @@ # Template uses: # - $ssl_proxyengine # - $ssl_proxy_verify + # - $ssl_proxy_verify_depth + # - $ssl_proxy_ca_cert # - $ssl_proxy_check_peer_cn # - $ssl_proxy_check_peer_name # - $ssl_proxy_check_peer_expire diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index a92bab5524..6cb9216d40 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -5,6 +5,12 @@ <%- if @ssl_proxy_verify -%> SSLProxyVerify <%= @ssl_proxy_verify %> <%- end -%> + <%- if @ssl_proxy_verify_depth -%> + SSLProxyVerifyDepth <%= @ssl_proxy_verify_depth %> + <%- end -%> + <%- if @ssl_proxy_ca_cert -%> + SSLProxyCACertificateFile "<%= @ssl_proxy_ca_cert %>" + <%- end -%> <%- if @ssl_proxy_check_peer_cn -%> SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> <%- end -%> From 340931b4c9a407c1e4090d0363e0412e12a3d571 Mon Sep 17 00:00:00 2001 From: Tobias Brox Date: Fri, 3 Mar 2017 14:01:36 +0100 Subject: [PATCH 1056/2267] The base tag also needs link rewriting, particularly in reverse proxy situations. base tag is defined at https://www.w3schools.com/tags/tag_base.asp. Including this ProxyHTMLLinks line is recommended i.e. at http://httpd.apache.org/docs/current/mod/mod_proxy_html.html#proxyhtmllinks and other places. --- templates/mod/proxy_html.conf.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/mod/proxy_html.conf.erb b/templates/mod/proxy_html.conf.erb index fea15f393f..f2f0bc0ce7 100644 --- a/templates/mod/proxy_html.conf.erb +++ b/templates/mod/proxy_html.conf.erb @@ -11,6 +11,7 @@ ProxyHTMLLinks form action ProxyHTMLLinks input src usemap ProxyHTMLLinks head profileProxyHTMLLinks base href ProxyHTMLLinks script src for +ProxyHTMLLinks base href ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ onmouseover onmousemove onmouseout onkeypress \ From 813abee0046932d4b83dae290cb4c2f275fdf1cb Mon Sep 17 00:00:00 2001 From: tphoney Date: Tue, 7 Mar 2017 14:47:11 +0000 Subject: [PATCH 1057/2267] reduce tests to mod_pagespeed to centos 7 --- spec/acceptance/mod_pagespeed_spec.rb | 43 ++++++++------------------- 1 file changed, 12 insertions(+), 31 deletions(-) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index c88d594484..1455d5630b 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -1,35 +1,20 @@ require 'spec_helper_acceptance' require_relative './version.rb' -# Don't run this test on Debian < 8 or Ubuntu < 12, because Debian doesn't like -# updating packages and Pagespeed doesn't like old packages. -describe 'apache::mod::pagespeed class', :unless => - ((fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') < '8') or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') < '12') or - (fact('operatingsystem') == 'SLES' )) do +# Only run the test on centos 7, this is to cut down on the different types of setup +# required. Installing the dependancies are highly prone to failure. +describe 'apache::mod::pagespeed class', :if => + ((fact('operatingsystem') == 'CentOS' ) and + (fact('operatingsystemmajrelease') == '7' )) do context "default pagespeed config" do it 'succeeds in puppeting pagespeed' do pp= <<-EOS - if $::osfamily == 'Debian' { - class { 'apt': } - - apt::source { 'mod-pagespeed': - key => '7FAC5991', - key_server => 'pgp.mit.edu', - location => 'http://dl.google.com/linux/mod-pagespeed/deb/', - release => 'stable', - repos => 'main', - include_src => false, - before => Class['apache'], - } - } elsif $::osfamily == 'RedHat' { - yumrepo { 'mod-pagespeed': - baseurl => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture", - enabled => 1, - gpgcheck => 1, - gpgkey => 'https://dl-ssl.google.com/linux/linux_signing_key.pub', - before => Class['apache'], - } + yumrepo { 'mod-pagespeed': + baseurl => "http://dl.google.com/linux/mod-pagespeed/rpm/stable/$::architecture", + enabled => 1, + gpgcheck => 1, + gpgkey => 'https://dl-ssl.google.com/linux/linux_signing_key.pub', + before => Class['apache'], } class { 'apache': @@ -54,11 +39,7 @@ class { 'apache::mod::pagespeed': end describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { should be_enabled } - end + it { should be_enabled } it { is_expected.to be_running } end From 4b9d2caf149c286c7d99c05a79c69ad6ed75160b Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 7 Mar 2017 16:52:52 -0300 Subject: [PATCH 1058/2267] Include AdvertiseFrequency directive in cluster.conf template --- templates/mod/cluster.conf.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/mod/cluster.conf.erb b/templates/mod/cluster.conf.erb index 6a998a0e96..831cce6c76 100644 --- a/templates/mod/cluster.conf.erb +++ b/templates/mod/cluster.conf.erb @@ -12,6 +12,9 @@ Listen <%= @ip %>:<%= @port %> ManagerBalancerName <%= @balancer_name %> ServerAdvertise <%= scope.function_bool2httpd([@server_advertise]) %> + <%- if @server_advertise == true and @advertise_frequency != nil -%> + AdvertiseFrequency <%= advertise_frequency %> + <%- end -%> SetHandler mod_cluster-manager From 874c153f502ccdda9857f03594cbb0b59d1d98fc Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 7 Mar 2017 16:53:43 -0300 Subject: [PATCH 1059/2267] Add parameter for AdvertiseFrequency in class apache::mod::cluster --- manifests/mod/cluster.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/cluster.pp b/manifests/mod/cluster.pp index a3a9f6c631..442b583525 100644 --- a/manifests/mod/cluster.pp +++ b/manifests/mod/cluster.pp @@ -9,6 +9,7 @@ $manager_allowed_network = '127.0.0.1', $max_keep_alive_requests = 0, $server_advertise = true, + $advertise_frequency = undef, ) { include ::apache From 1e87cd723cc7f898c64b70f0c9c7da55aa47daf5 Mon Sep 17 00:00:00 2001 From: Dirk Tepe Date: Wed, 8 Mar 2017 14:16:55 -0500 Subject: [PATCH 1060/2267] Add param to allow management of values for AllowOverride in the userdir.conf template This replaces the hardcoded list with an array join, similar to the existing Options line. The previously hardcoded values are used as the default for the overrides param. --- manifests/mod/userdir.pp | 1 + templates/mod/userdir.conf.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index 11e7cd5bec..ea6ee193dd 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -3,6 +3,7 @@ $dir = 'public_html', $disable_root = true, $apache_version = undef, + $overrides = [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ], $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ], ) { include ::apache diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index d52583bec9..c02a9188d6 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -5,7 +5,7 @@ UserDir <%= @home %>/*/<%= @dir %> /*/<%= @dir %>"> - AllowOverride FileInfo AuthConfig Limit Indexes + AllowOverride <%= @overrides.join(' ') %> Options <%= @options.join(' ') %> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> From abcf22893cb0bf8d1e201d5257258fc353af6834 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Thu, 9 Mar 2017 12:28:14 -0300 Subject: [PATCH 1061/2267] Include apache::mod::cluster::advertise_frequency in README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dbc3abdca7..631abb88af 100644 --- a/README.md +++ b/README.md @@ -1606,6 +1606,7 @@ class { '::apache::mod::cluster': - `port`: mod_cluster listen port. Default: '6666'. - `server_advertise`: Whether the server should advertise. Default: true. +- `advertise_frequency`: Interval between advertise messages in seconds[.miliseconds]. Default: 10. - `manager_allowed_network`: Network allowed to access the mod_cluster_manager. Default: '127.0.0.1'. - `keep_alive_timeout`: Keep-alive timeout. Default: 60. - `max_keep_alive_requests`: Max number of requests kept alive. Default: 0 From d23eb25d48bbac4b02718fc63b7b72ebea8b5d7f Mon Sep 17 00:00:00 2001 From: Wilson McCoubrey Date: Wed, 22 Mar 2017 15:06:21 +0000 Subject: [PATCH 1062/2267] [MODULES-4528] Replace Puppet.version.to_f version comparison from spec_helper.rb --- .gitattributes | 6 +++--- locales/config.yaml | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 locales/config.yaml diff --git a/.gitattributes b/.gitattributes index 900ea0cbb5..02d4646b9b 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,5 +1,5 @@ #This file is generated by ModuleSync, do not edit. -*.rb eol=lf +*.rb eol=lf *.erb eol=lf -*.pp eol=lf -*.sh eol=lf +*.pp eol=lf +*.sh eol=lf diff --git a/locales/config.yaml b/locales/config.yaml new file mode 100644 index 0000000000..ab8ed8ba30 --- /dev/null +++ b/locales/config.yaml @@ -0,0 +1,26 @@ +--- +# This is the project-specific configuration file for setting up +# fast_gettext for your project. +gettext: + # This is used for the name of the .pot and .po files; they will be + # called .pot? + project_name: puppetlabs-apache + # This is used in comments in the .pot and .po files to indicate what + # project the files belong to and should bea little more desctiptive than + # + package_name: puppetlabs-apache + # The locale that the default messages in the .pot file are in + default_locale: en + # The email used for sending bug reports. + bugs_address: docs@puppet.com + # The holder of the copyright. + copyright_holder: Puppet, Inc. + # This determines which comments in code should be eligible for translation. + # Any comments that start with this string will be externalized. (Leave + # empty to include all.) + comments_tag: TRANSLATOR + # Patterns for +Dir.glob+ used to find all files that might contain + # translatable content, relative to the project root directory + source_files: + - 'metadata.json' + \ No newline at end of file From 8f1a7ca1bd8687922eec500922e5210ab5e0a6e4 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Thu, 23 Mar 2017 12:11:58 +0000 Subject: [PATCH 1063/2267] (FM-6116) - Adding POT file for metadata.json --- locales/puppetlabs-apache.pot | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 locales/puppetlabs-apache.pot diff --git a/locales/puppetlabs-apache.pot b/locales/puppetlabs-apache.pot new file mode 100644 index 0000000000..7602dd885a --- /dev/null +++ b/locales/puppetlabs-apache.pot @@ -0,0 +1,25 @@ +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-03-21 14:19+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Translate Toolkit 2.0.0\n" + +#. metadata.json +#: .summary +msgid "" +"Installs, configures, and manages Apache virtual hosts, web services, and " +"modules." +msgstr "" + +#. metadata.json +#: .description +msgid "Module for Apache configuration" +msgstr "" From 0132c1705c1609c15861b293971d97bf4a56fd30 Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Tue, 7 Feb 2017 15:54:21 -0800 Subject: [PATCH 1064/2267] (MODULES-4319) wip: edit apache module for loc --- README.md | 539 +++++++++++++++++++++++++++--------------------------- 1 file changed, 271 insertions(+), 268 deletions(-) diff --git a/README.md b/README.md index e9ff691082..870bc1e6c4 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ [Installing specific modules]: #installing-specific-modules [Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files [Load balancing examples]: #load-balancing-examples +[apache affects]: #what-the-apache-module-affects [Reference]: #reference [Public classes]: #public-classes @@ -28,7 +29,7 @@ [Development]: #development [Contributing]: #contributing -[Running tests]: #running-tests +[Testing]: #testing [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen @@ -76,7 +77,7 @@ [`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTP Server]: https://httpd.apache.org [Apache modules]: https://httpd.apache.org/docs/current/mod/ -[array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html +[array]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html [audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log @@ -105,15 +106,15 @@ [`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile [enforcing mode]: http://selinuxproject.org/page/Guide/Mode -[`ensure`]: https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure +[`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure [`error_log_file`]: #error_log_file [`error_log_syslog`]: #error_log_syslog [`error_log_pipe`]: #error_log_pipe [`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype -[exported resources]: http://docs.puppetlabs.com/latest/reference/lang_exported.md +[exported resources]: http://docs.puppet.com/latest/reference/lang_exported.md [`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus -[Facter]: http://docs.puppetlabs.com/facter/ +[Facter]: http://docs.puppet.com/facter/ [FastCGI]: http://www.fastcgi.com/ [FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource [`fallbackresource`]: #fallbackresource @@ -125,7 +126,7 @@ [GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives [`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage -[Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html +[Hash]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html [`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional [`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include @@ -188,14 +189,14 @@ [`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html [`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html [`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ -[module contribution guide]: https://docs.puppetlabs.com/forge/contributing.html +[module contribution guide]: https://docs.puppet.com/forge/contributing.html [`mpm_module`]: #mpm_module [multi-processing module]: https://httpd.apache.org/docs/current/mpm.html [name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html [`no_proxy_uris`]: #no_proxy_uris -[open source Puppet]: https://docs.puppetlabs.com/puppet/ +[open source Puppet]: https://docs.puppet.com/puppet/ [`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options [`path`]: #path @@ -207,10 +208,10 @@ [`proxy_pass`]: #proxy_pass [`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass [`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset -[Puppet Enterprise]: https://docs.puppetlabs.com/pe/ -[Puppet Forge]: https://forge.puppetlabs.com -[Puppet Labs]: https://puppetlabs.com -[Puppet module]: https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html +[Puppet Enterprise]: https://docs.puppet.com/pe/ +[Puppet Forge]: https://forge.puppet.com +[Puppet]: https://puppet.com +[Puppet module]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html [Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp [`purge_configs`]: #purge_configs [`purge_vhost_dir`]: #purge_vhost_dir @@ -233,7 +234,7 @@ [`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot [`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens [`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature -[Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart +[Service attribute restart]: http://docs.puppet.com/latest/type.html#service-attribute-restart [`source`]: #source [`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck [SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile @@ -248,12 +249,12 @@ [`suphp_addhandler`]: #suphp_addhandler [`suphp_configpath`]: #suphp_configpath [`suphp_engine`]: #suphp_engine -[supported operating system]: https://forge.puppetlabs.com/supported#puppet-supported-modules-compatibility-matrix +[supported operating system]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix [`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit [`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild [`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout -[template]: http://docs.puppetlabs.com/puppet/latest/reference/lang_template.html +[template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable [`verify_config`]: #verify_config @@ -269,6 +270,7 @@ 1. [Module description - What is the apache module, and what does it do?][Module description] 2. [Setup - The basics of getting started with apache][Setup] + - [What the apache module affects][apache affects] - [Beginning with Apache - Installation][Beginning with Apache] 3. [Usage - The classes and defined types available for configuration][Usage] - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] @@ -291,7 +293,7 @@ ## Setup -**What the apache Puppet module affects:** +### What the apache module affects: - Configuration files and directories (created and written to) - **WARNING**: Configurations *not* managed by Puppet will be purged. @@ -301,11 +303,9 @@ - Listened-to ports - `/etc/make.conf` on FreeBSD and Gentoo -On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. - -> **Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. - -To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend using this only as a temporary means of saving and relocating customized configurations. +> **Warning**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. +> +>To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations. ### Beginning with Apache @@ -315,9 +315,17 @@ To have Puppet install Apache with the default parameters, declare the [`apache` class { 'apache': } ``` -The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. +When you declare this class with the default options, the module: + +- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. +- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. +- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. +- Creates a document root directory determined by your operating system, typically `/var/www`. +- Starts the Apache service. -You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: +Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site. + +For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: ``` puppet class { 'apache': @@ -325,7 +333,7 @@ class { 'apache': } ``` -> **Note**: When `default_vhost` is set to `false` you have to add at least one `apache::vhost` resource or Apache will not start. +> **Note**: When `default_vhost` is set to `false`, you have to add at least one `apache::vhost` resource or Apache will not start. To establish a default virtual host, either set the `default_vhost` in the `apache` class or use the [`apache::vhost`][] defined type. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. ## Usage @@ -333,7 +341,6 @@ class { 'apache': The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. -> **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type: @@ -344,6 +351,8 @@ apache::vhost { 'vhost.example.com': } ``` +See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. + > **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order. To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: @@ -431,7 +440,7 @@ apache::vhost { 'ip.example.com': } ``` -It is also possible to configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: +You can also configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: ``` puppet apache::vhost { 'ip.example.com': @@ -464,7 +473,7 @@ apache::vhost { 'aliases.example.com': } ``` -To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: +To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: ``` puppet apache::vhost { 'subdomain.loc': @@ -493,7 +502,14 @@ apache::vhost { 'subdomain.loc': #### Configuring virtual hosts for apps and processors -To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: +To set up a virtual host with [suPHP][], use the following parameters: + +* [`suphp_engine`][], to enable the suPHP engine. +* [`suphp_addhandler`][], to define a MIME type. +* [`suphp_configpath`][], to set which path suPHP passes to the PHP interpreter. +* [`directory`][], to configure Directory, File, and Location directive blocks. + +For example: ``` puppet apache::vhost { 'suphp.example.com': @@ -513,7 +529,7 @@ apache::vhost { 'suphp.example.com': } ``` -You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: +To configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications, use the `wsgi` set of parameters: ``` puppet apache::vhost { 'wsgi.example.com': @@ -536,7 +552,7 @@ apache::vhost { 'wsgi.example.com': } ``` -Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: +As of Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: ``` puppet apache::vhost { 'wordpress.example.com': @@ -570,7 +586,7 @@ apache::vhost { 'rack.example.com': #### Configuring IP-based virtual hosts -You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: +You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are _not_ declared with a [`port`][] parameter: ``` puppet apache::listen { '80': } @@ -578,7 +594,7 @@ apache::listen { '80': } apache::listen { '81': } ``` -Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: +Configure the IP-based virtual hosts with the [`ip_based`][] parameter: ``` puppet apache::vhost { 'first.example.com': @@ -594,7 +610,9 @@ apache::vhost { 'second.example.com': } ``` -You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: +You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. + +In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: ``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': @@ -631,7 +649,7 @@ apache::vhost { 'third.example.com': } ``` -To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to false to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. +To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** disable the Apache default `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. To do this, set the [`add_listen`][] parameter to `false`: ``` puppet apache::vhost { 'fourth.example.com': @@ -796,23 +814,7 @@ Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balanc Guides the basic setup and installation of Apache on your system. -When this class is declared with the default options, Puppet: - -- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. -- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. -- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. -- Creates a document root directory determined by your operating system, typically `/var/www`. -- Starts the Apache service. - -You can simply declare the default `apache` class: - -``` puppet -class { 'apache': } -``` - -You can establish a default virtual host in this class, by using the [`apache::vhost`][] defined type, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. - -**Parameters within `apache`:** +**`apache` class parameters:** ##### `allow_encoded_slashes` @@ -850,15 +852,15 @@ Used as the [`AddDefaultCharset`][] directive in the main configuration file. De ##### `default_confd_files` -Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: true. +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: `true`. ##### `default_mods` -Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: true, false, or an array of Apache module names. Default: true. +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: `true`, `false`, or an array of Apache module names. Default: `true`. -If this parameter's value is false, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. +If this parameter's value is `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. -If true, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. +If `true`, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. If this parameter contains an array, Puppet instead enables all passed Apache modules. @@ -918,9 +920,9 @@ While these default values result in a functioning Apache server, you **must** u ##### `default_ssl_vhost` -Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: false. +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: `false`. -If true, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: +If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: ``` puppet apache::vhost { 'default-ssl': @@ -937,15 +939,15 @@ apache::vhost { 'default-ssl': ##### `default_type` -_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: undef. +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: `undef`. ##### `default_vhost` -Configures a default virtual host when the class is declared. Valid options: Boolean. Default: true. +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: `true`. -To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to false. +To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`. -> **Note**: Apache will not start without at least one virtual host. If you set this to false be sure to configure one elsewhere. +> **Note**: Apache will not start without at least one virtual host. If you set this to `false` be sure to configure one elsewhere. ##### `dev_packages` @@ -954,7 +956,7 @@ Configures a specific dev package to use. Valid options: A string or array of st - **Red Hat:** 'httpd-devel' - **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] - **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] -- **FreeBSD, Gentoo:** undef +- **FreeBSD, Gentoo:** `undef` - **Suse:** ['libapr-util1-devel', 'libapr1-devel'] Example for using httpd 2.4 from the IUS yum repo: @@ -978,13 +980,13 @@ Sets the default [`DocumentRoot`][] location. Default: Determined by your operat ##### `error_documents` -Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: false. +Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: `false`. ##### `group` Sets the group ID that owns any Apache processes spawned to answer requests. -By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to false. +By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to `false`. > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. @@ -1064,19 +1066,19 @@ Changes the directory of Apache log files for the virtual host. Default: Determi ##### `logroot_mode` -Overrides the default [`logroot`][] directory's mode. Default: undef. +Overrides the default [`logroot`][] directory's mode. Default: `undef`. > **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. ##### `manage_group` -When false, stops Puppet from creating the group resource. Valid options: Boolean. Default: true. +When `false`, stops Puppet from creating the group resource. Valid options: Boolean. Default: `true`. -If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error. +If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. ##### `manage_user` -When false, stops Puppet from creating the user resource. Valid options: Boolean. Default: true. +When `false`, stops Puppet from creating the user resource. Valid options: Boolean. Default: `true`. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. @@ -1091,12 +1093,12 @@ Sets where Puppet places configuration files for your [Apache modules][]. Defaul ##### `mpm_module` -Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or false. Default: Determined by your operating system. +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. Default: Determined by your operating system. - **Debian**: 'worker' - **FreeBSD, Gentoo, and Red Hat**: 'prefork' -You must set this to false to explicitly declare the following classes with custom parameters: +You must set this to `false` to explicitly declare the following classes with custom parameters: - [`apache::mod::event`][] - [`apache::mod::itk`][] @@ -1122,19 +1124,19 @@ Sets the path to the file containing Apache ports configuration. Default: '{$con ##### `purge_configs` -Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: true. +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: `true`. -Setting this to false is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. +Setting this to `false` is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. ##### `purge_vhost_dir` If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Valid options: Boolean. Default: same as [`purge_configs`][]. -Setting `purge_vhost_dir` to false is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. +Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. ##### `rewrite_lock` -Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. Default: undef. +Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. Default: `undef`. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. @@ -1150,7 +1152,7 @@ Sets the Apache server administrator's contact information via Apache's [`Server Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. -Setting to false will not set ServerName at all. +Setting to `false` will not set ServerName at all. ##### `server_root` @@ -1171,13 +1173,13 @@ Controls how much information Apache sends to the browser about itself and the o ##### `service_enable` -Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: true. +Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: `true`. ##### `service_ensure` -Determines whether Puppet should make sure the service is running. Valid options: 'true' (equivalent to 'running'), 'false' (equivalent to 'stopped'). Default: 'running'. +Determines whether Puppet should make sure the service is running. Valid options: '`true`' (equivalent to 'running'), '`false`' (equivalent to 'stopped'). Default: 'running'. -The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. +The '`false`' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to '`false`', which is useful when you want to let the service be managed by another application, such as Pacemaker. ##### `service_name` @@ -1189,15 +1191,15 @@ Sets the name of the Apache service. Default: determined by your operating syste ##### `service_manage` -Determines whether Puppet manages the HTTPD service's state. Valid options: Boolean. Default: true. +Determines whether Puppet manages the HTTPD service's state. Valid options: Boolean. Default: `true`. ##### `service_restart` -Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: undef, which uses the [default Puppet behavior][Service attribute restart]. +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: `undef`, which uses the [default Puppet behavior][Service attribute restart]. ##### `ssl_stapling` -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: false. It is possible to override this on a vhost level. +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: `false`. It is possible to override this on a vhost level. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. @@ -1217,7 +1219,7 @@ Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceE ##### `use_systemd` -Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Valid options: Boolean. Default: true. +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Valid options: Boolean. Default: `true`. ##### `file_mode` @@ -1229,7 +1231,7 @@ Array of the desired options for the / directory in httpd.conf. Defaults to 'Fol ##### `root_directory_secured` -Sets the default access policy for the / directory in httpd.conf. A value of 'false' allows access to all resources that are missing a more specific access policy. A value of 'true' denies access to all resources by default. In this case more specific rules must be used to allow access to these resources (e.g. in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). Valid options: Boolean. Default: false. +Sets the default access policy for the / directory in httpd.conf. A value of '`false`' allows access to all resources that are missing a more specific access policy. A value of '`true`' denies access to all resources by default. In this case more specific rules must be used to allow access to these resources (e.g. in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). Valid options: Boolean. Default: `false`. ##### `vhost_dir` @@ -1258,7 +1260,7 @@ Default: Puppet sets the default value via the [`apache::params`][] class, which - **FreeBSD**: 'www' - **Gentoo** and **Red Hat**: 'apache' -To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false. +To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`. ##### `apache_name` @@ -1318,8 +1320,8 @@ Installs Apache development libraries. By default, the package name is defined b The default value is determined by your operating system: - **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions -- **FreeBSD**: 'undef'; see note below -- **Gentoo**: 'undef' +- **FreeBSD**: '`undef`'; see note below +- **Gentoo**: '`undef`' - **Red Hat**: 'httpd-devel' > **Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. @@ -1471,7 +1473,7 @@ Installs and configures [`mod_diskio`][]. ```puppet class{'apache': - default_mods => false, + default_mods => `false`, log_level => 'dumpio:trace7', } class{'apache::mod::diskio': @@ -1492,20 +1494,20 @@ Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::e **Parameters within `apache::mod::event`**: -- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. Setting this to 'false' removes the parameter. -- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. Setting these to 'false' removes the parameters. -- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. Setting these to 'false' removes the parameters. -- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. Setting these to 'false' removes the parameters. -- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. Setting this to 'false' removes the parameter. -- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. Setting this to 'false' removes the parameter. -- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. Setting this to 'false' removes the parameter. -- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to 'false' removes the parameter. +- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. Setting this to '`false`' removes the parameter. +- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. Setting these to '`false`' removes the parameters. +- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. Setting these to '`false`' removes the parameters. +- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. Setting these to '`false`' removes the parameters. +- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. Setting this to '`false`' removes the parameter. +- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. Setting this to '`false`' removes the parameter. +- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. Setting this to '`false`' removes the parameter. +- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to '`false`' removes the parameter. ##### Class: `apache::mod::auth_cas` Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apache module's directives. -The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. +The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have '`undef`' default values. **Note**: The auth\_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() @@ -1515,28 +1517,28 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe validation is enabled. Default: CAS_ - `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`. Default: , -- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: undef. -- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: undef. -- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: undef. -- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: undef. -- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: undef. -- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: undef. +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: `undef`. +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: `undef`. +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: `undef`. +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: `undef`. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: `undef`. +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: `undef`. - `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user. Default: OS dependent. - `cas_cookie_path_mode`: The mode of `cas_cookie_path`. Default: '0750'. - `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. -- `cas_idle_timeout`: Default: undef. +- `cas_idle_timeout`: Default: `undef`. - `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. -- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. Default: undef. -- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: undef. +- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. Default: `undef`. +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: `undef`. - `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas. - `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). Default: off -- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: undef. -- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: undef. +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: `undef`. +- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: `undef`. - `cas_validate_saml`: Parse response from CAS server for SAML. Default: Off -- `cas_validate_server`: Should we validate the cert of the CAS server (depreciated in 1.1 - RedHat 7). Default: undef. +- `cas_validate_server`: Should we validate the cert of the CAS server (depreciated in 1.1 - RedHat 7). Default: `undef`. - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. -- `suppress_warning`: Don't wine about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). Default: false. +- `suppress_warning`: Don't wine about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). Default: `false`. ##### Class: `apache::mod::auth_mellon` @@ -1550,13 +1552,13 @@ class{ 'apache::mod::auth_mellon': **Parameters within `apache::mod::auth_mellon`**: -- `mellon_cache_entry_size`: Maximum size for a single session. Default: undef. +- `mellon_cache_entry_size`: Maximum size for a single session. Default: `undef`. - `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. - `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. - `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' -- `mellon_post_ttl`: Time to keep post requests. Default: undef. -- `mellon_post_size`: Maximum size of post requests. Default: undef. -- `mellon_post_count`: Maximum number of post requests. Default: undef. +- `mellon_post_ttl`: Time to keep post requests. Default: `undef`. +- `mellon_post_size`: Maximum size of post requests. Default: `undef`. +- `mellon_post_count`: Maximum number of post requests. Default: `undef`. ##### Class: `apache::mod::authn_dbd` @@ -1606,12 +1608,12 @@ class { '::apache::mod::cluster': **Parameters within `apache::mod::cluster`**: - `port`: mod_cluster listen port. Default: '6666'. -- `server_advertise`: Whether the server should advertise. Default: true. +- `server_advertise`: Whether the server should advertise. Default: `true`. - `advertise_frequency`: Interval between advertise messages in seconds[.miliseconds]. Default: 10. - `manager_allowed_network`: Network allowed to access the mod_cluster_manager. Default: '127.0.0.1'. - `keep_alive_timeout`: Keep-alive timeout. Default: 60. - `max_keep_alive_requests`: Max number of requests kept alive. Default: 0 -- `enable_mcpm_receive`: Whether MCPM should be enabled: Default: true. +- `enable_mcpm_receive`: Whether MCPM should be enabled: Default: `true`. - `ip`: Listen ip address.. - `allowed_network`: Balanced members network. - `version`: mod_cluster version. >= 1.3.0 is required for httpd 2.4. @@ -1631,9 +1633,9 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate **Parameters within `apache::mod::expires`**: -- `expires_active`: Enables generation of `Expires` headers for a document realm. Valid options: Boolean. Default: true. -- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. -- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. +- `expires_active`: Enables generation of `Expires` headers for a document realm. Valid options: Boolean. Default: `true`. +- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: `undef`. +- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: `undef`. ##### Class: `apache::mod::ext_filter` @@ -1650,7 +1652,7 @@ class { 'apache::mod::ext_filter': **Parameters within `apache::mod::ext_filter`**: -- `ext_filter_define`: A hash of filter names and their parameters. Default: undef. +- `ext_filter_define`: A hash of filter names and their parameters. Default: `undef`. ##### Class: `apache::mod::fcgid` @@ -1693,13 +1695,13 @@ Installs and manages [`mod_geoip`][]. **Parameters within `apache::mod::geoip`**: - `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. -- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: false. +- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: `false`. - `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. - `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. -- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: undef. -- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: undef. -- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: undef. -- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: undef. +- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: `undef`. +- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: `undef`. +- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: `undef`. +- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: `undef`. ##### Class: `apache::mod::info` @@ -1709,7 +1711,7 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of - `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1']. - `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. -- `restrict_access`: Determines whether to enable access restrictions. If false, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: true. +- `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: `true`. ##### Class: `apache::mod::passenger` @@ -1717,12 +1719,12 @@ Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensur **Parameters within `apache::mod::passenger`**: -- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: 'on', 'off'. Default: undef. -- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: undef. -- `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: undef. -- `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: undef. -- `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: undef. -- `passenger_data_buffer_dir` Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). Default: undef. +- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: 'on', 'off'. Default: `undef`. +- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: `undef`. +- `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: `undef`. +- `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: `undef`. +- `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: `undef`. +- `passenger_data_buffer_dir` Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). Default: `undef`. ##### Class: `apache::mod::ldap` @@ -1773,7 +1775,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d **Parameters within `apache::mod::pagespeed`**: - `inherit_vhost_config`: Default: 'on'. -- `filter_xhtml`: Default: false. +- `filter_xhtml`: Default: `false`. - `cache_path`: Default: '/var/cache/mod\_pagespeed/'. - `log_dir`: Default: '/var/log/pagespeed'. - `memcache_servers`: Default: []. @@ -1782,7 +1784,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d - `enable_filters`: Default: []. - `forbid_filters`: Default: []. - `rewrite_deadline_per_flush_ms`: Default: 10. -- `additional_domains`: Default: undef. +- `additional_domains`: Default: `undef`. - `file_cache_size_kb`: Default: 102400. - `file_cache_clean_interval_ms`: Default: 3600000. - `lru_cache_per_process`: Default: 1024. @@ -1814,7 +1816,7 @@ Installs and configures mod\_passenger **Parameters within `apache::mod::passenger`**: -- `manage_repo`: Manage phusionpassenger.com repository. Default: true. +- `manage_repo`: Manage phusionpassenger.com repository. Default: `true`. TODO: The parameters section is incomplete. @@ -1892,10 +1894,10 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t **Parameters within `apache::mod::ssl`**: - `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. -- `ssl_compression`: Default: false. +- `ssl_compression`: Default: `false`. - `ssl_cryptodevice`: Default: 'builtin'. -- `ssl_honorcipherorder`: Default: true. -- `ssl_openssl_conf_cmd`: Default: undef. +- `ssl_honorcipherorder`: Default: `true`. +- `ssl_openssl_conf_cmd`: Default: `undef`. - `ssl_options`: Default: [ 'StdEnvVars' ] - `ssl_pass_phrase_dialog`: Default: 'builtin'. - `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. @@ -1907,7 +1909,7 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex' -To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to true **or** the [`ssl`][] parameter in [`apache::vhost`][] to true. +To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to `true` **or** the [`ssl`][] parameter in [`apache::vhost`][] to `true`. ##### Class: `apache::mod::status` @@ -1964,12 +1966,12 @@ Enables Python support via [`mod_wsgi`][]. **Parameters within `apache::mod::wsgi`**: -- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: undef. +- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: `undef`. - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally. -- `package_name`: Names the package that installs `mod_wsgi`. Default: undef. -- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. -- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. +- `package_name`: Names the package that installs `mod_wsgi`. Default: `undef`. +- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: `undef`. +- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: `undef`. - `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. @@ -2008,9 +2010,9 @@ Attempts to automatically detect the Apache version based on the operating syste #### Defined type: `apache::balancer` -Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] define. +Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] defined type. -Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. +Declare one `apache::balancer` defined type for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. **Parameters within `apache::balancer`**: @@ -2024,11 +2026,11 @@ Configures key-value pairs as [`ProxySet`][] lines. Valid options: a [hash][]. D ##### `collect_exported` -Determines whether to use [exported resources][]. Valid options: Boolean. Default: true. +Determines whether to use [exported resources][]. Valid options: Boolean. Default: `true`. -If you statically declare all of your backend servers, set this parameter to false to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. +If you statically declare all of your backend servers, set this parameter to `false` to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. -To dynamically declare backend servers via exported resources collected on a central node, set this parameter to true to collect the balancer member resources exported by the balancer member nodes. +To dynamically declare backend servers via exported resources collected on a central node, set this parameter to `true` to collect the balancer member resources exported by the balancer member nodes. If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. @@ -2052,7 +2054,7 @@ Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mo #### Defined type: `apache::custom_config` -Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is true, Puppet throws an error during a Puppet run. +Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is `true`, Puppet throws an error during a Puppet run. **Parameters within `apache::custom_config`**: @@ -2076,7 +2078,7 @@ Sets the name of the file under `confdir` in which Puppet stores the configurati Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. Default: '25'. -To omit the priority prefix in the configuration file's name, set this parameter to false. +To omit the priority prefix in the configuration file's name, set this parameter to `false`. ##### `source` @@ -2086,11 +2088,11 @@ Points to the configuration file's source. The [`content`][] and `source` parame Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. Default: `/usr/sbin/apachectl -t`. -This parameter is only used if the [`verify_config`][] parameter's value is 'true'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. +This parameter is only used if the [`verify_config`][] parameter's value is '`true`'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: true. +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. #### Defined type: `apache::fastcgi::server` @@ -2156,7 +2158,7 @@ Sets the filename for the module's [`LoadFile`][] directive, which can also set ##### `loadfiles` -Specifies an array of [`LoadFile`][] directives. Default: undef. +Specifies an array of [`LoadFile`][] directives. Default: `undef`. ##### `path` @@ -2182,11 +2184,11 @@ For the custom fragment's `order` parameter, the `apache::vhost` defined type us ##### `access_log` -Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: true. +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: `true`. ##### `access_log_env_var` -Specifies that only requests with particular environment variables be logged. Default: undef. +Specifies that only requests with particular environment variables be logged. Default: `undef`. ##### `access_log_file` @@ -2198,11 +2200,11 @@ Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted str ##### `access_log_pipe` -Specifies a pipe where Apache sends access log messages. Default: undef. +Specifies a pipe where Apache sends access log messages. Default: `undef`. ##### `access_log_syslog` -Sends all access log messages to syslog. Default: undef. +Sends all access log messages to syslog. Default: `undef`. ##### `add_default_charset` @@ -2210,13 +2212,13 @@ Sets a default media charset value for the [`AddDefaultCharset`][] directive, wh ##### `add_listen` -Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: true. +Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: `true`. -Setting `add_listen` to false prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. +Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. ##### `use_optional_includes` -Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: false. +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: `false`. ##### `additional_includes` @@ -2252,11 +2254,11 @@ For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. -If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'true', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is '`true`', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. ##### `allow_encoded_slashes` -Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: `undef`, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. ##### `block` @@ -2298,11 +2300,11 @@ Sets the URL to use when validating a client-presented ticket in an HTTP query s ##### `custom_fragment` -Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: undef. +Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: `undef`. ##### `default_vhost` -Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default: false. +Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default: `false`. ##### `directories` @@ -2310,13 +2312,13 @@ See the [`directories`](#parameter-directories-for-apachevhost) section. ##### `directoryindex` -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: undef. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: `undef`. ##### `docroot` **Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. -If `docroot` and [`manage_docroot`][] are both set to false, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. +If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. ##### `docroot_group` @@ -2328,15 +2330,15 @@ Sets individual user access to the [`docroot`][] directory. Valid options: A str ##### `docroot_mode` -Sets access permissions for the [`docroot`][] directory, in numeric notation. Valid options: A string. Default: undef. +Sets access permissions for the [`docroot`][] directory, in numeric notation. Valid options: A string. Default: `undef`. ##### `manage_docroot` -Determines whether Puppet manages the [`docroot`][] directory. Valid options: Boolean. Default: true. +Determines whether Puppet manages the [`docroot`][] directory. Valid options: Boolean. Default: `true`. ##### `error_log` -Specifies whether `*_error.log` directives should be configured. Valid options: Boolean. Default: true. +Specifies whether `*_error.log` directives should be configured. Valid options: Boolean. Default: `true`. ##### `error_log_file` @@ -2346,13 +2348,13 @@ If none of these parameters is set, given a virtual host `example.com`, Puppet d ##### `error_log_pipe` -Specifies a pipe to send error log messages to. Default: undef. +Specifies a pipe to send error log messages to. Default: `undef`. This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][]. ##### `error_log_syslog` -Determines whether to send all error log messages to syslog. Valid options: Boolean. Default: undef. +Determines whether to send all error log messages to syslog. Valid options: Boolean. Default: `undef`. This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. @@ -2377,7 +2379,7 @@ Specifies if the virtual host is present or absent. Valid options: 'absent', 'pr ##### `fallbackresource` -Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: undef. +Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: `undef`. #####`fastcgi_idle_timeout` @@ -2410,15 +2412,15 @@ Sets the [`ForceType`][] directive, which forces Apache to serve all matching fi ##### `headers` -Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or undef. Default: undef. +Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or `undef`. Default: `undef`. ##### `ip` -Sets the IP address the virtual host listens on. Valid options: Strings. Default: undef, which uses Apache's default behavior of listening on all IPs. +Sets the IP address the virtual host listens on. Valid options: Strings. Default: `undef`, which uses Apache's default behavior of listening on all IPs. ##### `ip_based` -Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default: false. +Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default: `false`. ##### `itk` @@ -2446,7 +2448,7 @@ apache::vhost { 'sample.example.net': ##### `jk_mounts` -Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. Default: undef. +Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. Default: `undef`. The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys. @@ -2481,13 +2483,13 @@ This parameter is only relevant if either the global, server-wide [`keepalive` p ##### `auth_kerb` -Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: false. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: `false`. Usage typically looks like: ``` puppet apache::vhost { 'sample.example.net': - auth_kerb => true, + auth_kerb => `true`, krb_method_negotiate => 'on', krb_auth_realms => ['EXAMPLE.ORG'], krb_local_user_mapping => 'on', @@ -2506,8 +2508,8 @@ Related parameters follow the names of `mod_auth_kerb` directives: - `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. - `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. - `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: '[]'. -- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: undef. -- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: undef. +- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`. +- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`. ##### `krb_verify_kdc` @@ -2531,15 +2533,15 @@ Determines whether or not to remove the logroot directory for a virtual host. Va ##### `logroot_mode` -Overrides the mode the logroot directory is set to. Default: undef. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). +Overrides the mode the logroot directory is set to. Default: `undef`. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). ##### `logroot_owner` -Sets individual user access to the logroot directory. Defaults to 'undef'. +Sets individual user access to the logroot directory. Defaults to '`undef`'. ##### `logroot_group` -Sets group access to the [`logroot`][] directory. Defaults to 'undef'. +Sets group access to the [`logroot`][] directory. Defaults to '`undef`'. ##### `log_level` @@ -2551,7 +2553,7 @@ Configures the maximum request body size (in bytes) ModSecurity will accept for ###### `modsec_disable_vhost` -Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. Valid options: Boolean. Default: undef. +Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. Valid options: Boolean. Default: `undef`. ###### `modsec_disable_ids` @@ -2571,11 +2573,11 @@ apache::vhost { 'sample.example.net': ###### `modsec_disable_ips` -Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: undef. +Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: `undef`. ###### `modsec_disable_msgs` -Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. Default: undef. +Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -2591,7 +2593,7 @@ apache::vhost { 'sample.example.net': ###### `modsec_disable_tags` -Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. Default: undef. +Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -2609,11 +2611,11 @@ apache::vhost { 'sample.example.net': Determines how to send mod_security audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). -If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. Default: undef. +If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. Default: `undef`. -If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. Default: undef. +If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. Default: `undef`. -If `modsec_audit_log` is true, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. Default: false. +If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. Default: `false`. When none of those parameters is set, the global audit log is used (i.e. ''/var/log/apache2/modsec\_audit.log'' on Debian and derivatives, ''/var/log/httpd/modsec\_audit.log'' on others). @@ -2627,19 +2629,19 @@ This directive is equivalent to [`no_proxy_uris`][], but takes regular expressio ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: false. +Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: `false`. -Setting this parameter to true enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to false sets this directive to 'Off'. +Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. ##### `proxy_add_headers` -Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). Valid Options: Boolean. Default: false. +Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). Valid Options: Boolean. Default: `false`. This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. ##### `proxy_error_override` -Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: false. +Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: `false`. ##### `options` @@ -2700,7 +2702,7 @@ Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/refe ##### `passenger_high_performance` -Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Valid options: 'true', 'false'. Default: undef. +Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Valid options: '`true`', '`false`'. Default: `undef`. ##### `passenger_nodejs` @@ -2708,7 +2710,7 @@ Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apa ##### `passenger_sticky_sessions` -Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. Valid options: 'true', 'false'. Default: undef. +Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. Valid options: '`true`', '`false`'. Default: `undef`. ##### `passenger_startup_file` @@ -2734,15 +2736,15 @@ If nothing matches the priority, the first name-based virtual host is used. Like > **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. -To omit the priority prefix in file names, pass a priority of false. +To omit the priority prefix in file names, pass a priority of `false`. ##### `proxy_dest` -Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: undef. +Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: `undef`. ##### `proxy_pass` -Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to '`undef`'. Optionally parameters can be added as an array. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2786,15 +2788,15 @@ This directive is equivalent to [`proxy_pass`][], but takes regular expressions, ##### `rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Default: undef. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Default: `undef`. #####`passenger_base_uris` -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Default: undef. +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Default: `undef`. ##### `redirect_dest` -Specifies the address to redirect to. Default: undef. +Specifies the address to redirect to. Default: `undef`. ##### `redirect_source` @@ -2810,7 +2812,7 @@ apache::vhost { 'site.name.fdqn': ##### `redirect_status` -Specifies the status to append to the redirect. Default: undef. +Specifies the status to append to the redirect. Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2821,7 +2823,7 @@ apache::vhost { 'site.name.fdqn': ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` -Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Default: undef. +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2834,7 +2836,7 @@ apache::vhost { 'site.name.fdqn': ##### `request_headers` -Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Default: undef. +Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2847,7 +2849,7 @@ apache::vhost { 'site.name.fdqn': ``` ##### `rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Default: undef. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Default: `undef`. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -2858,7 +2860,7 @@ apache::vhost { 'site.name.fdqn': } ``` -The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE +The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ``` puppet apache::vhost { 'site.name.fdqn': @@ -2921,7 +2923,7 @@ Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on wh ##### `rewrite_inherit` -Determines whether the virtual host inherits global rewrite rules. Default: false. +Determines whether the virtual host inherits global rewrite rules. Default: `false`. Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: @@ -2931,7 +2933,7 @@ apache::vhost { 'site.name.fdqn': rewrites => [ , ], - rewrite_inherit => true, + rewrite_inherit => `true`, } ``` @@ -2950,7 +2952,7 @@ Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/doc ##### `scriptalias` -Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: undef. +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: `undef`. ##### `scriptaliases` @@ -2983,7 +2985,7 @@ The ScriptAlias and ScriptAliasMatch directives are created in the order specifi ##### `serveradmin` -Specifies the email address Apache displays when it renders one of its error pages. Default: undef. +Specifies the email address Apache displays when it renders one of its error pages. Default: `undef`. ##### `serveraliases` @@ -3018,7 +3020,7 @@ Used by HTTPD to conditionally set environment variables for virtual hosts (case Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). * `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. -* `suphp_configpath`. Default: undef on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. +* `suphp_configpath`. Default: `undef` on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. * `suphp_engine`. Valid options: 'on' or 'off'. Default: 'off'. An example virtual host configuration with suPHP: @@ -3042,7 +3044,7 @@ Enables name-based virtual hosting. If no IP is passed to the virtual host, but ##### `virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Default: false. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Default: `false`. ``` puppet apache::vhost { 'subdomain.loc': @@ -3058,13 +3060,13 @@ apache::vhost { 'subdomain.loc': Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). -* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: undef. -* `wsgi_daemon_process_options`. _Optional._ Default: undef. -* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: undef. -* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: undef. -* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: undef -* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: undef, leading Apache to use its default value of 'Off'. -* `wsgi_chunked_request`: Enables support for chunked requests. Default: undef. +* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: `undef`. +* `wsgi_daemon_process_options`. _Optional._ Default: `undef`. +* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: `undef`. +* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: `undef`. +* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: `undef` +* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: `undef`, leading Apache to use its default value of 'Off'. +* `wsgi_chunked_request`: Enables support for chunked requests. Default: `undef`. An example virtual host configuration with WSGI: @@ -3344,7 +3346,7 @@ apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ { path => '/var/www/first', - geoip_enable => true, + geoip_enable => `true`, }, ], } @@ -3731,11 +3733,11 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` ##### `ssl` -Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Valid options: Boolean. Default: false. +Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Valid options: Boolean. Default: `false`. ##### `ssl_ca` -Specifies the SSL certificate authority. Default: undef. +Specifies the SSL certificate authority. Default: `undef`. ##### `ssl_cert` @@ -3751,7 +3753,7 @@ Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.htm ##### `ssl_honorcipherorder` -Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default: true. In addition to true/false Boolean values, will also accept case-insensitive Strings 'on' or 'off'. +Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default: `true`. In addition to `true`/`false` Boolean values, will also accept case-insensitive Strings 'on' or 'off'. ##### `ssl_certs_dir` @@ -3759,24 +3761,24 @@ Specifies the location of the SSL certification directory. Default: Depends on t - **Debian:** '/etc/ssl/certs' - **Red Hat:** '/etc/pki/tls/certs' -- **FreeBSD:** undef +- **FreeBSD:** `undef` - **Gentoo:** '/etc/ssl/apache2' ##### `ssl_chain` -Specifies the SSL chain. Default: undef. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. +Specifies the SSL chain. Default: `undef`. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. ##### `ssl_crl` -Specifies the certificate revocation list to use. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the certificate revocation list to use. Default: `undef`. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) ##### `ssl_crl_path` -Specifies the location of the certificate revocation list. Default: undef. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list. Default: `undef`. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) ##### `ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). Default: undef. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). Default: `undef`. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. ##### `ssl_key` @@ -3784,7 +3786,7 @@ Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tl ##### `ssl_verify_client` -Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid options are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: undef. +Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid options are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -3795,7 +3797,7 @@ apache::vhost { 'sample.example.net': ##### `ssl_verify_depth` -Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Default: undef. +Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -3805,16 +3807,16 @@ apache::vhost { 'sample.example.net': ``` ##### `ssl_proxy_protocol` -Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy. It will only connect to servers using one of the provided protocols. Default: undef. +Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy. It will only connect to servers using one of the provided protocols. Default: `undef`. ##### `ssl_proxy_verify` -Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: undef. +Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: `undef`. ##### `ssl_proxy_machine_cert` -Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. +Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -3825,19 +3827,19 @@ apache::vhost { 'sample.example.net': ##### `ssl_proxy_check_peer_cn` -Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. +Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: `undef`. ##### `ssl_proxy_check_peer_name` -Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: undef. +Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: `undef`. ##### `ssl_proxy_check_peer_expire` -Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Valid options: 'on', 'off'. Default: undef. +Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Valid options: 'on', 'off'. Default: `undef`. ##### `ssl_options` -Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: undef. +Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: `undef`. A string: @@ -3859,15 +3861,15 @@ apache::vhost { 'sample.example.net': ##### `ssl_openssl_conf_cmd` -Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: undef. +Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: `undef`. ##### `ssl_proxyengine` -Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: true. +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: `true`. ##### `ssl_stapling` -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean or undef. Default: undef, meaning use what is set globally. +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean or `undef`. Default: `undef`, meaning use what is set globally. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. @@ -3895,7 +3897,7 @@ Ex: apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, - flush => false, + flush => `false`, faux_path => '/var/www/php.fcgi', fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php', @@ -3969,7 +3971,7 @@ Sets the relative load order for Apache HTTPD VirtualHost configuration files. D ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: true. +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. ### Private defined types @@ -3996,25 +3998,6 @@ The Apache module relies heavily on templates to enable the [`apache::vhost`][] ## Limitations -### Ubuntu 10.04 - -The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. - -### Ubuntu 16.04 -The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages. - -### RHEL/CentOS 5 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. - -### RHEL/CentOS 6 - -The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. - -### RHEL/CentOS 7 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. - ### General This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: @@ -4026,14 +4009,31 @@ This module is CI tested against both [open source Puppet][] and [Puppet Enterpr This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. -### Ubuntu 10.04 +### FreeBSD + +In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. + +### Gentoo -The [`apache::vhost::wsgi_import_script`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. +On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. ### RHEL/CentOS The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories. -See their respective documentation above for related repositories and packages. +See their respective documentation below for related repositories and packages. + +#### RHEL/CentOS 5 + +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because repositories are missing compatible packages. + +#### RHEL/CentOS 6 + +The [`apache::mod::passenger`][] class is not installing, because the the EL6 repository is missing compatible packages. + +#### RHEL/CentOS 7 + +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. + ### SELinux and custom paths @@ -4082,21 +4082,24 @@ apache::vhost { 'test.server': You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. -### FreeBSD +### Ubuntu 10.04 -In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. +The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. + +### Ubuntu 16.04 +The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages. ## Development ### Contributing -[Puppet Labs][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. +[Puppet][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. For more information, please read the complete [module contribution guide][]. -### Running tests +### Testing This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation. From a85e983a7aaaaf45fb120b3762df1e38bf7f9409 Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Fri, 24 Mar 2017 11:18:57 -0700 Subject: [PATCH 1065/2267] wip loc edit README --- README.md | 267 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 181 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index 870bc1e6c4..2e484279f6 100644 --- a/README.md +++ b/README.md @@ -318,9 +318,9 @@ class { 'apache': } When you declare this class with the default options, the module: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. -- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. +- Places the required configuration files in a directory, with the [default location](#conf_dir) Depends on operating system. - Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. -- Creates a document root directory determined by your operating system, typically `/var/www`. +- Creates a document root directory Depends on operating system, typically `/var/www`. - Starts the Apache service. Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site. @@ -818,15 +818,21 @@ Guides the basic setup and installation of Apache on your system. ##### `allow_encoded_slashes` -Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: undef, which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. If not specified, omits the declaration from the server's configuration and uses Apache's default setting of 'off'. + +Default: `undef`. ##### `apache_version` -Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. Default: Determined by your operating system family and release via the [`apache::version`][] class. Puppet recommends against manually configuring this parameter without reason. +Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. + +Default: Depends on operating system and release via the [`apache::version`][] class. ##### `conf_dir` -Sets the directory where the Apache server's main configuration file is located. Default: Depends on your operating system. +Sets the directory where the Apache server's main configuration file is located. + +Default: Depends on operating system. - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local/etc/apache22` @@ -835,11 +841,15 @@ Sets the directory where the Apache server's main configuration file is located. ##### `conf_template` -Defines the [template][] used for the main Apache configuration file. Default: `apache/httpd.conf.erb`. Modifying this parameter is potentially risky, as the apache Puppet module is designed to use a minimal configuration file customized by `conf.d` entries. +Defines the [template][] used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries. + +Default: `apache/httpd.conf.erb`. ##### `confd_dir` -Sets the location of the Apache server's custom configuration directory. Default: Depends on your operating system. +Sets the location of the Apache server's custom configuration directory. + +Default: Depends on operating system. - **Debian**: `/etc/apache2/conf.d` - **FreeBSD**: `/usr/local/etc/apache22` @@ -848,83 +858,102 @@ Sets the location of the Apache server's custom configuration directory. Default ##### `default_charset` -Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: undef. +Used as the [`AddDefaultCharset`][] directive in the main configuration file. + +Default: `undef`. ##### `default_confd_files` -Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: `true`. +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. + +Boolean. Default: `true`. ##### `default_mods` -Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: `true`, `false`, or an array of Apache module names. Default: `true`. +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: Boolean or an array of Apache module names. -If this parameter's value is `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. +If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. If `true`, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. If this parameter contains an array, Puppet instead enables all passed Apache modules. +Default: `true`. + ##### `default_ssl_ca` -Sets the default certificate authority for the Apache server. Default: undef. +Sets the default certificate authority for the Apache server. -While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. +Although this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. + +Boolean. Default: `undef`. ##### `default_ssl_cert` -Sets the [SSL encryption][] certificate location. Default: Determined by your operating system. +Sets the [SSL encryption][] certificate location. + +While the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. + +Default: Depends on operating system. - **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` - **FreeBSD**: `/usr/local/etc/apache22/server.crt` - **Gentoo**: `/etc/ssl/apache2/server.crt` - **Red Hat**: `/etc/pki/tls/certs/localhost.crt` -While the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. - ##### `default_ssl_chain` -Sets the default [SSL chain][] location. Default: undef. +Sets the default [SSL chain][] location. + +Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. -While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. +Default: `undef`. ##### `default_ssl_crl` -Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: undef. +Sets the path of the default [certificate revocation list][] (CRL) file to use. -While this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. +Although this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. + +Default: `undef`. ##### `default_ssl_crl_path` -Sets the server's [certificate revocation list path][], which contains your CRLs. Default: undef. +Sets the server's [certificate revocation list path][], which contains your CRLs. + +Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. -While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. +Default: `undef`. ##### `default_ssl_crl_check` -Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: undef. +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. -While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. +Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Default: `undef`. ##### `default_ssl_key` -Sets the [SSL certificate key file][] location. Default: Determined by your operating system. +Sets the [SSL certificate key file][] location. + +Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. + +Default: Depends on operating system. - **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` - **FreeBSD**: `/usr/local/etc/apache22/server.key` - **Gentoo**: `/etc/ssl/apache2/server.key` - **Red Hat**: `/etc/pki/tls/private/localhost.key` -While these default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. ##### `default_ssl_vhost` -Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: `false`. +Configures a default [SSL][SSL encryption] virtual host. If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: -``` puppet +```puppet apache::vhost { 'default-ssl': port => 443, ssl => true, @@ -937,27 +966,29 @@ apache::vhost { 'default-ssl': > **Note**: SSL virtual hosts only respond to HTTPS queries. + +Boolean. Default: `false`. + ##### `default_type` -_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: `undef`. +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. + +Default: `undef`. ##### `default_vhost` -Configures a default virtual host when the class is declared. Valid options: Boolean. Default: `true`. +Configures a default virtual host when the class is declared. + To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`. > **Note**: Apache will not start without at least one virtual host. If you set this to `false` be sure to configure one elsewhere. -##### `dev_packages` +Boolean. Default: `true`. -Configures a specific dev package to use. Valid options: A string or array of strings. Default: Depends on the operating system. +##### `dev_packages` -- **Red Hat:** 'httpd-devel' -- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] -- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] -- **FreeBSD, Gentoo:** `undef` -- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] +Configures a specific dev package to use. Valid options: A string or array of strings. Example for using httpd 2.4 from the IUS yum repo: @@ -969,9 +1000,19 @@ class { 'apache': } ``` +Default: Depends on operating system. + +- **Red Hat:** 'httpd-devel' +- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] +- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] +- **FreeBSD, Gentoo:** `undef` +- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] + ##### `docroot` -Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. +Sets the default [`DocumentRoot`][] location. + +Default: Depends on operating system. - **Debian**: `/var/www/html` - **FreeBSD**: `/usr/local/www/apache22/data` @@ -980,7 +1021,9 @@ Sets the default [`DocumentRoot`][] location. Default: Determined by your operat ##### `error_documents` -Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: `false`. +Determines whether to enable [custom error documents][] on the Apache server. + +Boolean. Default: `false`. ##### `group` @@ -992,7 +1035,9 @@ By default, Puppet attempts to manage this group as a resource under the `apache ##### `httpd_dir` -Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default: Determined by your operating system. +Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. + +Default: Depends on operating system. - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local/etc/apache22` @@ -1001,23 +1046,27 @@ Sets the Apache server's base configuration directory. This is useful for specia ##### `keepalive` -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'Off'. +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. +Default: 'Off'. + ##### `keepalive_timeout` -Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. -This parameter is only relevant if the [`keepalive` parameter][] is enabled. +Default: '15'. ##### `max_keepalive_requests` -Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. Default: '100'. +Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. + +Default: '100'. ##### `lib_path` -Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on the operating system. +Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on operating system. - **Debian** and **Gentoo**: `/usr/lib/apache2/modules` - **FreeBSD**: `/usr/local/libexec/apache24` @@ -1033,7 +1082,9 @@ This can be used to set the module load order. ##### `log_level` -Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. +Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. + +Default: 'warn'. ##### `log_formats` @@ -1057,7 +1108,9 @@ If your `log_formats` parameter contains one of those, it will be overwritten wi ##### `logroot` -Changes the directory of Apache log files for the virtual host. Default: Determined by your operating system. +Changes the directory of Apache log files for the virtual host. + +Default: Depends on operating system. - **Debian**: `/var/log/apache2` - **FreeBSD**: `/var/log/apache22` @@ -1066,25 +1119,33 @@ Changes the directory of Apache log files for the virtual host. Default: Determi ##### `logroot_mode` -Overrides the default [`logroot`][] directory's mode. Default: `undef`. +Overrides the default [`logroot`][] directory's mode. > **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. +Default: `undef`. + ##### `manage_group` -When `false`, stops Puppet from creating the group resource. Valid options: Boolean. Default: `true`. +When `false`, stops Puppet from creating the group resource. If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. +Boolean. Default: `true`. + ##### `manage_user` -When `false`, stops Puppet from creating the user resource. Valid options: Boolean. Default: `true`. +When `false`, stops Puppet from creating the user resource. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. +Boolean. Default: `true`. + ##### `mod_dir` -Sets where Puppet places configuration files for your [Apache modules][]. Default: Determined by your operating system. +Sets where Puppet places configuration files for your [Apache modules][]. + +Default: Depends on operating system. - **Debian**: `/etc/apache2/mods-available` - **FreeBSD**: `/usr/local/etc/apache22/Modules` @@ -1093,10 +1154,7 @@ Sets where Puppet places configuration files for your [Apache modules][]. Defaul ##### `mpm_module` -Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. Default: Determined by your operating system. - -- **Debian**: 'worker' -- **FreeBSD, Gentoo, and Red Hat**: 'prefork' +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. You must set this to `false` to explicitly declare the following classes with custom parameters: @@ -1106,13 +1164,22 @@ You must set this to `false` to explicitly declare the following classes with cu - [`apache::mod::prefork`][] - [`apache::mod::worker`][] +Default: Depends on operating system. + +- **Debian**: 'worker' +- **FreeBSD, Gentoo, and Red Hat**: 'prefork' + ##### `package_ensure` -Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. +Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or equivalent 'present'), or a version string. +Default: 'installed'. + ##### `pidfile` -Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Default: Depends on operating system. +Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm. + +Default: Depends on operating system. - **Debian:** '\${APACHE_PID_FILE}' - **FreeBSD:** '/var/run/httpd.pid' @@ -1120,43 +1187,57 @@ Allows settting a custom location for the pid file - useful if using a custom bu ##### `ports_file` -Sets the path to the file containing Apache ports configuration. Default: '{$conf_dir}/ports.conf'. +Sets the path to the file containing Apache ports configuration. + +Default: '{$conf_dir}/ports.conf'. ##### `purge_configs` -Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: `true`. +Removes all other Apache configs and virtual hosts. + +Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. -Setting this to `false` is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. +Boolean. Default: `true`. ##### `purge_vhost_dir` -If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Valid options: Boolean. Default: same as [`purge_configs`][]. +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet. -Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. +Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. + +Boolean. Default: same as [`purge_configs`][]. ##### `rewrite_lock` -Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. Default: `undef`. +Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. -This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. +Default: `undef`. ##### `sendfile` -Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. Default: 'On'. +Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. + +Default: 'On'. ##### `serveradmin` -Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. Default: 'root@localhost'. +Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. + +Default: 'root@localhost'. ##### `servername` -Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. +Sets the Apache server name via Apache's [`ServerName`][] directive. Setting to `false` will not set ServerName at all. +Default: the 'fqdn' fact reported by [Facter][]. + ##### `server_root` -Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. Default: determined by your operating system. +Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. + +Default: Depends on operating system. - **Debian**: `/etc/apache2` - **FreeBSD**: `/usr/local` @@ -1165,25 +1246,35 @@ Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. ##### `server_signature` -Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. + +Default: 'On'. ##### `server_tokens` -Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Default: 'OS'. +Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. + +Default: 'OS'. ##### `service_enable` -Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: `true`. +Determines whether Puppet enables the Apache HTTPD service when the system is booted. + +Boolean. Default: `true`. ##### `service_ensure` -Determines whether Puppet should make sure the service is running. Valid options: '`true`' (equivalent to 'running'), '`false`' (equivalent to 'stopped'). Default: 'running'. +Determines whether Puppet should make sure the service is running. Valid options: '`true`' (or 'running'), '`false`' (or 'stopped'). The '`false`' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to '`false`', which is useful when you want to let the service be managed by another application, such as Pacemaker. +Default: 'running'. + ##### `service_name` -Sets the name of the Apache service. Default: determined by your operating system. +Sets the name of the Apache service. + +Default: Depends on operating system. - **Debian and Gentoo**: 'apache2' - **FreeBSD**: 'apache22' @@ -1191,17 +1282,21 @@ Sets the name of the Apache service. Default: determined by your operating syste ##### `service_manage` -Determines whether Puppet manages the HTTPD service's state. Valid options: Boolean. Default: `true`. +Determines whether Puppet manages the HTTPD service's state. + +Boolean. Default: `true`. ##### `service_restart` -Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: `undef`, which uses the [default Puppet behavior][Service attribute restart]. +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart]. + +Default: `undef`. ##### `ssl_stapling` -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: `false`. It is possible to override this on a vhost level. +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). This parameter only applies to Apache 2.4 or higher and is ignored on older versions. It is possible to override the default setting on a vhost level. -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Boolean. Default: `false`. ##### `ssl_stapling_return_errors` @@ -1235,7 +1330,7 @@ Sets the default access policy for the / directory in httpd.conf. A value of '`f ##### `vhost_dir` -Changes your virtual host configuration files' location. Default: determined by your operating system. +Changes your virtual host configuration files' location. Default: Depends on operating system. - **Debian**: `/etc/apache2/sites-available` - **FreeBSD**: `/usr/local/etc/apache22/Vhosts` @@ -1266,7 +1361,7 @@ To prevent Puppet from managing the user, set the [`manage_user`][] parameter to The name of the Apache package to install. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: -The default value is determined by your operating system: +The default value is Depends on operating system: - **Debian**: 'apache2' - **FreeBSD**: 'apache24' @@ -1279,7 +1374,7 @@ You might need to override this if you are using a non-standard Apache package, The name of the error log file for the main server instance -The default value is determined by your operating system: +The default value is Depends on operating system: - **Debian**: 'error.log' - **FreeBSD**: 'httpd-error.log' @@ -1293,7 +1388,7 @@ If the string starts with / or | or syslog: the full path will be set. Otherwise Directory to use for global script alias -The default value is determined by your operating system: +The default value is Depends on operating system: - **Debian**: '/usr/lib/cgi-bin' - **FreeBSD**: '/usr/local/www/apache24/cgi-bin' @@ -1305,7 +1400,7 @@ The default value is determined by your operating system: The name of the access log file for the main server instance -The default value is determined by your operating system: +The default value is Depends on operating system: - **Debian**: 'error.log' - **FreeBSD**: 'httpd-access.log' @@ -1317,7 +1412,7 @@ The default value is determined by your operating system: Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: -The default value is determined by your operating system: +The default value is Depends on operating system: - **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions - **FreeBSD**: '`undef`'; see note below @@ -1444,7 +1539,7 @@ Installs and manages [`mod_alias`][]. **Parameters within `apache::mod::alias`**: * `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. Default: 'Indexes MultiViews'. -* `icons_path`: Sets the local path for an `/icons/` Alias. Default: depends on your operating system. +* `icons_path`: Sets the local path for an `/icons/` Alias. Default: Depends on operating system. - **Debian**: `/usr/share/apache2/icons` - **FreeBSD**: `/usr/local/www/apache24/icons` @@ -3757,7 +3852,7 @@ Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.htm ##### `ssl_certs_dir` -Specifies the location of the SSL certification directory. Default: Depends on the operating system. +Specifies the location of the SSL certification directory. Default: Depends on operating system. - **Debian:** '/etc/ssl/certs' - **Red Hat:** '/etc/pki/tls/certs' From a2d2371a3dc00f1ca644e152c029694e4e5a5040 Mon Sep 17 00:00:00 2001 From: Federico Fapitalle Date: Tue, 28 Mar 2017 15:09:15 -0300 Subject: [PATCH 1066/2267] add support for LimitExcept directive --- templates/vhost/_directories.erb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 265a593550..49b5f32673 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -67,6 +67,14 @@ <%- end -%> <%- end -%> + <%- if directory['limit_except'] && directory['limit_except'] != '' -%> + <%- Array(directory['limit_except']).each do |lim| -%> + > + <%- scope.lookupvar('_template_scope')[:item] = lim -%> + <%= scope.function_template(["apache/vhost/_require.erb"]) -%> + + <%- end -%> + <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> )$"> From 9cae523d3d4a6ff946a00978e14182358fbbd500 Mon Sep 17 00:00:00 2001 From: Federico Fapitalle Date: Tue, 28 Mar 2017 15:09:34 -0300 Subject: [PATCH 1067/2267] add tests --- spec/defines/vhost_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4796f0bf2a..eefb428dfb 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -245,6 +245,14 @@ }, ], }, + { 'path' => '/var/www/files', + 'provider' => 'location', + 'limit_except' => [ + { 'methods' => 'GET HEAD', + 'require' => ['valid-user'] + }, + ], + }, { 'path' => '/var/www/dav', 'dav' => 'filesystem', 'dav_depth_infinity' => true, @@ -524,6 +532,10 @@ :content => /^\s+$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /\s+\s*Require valid-user\s*<\/Limit>/m ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /\s+\s*Require valid-user\s*<\/Limit>/m ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Dav\sfilesystem$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( From 6ea08cadfa2cc83f2062d7be7816780b4005ac05 Mon Sep 17 00:00:00 2001 From: Federico Fapitalle Date: Tue, 28 Mar 2017 15:09:45 -0300 Subject: [PATCH 1068/2267] add documentation --- README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/README.md b/README.md index e9ff691082..846d5b24bd 100644 --- a/README.md +++ b/README.md @@ -3434,6 +3434,26 @@ apache::vhost { 'sample.example.net': } ``` +###### `limit_except` + +Creates a [LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept) block inside the Directory block, which can also contain `require` directives. + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/docroot', + directories => [ + { path => '/', + provider => 'location', + limit_except => [ + { methods => 'GET HEAD', + require => ['valid-user'] + }, + ], + }, + ], +} +``` + ###### `mellon_enable` Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. From b9500ae7c63dcfd9fd5bad5104e2578ec75ede35 Mon Sep 17 00:00:00 2001 From: Federico Fapitalle Date: Tue, 28 Mar 2017 15:34:55 -0300 Subject: [PATCH 1069/2267] fix closing tag --- spec/defines/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index eefb428dfb..79692ca630 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -535,7 +535,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - :content => /\s+\s*Require valid-user\s*<\/Limit>/m ) } + :content => /\s+\s*Require valid-user\s*<\/LimitExcept>/m ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Dav\sfilesystem$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( From ab466563c1b2f7663163d079c5ed57841bed4ba5 Mon Sep 17 00:00:00 2001 From: Wilson McCoubrey Date: Wed, 29 Mar 2017 11:46:34 +0100 Subject: [PATCH 1070/2267] [msync] 786266 Implement puppet-module-gems, a45803 Remove metadata.json from locales config --- Gemfile | 43 ++++++++++++++++--------------------------- locales/config.yaml | 3 +-- 2 files changed, 17 insertions(+), 29 deletions(-) diff --git a/Gemfile b/Gemfile index 5d863251d6..46cb2eacec 100644 --- a/Gemfile +++ b/Gemfile @@ -29,38 +29,27 @@ end # Used for gem conditionals supports_windows = false +ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}" group :development do - gem 'puppet-lint', :require => false - gem 'metadata-json-lint', :require => false, :platforms => 'ruby' - gem 'puppet_facts', :require => false - gem 'puppet-blacksmith', '>= 3.4.0', :require => false, :platforms => 'ruby' - gem 'puppetlabs_spec_helper', '>= 1.2.1', :require => false - gem 'rspec-puppet', '>= 2.3.2', :require => false - gem 'rspec-puppet-facts', :require => false, :platforms => 'ruby' - gem 'mocha', '< 1.2.0', :require => false - gem 'simplecov', :require => false, :platforms => 'ruby' - gem 'parallel_tests', '< 2.10.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem 'parallel_tests', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.0.0') - gem 'rubocop', '0.41.2', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem 'rubocop', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.0.0') - gem 'rubocop-rspec', '~> 1.6', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0') - gem 'pry', :require => false - gem 'json_pure', '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem 'fast_gettext', '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem 'fast_gettext', :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem 'rainbow', '< 2.2.0', :require => false + gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-dev-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') end group :system_tests do - gem 'beaker', *location_for(ENV['BEAKER_VERSION'] || '>= 3') - gem 'beaker-pe', :require => false - gem 'beaker-rspec', *location_for(ENV['BEAKER_RSPEC_VERSION']) - gem 'beaker-puppet_install_helper', :require => false - gem 'beaker-module_install_helper', :require => false - gem 'master_manipulator', :require => false - gem 'beaker-hostgenerator', *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) - gem 'beaker-abs', *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') + gem "puppet-module-posix-system-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-system-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '>= 3') + gem "beaker-pe", :require => false + gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION']) + gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) + gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) diff --git a/locales/config.yaml b/locales/config.yaml index ab8ed8ba30..0ec10ba977 100644 --- a/locales/config.yaml +++ b/locales/config.yaml @@ -22,5 +22,4 @@ gettext: # Patterns for +Dir.glob+ used to find all files that might contain # translatable content, relative to the project root directory source_files: - - 'metadata.json' - \ No newline at end of file + From aa9057a0c50b7cd61cef20aa76000a793958581b Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 5 Apr 2017 15:39:50 +0200 Subject: [PATCH 1071/2267] Fix alignement in vhost.conf Regression from 86b2df3ebfc894184f4f0b206c3905d182037d23 --- templates/vhost/_directories.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 265a593550..9c273a01d2 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -317,18 +317,18 @@ <%- end -%> <%- end -%> <%- end -%> - <% if directory['request_headers'] and ! directory['request_headers'].empty? -%> + <%- if directory['request_headers'] and ! directory['request_headers'].empty? -%> ## Request Header rules <%- Array(directory['request_headers']).each do |request_statement| -%> <%- if request_statement != '' -%> RequestHeader <%= request_statement %> <%- end -%> <%- end -%> - <% end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> > <%- end -%> <%- end -%> -<% end -%> +<%- end -%> From 7e80e006628378a43bf623af107a0dad453f1a72 Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Mon, 10 Apr 2017 22:52:22 -0700 Subject: [PATCH 1072/2267] WIP loc edit --- README.md | 1643 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 1187 insertions(+), 456 deletions(-) diff --git a/README.md b/README.md index 2e484279f6..c7a02213af 100644 --- a/README.md +++ b/README.md @@ -763,7 +763,7 @@ apache::balancermember { "${::fqdn}-puppet00": Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server. -If you need to use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: +To use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: ``` puppet apache::balancer { 'puppet01': @@ -814,11 +814,13 @@ Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balanc Guides the basic setup and installation of Apache on your system. -**`apache` class parameters:** +**Parameters:** ##### `allow_encoded_slashes` -Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. If not specified, omits the declaration from the server's configuration and uses Apache's default setting of 'off'. +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. + +Values: 'on', 'off', 'nodecode'. Default: `undef`. @@ -826,7 +828,7 @@ Default: `undef`. Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. -Default: Depends on operating system and release via the [`apache::version`][] class. +Default: Depends on operating system and release version detected by the [`apache::version`][] class. ##### `conf_dir` @@ -870,14 +872,16 @@ Boolean. Default: `true`. ##### `default_mods` -Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: Boolean or an array of Apache module names. +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. -If `true`, Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. +If `true`, Puppet installs additional modules, depending on the operating system and the values of [`apache_version`][] and [`mpm_module`][] parameters. Because these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. If this parameter contains an array, Puppet instead enables all passed Apache modules. +Values: Boolean or an array of Apache module names. + Default: `true`. ##### `default_ssl_ca` @@ -913,7 +917,7 @@ Default: `undef`. Sets the path of the default [certificate revocation list][] (CRL) file to use. -Although this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. +Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. Default: `undef`. @@ -921,13 +925,13 @@ Default: `undef`. Sets the server's [certificate revocation list path][], which contains your CRLs. -Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. +Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. Default: `undef`. ##### `default_ssl_crl_check` -Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions. Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. @@ -971,7 +975,7 @@ Boolean. Default: `false`. ##### `default_type` -_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files. Default: `undef`. @@ -979,16 +983,17 @@ Default: `undef`. Configures a default virtual host when the class is declared. - To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`. -> **Note**: Apache will not start without at least one virtual host. If you set this to `false` be sure to configure one elsewhere. +> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere. Boolean. Default: `true`. ##### `dev_packages` -Configures a specific dev package to use. Valid options: A string or array of strings. +Configures a specific dev package to use. + +Values: A string or array of strings. Example for using httpd 2.4 from the IUS yum repo: @@ -1046,15 +1051,15 @@ Default: Depends on operating system. ##### `keepalive` -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. If you set this to 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. -If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. +Values: 'Off', 'On'. Default: 'Off'. ##### `keepalive_timeout` -Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. +Sets the [`KeepAliveTimeout`] directive, which determines the [TODO: number of seconds?] amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. Default: '15'. @@ -1076,19 +1081,19 @@ Specifies the location where [Apache module][Apache modules] files are stored. D ##### `loadfile_name` -Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. +Sets the [`LoadFile`] directive's filename. Values: Filenames in the format `\*.load`. This can be used to set the module load order. ##### `log_level` -Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. +Changes the error log's verbosity. Values: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. ##### `log_formats` -Define additional [`LogFormat`][] directives. Valid options: A [hash][], such as: +Define additional [`LogFormat`][] directives. Values: A [hash][], such as: ``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } @@ -1154,7 +1159,7 @@ Default: Depends on operating system. ##### `mpm_module` -Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Values: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. You must set this to `false` to explicitly declare the following classes with custom parameters: @@ -1171,7 +1176,7 @@ Default: Depends on operating system. ##### `package_ensure` -Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or equivalent 'present'), or a version string. +Controls the `package` resource's [`ensure`][] attribute. Values: 'absent', 'installed' (or equivalent 'present'), or a version string. Default: 'installed'. @@ -1215,7 +1220,7 @@ Default: `undef`. ##### `sendfile` -Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. +Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Values: 'On', 'Off'. Default: 'On'. @@ -1246,7 +1251,7 @@ Default: Depends on operating system. ##### `server_signature` -Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. +Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Values: 'Off', 'On'. Default: 'On'. @@ -1264,9 +1269,9 @@ Boolean. Default: `true`. ##### `service_ensure` -Determines whether Puppet should make sure the service is running. Valid options: '`true`' (or 'running'), '`false`' (or 'stopped'). +Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped'). -The '`false`' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to '`false`', which is useful when you want to let the service be managed by another application, such as Pacemaker. +The `false` or 'stopped' values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker. Default: 'running'. @@ -1288,7 +1293,9 @@ Boolean. Default: `true`. ##### `service_restart` -Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart]. +Determines whether Puppet should use a specific command to restart the HTTPD service. + +Values: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart]. Default: `undef`. @@ -1300,25 +1307,40 @@ Boolean. Default: `false`. ##### `ssl_stapling_return_errors` -Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. No default. It is possible to override this on a vhost level. +Sets the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. It is possible to override this on a vhost level. This parameter applies only to Apache 2.4 or higher and is ignored on older versions. + +Values: 'On', 'Off'. + +Default: 'Off'. -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. ##### `timeout` -Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. +Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. + +Default: 120. ##### `trace_enable` -Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. + +Values: 'Off', 'On'. + +Default: 'On'. ##### `use_systemd` -Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. Valid options: Boolean. Default: `true`. +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. + +Boolean. Default: `true`. ##### `file_mode` -Sets the desired permissions mode for config files, in symbolic or numeric notation. Valid options: A string. Default: '0644'. +Sets the desired permissions mode for config files. + +Values: A string, with permissions mode in symbolic or numeric notation. + +Default: '0644'. ##### `root_directory_options` @@ -1326,11 +1348,15 @@ Array of the desired options for the / directory in httpd.conf. Defaults to 'Fol ##### `root_directory_secured` -Sets the default access policy for the / directory in httpd.conf. A value of '`false`' allows access to all resources that are missing a more specific access policy. A value of '`true`' denies access to all resources by default. In this case more specific rules must be used to allow access to these resources (e.g. in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). Valid options: Boolean. Default: `false`. +Sets the default access policy for the / directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). + +Boolean. Default: `false`. ##### `vhost_dir` -Changes your virtual host configuration files' location. Default: Depends on operating system. +Changes your virtual host configuration files' location. + +Default: Depends on operating system: - **Debian**: `/etc/apache2/sites-available` - **FreeBSD**: `/usr/local/etc/apache22/Vhosts` @@ -1339,42 +1365,40 @@ Changes your virtual host configuration files' location. Default: Depends on ope ##### `vhost_include_pattern` -Defines the pattern for files included from the `vhost_dir`. Default: '*', also for BC with previous versions of this module. +Defines the pattern for files included from the `vhost_dir`. -However, you might want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. +If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. -Some operating systems ship with a value of '*.conf'. Also note that this module will, by default, create configuration files ending in '.conf'. +Default: '*', also for BC with previous versions of this module. TODO: what does "also for BC" mean? + +Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. ##### `user` -Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. +Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`. -Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: +Default: Depends on the user set by [`apache::params`][] class, based on your operating system: - **Debian**: 'www-data' - **FreeBSD**: 'www' - **Gentoo** and **Red Hat**: 'apache' -To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`. - ##### `apache_name` -The name of the Apache package to install. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: +The name of the Apache package to install. If you are using a non-standard Apache package, such as those from Red Hat's software collections, you might need to override the default setting. -The default value is Depends on operating system: +Default: Depends on the user set by [`apache::params`][] class, based on your operating system: - **Debian**: 'apache2' - **FreeBSD**: 'apache24' - **Gentoo**: 'www-servers/apache' - **Red Hat**: 'httpd' -You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. - ##### `error_log` -The name of the error log file for the main server instance +The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with `$logroot`. -The default value is Depends on operating system: +Default: Depends on operating system: - **Debian**: 'error.log' - **FreeBSD**: 'httpd-error.log' @@ -1382,13 +1406,11 @@ The default value is Depends on operating system: - **Red Hat**: 'error_log' - **Suse**: 'error.log' -If the string starts with / or | or syslog: the full path will be set. Otherwise the filename will be prefixed with $logroot - ##### `scriptalias` Directory to use for global script alias -The default value is Depends on operating system: +Default: Depends on operating system: - **Debian**: '/usr/lib/cgi-bin' - **FreeBSD**: '/usr/local/www/apache24/cgi-bin' @@ -1398,9 +1420,9 @@ The default value is Depends on operating system: ##### `access_log_file` -The name of the access log file for the main server instance +The name of the access log file for the main server instance. -The default value is Depends on operating system: +Default: Depends on operating system: - **Debian**: 'error.log' - **FreeBSD**: 'httpd-access.log' @@ -1410,28 +1432,28 @@ The default value is Depends on operating system: #### Class: `apache::dev` -Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: - -The default value is Depends on operating system: +Installs Apache development libraries. Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system: -- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions -- **FreeBSD**: '`undef`'; see note below -- **Gentoo**: '`undef`' -- **Red Hat**: 'httpd-devel' - -> **Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. +- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions. +- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. +- **Gentoo**: `undef`. +- **Red Hat**: 'httpd-devel'. #### Class: `apache::vhosts` Creates [`apache::vhost`][] defined types. -**Parameters within `apache::vhosts`**: +**Parameters**: + +* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters. + + Values: A [hash][], where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters. -- `vhosts`: A [hash][] where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters. Default: '{}' + Default: '{}' -> **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts]. + > **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts]. -For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, you can declare the class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }': + For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, declare this class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }': ``` puppet class { 'apache::vhosts': @@ -1446,7 +1468,9 @@ class { 'apache::vhosts': #### Classes: `apache::mod::` -Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': +Enables specific [Apache modules][]. Enable and configure an Apache module by declaring its class. + +For example, to install and enable [`mod_alias`][] with no icons, declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': ``` puppet class { 'apache::mod::alias': @@ -1536,32 +1560,39 @@ Modules noted with a * indicate that the module has settings and a template that Installs and manages [`mod_alias`][]. -**Parameters within `apache::mod::alias`**: +**Parameters**: + +* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. -* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. Default: 'Indexes MultiViews'. -* `icons_path`: Sets the local path for an `/icons/` Alias. Default: Depends on operating system. + Default: 'Indexes MultiViews'. +* `icons_path`: Sets the local path for an `/icons/` Alias. -- **Debian**: `/usr/share/apache2/icons` -- **FreeBSD**: `/usr/local/www/apache24/icons` -- **Gentoo**: `/var/www/icons` -- **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` + Default: Depends on operating system. + + * **Debian**: `/usr/share/apache2/icons` + * **FreeBSD**: `/usr/local/www/apache24/icons` + * **Gentoo**: `/var/www/icons` + * *Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` #### Class: `apache::mod::disk_cache` -Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. The default cache root depends on the Apache version and operating system: +Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. + +Default: Depends on the Apache version and operating system: - **Debian**: `/var/cache/apache2/mod_cache_disk` - **FreeBSD**: `/var/cache/mod_cache_disk` - **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy` - **Red Hat, Apache 2.2**: `/var/cache/mod_proxy` -You can specify the cache root by passing a path as a string to the `cache_root` parameter. +To specify the cache root, pass a path as a string to the `cache_root` parameter. ``` puppet class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } ``` + ##### Class: `apache::mod::diskio` Installs and configures [`mod_diskio`][]. @@ -1577,67 +1608,159 @@ class{'apache::mod::diskio': } ``` +**Parameters**: + +* `dump_io_input`: Dump all input data to the error log. + + Values: 'On', 'Off'. + + Default: 'Off'. + +* `dump_io_output`: Dump all output data to the error log. -**Parameters withing `apache::mod::diskio`**: + Values: 'On', 'Off'. -- `dump_io_input`: Dump all input data to the error log. Must be `On` or `Off`, defaults to `Off` -- `dump_io_output`: Dump all output data to the error log. Must be `On` or `Off`, defaults to `Off` + Defaults to 'Off'. ##### Class: `apache::mod::event` -Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::event` and [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. +Installs and manages [`mod_mpm_event`][]. You cannot include `apache::mod::event` with [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. + +**Parameters**: + +* `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Setting this to `false` removes the parameter. + + Default: '511'. + +* `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Setting these to `false` removes the parameters. + + Default: '150'. + +* `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Setting these to `false` removes the parameters. + + Default: '0'. + +* `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Setting these to `false` removes the parameters. + + Default: '75' and '25', respectively. + +* `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Setting this to `false` removes the parameter. + + Default: '25'. + +* `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Setting this to `false` removes the parameter. -**Parameters within `apache::mod::event`**: + Default: '2'. + +* `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Setting this to `false` removes the parameter. -- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. Setting this to '`false`' removes the parameter. -- `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. Setting these to '`false`' removes the parameters. -- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. Setting these to '`false`' removes the parameters. -- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. Setting these to '`false`' removes the parameters. -- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. Setting this to '`false`' removes the parameter. -- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. Setting this to '`false`' removes the parameter. -- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. Setting this to '`false`' removes the parameter. -- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to '`false`' removes the parameter. + Default: '64'. + +* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to `false` removes the parameter. ##### Class: `apache::mod::auth_cas` -Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apache module's directives. +Installs and manages [`mod_auth_cas`][]. Parameters share names with the Apache module's directives. -The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have '`undef`' default values. +The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have `undef` default values. -**Note**: The auth\_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() +> **Note**: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() -**Parameters within `apache::mod::auth_cas`**: +**Parameters**: -- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML - validation is enabled. Default: CAS_ +- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML validation is enabled. + + Default: CAS_. + - `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`. + Default: , -- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: `undef`. -- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: `undef`. -- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: `undef`. -- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: `undef`. -- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: `undef`. -- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: `undef`. -- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user. Default: OS dependent. -- `cas_cookie_path_mode`: The mode of `cas_cookie_path`. Default: '0750'. -- `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. -- `cas_idle_timeout`: Default: `undef`. + +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. + + Default: `undef`. + +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. + + Default: `undef`. + +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. + + Default: `undef`. + +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. + + Default: `undef`. + +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. + + Default: `undef`. + +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. + + Default: `undef`. + +- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user. + + Default: OS dependent. + +- `cas_cookie_path_mode`: The mode of `cas_cookie_path`. + + Default: '0750'. + +- `cas_debug`: Determines whether to enable the module's debugging mode. + + Default: 'Off'. + +- `cas_idle_timeout`: Sets the idle timeout limit, in seconds. TODO: is this correct? + + Default: `undef`. + - `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. -- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. Default: `undef`. -- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: `undef`. + +- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. + + Default: `undef`. + +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. + + Default: `undef`. + - `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas. -- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). Default: off -- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: `undef`. -- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: `undef`. -- `cas_validate_saml`: Parse response from CAS server for SAML. Default: Off -- `cas_validate_server`: Should we validate the cert of the CAS server (depreciated in 1.1 - RedHat 7). Default: `undef`. + +- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). + + Default: 'Off'. + +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. + + Default: `undef`. + +- `cas_validate_depth`: Limits the depth for chained certificate validation. + + Default: `undef`. + +- `cas_validate_saml`: Parse response from CAS server for SAML. + + Default: 'Off'. + +- `cas_validate_server`: Whether to validate the cert of the CAS server (deprecated in 1.1 - RedHat 7). + + Default: `undef`. + - `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. -- `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. -- `suppress_warning`: Don't wine about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). Default: `false`. + +- `cas_version`: The CAS protocol version to adhere to. Values: '1', '2'. + + Default: '2'. + +- `suppress_warning`: Suppress warning about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). TODO: how does this hint relate to this warning? + + Default: `false`. ##### Class: `apache::mod::auth_mellon` -Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. +Installs and manages [`mod_auth_mellon`][]. Parameters share names with the Apache module's directives. ``` puppet class{ 'apache::mod::auth_mellon': @@ -1645,19 +1768,39 @@ class{ 'apache::mod::auth_mellon': } ``` -**Parameters within `apache::mod::auth_mellon`**: +**Parameters**: + +* `mellon_cache_entry_size`: Maximum size for a single session. + + Default: `undef`. -- `mellon_cache_entry_size`: Maximum size for a single session. Default: `undef`. -- `mellon_cache_size`: Size in megabytes of the mellon cache. Default: 100. -- `mellon_lock_file`: Location of lock file. Default: '`/run/mod_auth_mellon/lock`'. -- `mellon_post_directory`: Full path where post requests are saved. Default: '`/var/cache/apache2/mod_auth_mellon/`' -- `mellon_post_ttl`: Time to keep post requests. Default: `undef`. -- `mellon_post_size`: Maximum size of post requests. Default: `undef`. -- `mellon_post_count`: Maximum number of post requests. Default: `undef`. +* `mellon_cache_size`: Size in megabytes of the mellon cache. + + Default: 100. + +* `mellon_lock_file`: Location of lock file. + + Default: '`/run/mod_auth_mellon/lock`'. + +* `mellon_post_directory`: Full path where post requests are saved. + + Default: '`/var/cache/apache2/mod_auth_mellon/`' + +* `mellon_post_ttl`: Time to keep post requests. + + Default: `undef`. + +* `mellon_post_size`: Maximum size of post requests. + + Default: `undef`. + +* `mellon_post_count`: Maximum number of post requests. + + Default: `undef`. ##### Class: `apache::mod::authn_dbd` -Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally creates AuthnProviderAlias. +Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally, creates AuthnProviderAlias. ``` puppet class { 'apache::mod::authn_dbd': @@ -1668,28 +1811,51 @@ class { 'apache::mod::authn_dbd': } ``` -** Parameters within `apache::mod::authn_dbd` -- `authn_dbd_alias`: Name for the AuthnProviderAlias. -- `authn_dbd_dbdriver`: Which db driver to use. Default: mysql. -- `authn_dbd_exptime`: corresponds to DBDExptime. Default: 300. -- `authn_dbd_keep`: corresponds to DBDKeep. Default: 8. -- `authn_dbd_max`: corresponds to DBDMax. Default: 20. -- `authn_dbd_min`: corresponds to DBDMin. Default: 4. -- `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string. -- `authn_dbd_query`: is the query used to test a user and password for authentication. +**Parameters**: + +* `authn_dbd_alias`: Name for the 'AuthnProviderAlias'. + +* `authn_dbd_dbdriver`: Specifies the database driver to use. + + Default: 'mysql'. + +* `authn_dbd_exptime`: corresponds to DBDExptime. + + Default: 300. + +* `authn_dbd_keep`: Corresponds to DBDKeep. + + Default: 8. + +* `authn_dbd_max`: Corresponds to DBDMax. + + Default: 20. + +* `authn_dbd_min`: Corresponds to DBDMin. + + Default: 4. + +* `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string. + +* `authn_dbd_query`: Whether to query the user and password for authentication. ##### Class: `apache::mod::authnz_ldap` Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration. -**Parameters within `apache::mod::authnz_ldap`**: +**Parameters**: -- `package_name`: Default: `undef`. -- `verify_server_cert`: Default: `undef`. +* `package_name`: The name of the package. + + Default: `undef`. + +* `verify_server_cert`: Whether to verify the server certificate. TODO: this didn't say anything, so I'm guessing? is this true, false, undef? + + Default: `undef`. ##### Class: `apache::mod::cluster` -**Note**: There is no official package available for mod\_cluster and thus it must be made available by means outside of the control of the apache module. Binaries can be found at http://mod-cluster.jboss.org/ +**Note**: There is no official package available for `mod_cluster`, so you must make it available outside of the apache module. Binaries can be found at http://mod-cluster.jboss.org/ ``` puppet class { '::apache::mod::cluster': @@ -1700,37 +1866,75 @@ class { '::apache::mod::cluster': } ``` -**Parameters within `apache::mod::cluster`**: +**Parameters**: + +* `port`: mod_cluster listen port. + + Default: '6666'. + +* `server_advertise`: Whether the server should advertise. TODO: what does advertise mean? + + Default: `true`. + +* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds]. + + Default: 10. -- `port`: mod_cluster listen port. Default: '6666'. -- `server_advertise`: Whether the server should advertise. Default: `true`. -- `advertise_frequency`: Interval between advertise messages in seconds[.miliseconds]. Default: 10. -- `manager_allowed_network`: Network allowed to access the mod_cluster_manager. Default: '127.0.0.1'. -- `keep_alive_timeout`: Keep-alive timeout. Default: 60. -- `max_keep_alive_requests`: Max number of requests kept alive. Default: 0 -- `enable_mcpm_receive`: Whether MCPM should be enabled: Default: `true`. -- `ip`: Listen ip address.. -- `allowed_network`: Balanced members network. -- `version`: mod_cluster version. >= 1.3.0 is required for httpd 2.4. +* `manager_allowed_network`: Whether to allow the network to access the mod_cluster_manager. + + Default: '127.0.0.1'. + +* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds. + + Default: 60. + +* `max_keep_alive_requests`: Maximum number of requests kept alive. + + Default: 0. + +* `enable_mcpm_receive`: Whether MCPM should be enabled. + + Default: `true`. + +* `ip`: Specifies the IP address to listen to. TODO: is this required or does it have a default? + +* `allowed_network`: Balanced members network. TODO: What does this do? Is there a default? + +* `version`: Specifies the `mod_cluster` version. Version 1.3.0 or greater is required for httpd 2.4. ##### Class: `apache::mod::deflate` Installs and configures [`mod_deflate`][]. -**Parameters within `apache::mod::deflate`**: +**Parameters**: + +* `types`: An [array][] of [MIME types][MIME `content*type`] to be deflated. + + Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. + +* `notes`: A [Hash][] where the key represents the type and the value represents the note name. -- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. -- `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } + Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' }. ##### Class: `apache::mod::expires` Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration. -**Parameters within `apache::mod::expires`**: +**Parameters**: + +* `expires_active`: Enables generation of `Expires` headers for a document realm. + + Boolean. Default: `true`. + +* `expires_default`: Specifies the default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. -- `expires_active`: Enables generation of `Expires` headers for a document realm. Valid options: Boolean. Default: `true`. -- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: `undef`. -- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: `undef`. + Default: `undef`. + +* `expires_by_type`: Describes a set of [MIME `content*type`][] and their expiration times. + + Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content*type` (i.e. 'text/json') and its value following valid [interval syntax][]. + + Default: `undef`. ##### Class: `apache::mod::ext_filter` @@ -1745,15 +1949,17 @@ class { 'apache::mod::ext_filter': } ``` -**Parameters within `apache::mod::ext_filter`**: +**Parameters**: + +* `ext_filter_define`: A hash of filter names and their parameters. -- `ext_filter_define`: A hash of filter names and their parameters. Default: `undef`. + Default: `undef`. ##### Class: `apache::mod::fcgid` Installs and configures [`mod_fcgid`][]. -The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: +The class does not individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: ``` puppet class { 'apache::mod::fcgid': @@ -1787,39 +1993,98 @@ apache::vhost { 'example.org': Installs and manages [`mod_geoip`][]. -**Parameters within `apache::mod::geoip`**: +**Parameters**: + +* `db_file`: Sets the path to your GeoIP database file. + + Values: a path, or an [array][] paths for multiple GeoIP database files. + + Default: `/usr/share/GeoIP/GeoIP.dat`. + +* `enable`: Determines whether to globally enable [`mod_geoip`][]. + + Boolean. Default: `false`. + +* `flag`: Sets the GeoIP flag. + + Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. + + Default: 'Standard'. + +* `output`: Defines which output variables to use. + + Values: 'All', 'Env', 'Request', 'Notes'. + + Default: 'All'. + +* `enable_utf8`: Changes the output from ISO*8859*1 (Latin*1) to UTF*8. + + Boolean. Default: `undef`. + +* `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. + + Boolean. Default: `undef`. + +* `scan_proxy_header_field`: Specifies the header [`mod_geoip`][] uses to determine the client's IP address. -- `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. -- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: `false`. -- `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. -- `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. -- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: `undef`. -- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: `undef`. -- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: `undef`. -- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: `undef`. + Default: `undef`. + +* `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found. + + Boolean. Default: `undef`. ##### Class: `apache::mod::info` Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration. -**Parameters within `apache::mod::info`**: +**Parameters**: + +* `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server*info`. + + Values: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. + + Default: ['127.0.0.1','::1']. + +* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. + + Default: The value of [`$::apache::apache_version`][`apache_version`]. + -- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1']. -- `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. -- `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: `true`. +* `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server*info`. + + Boolean. Default: `true`. ##### Class: `apache::mod::passenger` -Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensure that you meet the minimum requirements as described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux) +Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). + +**Parameters**: + +* `passenger_high_performance`: Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). + + Values: 'On', 'Off'. + + Default: `undef`. + +* `passenger_pool_idle_time`: Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). + + Default: `undef`. + +* `passenger_max_pool_size`: Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). + + Default: `undef`. -**Parameters within `apache::mod::passenger`**: +* `passenger_max_request_queue_size`: Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). -- `passenger_high_performance` Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Valid options: 'on', 'off'. Default: `undef`. -- `passenger_pool_idle_time` Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: `undef`. -- `passenger_max_pool_size` Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). Default: `undef`. -- `passenger_max_request_queue_size` Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). Default: `undef`. -- `passenger_max_requests` Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). Default: `undef`. -- `passenger_data_buffer_dir` Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). Default: `undef`. + Default: `undef`. + +* `passenger_max_requests`: Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). + + Default: `undef`. + +* `passenger_data_buffer_dir`: Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). + + Default: `undef`. ##### Class: `apache::mod::ldap` @@ -1838,84 +2103,130 @@ class { 'apache::mod::ldap': } ``` -**Parameters within `apache::mod::ldap`:** +**Parameters** + +* `apache_version`: Specifies the installed Apache version. + + Default: `undef`. + +* `ldap_trusted_global_cert_file`: Specifies the path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. + +* `ldap_trusted_global_cert_type`: Specifies the global trust certificate format. + + Default: 'CA_BASE64'. + +* `ldap_shared_cache_size`: Specifies the size, in bytes, of the shared memory cache. + +* `ldap_cache_entries`: Specifies the maximum number of entries in the primary LDAP cache. + +* `ldap_cache_ttl`: Specifies the time, in seconds, that cached items remain valid. + +* `ldap_opcache_entries`: Specifies the number of entries used to cache LDAP compare operations. -- `apache_version`: The installed Apache version. Defaults to `undef`. -- `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. -- `ldap_trusted_global_cert_type`: The global trust certificate format. Default: 'CA_BASE64'. -- `ldap_shared_cache_size`: Size in bytes of the shared-memory cache. -- `ldap_cache_entries`: Maximum number of entries in the primary LDAP cache. -- `ldap_cache_ttl`: Time that cached items remain valid. -- `ldap_opcache_entries`: Number of entries used to cache LDAP compare operations. -- `ldap_opcache_ttl`: Time that entries in the operation cache remain valid. -- `package_name`: Custom package name. Defaults to `undef`. +* `ldap_opcache_ttl`: Specifies the time, in seconds, that entries in the operation cache remain valid. + +* `package_name`: Specifies the custom package name. + + Default: `undef`. ##### Class: `apache::mod::negotiation` Installs and configures [`mod_negotiation`][]. -**Parameters within `apache::mod::negotiation`:** +**Parameters**: + +* `force_language_priority`: Sets the `ForceLanguagePriority` option. + + Values: A string. TODO: What are options for the string? + + Default: `Prefer Fallback`. + +* `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. -- `force_language_priority`: Sets the `ForceLanguagePriority` option. Valid option: String. Default: `Prefer Fallback`. -- `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] + Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW' ] ##### Class: `apache::mod::pagespeed` Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth. -While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. - -**Note:** Verify that your system is compatible with the latest Google Pagespeed requirements. - -**Parameters within `apache::mod::pagespeed`**: - -- `inherit_vhost_config`: Default: 'on'. -- `filter_xhtml`: Default: `false`. -- `cache_path`: Default: '/var/cache/mod\_pagespeed/'. -- `log_dir`: Default: '/var/log/pagespeed'. -- `memcache_servers`: Default: []. -- `rewrite_level`: Default: 'CoreFilters'. -- `disable_filters`: Default: []. -- `enable_filters`: Default: []. -- `forbid_filters`: Default: []. -- `rewrite_deadline_per_flush_ms`: Default: 10. -- `additional_domains`: Default: `undef`. -- `file_cache_size_kb`: Default: 102400. -- `file_cache_clean_interval_ms`: Default: 3600000. -- `lru_cache_per_process`: Default: 1024. -- `lru_cache_byte_limit`: Default: 16384. -- `css_flatten_max_bytes`: Default: 2048. -- `css_inline_max_bytes`: Default: 2048. -- `css_image_inline_max_bytes`: Default: 2048. -- `image_inline_max_bytes`: Default: 2048. -- `js_inline_max_bytes`: Default: 2048. -- `css_outline_min_bytes`: Default: 3000. -- `js_outline_min_bytes`: Default: 3000. -- `inode_limit`: Default: 500000. -- `image_max_rewrites_at_once`: Default: 8. -- `num_rewrite_threads`: Default: 4. -- `num_expensive_rewrite_threads`: Default: 4. -- `collect_statistics`: Default: 'on'. -- `statistics_logging`: Default: 'on'. -- `allow_view_stats`: Default: []. -- `allow_pagespeed_console`: Default: []. -- `allow_pagespeed_message`: Default: []. -- `message_buffer_size`: Default: 100000. -- `additional_configuration`: A hash of directive-value pairs or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'. - -The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. +Although this apache module requires the `mod-pagespeed-stable` package, Puppet **does not** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. + +> **Note:** Verify that your system is compatible with the latest Google Pagespeed requirements. + +**Parameters**: + +These parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. + +* `inherit_vhost_config`: Default: 'on'. +* `filter_xhtml`: Default: `false`. +* `cache_path`: Default: '/var/cache/mod_pagespeed/'. +* `log_dir`: Default: '/var/log/pagespeed'. +* `memcache_servers`: Default: []. +* `rewrite_level`: Default: 'CoreFilters'. +* `disable_filters`: Default: []. +* `enable_filters`: Default: []. +* `forbid_filters`: Default: []. +* `rewrite_deadline_per_flush_ms`: Default: 10. +* `additional_domains`: Default: `undef`. +* `file_cache_size_kb`: Default: 102400. +* `file_cache_clean_interval_ms`: Default: 3600000. +* `lru_cache_per_process`: Default: 1024. +* `lru_cache_byte_limit`: Default: 16384. +* `css_flatten_max_bytes`: Default: 2048. +* `css_inline_max_bytes`: Default: 2048. +* `css_image_inline_max_bytes`: Default: 2048. +* `image_inline_max_bytes`: Default: 2048. +* `js_inline_max_bytes`: Default: 2048. +* `css_outline_min_bytes`: Default: 3000. +* `js_outline_min_bytes`: Default: 3000. +* `inode_limit`: Default: 500000. +* `image_max_rewrites_at_once`: Default: 8. +* `num_rewrite_threads`: Default: 4. +* `num_expensive_rewrite_threads`: Default: 4. +* `collect_statistics`: Default: 'on'. +* `statistics_logging`: Default: 'on'. +* `allow_view_stats`: Default: []. +* `allow_pagespeed_console`: Default: []. +* `allow_pagespeed_message`: Default: []. +* `message_buffer_size`: Default: 100000. +* `additional_configuration`: A hash of directive value pairs, or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'. ##### Class: `apache::mod::passenger` -Installs and configures mod\_passenger - -**Parameters within `apache::mod::passenger`**: - -- `manage_repo`: Manage phusionpassenger.com repository. Default: `true`. - -TODO: The parameters section is incomplete. - -**Note**: The passenger module isn't available on RH/CentOS without providing dependency packages provided by EPEL and mod\_passengers own custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() +Installs and configures `mod_passenger`. + +>**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() + +**Parameters**: [TODO: parameters were not listed (except `manage_repo`), so I pulled them out of the manifest. I need to know what these parameters do and what their values can be OR a link that points external documentation for the parameter mapping (as with mod_pagespeed above)] + +* `passenger_conf_file`: `$::apache::params::passenger_conf_file` +* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` +* `passenger_high_performance`: Default: `undef` +* `passenger_pool_idle_time`: Default: `undef` +* `passenger_max_request_queue_size`: Default: `undef` +* `passenger_max_requests`: Default: `undef` +* `passenger_spawn_method`: Default: `undef` +* `passenger_stat_throttle_rate`: Default: `undef` +* `rack_autodetect`: Default: `undef` +* `rails_autodetect`: Default: `undef` +* `passenger_root` : `$::apache::params::passenger_root` +* `passenger_ruby` : `$::apache::params::passenger_ruby` +* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby` +* `passenger_max_pool_size`: Default: `undef` +* `passenger_min_instances`: Default: `undef` +* `passenger_max_instances_per_app`: Default: `undef` +* `passenger_use_global_queue`: Default: `undef` +* `passenger_app_env`: Default: `undef` +* `passenger_log_file`: Default: `undef` +* `passenger_log_level`: Default: `undef` +* `passenger_data_buffer_dir`: Default: `undef` +* `manage_repo`: Whether to manage the phusionpassenger.com repository. Default: `true`. +* `mod_package`: Default: `undef`. +* `mod_package_ensure`: Default: `undef`. +* `mod_lib`: Default: `undef`. +* `mod_lib_path`: Default: `undef`. +* `mod_id`: Default: `undef`. +* `mod_path`: Default: `undef`. ##### Class: `apache::mod::proxy` @@ -1923,6 +2234,8 @@ Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its conf **Parameters within `apache::mod::proxy`**: +TODO: What do these parameters do? + - `allow_from`: Default: `undef`. - `apache_version`: Default: `undef`. - `package_name`: Default: `undef`. @@ -1933,42 +2246,53 @@ Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its conf Installs and manages [`mod_proxy_balancer`][], which provides load balancing. -**Parameters within `apache::mod::proxy_balancer`**: +**Parameters**: + +* `manager`: Determines whether to enable balancer manager support. + + Default: `false`. + +* `manager_path`: The server location of the balancer manager. -- `manager`: Determines whether to enable balancer manager support. Default: `false`. -- `manager_path`: The server location of the balancer manager. Default: '/balancer-manager'. -- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer-manager`. Default: ['127.0.0.1','::1']. -- `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. - - On Apache >= 2.4, `mod_slotmem_shm` is loaded. + Default: '/balancer*manager'. + +* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer*manager`. + Default: ['127.0.0.1','::1']. + +* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. + + Default: the value of [`$::apache::apache_version`][`apache_version`]. On Apache 2.4 or greater, `mod_slotmem_shm` is loaded. ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. -**Parameters within `apache::mod::php`**: - -Default values depend on your operating system. +**Parameters**: -> **Note**: This list is incomplete. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. +Default values for these parameters depend on your operating system. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. -- `package_name`: Names the package that installs `mod_php`. -- `path`: Defines the path to the `mod_php` shared object (`.so`) file. -- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` path. -- `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. -- `content`: Adds arbitrary content to `php.conf`. +* `package_name`: Names the package that installs `mod_php`. +* `path`: Defines the path to the `mod_php` shared object (`.so`) file. +* `source`: Defines the path to the default configuration. Values include a `puppet:///` path. +* `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. +* `content`: Adds arbitrary content to `php.conf`. ##### Class: `apache::mod::proxy_html` -**Note**: There is no official package available for mod\_proxy\_html and thus it must be made available by means outside of the control of the apache module. +**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. ##### Class: `apache::mod::reqtimeout` Installs and configures [`mod_reqtimeout`][]. -**Parameters within `apache::mod::reqtimeout`**: +**Parameters** + +* `timeouts`: Sets the [`RequestReadTimeout`][] option. -- `timeouts`: A string or [array][] that sets the [`RequestReadTimeout`][] option. Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. + Values: A string or [array][]. + + Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. ##### Class: `apache::mod::rewrite` @@ -1976,45 +2300,94 @@ Installs and enables the Apache module `mod_rewrite`. ##### Class: `apache::mod::shib` -Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a web application that consumes Shibboleth SSO identities, also known as a Shibboleth Service Provider. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). +Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. -Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. +This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). **Note**: The shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See [http://wiki.aaf.edu.au/tech-info/sp-install-guide]() ##### Class: `apache::mod::ssl` -Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this ssl.conf is placed in the module configuration directory, however on Red Hat-based operating systems it is placed in the confd directory (/etc/httpd/conf.d), the same location the RPM stores the configuration. - -**Parameters within `apache::mod::ssl`**: - -- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. -- `ssl_compression`: Default: `false`. -- `ssl_cryptodevice`: Default: 'builtin'. -- `ssl_honorcipherorder`: Default: `true`. -- `ssl_openssl_conf_cmd`: Default: `undef`. -- `ssl_options`: Default: [ 'StdEnvVars' ] -- `ssl_pass_phrase_dialog`: Default: 'builtin'. -- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. -- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. -- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. -- `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation. - - RedHat/FreeBSD/Suse/Gentoo: 'default' - - Debian/Ubuntu + Apache >= 2.4: 'default' - - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' - - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex' +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this `ssl.conf` is placed in the module configuration directory. On Red Hat-based operating systems, this file is placed in `/etc/httpd/conf.d`, the same location in which the RPM stores the configuration. To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to `true` **or** the [`ssl`][] parameter in [`apache::vhost`][] to `true`. +**Parameters: + +* `ssl_cipher` + + Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. + +* `ssl_compression` + + Default: `false`. + +* `ssl_cryptodevice` + + Default: 'builtin'. + +* `ssl_honorcipherorder` + + Default: `true`. + +* `ssl_openssl_conf_cmd` + + Default: `undef`. + +* `ssl_options` + + Default: [ 'StdEnvVars' ] + +* `ssl_pass_phrase_dialog` + + Default: 'builtin'. + +* `ssl_protocol` + + Default: [ 'all', '*SSLv2', '*SSLv3' ]. + +* `ssl_random_seed_bytes` + + Values: A string. + + Default: '512'. + +* `ssl_sessioncachetimeout` + + Values: A string. + + Default: '300'. + +* `ssl_mutex`: + + Values: See [mod_ssl][mod_ssl] documentation. + + Default: Based on the OS: + + * RedHat/FreeBSD/Suse/Gentoo: 'default'. + * Debian/Ubuntu + Apache >= 2.4: 'default'. + * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. + * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. + + ##### Class: `apache::mod::status` Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration. -**Parameters within `apache::mod::status`**: +**Parameters**: + +* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. + + Default: ['127.0.0.1','::1']. +* `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. + + Values: 'Off', 'On'. + + Default: 'On'. + +* `status_path`: The server location of the status page. -- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. -- `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Valid options: 'Off', 'On'. Default: 'On'. -- `status_path`: The server location of the status page. Default: '/server-status'. + Default: '/server-status'. ##### Class: `apache::mod::version` @@ -2026,48 +2399,140 @@ If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::v Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts. -**Parameters within `apache::mod::security`**: +**Parameters**: + +* `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks. + + Default: `modsec_default_rules` in [`apache::params`][]. + +* `allowed_methods`: A space*separated list of allowed HTTP methods. -- `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. -- `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. -- `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' -- `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. -- `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. + Default: 'GET HEAD POST OPTIONS'. + +* `content_types`: A list of one or more allowed [MIME types][MIME `content*type`]. + + Default: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'. + +* `crs_package`: Names the package that installs CRS rules. + + Default: `modsec_crs_package` in [`apache::params`][]. + +* `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. + + Default: 'On', set by `modsec_dir` in [`apache::params`][]. ${modsec\_dir}/activated\_rules. -- `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. -- `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. -- `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. -- `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') vs. Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. Default: 'deny'. Fuller values can be set too like "log,auditlog,deny,status:406,tag:'SLA 24/7'" -- `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' -- `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' -- `logroot`: Configures the location of audit and debug logs. Defaults to apache log directory (Redhat: /var/log/httpd Debian: /var/log/apache2) -- `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. Defaults: '^(?:5|4(?!04))'. -- `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ' -- `anomaly_score_blocking`: De-/Activates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: off. -- `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. -- `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. -- `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '5'. -- `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '4'. -- `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '3'. -- `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: '2'. -- `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request. Default: '255'. -- `secrequestbodylimit`: Sets the maximum request body size ModSecurity will accept for buffering.. Default: '13107200'. -- `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported in the request. Default: '131072'. -- `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity will store in memory. Default: '131072' + +* `modsec_secruleengine`: Configures the modsec rules engine. Values: 'On', 'Off', and 'DetectionOnly'. + + Default: `modsec_secruleengine` in [`apache::params`][]. + +* `restricted_extensions`: A space*separated list of prohibited file extensions. + + Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. + +* `restricted_headers`: A list of restricted headers separated by slashes and spaces. + + Default: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'. + +* `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') or Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. + + Default: 'deny'. You can also set full values, such as "log,auditlog,deny,status:406,tag:'SLA 24/7'". + +* `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. + + Default: 1500. + +* `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. + + Default: 1500. + +* `logroot`: Configures the location of audit and debug logs. + + Defaults to the Apache log directory (Redhat: `/var/log/httpd`, Debian: `/var/log/apache2`). + +* `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. + + Default: '^(?:5|4(?!04))'. + +* `audit_log_parts`: Sets the sections to be put in the [audit log][]. + + Default: 'ABIJDEFHZ'. + +* `anomaly_score_blocking`: Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. + + Default: 'off'. + +* `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + + Default: 5. + +* `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + + Default: 4. + +* `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + + Default: 5. + +* `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + + Default: 4. + +* `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + + Default: 3. + +* `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. + +Default: 2. + +* `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request. + + Default: 255. + +* `secrequestbodylimit`: Sets the maximum request body size ModSecurity accepts for buffering. + + Default: '13107200'. + +* `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity accepts for buffering, excluding the size of any files being transported in the request. + + Default: '131072'. + +* `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity stores in memory. + + Default: '131072' ##### Class: `apache::mod::wsgi` Enables Python support via [`mod_wsgi`][]. -**Parameters within `apache::mod::wsgi`**: +**Parameters**: + +* `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. + + Default: `undef`. + + * If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally. + +* `package_name`: Names the package that installs `mod_wsgi`. + + Default: `undef`. + +* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. -- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: `undef`. - - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. -Otherwise, Puppet follows it literally. -- `package_name`: Names the package that installs `mod_wsgi`. Default: `undef`. -- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: `undef`. -- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: `undef`. -- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. + Values: A string specifying a path. + + Default: `undef`. + +* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site*packages'. + + Values: A string specifying a path. + + Default: `undef`. + +* `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". + + Default: `wsgi_socket_prefix` in [`apache::params`][]. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. @@ -2109,19 +2574,19 @@ Creates an Apache load balancing group, also known as a balancer cluster, using Declare one `apache::balancer` defined type for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. -**Parameters within `apache::balancer`**: +**Parameters**: ##### `name` -Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. +Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. TODO: isn't the default for this generated from something? ##### `proxy_set` -Configures key-value pairs as [`ProxySet`][] lines. Valid options: a [hash][]. Default: '{}'. +Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. Default: '{}'. ##### `collect_exported` -Determines whether to use [exported resources][]. Valid options: Boolean. Default: `true`. +Determines whether to use [exported resources][]. If you statically declare all of your backend servers, set this parameter to `false` to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. @@ -2129,145 +2594,200 @@ To dynamically declare backend servers via exported resources collected on a cen If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. +Boolean. Default: `true`. + #### Defined type: `apache::balancermember` Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. -**Parameters within `apache::balancermember`**: +**Parameters**: ##### `balancer_cluster` -**Required**. Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. +**Required**. + +Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. ##### `url` -Specifies the URL used to contact the balancer member server. Default: 'http://${::fqdn}/'. +Specifies the URL used to contact the balancer member server. + +Default: 'http://${::fqdn}/'. ##### `options` -Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. +Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. + +Default: an empty array. #### Defined type: `apache::custom_config` Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is `true`, Puppet throws an error during a Puppet run. -**Parameters within `apache::custom_config`**: +**Parameters**: ##### `ensure` -Specifies whether the configuration file should be present. Valid options: 'absent', 'present'. Default: 'present'. +Specifies whether the configuration file should be present. + +Values: 'absent', 'present'. + +Default: 'present'. ##### `confdir` -Sets the directory in which Puppet places configuration files. Default: the value of [`$::apache::confd_dir`][`confd_dir`]. +Sets the directory in which Puppet places configuration files. + +Default: the value of [`$::apache::confd_dir`][`confd_dir`]. ##### `content` Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. +Default: `undef` + ##### `filename` -Sets the name of the file under `confdir` in which Puppet stores the configuration. The default behavior is to generate the filename from the `priority` parameter and the resource name. +Sets the name of the file under `confdir` in which Puppet stores the configuration. + +Default: Filename generated from the `priority` parameter and the resource name. ##### `priority` -Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. Default: '25'. +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. To omit the priority prefix in the configuration file's name, set this parameter to `false`. +Default: '25'. + ##### `source` -Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. +Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. TODO: is this required or does it have a default value? + +Default: `undef` ##### `verify_command` -Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. Default: `/usr/sbin/apachectl -t`. +Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. + +This parameter is used only if the [`verify_config`][] parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service. -This parameter is only used if the [`verify_config`][] parameter's value is '`true`'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. +Default: '/usr/sbin/apachectl -t'. ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. +Specifies whether to validate the configuration file before notifying the Apache service. + +Boolean. Default: `true`. #### Defined type: `apache::fastcgi::server` Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI]. -**Parameters within `apache::fastcgi::server`:** +**Parameters** ##### `host` Determines the FastCGI's hostname or IP address and TCP port number (1-65535). +Default: '127.0.0.1:9000'. + ##### `timeout` Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. +Default: 15. + ##### `flush` Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. +Default: `false`. + ##### `faux_path` Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. +Default: "/var/www/${name}.fcgi". + ##### `alias` Internally links actions with the FastCGI server. This alias must be unique. +Default: "/${name}.fcgi". + ##### `file_type` Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. +Default: 'application/x-httpd-php'. + #### Defined type: `apache::listen` -Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form '', ':', or ':'. +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form ``, `:`, or `:`. #### Defined type: `apache::mod` Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. -**Parameters within `apache::mod`**: +**Parameters**: ##### `package` -**Required**. Names the package Puppet uses to install the Apache module. +**Required**. + +Names the package Puppet uses to install the Apache module. + +Default: `undef`. ##### `package_ensure` -Determines whether Puppet ensures the Apache module should be installed. Valid options: 'absent', 'present'. Default: 'present'. +Determines whether Puppet ensures the Apache module should be installed. + +Values: 'absent', 'present'. + +Default: 'present'. ##### `lib` -Defines the module's shared object name. Its default value is `mod_$name.so`, and it should not be configured manually without special reason. +Defines the module's shared object name. Do not configure manually without special reason. + +Default: `mod_$name.so`. ##### `lib_path` -Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. +Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The [`path`][] parameter overrides this value. + +Default: The `apache` class's [`lib_path`][] parameter. -Don't manually set this parameter without special reason. The [`path`][] parameter overrides this value. ##### `loadfile_name` -Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: the resource's name followed by 'load', as in '$name.load'. +Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. + +Values: Filenames formatted `\*.load`. + +Default: the resource's name followed by 'load', as in '$name.load'. ##### `loadfiles` -Specifies an array of [`LoadFile`][] directives. Default: `undef`. +Specifies an array of [`LoadFile`][] directives. + +Default: `undef`. ##### `path` -Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. +Specifies a path to the module. Do not manually set this parameter without a special reason. -> **Note:** Don't manually set this parameter without a specific reason. +Default: [`lib_path`][]/[`lib`][]. #### Defined type: `apache::namevirtualhost` -Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'. +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'. #### Defined type: `apache::vhost` -The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. +The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. @@ -2275,49 +2795,71 @@ The `apache::vhost` defined type uses `concat::fragment` to build the configurat For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work. -**Parameters within `apache::vhost`**: +**Parameters**: ##### `access_log` -Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: `true`. +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). + +Boolean. Default: `true`. ##### `access_log_env_var` -Specifies that only requests with particular environment variables be logged. Default: `undef`. +Specifies that only requests with particular environment variables be logged. + +Default: `undef`. ##### `access_log_file` -Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_access.log' for unencrypted virtual hosts. +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. + +Default: `false`. ##### `access_log_format` -Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. Default: 'combined'. +Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. + +Default: 'combined'. ##### `access_log_pipe` -Specifies a pipe where Apache sends access log messages. Default: `undef`. +Specifies a pipe where Apache sends access log messages. + +Default: `undef`. ##### `access_log_syslog` -Sends all access log messages to syslog. Default: `undef`. +Sends all access log messages to syslog. + +Default: `undef`. ##### `add_default_charset` Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses. +Default: `undef`. + ##### `add_listen` -Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: `true`. +Determines whether the virtual host creates a [`Listen`][] statement. Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. +Boolean. Default: `true`. + ##### `use_optional_includes` -Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: `false`. +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. + +Boolean. Default: `false`. ##### `additional_includes` -Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Valid options: a string path or [array][] of them. Default: an empty array. +Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. + +Values: a string or [array][] of strings specifying paths. + +Default: an empty array. ##### `aliases` @@ -2347,59 +2889,74 @@ aliases => [ For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. -> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. +> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios. -If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is '`true`', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. ##### `allow_encoded_slashes` -Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: `undef`, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Values: 'nodecode', 'off', 'on'. The default setting omits the declaration from the server configuration and selects the Apache default setting of 'Off'. + +Default: `undef` ##### `block` -Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. Default: an empty [array][]. +Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. + +Default: an empty [array][]. ##### `cas_attribute_prefix` -Adds a header with the value of this header being the attribute values when SAML validation is enabled. Defaults to -the value set by [`apache::mod::auth_cas`][] +Adds a header with the value of this header being the attribute values when SAML validation is enabled. + +Defaults: The value set by [`apache::mod::auth_cas`][]. ##### `cas_attribute_delimiter` -The delimiter between attribute values in the header created by `cas_attribute_prefix`. Defaults to the value -set by [`apache::mod::auth_cas`][] +Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. + +Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_login_url` Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and -don't have an active session. Defaults to the value set by [`apache::mod::auth_cas`][] +don't have an active session. + +Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_scrub_request_headers` -Remove inbound request headers that may have special meaning within mod_auth_cas. Defaults to the value -set by [`apache::mod::auth_cas`][] +Remove inbound request headers that may have special meaning within mod_auth_cas. + +Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_sso_enabled` -Enables experimental support for single sign out (may mangle POST data). Defaults to the value -set by [`apache::mod::auth_cas`][] +Enables experimental support for single sign out (may mangle POST data). + +Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_validate_saml` -Parse response from CAS server for SAML. Defaults to the value set by [`apache::mod::auth_cas`][] +Parse response from CAS server for SAML. Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_validate_url` -Sets the URL to use when validating a client-presented ticket in an HTTP query string. Defaults to the value set by -[`apache::mod::auth_cas`][] +Sets the URL to use when validating a client-presented ticket in an HTTP query string. + +Defaults to the value set by [`apache::mod::auth_cas`][]. ##### `custom_fragment` -Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: `undef`. +Passes a string of custom configuration directives to place at the end of the virtual host configuration. + +Default: `undef`. ##### `default_vhost` -Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. Default: `false`. +Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. + +Default: `false`. ##### `directories` @@ -2407,33 +2964,55 @@ See the [`directories`](#parameter-directories-for-apachevhost) section. ##### `directoryindex` -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: `undef`. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. + +Default: `undef`. ##### `docroot` -**Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. +**Required**. + +Sets the [`DocumentRoot`][] location, from which Apache serves files. If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. +Values: A string specifying a directory path. + ##### `docroot_group` -Sets group access to the [`docroot`][] directory. Valid options: A string representing a system group. Default: 'root'. +Sets group access to the [`docroot`][] directory. + +Values: A string specifying a system group. + +Default: 'root'. ##### `docroot_owner` -Sets individual user access to the [`docroot`][] directory. Valid options: A string representing a user account. Default: 'root'. +Sets individual user access to the [`docroot`][] directory. + +Values: A string specifying a user account. + +Default: 'root'. ##### `docroot_mode` -Sets access permissions for the [`docroot`][] directory, in numeric notation. Valid options: A string. Default: `undef`. +Sets access permissions for the [`docroot`][] directory, in numeric notation. + +Values: A string. + +Default: `undef`. ##### `manage_docroot` -Determines whether Puppet manages the [`docroot`][] directory. Valid options: Boolean. Default: `true`. +Determines whether Puppet manages the [`docroot`][] directory. + +Boolean. Default: `true`. ##### `error_log` -Specifies whether `*_error.log` directives should be configured. Valid options: Boolean. Default: `true`. +Specifies whether `*_error.log` directives should be configured. + +Boolean. Default: `true`. ##### `error_log_file` @@ -2441,23 +3020,29 @@ Points the virtual host's error logs to a `*_error.log` file. If this parameter If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. +Default: `undef`. + ##### `error_log_pipe` -Specifies a pipe to send error log messages to. Default: `undef`. +Specifies a pipe to send error log messages to. This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][]. +Default: `undef`. + ##### `error_log_syslog` -Determines whether to send all error log messages to syslog. Valid options: Boolean. Default: `undef`. +Determines whether to send all error log messages to syslog. This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. +Boolean. Default: `undef`. + ##### `error_documents` -A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host. Default: '[]'. +A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host. -An example: +For example: ``` puppet apache::vhost { 'sample.example.net': @@ -2468,23 +3053,35 @@ apache::vhost { 'sample.example.net': } ``` +Default: '[]'. + ##### `ensure` -Specifies if the virtual host is present or absent. Valid options: 'absent', 'present'. Default: 'present'. +Specifies if the virtual host is present or absent. + +Values: 'absent', 'present'. + +Default: 'present'. ##### `fallbackresource` -Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid options must either begin with a '/' or be 'disabled'. Default: `undef`. +Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a '/' or be 'disabled'. + +Default: `undef`. #####`fastcgi_idle_timeout` If using fastcgi, this option sets the timeout for the server to respond. +Default: `undef`. + ##### `file_e_tag` Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files. -Valid options: 'INode', 'MTime', 'Size', 'All', 'None'. -Default: undef, which uses Apache's default setting of 'MTime Size'. + +Values: 'INode', 'MTime', 'Size', 'All', 'None'. + +Default: `undef`, which uses Apache's default setting of 'MTime Size'. ##### `filters` @@ -2505,21 +3102,47 @@ apache::vhost { "$::fqdn": Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value. +TODO: is there a default for this? Valid values? + ##### `headers` -Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or `undef`. Default: `undef`. +Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. + +Values: A string or an array of strings. + +Default: `undef`. ##### `ip` -Sets the IP address the virtual host listens on. Valid options: Strings. Default: `undef`, which uses Apache's default behavior of listening on all IPs. +Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs. + +Values: A string or an array of strings. + +Default: `undef`. ##### `ip_based` -Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. Default: `false`. +Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. + +Default: `false`. ##### `itk` -Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: +Configures [ITK](http://mpm-itk.sesse.net/) in a hash. + +Usage typically looks something like: + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} +``` + +Values: a hash, which can include the keys: * user + group * `assignuseridexpr` @@ -2541,9 +3164,11 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef`. + ##### `jk_mounts` -Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. Default: `undef`. +Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys. @@ -2557,28 +3182,37 @@ apache::vhost { 'sample.example.net': ], } ``` - +Default: `undef`. + ##### `keepalive` -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. Valid options: 'Off', 'On' and `undef`. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect. Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host. +Values: 'Off', 'On'. + +Default: `undef` + ##### `keepalive_timeout` -Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. +Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide [`KeepAlive`][] setting is in effect. This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. +Default: `undef` + ##### `max_keepalive_requests` -Limits the number of requests allowed per connection to the virtual host. Default: `undef`, meaning the global, server-wide [`KeepAlive`][] setting is in effect. +Limits the number of requests allowed per connection to the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect. This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. +Default: `undef`. + ##### `auth_kerb` -Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid options: Boolean. Default: `false`. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Usage typically looks like: @@ -2606,53 +3240,91 @@ Related parameters follow the names of `mod_auth_kerb` directives: - `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`. - `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`. +Boolean. Default: `false`. + ##### `krb_verify_kdc` -This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. Default: 'on'. +This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. + +Default: 'on'. ##### `krb_servicename` -Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. Default: 'HTTP'. +Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. + +Default: 'HTTP'. ##### `krb_save_credentials` -This option enables credential saving functionality. Default is 'off' +This option enables credential saving functionality. + +Default is 'off' ##### `logroot` -Specifies the location of the virtual host's logfiles. Default: '/var/log//'. +Specifies the location of the virtual host's logfiles. + +Default: '/var/log//'. ##### `$logroot_ensure` -Determines whether or not to remove the logroot directory for a virtual host. Valid options: 'directory', 'absent'. +Determines whether or not to remove the logroot directory for a virtual host. + +Values: 'directory', 'absent'. + +Default: 'directory'. ##### `logroot_mode` -Overrides the mode the logroot directory is set to. Default: `undef`. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). +Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). + +Values: TODO what values + +Default: `undef`. ##### `logroot_owner` -Sets individual user access to the logroot directory. Defaults to '`undef`'. +Sets individual user access to the logroot directory. + +Values: TODO what values + +Defaults to `undef`. ##### `logroot_group` -Sets group access to the [`logroot`][] directory. Defaults to '`undef`'. +Sets group access to the [`logroot`][] directory. + +Values: TODO what values + +Defaults to `undef`. ##### `log_level` -Specifies the verbosity of the error log. Valid options: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. Default: 'warn' for the global server configuration, which can be overridden on a per-virtual host basis. +Specifies the verbosity of the error log. + +Values: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. + +Default: 'warn' for the global server configuration, which can be overridden on a per-virtual host basis. ###### `modsec_body_limit` -Configures the maximum request body size (in bytes) ModSecurity will accept for buffering +Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. + +Values: An integer. + +Default: `undef`. ###### `modsec_disable_vhost` -Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. Valid options: Boolean. Default: `undef`. +Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. + +Boolean. Default: `undef`. ###### `modsec_disable_ids` -Array of mod_security IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location. +Removes `mod_security` IDs from the virtual host. + +Values: An array of `mod_security` IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location. ``` puppet apache::vhost { 'sample.example.net': @@ -2666,13 +3338,17 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef`. + ###### `modsec_disable_ips` -Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. Default: `undef`. +Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. + +Default: `undef`. ###### `modsec_disable_msgs` -Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. Default: `undef`. +Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. ``` puppet apache::vhost { 'sample.example.net': @@ -2686,9 +3362,11 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef`. + ###### `modsec_disable_tags` -Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. Default: `undef`. +Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. ``` puppet apache::vhost { 'sample.example.net': @@ -2701,46 +3379,67 @@ apache::vhost { 'sample.example.net': modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, } ``` +Default: `undef`. + +##### `modsec_audit*` + +* `modsec_audit_log` +* `modsec_audit_log_file` +* `modsec_audit_log_pipe` -##### `modsec_audit_log` & `modsec_audit_log_file` & `modsec_audit_log_pipe` +These three parameters together determine how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). -Determines how to send mod_security audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). +* If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. -If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. Default: `undef`. + Default: `undef`. -If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. Default: `undef`. +* If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. -If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. Default: `false`. + Default: `undef`. -When none of those parameters is set, the global audit log is used (i.e. ''/var/log/apache2/modsec\_audit.log'' on Debian and derivatives, ''/var/log/httpd/modsec\_audit.log'' on others). +* If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. + + Default: `false`. + +If none of those parameters are set, the global audit log is used (''/var/log/httpd/modsec\_audit.log''; Debian and derivatives: ''/var/log/apache2/modsec\_audit.log''; others: ). ##### `no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +Default: []. + ##### `no_proxy_uris_match` This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions. +Default: []. + ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: `false`. +Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. +Boolean. Default: `false`. + ##### `proxy_add_headers` -Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). Valid Options: Boolean. Default: `false`. +Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. +Boolean. Default: `false`. + ##### `proxy_error_override` -Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. Default: `false`. +Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. + +Boolean. Default: `false`. ##### `options` -Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: +Sets the [`Options`][] for the specified virtual host. For example: ``` puppet apache::vhost { 'site.name.fdqn': @@ -2751,38 +3450,62 @@ apache::vhost { 'site.name.fdqn': > **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. +Default: ['Indexes','FollowSymLinks','MultiViews'], + ##### `override` -Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Default: '[none]'. +Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. + +Default: '[none]'. ##### `passenger_app_root` Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. +Values: A string specifying a path. + +Default: `undef`. + ##### `passenger_app_env` -Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. +Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'. + +Values: A string specifying the name of the environment. + +Default: `undef`. ##### `passenger_log_file` By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5. +Values: A string specifying a path. + +Default: `undef`. + ##### `passenger_log_level` -This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. For Passenger > 3.0.0 the default is '0', since 5.0.0 it's '3'. +This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. + +Default: Passenger versions less than 3.0.0: '0'; 5.0.0 and later: '3'. ##### `passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host. +Default: `undef`. + ##### `passenger_min_instances` Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. +Default: `undef`. + ##### `passenger_max_instances_per_app` Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application. +Default: `undef`. TODO: bookmark + ##### `passenger_start_timeout` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. @@ -2797,7 +3520,7 @@ Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/refe ##### `passenger_high_performance` -Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Valid options: '`true`', '`false`'. Default: `undef`. +Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Values: `true`, `false`. Default: `undef`. ##### `passenger_nodejs` @@ -2805,7 +3528,9 @@ Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apa ##### `passenger_sticky_sessions` -Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. Valid options: '`true`', '`false`'. Default: `undef`. +Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. + +Boolean. Default: `undef`. ##### `passenger_startup_file` @@ -2839,7 +3564,7 @@ Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs ##### `proxy_pass` -Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to '`undef`'. Optionally parameters can be added as an array. +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to `undef`. Optionally parameters can be added as an array. ``` puppet apache::vhost { 'site.name.fdqn': @@ -2864,10 +3589,10 @@ apache::vhost { 'site.name.fdqn': } ``` -* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Valid options: an array or string. +* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. -* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Valid options: array. +* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. ##### `proxy_dest_match` @@ -3116,7 +3841,7 @@ Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file * `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. * `suphp_configpath`. Default: `undef` on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. -* `suphp_engine`. Valid options: 'on' or 'off'. Default: 'off'. +* `suphp_engine`. Values: 'on' or 'off'. Default: 'off'. An example virtual host configuration with suPHP: @@ -3187,7 +3912,7 @@ The `directories` parameter within the `apache::vhost` class passes an array of The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -The `provider` key is optional. If missing, this key defaults to 'directory'. Valid options: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. +The `provider` key is optional. If missing, this key defaults to 'directory'. Values: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. An example use of `directories`: @@ -3329,15 +4054,15 @@ Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_a ###### `auth_ldap_bind_dn` -Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used +Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used. ###### `auth_ldap_bind_password` -Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used +Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used. ###### `auth_ldap_group_attribute` -Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. defaults are: "member" and "uniquemember" +Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. Defaults are: "member" and "uniquemember". ###### `auth_ldap_group_attribute_is_dn` @@ -3372,7 +4097,7 @@ ProxyStatus On', ###### `dav` -Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either `On`, `Off` or the name of the provider. A value of `On` enables the default filesystem provider implemented by the `mod_dav_fs` module. +Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either 'On', 'Off' or the name of the provider. A value of 'On' enables the default filesystem provider implemented by the `mod_dav_fs` module. ###### `dav_depth_infinity` @@ -3770,7 +4495,7 @@ apache::vhost { 'secure.example.net': ###### `shib_use_headers` -When set to 'On', this turns on the use of request headers to publish attributes to applications. Valid options for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ###### `ssl_options` @@ -3809,7 +4534,7 @@ apache::vhost { 'secure.example.net': ``` ###### `additional_includes` -Specifies paths to additional static, specific Apache configuration files in virtual host directories. Valid options: a array of string path. +Specifies paths to additional static, specific Apache configuration files in virtual host directories. Values: a array of string path. ``` puppet apache::vhost { 'sample.example.net': @@ -3828,7 +4553,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` ##### `ssl` -Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Valid options: Boolean. Default: `false`. +Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean. Default: `false`. ##### `ssl_ca` @@ -3881,7 +4606,7 @@ Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tl ##### `ssl_verify_client` -Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid options are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: `undef`. +Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Values are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: `undef`. ``` puppet apache::vhost { 'sample.example.net': @@ -3922,15 +4647,15 @@ apache::vhost { 'sample.example.net': ##### `ssl_proxy_check_peer_cn` -Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Values: 'on', 'off'. Default: `undef`. ##### `ssl_proxy_check_peer_name` -Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Valid options: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Values: 'on', 'off'. Default: `undef`. ##### `ssl_proxy_check_peer_expire` -Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Valid options: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Values: 'on', 'off'. Default: `undef`. ##### `ssl_options` @@ -3960,11 +4685,11 @@ Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.h ##### `ssl_proxyengine` -Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid options: Boolean. Default: `true`. +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Values: Boolean. Default: `true`. ##### `ssl_stapling` -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean or `undef`. Default: `undef`, meaning use what is set globally. +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Values: Boolean or `undef`. Default: `undef`, meaning use what is set globally. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. @@ -4028,7 +4753,7 @@ The number of seconds of FastCGI application inactivity allowed before the reque ##### `flush` -Force a write to the client as data is received from the application. By default, mod\_fastcgi buffers data in order to free the application as quickly as possible. +Force a write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. ##### `faux_path` @@ -4058,16 +4783,23 @@ Sets the configuration file's content. ##### `ensure` -Specifies if the virtual host file is present or absent. Valid options: 'absent', 'present'. Default: 'present'. +Specifies if the virtual host file is present or absent. + +Values: 'absent', 'present'. + +Default: 'present'. ##### `priority` -Sets the relative load order for Apache HTTPD VirtualHost configuration files. Default: '25'. +Sets the relative load order for Apache HTTPD VirtualHost configuration files. + +Default: '25'. ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. +Specifies whether to validate the configuration file before notifying the Apache service. +Boolean. Default: `true`. ### Private defined types @@ -4129,7 +4861,6 @@ The [`apache::mod::passenger`][] class is not installing, because the the EL6 re The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. - ### SELinux and custom paths If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. @@ -4175,7 +4906,7 @@ apache::vhost { 'test.server': } ``` -You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. +You must set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. ### Ubuntu 10.04 From e0ef55bcbae31a84510b2d98c187a09918553a4b Mon Sep 17 00:00:00 2001 From: chgarling Date: Wed, 12 Apr 2017 12:34:38 +0200 Subject: [PATCH 1073/2267] Added supplementary_groups to the user resource (#1608) * Added supplementary_groups to the user resource * Added supplementary_groups section to README --- README.md | 7 +++++++ manifests/init.pp | 2 ++ 2 files changed, 9 insertions(+) diff --git a/README.md b/README.md index e9ff691082..693c1ee331 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,7 @@ [`manage_docroot`]: #manage_docroot [`manage_user`]: #manage_user [`manage_group`]: #manage_group +[`supplementary_groups`]: #supplementary_groups [`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild [`max_keepalive_requests`]: #max_keepalive_requests [`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers @@ -1074,6 +1075,12 @@ When false, stops Puppet from creating the group resource. Valid options: Boolea If you have a group created from another Puppet module that you want to use to run Apache, set this to false. Without this parameter, attempting to use a previously established group results in a duplicate resource error. +##### `supplementary_groups` + +A list of groups to which the user belongs. These groups are in addition to the primary group. Default: No additional groups. + +Notice: This option only has an effect when `manage_user` is set to true. + ##### `manage_user` When false, stops Puppet from creating the user resource. Valid options: Boolean. Default: true. diff --git a/manifests/init.pp b/manifests/init.pp index 692dc5afea..a6d4e41fce 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,6 +60,7 @@ $manage_group = true, $user = $::apache::params::user, $group = $::apache::params::group, + $supplementary_groups = [], $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $::apache::params::max_keepalive_requests, @@ -131,6 +132,7 @@ user { $user: ensure => present, gid => $group, + groups => $supplementary_groups, require => Package['httpd'], } } From 9cc360a08762e5d6f126b0f0d5b0d50ee7276ecd Mon Sep 17 00:00:00 2001 From: Daehyung Lee Date: Fri, 14 Apr 2017 17:31:26 +0900 Subject: [PATCH 1074/2267] support array type of value --- templates/vhost/_wsgi.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index a49828fdc9..12c7826371 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -22,7 +22,11 @@ <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> <%- @wsgi_script_aliases.keys.sort.each do |key| -%> <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + <%- if @wsgi_script_aliases[key].is_a? Array -%> + WSGIScriptAlias <%= key %> <%= @wsgi_script_aliases[key].join(' ') %> + <%- else -%> WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" + <%- end -%> <%- end -%> <%- end -%> <% end -%> From 76c56f3065f916d9083bdcbb48fc8542b9f1de30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Defortis?= Date: Thu, 20 Apr 2017 11:56:14 +0200 Subject: [PATCH 1075/2267] MODULES-4737 - Additional class params for mod ssl - ssl_sessioncache which defaults to OS specific value in params.pp - ssl_proxy_protocol which defaults to an empty array which means using Apache defaults (see Apache doc [1] for more details) [1] https://httpd.apache.org/docs/current/en/mod/mod_ssl.html#sslproxyprotocol --- README.md | 2 ++ manifests/mod/ssl.pp | 17 +++++++---------- manifests/params.pp | 5 +++++ spec/classes/mod/ssl_spec.rb | 19 +++++++++++++++++++ templates/mod/ssl.conf.erb | 5 ++++- 5 files changed, 37 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 693c1ee331..35aff6d144 100644 --- a/README.md +++ b/README.md @@ -1906,7 +1906,9 @@ Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template t - `ssl_options`: Default: [ 'StdEnvVars' ] - `ssl_pass_phrase_dialog`: Default: 'builtin'. - `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. +- `ssl_proxy_protocol`: Default: []. - `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. +- `ssl_sessioncache`: Valid options: A string. Default: '300'. - `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. - `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation. - RedHat/FreeBSD/Suse/Gentoo: 'default' diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 92c456360b..cee15ef178 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -6,15 +6,17 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', $ssl_honorcipherorder = true, $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_proxy_protocol = [], $ssl_pass_phrase_dialog = 'builtin', $ssl_random_seed_bytes = '512', + $ssl_sessioncache = $::apache::params::ssl_sessioncache, $ssl_sessioncachetimeout = '300', $ssl_stapling = false, $ssl_stapling_return_errors = undef, $ssl_mutex = undef, $apache_version = undef, $package_name = undef, -) { +) inherits ::apache::params { include ::apache include ::apache::mod::mime $_apache_version = pick($apache_version, $apache::apache_version) @@ -51,6 +53,9 @@ validate_bool($ssl_compression) + validate_array($ssl_proxy_protocol) + validate_string($ssl_sessioncache) + if is_bool($ssl_honorcipherorder) { $_ssl_honorcipherorder = $ssl_honorcipherorder } else { @@ -61,14 +66,6 @@ } } - $session_cache = $::osfamily ? { - 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", - 'redhat' => '/var/cache/mod_ssl/scache(512000)', - 'freebsd' => '/var/run/ssl_scache(512000)', - 'gentoo' => '/var/run/ssl_scache(512000)', - 'Suse' => '/var/lib/apache2/ssl_scache(512000)' - } - validate_bool($ssl_stapling) if $ssl_stapling_return_errors != undef { @@ -111,7 +108,7 @@ # $ssl_honorcipherorder # $ssl_options # $ssl_openssl_conf_cmd - # $session_cache + # $ssl_sessioncache # $stapling_cache # $ssl_mutex # $ssl_random_seed_bytes diff --git a/manifests/params.pp b/manifests/params.pp index e1ca7b3c20..4fdb834910 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -85,6 +85,7 @@ $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' $default_ssl_key = '/etc/pki/tls/private/localhost.key' $ssl_certs_dir = '/etc/pki/tls/certs' + $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)' $passenger_conf_file = 'passenger_extra.conf' $passenger_conf_package_file = 'passenger.conf' $passenger_root = undef @@ -221,6 +222,7 @@ $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_certs_dir = '/etc/ssl/certs' + $ssl_sessioncache = "\${APACHE_RUN_DIR}/ssl_scache(512000)" $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' @@ -359,6 +361,7 @@ $default_ssl_cert = '/usr/local/etc/apache24/server.crt' $default_ssl_key = '/usr/local/etc/apache24/server.key' $ssl_certs_dir = undef + $ssl_sessioncache = '/var/run/ssl_scache(512000)' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58' @@ -428,6 +431,7 @@ $default_ssl_cert = '/etc/ssl/apache2/server.crt' $default_ssl_key = '/etc/ssl/apache2/server.key' $ssl_certs_dir = '/etc/ssl/apache2' + $ssl_sessioncache = '/var/run/ssl_scache(512000)' $passenger_root = '/usr' $passenger_ruby = '/usr/bin/ruby' $passenger_conf_file = 'passenger.conf' @@ -496,6 +500,7 @@ $default_ssl_cert = '/etc/apache2/ssl.crt/server.crt' $default_ssl_key = '/etc/apache2/ssl.key/server.key' $ssl_certs_dir = '/etc/ssl/certs' + $ssl_sessioncache = '/var/lib/apache2/ssl_scache(512000)' $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 10badfa033..4d1566627d 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -42,6 +42,7 @@ it { is_expected.to contain_apache__mod('ssl') } it { is_expected.to contain_package('httpd24-mod_ssl') } it { is_expected.not_to contain_package('mod_ssl') } + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/cache/mod_ssl/scache$512000$"$})} end end @@ -96,6 +97,7 @@ end it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/run/ssl_scache$512000$"$})} end context 'on a Suse OS' do @@ -113,6 +115,7 @@ end it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/lib/apache2/ssl_scache$512000$"$})} end # Template config doesn't vary by distro context "on all distros" do @@ -234,5 +237,21 @@ end it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLMutex posixsem$})} end + context 'setting ssl_sessioncache' do + let :params do + { + :ssl_sessioncache => '/tmp/customsessioncache(51200)', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/tmp/customsessioncache$51200$"$})} + end + context 'setting ssl_proxy_protocol' do + let :params do + { + :ssl_proxy_protocol => [ '-ALL', '+TLSv1'], + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLProxyProtocol -ALL \+TLSv1$})} + end end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index c4475cbe8d..0da9dc63d6 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -8,7 +8,7 @@ AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> - SSLSessionCache "shmcb:<%= @session_cache %>" + SSLSessionCache "shmcb:<%= @ssl_sessioncache %>" SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> Mutex <%= @_ssl_mutex %> @@ -29,6 +29,9 @@ <% end -%> SSLCipherSuite <%= @ssl_cipher %> SSLProtocol <%= @ssl_protocol.compact.join(' ') %> +<% if not @ssl_proxy_protocol.empty? -%> + SSLProxyProtocol <%= @ssl_proxy_protocol.compact.join(' ') %> +<% end -%> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From ad5c81a84c00a296fa90a89a64e0d017d084b3b2 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 26 Apr 2017 13:17:16 +0300 Subject: [PATCH 1076/2267] Enable configuring CA file in ssl.conf Instead of having to specify a CA file for each vhost, it's possible to just specify it globally. --- README.md | 4 ++++ manifests/mod/ssl.pp | 2 ++ spec/classes/mod/ssl_spec.rb | 8 ++++++++ templates/mod/ssl.conf.erb | 3 +++ 4 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 35aff6d144..16bb64883f 100644 --- a/README.md +++ b/README.md @@ -1202,6 +1202,10 @@ Determines whether Puppet manages the HTTPD service's state. Valid options: Bool Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: undef, which uses the [default Puppet behavior][Service attribute restart]. +##### `ssl_ca` + +Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). Default: undef. It is possible to override this on a vhost level. + ##### `ssl_stapling` Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: false. It is possible to override this on a vhost level. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index cee15ef178..219d5474bf 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -3,6 +3,7 @@ $ssl_cryptodevice = 'builtin', $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, + $ssl_ca = undef, $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', $ssl_honorcipherorder = true, $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], @@ -104,6 +105,7 @@ # # $ssl_compression # $ssl_cryptodevice + # $ssl_ca # $ssl_cipher # $ssl_honorcipherorder # $ssl_options diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 4d1566627d..5b6f8abe4a 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -136,6 +136,14 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)} end + context 'setting ssl_ca to a path' do + let :params do + { + :ssl_ca => '/etc/pki/some/path/ca.crt', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLCACertificateFile/)} + end context "with Apache version < 2.4" do let :params do { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 0da9dc63d6..5fa7bb9ba6 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -20,6 +20,9 @@ <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> SSLHonorCipherOrder <%= scope.function_bool2httpd([@_ssl_honorcipherorder]) %> + <%- if @ssl_ca -%> + SSLCACertificateFile "<%= @ssl_ca %>" + <%- end -%> <% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> SSLUseStapling <%= scope.function_bool2httpd([@ssl_stapling]) %> <%- if not @ssl_stapling_return_errors.nil? -%> From e26cf353b55cd7350d4c2c0511325f47e13e15da Mon Sep 17 00:00:00 2001 From: Philipp Seiler Date: Tue, 2 May 2017 16:10:49 +0200 Subject: [PATCH 1077/2267] fixed apache group for SUSE/SLES Systems (checked for SLES11/12) --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 4fdb834910..cc56c8599f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -477,7 +477,7 @@ $access_log_file = 'access.log' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' - $group = 'wwwrun' + $group = 'www' $root_group = 'root' $apache_name = 'apache2' $service_name = 'apache2' From 1afa3add7aa0a3c976caaf845f970c82adecbc0d Mon Sep 17 00:00:00 2001 From: Vasili Syrakis Date: Wed, 3 May 2017 13:05:36 +1000 Subject: [PATCH 1078/2267] Account for Suse osfamily for proxy_html module --- manifests/mod/proxy_html.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index f4f4b44111..94259bd77e 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -5,7 +5,7 @@ # Add libxml2 case $::osfamily { - /RedHat|FreeBSD|Gentoo/: { + /RedHat|FreeBSD|Gentoo|Suse/: { ::apache::mod { 'xml2enc': } $loadfiles = undef } From b874dd361abbc60fee846e876c593df74b5b531f Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 3 May 2017 14:19:23 -0700 Subject: [PATCH 1079/2267] (MODULES-4819) remove include_src parameter from vhost_spec include_src is no longer a parameter in apt::source, which is used in vhost_spec as part of the fastcgi test. Instead, include has replaced include_src as a hash with keys 'deb' and 'src'. 'src' defaults to false as of apt 4.0.0 so I removed include_src altogether with no replacement --- spec/acceptance/vhost_spec.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 515465b9d0..dae411538d 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1589,21 +1589,18 @@ class { 'apache': } location => $_location, release => $_release, repos => $_repos, - include_src => false, } apt::source { "${_os}_${_release}-updates": location => $_location, release => "${_release}-updates", repos => $_repos, - include_src => false, } apt::source { "${_os}_${_release}-security": location => $_security_location, release => $_release_security, repos => $_repos, - include_src => false, } EOS From a381d1f1e8a776734b86f9ce02ff85840cb8d08f Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Fri, 5 May 2017 12:01:40 -0700 Subject: [PATCH 1080/2267] WIP loc edit --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c7a02213af..812e3ce279 100644 --- a/README.md +++ b/README.md @@ -2197,7 +2197,7 @@ Installs and configures `mod_passenger`. >**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() -**Parameters**: [TODO: parameters were not listed (except `manage_repo`), so I pulled them out of the manifest. I need to know what these parameters do and what their values can be OR a link that points external documentation for the parameter mapping (as with mod_pagespeed above)] +**Parameters**: [TODO: parameters were not listed (except `manage_repo`), so I pulled them out of the manifest. I need to know what these parameters do and what their values can be OR a link that points external documentation for the parameter mapping (as with mod_pagespeed above) ] * `passenger_conf_file`: `$::apache::params::passenger_conf_file` * `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` @@ -3504,7 +3504,7 @@ Default: `undef`. Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application. -Default: `undef`. TODO: bookmark +Default: `undef`. ##### `passenger_start_timeout` From 44d45f46167377e032dd52ae13a6e70ad48b03c7 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 9 May 2017 16:24:38 -0300 Subject: [PATCH 1081/2267] Include missing "@" in template mod/cluster.conf.erb --- templates/mod/cluster.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/cluster.conf.erb b/templates/mod/cluster.conf.erb index 831cce6c76..58229a88ad 100644 --- a/templates/mod/cluster.conf.erb +++ b/templates/mod/cluster.conf.erb @@ -13,7 +13,7 @@ Listen <%= @ip %>:<%= @port %> ManagerBalancerName <%= @balancer_name %> ServerAdvertise <%= scope.function_bool2httpd([@server_advertise]) %> <%- if @server_advertise == true and @advertise_frequency != nil -%> - AdvertiseFrequency <%= advertise_frequency %> + AdvertiseFrequency <%= @advertise_frequency %> <%- end -%> From cc2426f486902b51dbac813ad9c482d198006626 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Mon, 1 May 2017 16:49:56 -0400 Subject: [PATCH 1082/2267] Add WSGIRestrictEmbedded to apache::mod::wsgi Because this option is not available on all platform, it's not set in the wsgi mod configuration by default. --- README.md | 2 ++ manifests/mod/wsgi.pp | 12 +++++++----- spec/classes/mod/wsgi_spec.rb | 6 ++++++ templates/mod/wsgi.conf.erb | 3 +++ 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2186c5027f..32e192e10b 100644 --- a/README.md +++ b/README.md @@ -263,6 +263,7 @@ [`virtual_docroot`]: #virtual_docroot [Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract +[`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html [`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html [`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html @@ -1981,6 +1982,7 @@ Enables Python support via [`mod_wsgi`][]. - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally. - `package_name`: Names the package that installs `mod_wsgi`. Default: undef. +- `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'. Valid options: On|Off|undef. Default: undef. - `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. - `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. - `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index e726bcfaa4..6f9d4379a7 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -1,9 +1,10 @@ class apache::mod::wsgi ( - $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, - $wsgi_python_path = undef, - $wsgi_python_home = undef, - $package_name = undef, - $mod_path = undef, + $wsgi_restrict_embedded = undef, + $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, + $wsgi_python_path = undef, + $wsgi_python_home = undef, + $package_name = undef, + $mod_path = undef, ) inherits ::apache::params { include ::apache if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { @@ -26,6 +27,7 @@ } # Template uses: + # - $wsgi_restrict_embedded # - $wsgi_socket_prefix # - $wsgi_python_path # - $wsgi_python_home diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 1d54c54081..6261a95902 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -43,6 +43,12 @@ } it { is_expected.to contain_package("mod_wsgi") } + describe "with WSGIRestrictEmbedded enabled" do + let :params do + { :wsgi_restrict_embedded => 'On' } + end + it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIRestrictEmbedded On$/)} + end describe "with custom WSGISocketPrefix" do let :params do { :wsgi_socket_prefix => 'run/wsgi' } diff --git a/templates/mod/wsgi.conf.erb b/templates/mod/wsgi.conf.erb index 18752d2c4a..1d83e5a842 100644 --- a/templates/mod/wsgi.conf.erb +++ b/templates/mod/wsgi.conf.erb @@ -1,6 +1,9 @@ # The WSGI Apache module configuration file is being # managed by Puppet an changes will be overwritten. + <%- if @wsgi_restrict_embedded -%> + WSGIRestrictEmbedded <%= scope.function_bool2httpd([@wsgi_restrict_embedded]) %> + <%- end -%> <%- if @wsgi_socket_prefix -%> WSGISocketPrefix <%= @wsgi_socket_prefix %> <%- end -%> From 50597391f49ae28d1e071377c53b6df17c1d5c30 Mon Sep 17 00:00:00 2001 From: Chris Baldwin Date: Wed, 10 May 2017 16:47:15 -0400 Subject: [PATCH 1083/2267] Explicitly disabled 3DES due to Sweet32 attack. DES is not enabled by default. --- manifests/mod/ssl.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 219d5474bf..e48c2d40a3 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,7 +4,7 @@ $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, $ssl_ca = undef, - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', $ssl_honorcipherorder = true, $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_proxy_protocol = [], From da6e2e99b4e3f8b8a15d78daa783096f2969aec9 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 6 Jan 2017 22:06:29 +0100 Subject: [PATCH 1084/2267] Add mod_authnz_pam --- README.md | 1 + manifests/mod/authnz_pam.pp | 4 +++ manifests/params.pp | 2 ++ spec/classes/mod/authnz_pam_spec.rb | 44 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 manifests/mod/authnz_pam.pp create mode 100644 spec/classes/mod/authnz_pam_spec.rb diff --git a/README.md b/README.md index 2186c5027f..b2a33d5399 100644 --- a/README.md +++ b/README.md @@ -1380,6 +1380,7 @@ The following Apache modules have supported classes, many of which allow for par * `authn_dbd`\* (see [`apache::mod::authn_dbd`][]) * `authn_file` * `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][]) +* `authnz_pam` * `authz_default` * `authz_user` * `autoindex` diff --git a/manifests/mod/authnz_pam.pp b/manifests/mod/authnz_pam.pp new file mode 100644 index 0000000000..c2672126d2 --- /dev/null +++ b/manifests/mod/authnz_pam.pp @@ -0,0 +1,4 @@ +class apache::mod::authnz_pam { + include ::apache + ::apache::mod { 'authnz_pam': } +} diff --git a/manifests/params.pp b/manifests/params.pp index 2468d78615..7203b124e1 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -104,6 +104,7 @@ '7' => 'mod_ldap', default => 'mod_authz_ldap', }, + 'authnz_pam' => 'mod_authnz_pam', 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', 'geoip' => 'mod_geoip', @@ -237,6 +238,7 @@ 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'authnz_pam' => 'libapache2-mod-authnz-pam', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', diff --git a/spec/classes/mod/authnz_pam_spec.rb b/spec/classes/mod/authnz_pam_spec.rb new file mode 100644 index 0000000000..4bceeab854 --- /dev/null +++ b/spec/classes/mod/authnz_pam_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe 'apache::mod::authnz_pam', :type => :class do + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("libapache2-mod-authnz-pam") } + it { is_expected.to contain_apache__mod('authnz_pam') } + end #Debian + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("mod_authnz_pam") } + it { is_expected.to contain_apache__mod('authnz_pam') } + end # Redhat + end +end From f12349cd1a52fa432660e524fa27f2de859cbdac Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 6 Jan 2017 22:14:01 +0100 Subject: [PATCH 1085/2267] Add mod_intercept_form_submit --- README.md | 1 + manifests/mod/intercept_form_submit.pp | 4 + manifests/params.pp | 94 ++++++++++--------- .../classes/mod/intercept_form_submit_spec.rb | 44 +++++++++ 4 files changed, 97 insertions(+), 46 deletions(-) create mode 100644 manifests/mod/intercept_form_submit.pp create mode 100644 spec/classes/mod/intercept_form_submit_spec.rb diff --git a/README.md b/README.md index b2a33d5399..17a17da7d0 100644 --- a/README.md +++ b/README.md @@ -1408,6 +1408,7 @@ The following Apache modules have supported classes, many of which allow for par * `headers` * `include` * `info`\* +* `intercept_form_submit` * `itk` * `ldap` (see [`apache::mod::ldap`][]) * `mime` diff --git a/manifests/mod/intercept_form_submit.pp b/manifests/mod/intercept_form_submit.pp new file mode 100644 index 0000000000..39f1f5e07b --- /dev/null +++ b/manifests/mod/intercept_form_submit.pp @@ -0,0 +1,4 @@ +class apache::mod::intercept_form_submit { + include ::apache + ::apache::mod { 'intercept_form_submit': } +} diff --git a/manifests/params.pp b/manifests/params.pp index 7203b124e1..fbf1f5637d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -97,47 +97,48 @@ $php_version = '5' $mod_packages = { # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. - 'auth_cas' => 'mod_auth_cas', - 'auth_kerb' => 'mod_auth_kerb', - 'auth_mellon' => 'mod_auth_mellon', - 'authnz_ldap' => $::apache::version::distrelease ? { + 'auth_cas' => 'mod_auth_cas', + 'auth_kerb' => 'mod_auth_kerb', + 'auth_mellon' => 'mod_auth_mellon', + 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', default => 'mod_authz_ldap', }, - 'authnz_pam' => 'mod_authnz_pam', - 'fastcgi' => 'mod_fastcgi', - 'fcgid' => 'mod_fcgid', - 'geoip' => 'mod_geoip', - 'ldap' => $::apache::version::distrelease ? { + 'authnz_pam' => 'mod_authnz_pam', + 'fastcgi' => 'mod_fastcgi', + 'fcgid' => 'mod_fcgid', + 'geoip' => 'mod_geoip', + 'intercept_form_submit' => 'mod_intercept_form_submit', + 'ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', default => undef, }, - 'pagespeed' => 'mod-pagespeed-stable', + 'pagespeed' => 'mod-pagespeed-stable', # NOTE: The passenger module isn't available on RH/CentOS without # providing dependency packages provided by EPEL and passenger # repositories. See # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/ - 'passenger' => 'mod_passenger', - 'perl' => 'mod_perl', - 'php5' => $::apache::version::distrelease ? { + 'passenger' => 'mod_passenger', + 'perl' => 'mod_perl', + 'php5' => $::apache::version::distrelease ? { '5' => 'php53', default => 'php', }, - 'phpXXX' => 'php', - 'proxy_html' => 'mod_proxy_html', - 'python' => 'mod_python', - 'security' => 'mod_security', + 'phpXXX' => 'php', + 'proxy_html' => 'mod_proxy_html', + 'python' => 'mod_python', + 'security' => 'mod_security', # NOTE: The module for Shibboleth is not available on RH/CentOS without # providing dependency packages provided by Shibboleth's repositories. # See http://wiki.aaf.edu.au/tech-info/sp-install-guide - 'shibboleth' => 'shibboleth', - 'ssl' => 'mod_ssl', - 'wsgi' => 'mod_wsgi', - 'dav_svn' => 'mod_dav_svn', - 'suphp' => 'mod_suphp', - 'xsendfile' => 'mod_xsendfile', - 'nss' => 'mod_nss', - 'shib2' => 'shibboleth', + 'shibboleth' => 'shibboleth', + 'ssl' => 'mod_ssl', + 'wsgi' => 'mod_wsgi', + 'dav_svn' => 'mod_dav_svn', + 'suphp' => 'mod_suphp', + 'xsendfile' => 'mod_xsendfile', + 'nss' => 'mod_nss', + 'shib2' => 'shibboleth', } $mod_libs = { 'nss' => 'libmodnss.so', @@ -235,27 +236,28 @@ $php_version = '7.0' } $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-svn', - 'fastcgi' => 'libapache2-mod-fastcgi', - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'proxy_html' => 'libapache2-mod-proxy-html', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-modsecurity', - 'shib2' => 'libapache2-mod-shib2', - 'suphp' => 'libapache2-mod-suphp', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', + 'auth_cas' => 'libapache2-mod-auth-cas', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'authnz_pam' => 'libapache2-mod-authnz-pam', + 'dav_svn' => 'libapache2-svn', + 'fastcgi' => 'libapache2-mod-fastcgi', + 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', + 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', + 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'phpXXX' => 'libapache2-mod-phpXXX', + 'proxy_html' => 'libapache2-mod-proxy-html', + 'python' => 'libapache2-mod-python', + 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', + 'shib2' => 'libapache2-mod-shib2', + 'suphp' => 'libapache2-mod-suphp', + 'wsgi' => 'libapache2-mod-wsgi', + 'xsendfile' => 'libapache2-mod-xsendfile', } $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' diff --git a/spec/classes/mod/intercept_form_submit_spec.rb b/spec/classes/mod/intercept_form_submit_spec.rb new file mode 100644 index 0000000000..14a91fceef --- /dev/null +++ b/spec/classes/mod/intercept_form_submit_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe 'apache::mod::intercept_form_submit', :type => :class do + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("libapache2-mod-intercept-form-submit") } + it { is_expected.to contain_apache__mod('intercept_form_submit') } + end #Debian + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("mod_intercept_form_submit") } + it { is_expected.to contain_apache__mod('intercept_form_submit') } + end # Redhat + end +end From ccd9d191ef73079b427695e6442b0589f51b3273 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 6 Jan 2017 22:18:00 +0100 Subject: [PATCH 1086/2267] Add mod_lookup_identity --- README.md | 1 + manifests/mod/lookup_identity.pp | 4 +++ manifests/params.pp | 2 ++ spec/classes/mod/lookup_identity.rb | 44 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 manifests/mod/lookup_identity.pp create mode 100644 spec/classes/mod/lookup_identity.rb diff --git a/README.md b/README.md index 17a17da7d0..0cae55acf0 100644 --- a/README.md +++ b/README.md @@ -1411,6 +1411,7 @@ The following Apache modules have supported classes, many of which allow for par * `intercept_form_submit` * `itk` * `ldap` (see [`apache::mod::ldap`][]) +* `lookup_identity` * `mime` * `mime_magic`\* * `negotiation` diff --git a/manifests/mod/lookup_identity.pp b/manifests/mod/lookup_identity.pp new file mode 100644 index 0000000000..445c60ef21 --- /dev/null +++ b/manifests/mod/lookup_identity.pp @@ -0,0 +1,4 @@ +class apache::mod::lookup_identity { + include ::apache + ::apache::mod { 'lookup_identity': } +} diff --git a/manifests/params.pp b/manifests/params.pp index fbf1f5637d..5864477a37 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -113,6 +113,7 @@ '7' => 'mod_ldap', default => undef, }, + 'lookup_identity' => 'mod_lookup_identity', 'pagespeed' => 'mod-pagespeed-stable', # NOTE: The passenger module isn't available on RH/CentOS without # providing dependency packages provided by EPEL and passenger @@ -245,6 +246,7 @@ 'fcgid' => 'libapache2-mod-fcgid', 'geoip' => 'libapache2-mod-geoip', 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', + 'lookup_identity' => 'libapache2-mod-lookup-identity', 'nss' => 'libapache2-mod-nss', 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'libapache2-mod-passenger', diff --git a/spec/classes/mod/lookup_identity.rb b/spec/classes/mod/lookup_identity.rb new file mode 100644 index 0000000000..a04e2e88eb --- /dev/null +++ b/spec/classes/mod/lookup_identity.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe 'apache::mod::lookup_identity', :type => :class do + it_behaves_like "a mod class, without including apache" + + context "default configuration with parameters" do + context "on a Debian OS" do + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("libapache2-mod-lookup-identity") } + it { is_expected.to contain_apache__mod('lookup_identity') } + end #Debian + + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_package("mod_lookup_identity") } + it { is_expected.to contain_apache__mod('lookup_identity') } + end # Redhat + end +end From 5f6b86861bb9dd6ef32106a2a27b2917dc273cd7 Mon Sep 17 00:00:00 2001 From: Andreas Loibl Date: Mon, 15 May 2017 18:43:41 +0200 Subject: [PATCH 1087/2267] Use enclose_ipv6 function from stdlib puppetlabs-stdlib >= 4.12.0 merged the function `enclose_ipv6` of this module into their codebase. As this module includes `stdlib` it can be removed here. --- lib/puppet/parser/functions/enclose_ipv6.rb | 45 ------------ metadata.json | 2 +- .../parser/functions/enclose_ipv6_spec.rb | 69 ------------------- 3 files changed, 1 insertion(+), 115 deletions(-) delete mode 100644 lib/puppet/parser/functions/enclose_ipv6.rb delete mode 100644 spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb diff --git a/lib/puppet/parser/functions/enclose_ipv6.rb b/lib/puppet/parser/functions/enclose_ipv6.rb deleted file mode 100644 index 80ffc3acae..0000000000 --- a/lib/puppet/parser/functions/enclose_ipv6.rb +++ /dev/null @@ -1,45 +0,0 @@ -# -# enclose_ipv6.rb -# - -module Puppet::Parser::Functions - newfunction(:enclose_ipv6, :type => :rvalue, :doc => <<-EOS -Takes an array of ip addresses and encloses the ipv6 addresses with square brackets. - EOS - ) do |arguments| - - require 'ipaddr' - - rescuable_exceptions = [ ArgumentError ] - if defined?(IPAddr::InvalidAddressError) - rescuable_exceptions << IPAddr::InvalidAddressError - end - - if (arguments.size != 1) then - raise(Puppet::ParseError, "enclose_ipv6(): Wrong number of arguments "+ - "given #{arguments.size} for 1") - end - unless arguments[0].is_a?(String) or arguments[0].is_a?(Array) then - raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument type "+ - "given #{arguments[0].class} expected String or Array") - end - - input = [arguments[0]].flatten.compact - result = [] - - input.each do |val| - unless val == '*' - begin - ip = IPAddr.new(val) - rescue *rescuable_exceptions - raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ - "given #{val} is not an ip address.") - end - val = "[#{ip.to_s}]" if ip.ipv6? - end - result << val - end - - return result.uniq - end -end diff --git a/metadata.json b/metadata.json index 7bb2f12dbc..57f4ca08fc 100644 --- a/metadata.json +++ b/metadata.json @@ -8,7 +8,7 @@ "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 4.2.0 < 5.0.0"}, + {"name":"puppetlabs/stdlib","version_requirement":">= 4.12.0 < 5.0.0"}, {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} ], "data_provider": null, diff --git a/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb b/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb deleted file mode 100644 index b162127d06..0000000000 --- a/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -#! /usr/bin/env ruby -S rspec -require 'spec_helper' - -describe "the enclose_ipv6 function" do - let(:scope) { PuppetlabsSpec::PuppetInternals.scope } - - it "should exist" do - expect(Puppet::Parser::Functions.function("enclose_ipv6")).to eq("function_enclose_ipv6") - end - - it "should raise a ParseError if there is less than 1 arguments" do - expect { scope.function_enclose_ipv6([]) }.to( raise_error(Puppet::ParseError) ) - end - - it "should raise a ParseError if there is more than 1 arguments" do - expect { scope.function_enclose_ipv6(['argument1','argument2']) }.to( raise_error(Puppet::ParseError) ) - end - - it "should raise a ParseError when given garbage" do - expect { scope.function_enclose_ipv6(['garbage']) }.to( raise_error(Puppet::ParseError) ) - end - - it "should raise a ParseError when given something else than a string or an array" do - expect { scope.function_enclose_ipv6([['1' => '127.0.0.1']]) }.to( raise_error(Puppet::ParseError) ) - end - - it "should not raise a ParseError when given a single ip string" do - expect { scope.function_enclose_ipv6(['127.0.0.1']) }.to_not raise_error - end - - it "should not raise a ParseError when given * as ip string" do - expect { scope.function_enclose_ipv6(['*']) }.to_not raise_error - end - - it "should not raise a ParseError when given an array of ip strings" do - expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1']]) }.to_not raise_error - end - - it "should not raise a ParseError when given differently notations of ip addresses" do - expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::1]']]) }.to_not raise_error - end - - it "should raise a ParseError when given a wrong ipv4 address" do - expect { scope.function_enclose_ipv6(['127..0.0.1']) }.to( raise_error(Puppet::ParseError) ) - end - - it "should raise a ParseError when given a ipv4 address with square brackets" do - expect { scope.function_enclose_ipv6(['[127.0.0.1]']) }.to( raise_error(Puppet::ParseError) ) - end - - it "should raise a ParseError when given a wrong ipv6 address" do - expect { scope.function_enclose_ipv6(['fe80:::1']) }.to( raise_error(Puppet::ParseError) ) - end - - it "should embrace ipv6 adresses within an array of ip addresses" do - result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::2]']]) - expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::2]'])) - end - - it "should embrace a single ipv6 adresse" do - result = scope.function_enclose_ipv6(['fe80::1']) - expect(result).to(eq(['[fe80::1]'])) - end - - it "should not embrace a single ipv4 adresse" do - result = scope.function_enclose_ipv6(['127.0.0.1']) - expect(result).to(eq(['127.0.0.1'])) - end -end From a405c1637fdc2165692be7d3d54672fab61d51dc Mon Sep 17 00:00:00 2001 From: Martin Zehetmayer Date: Tue, 23 May 2017 14:52:50 -0700 Subject: [PATCH 1088/2267] Update the version compatibility to >= 4.7.0 < 5.0.0 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 7bb2f12dbc..549ddb2469 100644 --- a/metadata.json +++ b/metadata.json @@ -72,7 +72,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 3.0.0 < 5.0.0" + "version_requirement": ">= 4.7.0 < 5.0.0" } ], "description": "Module for Apache configuration" From 16eabda0c972868cf4300e72bfceed33320a0917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Defortis?= Date: Wed, 3 May 2017 17:30:33 +0200 Subject: [PATCH 1089/2267] MODULES-4816 - new param for mod::security class - New param $manage_security_crs set to true by default so the default behaviour is unchanged. - new spec example so that the parameter is spec-tested - Add an entry in the doc about this new param --- README.md | 1 + manifests/mod/security.pp | 41 +++++++++++++++++-------------- spec/classes/mod/security_spec.rb | 9 ++++++- 3 files changed, 31 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 16bb64883f..f52824e553 100644 --- a/README.md +++ b/README.md @@ -1948,6 +1948,7 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b - `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. - `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' - `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. +- `manage_security_crs` : Manage security_crs.conf rules file. Default: `true`. - `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. ${modsec\_dir}/activated\_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 4fab446500..dfe4da2101 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -24,6 +24,7 @@ $secrequestbodylimit = '13107200', $secrequestbodynofileslimit = '131072', $secrequestbodyinmemorylimit = '131072', + $manage_security_crs = true, ) inherits ::apache::params { include ::apache @@ -104,25 +105,27 @@ notify => Class['apache::service'], } - # Template uses: - # - $_secdefaultaction - # - $critical_anomaly_score - # - $error_anomaly_score - # - $warning_anomaly_score - # - $notice_anomaly_score - # - $inbound_anomaly_threshold - # - $outbound_anomaly_threshold - # - $anomaly_score_blocking - # - $allowed_methods - # - $content_types - # - $restricted_extensions - # - $restricted_headers - # - $secrequestmaxnumargs - file { "${modsec_dir}/security_crs.conf": - ensure => file, - content => template('apache/mod/security_crs.conf.erb'), - require => File[$modsec_dir], - notify => Class['apache::service'], + if $manage_security_crs { + # Template uses: + # - $_secdefaultaction + # - $critical_anomaly_score + # - $error_anomaly_score + # - $warning_anomaly_score + # - $notice_anomaly_score + # - $inbound_anomaly_threshold + # - $outbound_anomaly_threshold + # - $anomaly_score_blocking + # - $allowed_methods + # - $content_types + # - $restricted_extensions + # - $restricted_headers + # - $secrequestmaxnumargs + file { "${modsec_dir}/security_crs.conf": + ensure => file, + content => template('apache/mod/security_crs.conf.erb'), + require => File[$modsec_dir], + notify => Class['apache::service'], + } } unless $::operatingsystem == 'SLES' { apache::security::rule_link { $activated_rules: } } diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 28b5e2642a..e30f7214fd 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -75,8 +75,15 @@ :target => '/tmp/foo/bar.conf', ) } end + describe 'with other modsec parameters' do + let :params do + { + :manage_security_crs => false + } + end + it { should_not contain_file('/etc/httpd/modsecurity.d/security_crs.conf') } + end end - context "on Debian based systems" do let :facts do { From 405c2b7ab7d12fb6042d2db7123d67592e11029c Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 12 May 2017 15:55:36 -0300 Subject: [PATCH 1090/2267] Include very minimal apache::mod::jk class --- manifests/mod/jk.pp | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 manifests/mod/jk.pp diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp new file mode 100644 index 0000000000..36f9be910c --- /dev/null +++ b/manifests/mod/jk.pp @@ -0,0 +1,7 @@ +class apache::mod::jk { + + include ::apache + + ::apache::mod { 'jk': } + +} From 7b93d44180ff19539020faf8c8d995849a142f77 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 12 May 2017 15:58:51 -0300 Subject: [PATCH 1091/2267] Include dummy jk.conf template --- templates/mod/jk.conf.erb | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 templates/mod/jk.conf.erb diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb new file mode 100644 index 0000000000..352df6c6e9 --- /dev/null +++ b/templates/mod/jk.conf.erb @@ -0,0 +1,2 @@ +# This file is generated automatically by Puppet - DO NOT EDIT +# Any manual changes will be overwritten From e3957dd71d644153185aecd7fac6f97f02a1913c Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 12 May 2017 15:59:19 -0300 Subject: [PATCH 1092/2267] Include jk.conf file resource in class ...mod::jk --- manifests/mod/jk.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 36f9be910c..a77d0fc367 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -4,4 +4,16 @@ ::apache::mod { 'jk': } + file {'jk.conf': + ensure => file, + path => "${::apache::mod_dir}/jk.conf", + mode => $::apache::file_mode, + content => template('apache/mod/jk.conf.erb'), + require => [ + Exec["mkdir ${::apache::mod_dir}"], + File[$::apache::mod_dir], + ], + notify => Class['apache::service'], + } + } From e27f5a5b31935607d2032d831697e301938349de Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 5 Jun 2017 18:01:50 -0300 Subject: [PATCH 1093/2267] Include workers file in mod_jk config template --- templates/mod/jk.conf.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 352df6c6e9..6ca5c61bf3 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -1,2 +1,4 @@ # This file is generated automatically by Puppet - DO NOT EDIT # Any manual changes will be overwritten + +JkWorkersFile <%= @workers_file %> From 6048ecf0e91031a9c32e5e3c858ee4bdbed90f0d Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 5 Jun 2017 18:02:13 -0300 Subject: [PATCH 1094/2267] Include log properties in mod_jk config template --- templates/mod/jk.conf.erb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 6ca5c61bf3..f06f1e82be 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -2,3 +2,13 @@ # Any manual changes will be overwritten JkWorkersFile <%= @workers_file %> + +<% if @log_file -%> +JkLogFile <%= @log_file %> +<% end -%> +<% if @log_level -%> +JkLogLevel <%= @log_level %> +<% end -%> +<% if @log_stamp_format -%> +JkLogStampFormat <%= @log_stamp_format %> +<% end -%> From 0295390f700b55c35676d6870d7f326c6dd35672 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 5 Jun 2017 18:03:01 -0300 Subject: [PATCH 1095/2267] Include workers map file in mod_jk config template --- templates/mod/jk.conf.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index f06f1e82be..55a373e7b2 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -2,6 +2,11 @@ # Any manual changes will be overwritten JkWorkersFile <%= @workers_file %> +<%# Define jk_mount_file if workers map should be global -%> +<%# Otherwise, include JkMount directives in your vhosts -%> +<% if @jk_mount_file -%> +JkMountFile <%= @jk_mount_file %> +<% end -%> <% if @log_file -%> JkLogFile <%= @log_file %> From 28b08f09fba172c19f0582ba73994d772bdc01ed Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 5 Jun 2017 18:04:09 -0300 Subject: [PATCH 1096/2267] Include config parameters in class ...mod::jk --- manifests/mod/jk.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index a77d0fc367..8b80949363 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -1,4 +1,11 @@ -class apache::mod::jk { +class apache::mod::jk ( + $workers_file, + $jk_mount = undef, + $jk_mount_file = undef, + $log_file = undef, + $log_level = undef, + $log_stamp_format = undef, +){ include ::apache From ca7abf1673b82811cb5a1cb02b0c6b1a34cc8c7f Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 6 Jun 2017 14:07:55 -0300 Subject: [PATCH 1097/2267] Include remaining parameters in class ...mod::jk and template --- manifests/mod/jk.pp | 52 ++++++++++++++++--- templates/mod/jk.conf.erb | 102 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 143 insertions(+), 11 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 8b80949363..d08b02b2c3 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -1,10 +1,50 @@ +# Class apache::mod::jk +# +# Manages mod_jk connector +# +# All parameters are optional. When undefined, some receive default values, +# while others cause an optional directive to be absent +# +# For help on parameters, pls see official reference at: +# https://tomcat.apache.org/connectors-doc/reference/apache.html +# class apache::mod::jk ( - $workers_file, - $jk_mount = undef, - $jk_mount_file = undef, - $log_file = undef, - $log_level = undef, - $log_stamp_format = undef, + $workers_file = undef, + $worker_property = undef, + $shm_file = undef, + $shm_size = undef, + $mount_file = undef, + $mount_file_reload = undef, + $mount = undef, + $un_mount = undef, + $auto_alias = undef, + $mount_copy = undef, + $worker_indicator = undef, + $watchdog_interval = undef, + $log_file = undef, + $log_level = undef, + $log_stamp_format = undef, + $request_log_format = undef, + $extract_ssl = undef, + $https_indicator = undef, + $sslprotocol_indicator = undef, + $certs_indicator = undef, + $cipher_indicator = undef, + $certchain_prefix = undef, + $session_indicator = undef, + $keysize_indicator = undef, + $local_name_indicator = undef, + $ignore_cl_indicator = undef, + $local_addr_indicator = undef, + $local_port_indicator = undef, + $remote_host_indicator = undef, + $remote_addr_indicator = undef, + $remote_port_indicator = undef, + $remote_user_indicator = undef, + $auth_type_indicator = undef, + $options = undef, + $env_var = undef, + $strip_session = undef, ){ include ::apache diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 55a373e7b2..40b1d3e4ed 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -1,13 +1,42 @@ # This file is generated automatically by Puppet - DO NOT EDIT # Any manual changes will be overwritten +<% if @workers_file -%> JkWorkersFile <%= @workers_file %> -<%# Define jk_mount_file if workers map should be global -%> -<%# Otherwise, include JkMount directives in your vhosts -%> -<% if @jk_mount_file -%> -JkMountFile <%= @jk_mount_file %> <% end -%> - +<% if @worker_property -%> +JkWorkerProperty <%= @worker_property %> +<% end -%> +<% if @shm_file -%> +JkShmFile <%= @shm_file %> +<% end -%> +<% if @shm_size -%> +JkShmSize <%= @shm_size %> +<% end -%> +<% if @mount_file -%> +JkMountFile <%= @mount_file %> +<% end -%> +<% if @mount_file_reload -%> +JkMountFileReload <%= @mount_file_reload %> +<% end -%> +<% if @mount -%> +JkMount <%= @mount %> +<% end -%> +<% if @un_mount -%> +JkUnMount <%= @un_mount %> +<% end -%> +<% if @auto_alias -%> +JkAutoAlias <%= @auto_alias %> +<% end -%> +<% if @mount_copy -%> +JkMountCopy <%= @mount_copy %> +<% end -%> +<% if @worker_indicator -%> +JkWorkerIndicator <%= @worker_indicator %> +<% end -%> +<% if @watchdog_interval -%> +JkWatchdogInterval <%= @watchdog_interval %> +<% end -%> <% if @log_file -%> JkLogFile <%= @log_file %> <% end -%> @@ -17,3 +46,66 @@ JkLogLevel <%= @log_level %> <% if @log_stamp_format -%> JkLogStampFormat <%= @log_stamp_format %> <% end -%> +<% if @request_log_format -%> +JkRequestLogFormat <%= @request_log_format %> +<% end -%> +<% if @extract_ssl -%> +JkExtractSSL <%= @extract_ssl %> +<% end -%> +<% if @https_indicator -%> +JkHTTPSIndicator <%= @https_indicator %> +<% end -%> +<% if @sslprotocol_indicator -%> +JkSSLPROTOCOLIndicator <%= @sslprotocol_indicator %> +<% end -%> +<% if @certs_indicator -%> +JkCERTSIndicator <%= @certs_indicator %> +<% end -%> +<% if @cipher_indicator -%> +JkCIPHERIndicator <%= @cipher_indicator %> +<% end -%> +<% if @certchain_prefix -%> +JkCERTCHAINPrefix <%= @certchain_prefix %> +<% end -%> +<% if @session_indicator -%> +JkSESSIONIndicator <%= @session_indicator %> +<% end -%> +<% if @keysize_indicator -%> +JkKEYSIZEIndicator <%= @keysize_indicator %> +<% end -%> +<% if @local_name_indicator -%> +JkLocalNameIndicator <%= @local_name_indicator %> +<% end -%> +<% if @ignore_cl_indicator -%> +JkIgnoreCLIndicator <%= @ignore_cl_indicator %> +<% end -%> +<% if @local_addr_indicator -%> +JkLocalAddrIndicator <%= @local_addr_indicator %> +<% end -%> +<% if @local_port_indicator -%> +JkLocalPortIndicator <%= @local_port_indicator %> +<% end -%> +<% if @remote_host_indicator -%> +JkRemoteHostIndicator <%= @remote_host_indicator %> +<% end -%> +<% if @remote_addr_indicator -%> +JkRemoteAddrIndicator <%= @remote_addr_indicator %> +<% end -%> +<% if @remote_port_indicator -%> +JkRemotePortIndicator <%= @remote_port_indicator %> +<% end -%> +<% if @remote_user_indicator -%> +JkRemoteUserIndicator <%= @remote_user_indicator %> +<% end -%> +<% if @auth_type_indicator -%> +JkAuthTypeIndicator <%= @auth_type_indicator %> +<% end -%> +<% if @options -%> +JkOptions <%= @options %> +<% end -%> +<% if @env_var -%> +JkEnvVar <%= @env_var %> +<% end -%> +<% if @strip_session -%> +JkStripSession <%= @strip_session %> +<% end -%> From 68fce0d2652f73efb0584542ae2210d6c4965953 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 6 Jun 2017 14:39:35 -0300 Subject: [PATCH 1098/2267] Correct hash parsing in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 40b1d3e4ed..e6b3274d98 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -5,7 +5,9 @@ JkWorkersFile <%= @workers_file %> <% end -%> <% if @worker_property -%> -JkWorkerProperty <%= @worker_property %> +<% @worker_property.sort.each do |property,value| -%> +JkWorkerProperty <%= @property %>=<%= @value %> +<% end -%> <% end -%> <% if @shm_file -%> JkShmFile <%= @shm_file %> From d3833612a50e7d3b09a1225eb8b2636403c84f2f Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 6 Jun 2017 14:40:26 -0300 Subject: [PATCH 1099/2267] Add comments in class ...mod::jk --- manifests/mod/jk.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index d08b02b2c3..a8cf49b7f6 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -49,8 +49,12 @@ include ::apache + # Provides important variables + include ::apache + # Manages basic module config ::apache::mod { 'jk': } + # Main config file file {'jk.conf': ensure => file, path => "${::apache::mod_dir}/jk.conf", From fc90643dc42c0ff1ac3faefe818ec9da87a97ed8 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 6 Jun 2017 15:37:44 -0300 Subject: [PATCH 1100/2267] Correct remaining hash parsings in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index e6b3274d98..b4a3489ee7 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -22,10 +22,14 @@ JkMountFile <%= @mount_file %> JkMountFileReload <%= @mount_file_reload %> <% end -%> <% if @mount -%> -JkMount <%= @mount %> +<% @mount.sort.each do |url_prefix,worker_name| -%> +JkMount <%= @url_prefix %> <%= @worker_name %> +<% end -%> <% end -%> <% if @un_mount -%> -JkUnMount <%= @un_mount %> +<% @un_mount.sort.each do |url_prefix,worker_name| -%> +JkUnMount <%= @url_prefix %> <%= @worker_name %> +<% end -%> <% end -%> <% if @auto_alias -%> JkAutoAlias <%= @auto_alias %> @@ -103,10 +107,14 @@ JkRemoteUserIndicator <%= @remote_user_indicator %> JkAuthTypeIndicator <%= @auth_type_indicator %> <% end -%> <% if @options -%> -JkOptions <%= @options %> +<% @options.sort.each do |fwd_option| -%> +JkOptions <%= @fwd_option %> +<% end -%> <% end -%> <% if @env_var -%> -JkEnvVar <%= @env_var %> +<% @env_var.sort.each do |variable,value| -%> +JkEnvVar <%= @variable %><% if not @value.empty? -%> @value<% end -%> +<% end -%> <% end -%> <% if @strip_session -%> JkStripSession <%= @strip_session %> From a79630ce14522ef05580d8031238273061f60aa3 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 6 Jun 2017 17:52:55 -0300 Subject: [PATCH 1101/2267] Use empty hashes/arrays as defaults in class ...mod::jk --- manifests/mod/jk.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index a8cf49b7f6..367e927f22 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -10,13 +10,13 @@ # class apache::mod::jk ( $workers_file = undef, - $worker_property = undef, + $worker_property = {}, $shm_file = undef, $shm_size = undef, $mount_file = undef, $mount_file_reload = undef, - $mount = undef, - $un_mount = undef, + $mount = {}, + $un_mount = {}, $auto_alias = undef, $mount_copy = undef, $worker_indicator = undef, @@ -42,8 +42,8 @@ $remote_port_indicator = undef, $remote_user_indicator = undef, $auth_type_indicator = undef, - $options = undef, - $env_var = undef, + $options = [], + $env_var = {}, $strip_session = undef, ){ From 0422b8f637d86e636883163a5acb34934fdb84eb Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 12:22:59 -0300 Subject: [PATCH 1102/2267] Include default file parameters in class apache::mod::jk --- manifests/mod/jk.pp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 367e927f22..5a865caef1 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -54,17 +54,21 @@ # Manages basic module config ::apache::mod { 'jk': } + # File resource common parameters + File { + ensure => file, + mode => $::apache::file_mode, + notify => Class['apache::service'], + } + # Main config file file {'jk.conf': - ensure => file, path => "${::apache::mod_dir}/jk.conf", - mode => $::apache::file_mode, content => template('apache/mod/jk.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], File[$::apache::mod_dir], ], - notify => Class['apache::service'], } } From 6dd989ea704bd6d372db78d2cd56bb661df52221 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 12:23:56 -0300 Subject: [PATCH 1103/2267] Include workers file management in class apache::mod::jk --- manifests/mod/jk.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 5a865caef1..b77aad58d1 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -45,6 +45,8 @@ $options = [], $env_var = {}, $strip_session = undef, + # Workers file content + $workers_file_content = [], ){ include ::apache @@ -71,4 +73,16 @@ ], } + # Workers file + if $workers_file != undef { + $workers_path = $workers_file ? { + /^\// => $workers_file, + default => "${apache::httpd_dir}/${workers_file}", + } + file { $workers_path: + content => template('apache/mod/jk/workers.properties.erb'), + require => Package['httpd'], + } + } + } From 0098e7cc678713ee1777ce7e74547e4ad93d23ba Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:09:15 -0300 Subject: [PATCH 1104/2267] Include template for mod_jk workers file --- templates/mod/jk/workers.properties.erb | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 templates/mod/jk/workers.properties.erb diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb new file mode 100644 index 0000000000..dec1369b33 --- /dev/null +++ b/templates/mod/jk/workers.properties.erb @@ -0,0 +1,8 @@ +# This file is generated automatically by Puppet - DO NOT EDIT +# Any manual changes will be overwritten +<% @workers_file_content.sort.each do |worker,directives| -%> + +<% directives.sort.each do |property,value| -%> +worker.<%= worker %>.<%= property %>=<%= value %> +<% end -%> +<% end -%> From abe7ab7e3d72cd0bb3823a60c22c9f5291e13a87 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:10:18 -0300 Subject: [PATCH 1105/2267] Manages comments in mod_jk workers file --- templates/mod/jk/workers.properties.erb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index dec1369b33..bca48c2ab5 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -2,7 +2,13 @@ # Any manual changes will be overwritten <% @workers_file_content.sort.each do |worker,directives| -%> +<%# Places comment before worker directives -%> +<% if directives.has_key?('comment') -%> +# <%= directives['comment'] %> +<% end -%> <% directives.sort.each do |property,value| -%> +<% if property != 'comment' -%> worker.<%= worker %>.<%= property %>=<%= value %> <% end -%> <% end -%> +<% end -%> From 92453af0d13ec8c04b2049e020cd579e0b263f1f Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:11:25 -0300 Subject: [PATCH 1106/2267] Document parameters in mod_jk workers file --- templates/mod/jk/workers.properties.erb | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index bca48c2ab5..4444032b24 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -1,5 +1,31 @@ # This file is generated automatically by Puppet - DO NOT EDIT # Any manual changes will be overwritten +<%# -%> +<%# workers_file_content should be a hash which keys are workers names -%> +<%# and values are new hashes with properties and values -%> +<%# -%> +<%# Example: -%> +<%# # Optional comment -%> +<%# worker.some_name.type=ajp13 -%> +<%# worker.some_name.socket_keepalive=true -%> +<%# # I just like comments -%> +<%# worker.other_name.type=ajp12 (why would you?) -%> +<%# worker.other_name.socket_keepalive=false -%> +<%# should be parameterized as: -%> +<%# -%> +<%# $workers_file_content = { -%> +<%# some_name => { -%> +<%# type => 'ajp13', -%> +<%# socket_keepalive => 'true', -%> +<%# comment => 'Optional comment', -%> +<%# }, -%> +<%# other_name => { -%> +<%# type => 'ajp12', -%> +<%# socket_keepalive => 'false', -%> +<%# comment => 'I just like comments', -%> +<%# }, -%> +<%# }, -%> +<%# -%> <% @workers_file_content.sort.each do |worker,directives| -%> <%# Places comment before worker directives -%> From d08baa0f8bf2142bdf490a809dc67c617b4d8305 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:43:40 -0300 Subject: [PATCH 1107/2267] Include class apache::mod::jk section in README --- README.md | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0cae55acf0..8329ffb5ef 100644 --- a/README.md +++ b/README.md @@ -1300,7 +1300,7 @@ If the string starts with / or | or syslog: the full path will be set. Otherwise ##### `scriptalias` -Directory to use for global script alias +Directory to use for global script alias The default value is determined by your operating system: @@ -1410,6 +1410,7 @@ The following Apache modules have supported classes, many of which allow for par * `info`\* * `intercept_form_submit` * `itk` +* `jk` (see [`apache::mod::jk`][]) * `ldap` (see [`apache::mod::ldap`][]) * `lookup_identity` * `mime` @@ -1725,6 +1726,58 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of - `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. - `restrict_access`: Determines whether to enable access restrictions. If false, the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: true. +##### Class: `apache::mod::jk` + +Installs and manages `mod_jk`, a connector for Apache httpd redirection to old versions of TomCat and JBoss + +**Note**: There is no official package available for mod\_jk and thus it must be made available by means outside of the control of the apache module. Binaries can be found at [Apache Tomcat Connectors download page](https://tomcat.apache.org/download-connectors.cgi) + +``` puppet +class { '::apache::mod::jk': + workers_file = 'conf/workers.properties', + mount_file = 'conf/uriworkermap.properties', + shm_file = 'run/jk.shm', + shm_size = '50M', + $workers_file_content = { + + }, +} +``` + +**Parameters within `apache::mod::jk`**: + +The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for \*file_content: + +**`workers_file_content`** + +Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. For example, the workers file below: + +``` +# Optional comment +worker.some_name.type=ajp13 +worker.some_name.socket_keepalive=true +# I just like comments +worker.other_name.type=ajp12 (why would you?) +worker.other_name.socket_keepalive=false +``` + +Should be parameterized as: + +``` +$workers_file_content = { + some_name => { + comment => 'Optional comment', + type => 'ajp13', + socket_keepalive => 'true', + }, + other_name => { + comment => 'I just like comments', + type => 'ajp12', + socket_keepalive => 'false', + }, +} +``` + ##### Class: `apache::mod::passenger` Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensure that you meet the minimum requirements as described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux) From 6f9e447a32525b41fe1aa8090b86a1d7f262d01b Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:49:47 -0300 Subject: [PATCH 1108/2267] Correct link to class apache::mod::jk section in README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8329ffb5ef..4085f286da 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ [`apache::mod::ext_filter`]: #class-apachemodext_filter [`apache::mod::geoip`]: #class-apachemodgeoip [`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::jk`]: #class-apachemodjk [`apache::mod::ldap`]: #class-apachemodldap [`apache::mod::passenger`]: #class-apachemodpassenger [`apache::mod::peruser`]: #class-apachemodperuser @@ -1410,7 +1411,7 @@ The following Apache modules have supported classes, many of which allow for par * `info`\* * `intercept_form_submit` * `itk` -* `jk` (see [`apache::mod::jk`][]) +* `jk` (see [`apache::mod::jk`]) * `ldap` (see [`apache::mod::ldap`][]) * `lookup_identity` * `mime` From 54f6d7391562b5117f08200d3b4d9708b85ec6c6 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 13:53:38 -0300 Subject: [PATCH 1109/2267] Include comment on workers file content in classe apache::mod::jk --- manifests/mod/jk.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index b77aad58d1..ff62dd68b8 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -46,6 +46,7 @@ $env_var = {}, $strip_session = undef, # Workers file content + # See comments in template mod/jk/workers.properties.erb $workers_file_content = [], ){ From 11c0482fe189efb87efc2faa35bba4f7e4dce4db Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:35:21 -0300 Subject: [PATCH 1110/2267] Include missing directives in template mod/jk/workers.properties.erb --- templates/mod/jk/workers.properties.erb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index 4444032b24..c440415ec0 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -26,6 +26,16 @@ <%# }, -%> <%# }, -%> <%# -%> +<% if @workers_file_content.has_key?('worker_lists') -%> + +<% @workers_file_content['worker_lists'].sort.each do |list| -%> +worker.list = <%= list %> +<% end -%> +<% end -%> +<% if @workers_file_content.has_key?('worker_mantain') -%> + +worker.maintain = <%= @workers_file_content['worker_mantain'] %> +<% end -%> <% @workers_file_content.sort.each do |worker,directives| -%> <%# Places comment before worker directives -%> From 12f71cf210e559b11f47c9b9cfaeda481620df5e Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:36:52 -0300 Subject: [PATCH 1111/2267] Deal with reserved keys in template mod/jk/workers.properties.erb --- templates/mod/jk/workers.properties.erb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index c440415ec0..8018dcc3db 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -36,7 +36,9 @@ worker.list = <%= list %> worker.maintain = <%= @workers_file_content['worker_mantain'] %> <% end -%> -<% @workers_file_content.sort.each do |worker,directives| -%> +<% @workers_file_content.sort.each do |name,directives| -%> +<%# Skip hash items with the reserved keys -%> +<% if not ['worker_lists', 'worker_mantain'].include?(name) -%> <%# Places comment before worker directives -%> <% if directives.has_key?('comment') -%> @@ -44,7 +46,8 @@ worker.maintain = <%= @workers_file_content['worker_mantain'] %> <% end -%> <% directives.sort.each do |property,value| -%> <% if property != 'comment' -%> -worker.<%= worker %>.<%= property %>=<%= value %> +worker.<%= name %>.<%= property %>=<%= value %> +<% end -%> <% end -%> <% end -%> <% end -%> From 0977585b2b385d777b593cef95253c41bb887298 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:37:42 -0300 Subject: [PATCH 1112/2267] Document included directives in template mod/jk/workers.properties.erb --- templates/mod/jk/workers.properties.erb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index 8018dcc3db..2822178a98 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -3,17 +3,26 @@ <%# -%> <%# workers_file_content should be a hash which keys are workers names -%> <%# and values are new hashes with properties and values -%> +<%# Two keys are special (and reserved!): -%> +<%# worker_lists - Array of comma-separated worker names lists -%> +<%# Each list is an item of the array and will be placed in one line -%> +<%# worker_mantain - Numeric string -%> <%# -%> <%# Example: -%> +<%# worker.list = status -%> +<%# worker.list = some_name,other_name -%> +<%# worker_mantain = 60 -%> <%# # Optional comment -%> <%# worker.some_name.type=ajp13 -%> <%# worker.some_name.socket_keepalive=true -%> <%# # I just like comments -%> <%# worker.other_name.type=ajp12 (why would you?) -%> <%# worker.other_name.socket_keepalive=false -%> -<%# should be parameterized as: -%> <%# -%> +<%# should be parameterized as: -%> <%# $workers_file_content = { -%> +<%# worker_lists => ['status', 'some_name,other_name'], +<%# worker_mantain => '60', <%# some_name => { -%> <%# type => 'ajp13', -%> <%# socket_keepalive => 'true', -%> From dc20448c7f949ccc7ca25f3c9d35b43df8a68b05 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:39:45 -0300 Subject: [PATCH 1113/2267] Create URI-worker mappings template for mod_jk --- templates/mod/jk/uriworkermap.properties.erb | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 templates/mod/jk/uriworkermap.properties.erb diff --git a/templates/mod/jk/uriworkermap.properties.erb b/templates/mod/jk/uriworkermap.properties.erb new file mode 100644 index 0000000000..a36ff0d638 --- /dev/null +++ b/templates/mod/jk/uriworkermap.properties.erb @@ -0,0 +1,12 @@ +# This file is generated automatically by Puppet - DO NOT EDIT +# Any manual changes will be overwritten +<% @mount_file_content.sort.each do |worker,directives| -%> + +<%# Places comment before worker mappings -%> +<% if directives.has_key?('comment') -%> +# <%= directives['comment'] %> +<% end -%> +<% directives['uri_list'].sort.each do |uri| -%> +<%= uri %> = <%= worker %> +<% end -%> +<% end -%> From 1ec060425d4ccdac14e772d2e00bfbf0b80a6b8a Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:40:55 -0300 Subject: [PATCH 1114/2267] Include mappings file management in class apache::mod::jk --- manifests/mod/jk.pp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index ff62dd68b8..3cc732a4df 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -48,6 +48,9 @@ # Workers file content # See comments in template mod/jk/workers.properties.erb $workers_file_content = [], + # Mount file content + # See comments in template mod/jk/uriworkermap.properties.erb + $mount_file_content = [], ){ include ::apache @@ -86,4 +89,16 @@ } } + # Mount file + if $mount_file != undef { + $mount_path = $mount_file ? { + /^\// => $mount_file, + default => "${apache::httpd_dir}/${mount_file}", + } + file { $mount_path: + content => template('apache/mod/jk/uriworkermap.properties.erb'), + require => Package['httpd'], + } + } + } From 5d6e6d01e7ef3e1f95622f9b00e7dac0fe92063a Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:42:39 -0300 Subject: [PATCH 1115/2267] Document URI-worker mappings template for mod_jk --- templates/mod/jk/uriworkermap.properties.erb | 28 ++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/templates/mod/jk/uriworkermap.properties.erb b/templates/mod/jk/uriworkermap.properties.erb index a36ff0d638..4d9eac03f9 100644 --- a/templates/mod/jk/uriworkermap.properties.erb +++ b/templates/mod/jk/uriworkermap.properties.erb @@ -1,5 +1,33 @@ # This file is generated automatically by Puppet - DO NOT EDIT # Any manual changes will be overwritten +<%# -%> +<%# mount_file_content should be a hash which keys are workers names -%> +<%# and values are new hashes with two items: -%> +<%# uri_list - Array with URIs to be mapped to worker -%> +<%# comment - Optional comment line -%> +<%# -%> +<%# Example: -%> +<%# # Worker 1 -%> +<%# /context_1/ = worker_1 -%> +<%# /context_1/* = worker_1 -%> +<%# -%> +<%# # Worker 2 -%> +<%# / = worker_2 -%> +<%# /context_2/ = worker_2 -%> +<%# /context_2/* = worker_2 -%> +<%# -%> +<%# should be parameterized as: -%> +<%# $mount_file_content = { -%> +<%# worker_1 => { -%> +<%# uri_list => ['/context_1/', '/context_1/*'], -%> +<%# comment => 'Worker 1', -%> +<%# }, -%> +<%# worker_2 => { -%> +<%# uri_list => ['/context_2/', '/context_2/*'], -%> +<%# comment => 'Worker 2', -%> +<%# }, -%> +<%# }, -%> +<%# -%> <% @mount_file_content.sort.each do |worker,directives| -%> <%# Places comment before worker mappings -%> From c8adc1721a29715375cf8b76e5aea3024c415454 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:46:48 -0300 Subject: [PATCH 1116/2267] Include missing tags in template mod/jk/workers.properties.erb --- templates/mod/jk/workers.properties.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/mod/jk/workers.properties.erb b/templates/mod/jk/workers.properties.erb index 2822178a98..ed3eb6190f 100644 --- a/templates/mod/jk/workers.properties.erb +++ b/templates/mod/jk/workers.properties.erb @@ -11,7 +11,7 @@ <%# Example: -%> <%# worker.list = status -%> <%# worker.list = some_name,other_name -%> -<%# worker_mantain = 60 -%> +<%# worker.mantain = 60 -%> <%# # Optional comment -%> <%# worker.some_name.type=ajp13 -%> <%# worker.some_name.socket_keepalive=true -%> @@ -21,8 +21,8 @@ <%# -%> <%# should be parameterized as: -%> <%# $workers_file_content = { -%> -<%# worker_lists => ['status', 'some_name,other_name'], -<%# worker_mantain => '60', +<%# worker_lists => ['status', 'some_name,other_name'], -%> +<%# worker_mantain => '60', -%> <%# some_name => { -%> <%# type => 'ajp13', -%> <%# socket_keepalive => 'true', -%> From 895dcca15e6a9377bda01922028f43c910fc751c Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 17:59:31 -0300 Subject: [PATCH 1117/2267] Update README with missing directives for mod_jk workers file --- README.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4085f286da..73b82b98a9 100644 --- a/README.md +++ b/README.md @@ -1749,14 +1749,22 @@ class { '::apache::mod::jk': The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for \*file_content: -**`workers_file_content`** +**workers\_file\_content** -Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. For example, the workers file below: +Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. +Plus, there are two global directives, 'worker.list' and 'worker.mantain' +For example, the workers file below: ``` +worker.list = status +worker.list = some_name,other_name + +worker.mantain = 60 + # Optional comment worker.some_name.type=ajp13 worker.some_name.socket_keepalive=true + # I just like comments worker.other_name.type=ajp12 (why would you?) worker.other_name.socket_keepalive=false @@ -1766,12 +1774,14 @@ Should be parameterized as: ``` $workers_file_content = { - some_name => { + worker_lists => ['status', 'some_name,other_name'], + worker_mantain => '60', + some_name => { comment => 'Optional comment', type => 'ajp13', socket_keepalive => 'true', }, - other_name => { + other_name => { comment => 'I just like comments', type => 'ajp12', socket_keepalive => 'false', From 8ef78529bae035f112a6dba6d482d20e3c8eed73 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 18:04:26 -0300 Subject: [PATCH 1118/2267] Document in README mod_jk mount file --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 73b82b98a9..89bc5f07a9 100644 --- a/README.md +++ b/README.md @@ -1789,6 +1789,37 @@ $workers_file_content = { } ``` +**mount\_file\_content** + +Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an Array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. +For example, the mount file below: + +``` +# Worker 1 +/context_1/ = worker_1 +/context_1/* = worker_1 + +# Worker 2 +/ = worker_2 +/context_2/ = worker_2 +/context_2/* = worker_2 +``` + +Should be parameterized as: + +``` +$mount_file_content = { + worker_1 => { + uri_list => ['/context_1/', '/context_1/*'], + comment => 'Worker 1', + }, + worker_2 => { + uri_list => ['/context_2/', '/context_2/*'], + comment => 'Worker 2', + }, +}, +``` + ##### Class: `apache::mod::passenger` Installs and manages [`mod_passenger`][]. For RedHat based systems, please ensure that you meet the minimum requirements as described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux) From 1e3a889f99ad30ac456bfc73d4e13f49dc29b672 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Wed, 7 Jun 2017 18:08:32 -0300 Subject: [PATCH 1119/2267] Correct typo in apache::mod::jk section of README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 89bc5f07a9..534eaca0a7 100644 --- a/README.md +++ b/README.md @@ -1791,7 +1791,7 @@ $workers_file_content = { **mount\_file\_content** -Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an Array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. +Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. For example, the mount file below: ``` From 4ee344df22e49d455675770fe50fd083d2635797 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 16:37:36 -0300 Subject: [PATCH 1120/2267] Correct local variables references in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index b4a3489ee7..37695035fc 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -6,7 +6,7 @@ JkWorkersFile <%= @workers_file %> <% end -%> <% if @worker_property -%> <% @worker_property.sort.each do |property,value| -%> -JkWorkerProperty <%= @property %>=<%= @value %> +JkWorkerProperty <%= property %>=<%= value %> <% end -%> <% end -%> <% if @shm_file -%> @@ -23,12 +23,12 @@ JkMountFileReload <%= @mount_file_reload %> <% end -%> <% if @mount -%> <% @mount.sort.each do |url_prefix,worker_name| -%> -JkMount <%= @url_prefix %> <%= @worker_name %> +JkMount <%= url_prefix %> <%= worker_name %> <% end -%> <% end -%> <% if @un_mount -%> <% @un_mount.sort.each do |url_prefix,worker_name| -%> -JkUnMount <%= @url_prefix %> <%= @worker_name %> +JkUnMount <%= url_prefix %> <%= worker_name %> <% end -%> <% end -%> <% if @auto_alias -%> @@ -108,12 +108,12 @@ JkAuthTypeIndicator <%= @auth_type_indicator %> <% end -%> <% if @options -%> <% @options.sort.each do |fwd_option| -%> -JkOptions <%= @fwd_option %> +JkOptions <%= fwd_option %> <% end -%> <% end -%> <% if @env_var -%> <% @env_var.sort.each do |variable,value| -%> -JkEnvVar <%= @variable %><% if not @value.empty? -%> @value<% end -%> +JkEnvVar <%= variable %><% if not value.empty? -%> value<% end -%> <% end -%> <% end -%> <% if @strip_session -%> From ce0ae0d9ca3e913b51f4f5fa86f0c95de46d9ba0 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 16:49:56 -0300 Subject: [PATCH 1121/2267] Remove unwanted indentations in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 238 +++++++++++++++++++------------------- 1 file changed, 120 insertions(+), 118 deletions(-) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 37695035fc..35f37f6023 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -1,121 +1,123 @@ # This file is generated automatically by Puppet - DO NOT EDIT # Any manual changes will be overwritten -<% if @workers_file -%> -JkWorkersFile <%= @workers_file %> -<% end -%> -<% if @worker_property -%> -<% @worker_property.sort.each do |property,value| -%> -JkWorkerProperty <%= property %>=<%= value %> -<% end -%> -<% end -%> -<% if @shm_file -%> -JkShmFile <%= @shm_file %> -<% end -%> -<% if @shm_size -%> -JkShmSize <%= @shm_size %> -<% end -%> -<% if @mount_file -%> -JkMountFile <%= @mount_file %> -<% end -%> -<% if @mount_file_reload -%> -JkMountFileReload <%= @mount_file_reload %> -<% end -%> -<% if @mount -%> -<% @mount.sort.each do |url_prefix,worker_name| -%> -JkMount <%= url_prefix %> <%= worker_name %> -<% end -%> -<% end -%> -<% if @un_mount -%> -<% @un_mount.sort.each do |url_prefix,worker_name| -%> -JkUnMount <%= url_prefix %> <%= worker_name %> -<% end -%> -<% end -%> -<% if @auto_alias -%> -JkAutoAlias <%= @auto_alias %> -<% end -%> -<% if @mount_copy -%> -JkMountCopy <%= @mount_copy %> -<% end -%> -<% if @worker_indicator -%> -JkWorkerIndicator <%= @worker_indicator %> -<% end -%> -<% if @watchdog_interval -%> -JkWatchdogInterval <%= @watchdog_interval %> -<% end -%> -<% if @log_file -%> -JkLogFile <%= @log_file %> -<% end -%> -<% if @log_level -%> -JkLogLevel <%= @log_level %> -<% end -%> -<% if @log_stamp_format -%> -JkLogStampFormat <%= @log_stamp_format %> -<% end -%> -<% if @request_log_format -%> -JkRequestLogFormat <%= @request_log_format %> -<% end -%> -<% if @extract_ssl -%> -JkExtractSSL <%= @extract_ssl %> -<% end -%> -<% if @https_indicator -%> -JkHTTPSIndicator <%= @https_indicator %> -<% end -%> -<% if @sslprotocol_indicator -%> -JkSSLPROTOCOLIndicator <%= @sslprotocol_indicator %> -<% end -%> -<% if @certs_indicator -%> -JkCERTSIndicator <%= @certs_indicator %> -<% end -%> -<% if @cipher_indicator -%> -JkCIPHERIndicator <%= @cipher_indicator %> -<% end -%> -<% if @certchain_prefix -%> -JkCERTCHAINPrefix <%= @certchain_prefix %> -<% end -%> -<% if @session_indicator -%> -JkSESSIONIndicator <%= @session_indicator %> -<% end -%> -<% if @keysize_indicator -%> -JkKEYSIZEIndicator <%= @keysize_indicator %> -<% end -%> -<% if @local_name_indicator -%> -JkLocalNameIndicator <%= @local_name_indicator %> -<% end -%> -<% if @ignore_cl_indicator -%> -JkIgnoreCLIndicator <%= @ignore_cl_indicator %> -<% end -%> -<% if @local_addr_indicator -%> -JkLocalAddrIndicator <%= @local_addr_indicator %> -<% end -%> -<% if @local_port_indicator -%> -JkLocalPortIndicator <%= @local_port_indicator %> -<% end -%> -<% if @remote_host_indicator -%> -JkRemoteHostIndicator <%= @remote_host_indicator %> -<% end -%> -<% if @remote_addr_indicator -%> -JkRemoteAddrIndicator <%= @remote_addr_indicator %> -<% end -%> -<% if @remote_port_indicator -%> -JkRemotePortIndicator <%= @remote_port_indicator %> -<% end -%> -<% if @remote_user_indicator -%> -JkRemoteUserIndicator <%= @remote_user_indicator %> -<% end -%> -<% if @auth_type_indicator -%> -JkAuthTypeIndicator <%= @auth_type_indicator %> -<% end -%> -<% if @options -%> -<% @options.sort.each do |fwd_option| -%> -JkOptions <%= fwd_option %> -<% end -%> -<% end -%> -<% if @env_var -%> -<% @env_var.sort.each do |variable,value| -%> -JkEnvVar <%= variable %><% if not value.empty? -%> value<% end -%> -<% end -%> -<% end -%> -<% if @strip_session -%> -JkStripSession <%= @strip_session %> -<% end -%> + + <%- if @workers_file -%> + JkWorkersFile <%= @workers_file %> + <%- end -%> + <%- if @worker_property -%> + <%- @worker_property.sort.each do |property,value| -%> + JkWorkerProperty <%= property %>=<%= value %> + <%- end -%> + <%- end -%> + <%- if @shm_file -%> + JkShmFile <%= @shm_file %> + <%- end -%> + <%- if @shm_size -%> + JkShmSize <%= @shm_size %> + <%- end -%> + <%- if @mount_file -%> + JkMountFile <%= @mount_file %> + <%- end -%> + <%- if @mount_file_reload -%> + JkMountFileReload <%= @mount_file_reload %> + <%- end -%> + <%- if @mount -%> + <%- @mount.sort.each do |url_prefix,worker_name| -%> + JkMount <%= url_prefix %> <%= worker_name %> + <%- end -%> + <%- end -%> + <%- if @un_mount -%> + <%- @un_mount.sort.each do |url_prefix,worker_name| -%> + JkUnMount <%= url_prefix %> <%= worker_name %> + <%- end -%> + <%- end -%> + <%- if @auto_alias -%> + JkAutoAlias <%= @auto_alias %> + <%- end -%> + <%- if @mount_copy -%> + JkMountCopy <%= @mount_copy %> + <%- end -%> + <%- if @worker_indicator -%> + JkWorkerIndicator <%= @worker_indicator %> + <%- end -%> + <%- if @watchdog_interval -%> + JkWatchdogInterval <%= @watchdog_interval %> + <%- end -%> + <%- if @log_file -%> + JkLogFile <%= @log_file %> + <%- end -%> + <%- if @log_level -%> + JkLogLevel <%= @log_level %> + <%- end -%> + <%- if @log_stamp_format -%> + JkLogStampFormat <%= @log_stamp_format %> + <%- end -%> + <%- if @request_log_format -%> + JkRequestLogFormat <%= @request_log_format %> + <%- end -%> + <%- if @extract_ssl -%> + JkExtractSSL <%= @extract_ssl %> + <%- end -%> + <%- if @https_indicator -%> + JkHTTPSIndicator <%= @https_indicator %> + <%- end -%> + <%- if @sslprotocol_indicator -%> + JkSSLPROTOCOLIndicator <%= @sslprotocol_indicator %> + <%- end -%> + <%- if @certs_indicator -%> + JkCERTSIndicator <%= @certs_indicator %> + <%- end -%> + <%- if @cipher_indicator -%> + JkCIPHERIndicator <%= @cipher_indicator %> + <%- end -%> + <%- if @certchain_prefix -%> + JkCERTCHAINPrefix <%= @certchain_prefix %> + <%- end -%> + <%- if @session_indicator -%> + JkSESSIONIndicator <%= @session_indicator %> + <%- end -%> + <%- if @keysize_indicator -%> + JkKEYSIZEIndicator <%= @keysize_indicator %> + <%- end -%> + <%- if @local_name_indicator -%> + JkLocalNameIndicator <%= @local_name_indicator %> + <%- end -%> + <%- if @ignore_cl_indicator -%> + JkIgnoreCLIndicator <%= @ignore_cl_indicator %> + <%- end -%> + <%- if @local_addr_indicator -%> + JkLocalAddrIndicator <%= @local_addr_indicator %> + <%- end -%> + <%- if @local_port_indicator -%> + JkLocalPortIndicator <%= @local_port_indicator %> + <%- end -%> + <%- if @remote_host_indicator -%> + JkRemoteHostIndicator <%= @remote_host_indicator %> + <%- end -%> + <%- if @remote_addr_indicator -%> + JkRemoteAddrIndicator <%= @remote_addr_indicator %> + <%- end -%> + <%- if @remote_port_indicator -%> + JkRemotePortIndicator <%= @remote_port_indicator %> + <%- end -%> + <%- if @remote_user_indicator -%> + JkRemoteUserIndicator <%= @remote_user_indicator %> + <%- end -%> + <%- if @auth_type_indicator -%> + JkAuthTypeIndicator <%= @auth_type_indicator %> + <%- end -%> + <%- if @options -%> + <%- @options.sort.each do |fwd_option| -%> + JkOptions <%= fwd_option %> + <%- end -%> + <%- end -%> + <%- if @env_var -%> + <%- @env_var.sort.each do |variable,value| -%> + JkEnvVar <%= variable %><% if not value.empty? -%> value<% end -%> + <%- end -%> + <%- end -%> + <%- if @strip_session -%> + JkStripSession <%= @strip_session %> + <%- end -%> + From e4cb3b836d18c7c6d9c3c61bd898502e5dd6f7dc Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 17:55:44 -0300 Subject: [PATCH 1122/2267] Add "Location" tags in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 35f37f6023..5df4915ba9 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -120,4 +120,19 @@ <%- if @strip_session -%> JkStripSession <%= @strip_session %> <%- end -%> + <%- if @location_list -%> + <%- @location_list.each do |location_tag| -%> + + > + <%- if location_tag.has_key?('Comment') -%> + # <%= location_tag['Comment'] %> + <%- end -%> + <%- location_tag.each do |property,value| -%> + <%- if property != 'Comment' and property != 'Location' -%> + <%= property %> <%= value %> + <%- end -%> + <%- end -%> + + <%- end -%> + <%- end -%> From 658c74d58fab21449381503545e8ab73fa3a6272 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 17:56:09 -0300 Subject: [PATCH 1123/2267] Add comments on "Location" in template mod/jk.conf.erb --- templates/mod/jk.conf.erb | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 5df4915ba9..155552b85d 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -120,6 +120,35 @@ <%- if @strip_session -%> JkStripSession <%= @strip_session %> <%- end -%> + <%# -%> + <%# Global locations for mod_jk are defined in array location_list -%> + <%# Each array item is a hash with quoted* property name as key -%> + <%# and value as value itself -%> + <%# You can define a comment in a special 'comment' key -%> + <%# -%> + <%# Example: -%> + <%# -%> + <%# # Configures jkstatus -%> + <%# JkMount status -%> + <%# Order deny,allow -%> + <%# Deny from all -%> + <%# Allow from 127.0.0.1 -%> + <%# -%> + <%# -%> + <%# Is defined as: -%> + <%# location_list = [ -%> + <%# { -%> + <%# 'Location' => '/jkstatus/', -%> + <%# 'Comment' => 'Configures jkstatus', -%> + <%# 'JkMount' => 'status', -%> + <%# 'Order' => 'deny,allow', -%> + <%# 'Deny from' => 'all', -%> + <%# 'Allow from' => '127.0.0.1', -%> + <%# }, -%> + <%# ] -%> + <%# * Keys must be quoted to alow arbitrary case and/or multi-word keys -%> + <%# (BTW, note the case of 'Location' and 'Comment' keys) -%> + <%# -%> <%- if @location_list -%> <%- @location_list.each do |location_tag| -%> From 9348a159c769140690addab80b6374bd5dbe136b Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 17:56:54 -0300 Subject: [PATCH 1124/2267] Include location tags list in class apache::mod::jk --- manifests/mod/jk.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 3cc732a4df..6e86772f94 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -45,6 +45,9 @@ $options = [], $env_var = {}, $strip_session = undef, + # Location list + # See comments in template mod/jk.conf.erb + $location_list = [], # Workers file content # See comments in template mod/jk/workers.properties.erb $workers_file_content = [], From cf231f191c9ccd312cca2ab073d6e74d83e181f9 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 12 Jun 2017 17:57:07 -0300 Subject: [PATCH 1125/2267] Correct indentation in class apache::mod::jk --- manifests/mod/jk.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 6e86772f94..30dbbe7522 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -53,7 +53,7 @@ $workers_file_content = [], # Mount file content # See comments in template mod/jk/uriworkermap.properties.erb - $mount_file_content = [], + $mount_file_content = [], ){ include ::apache From 598271e24264797dbe643924a3d4095406324e5f Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 13 Jun 2017 16:19:34 -0300 Subject: [PATCH 1126/2267] Correct empty parameters in class apache::mod::jk --- manifests/mod/jk.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 30dbbe7522..e25a339fa3 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -50,10 +50,10 @@ $location_list = [], # Workers file content # See comments in template mod/jk/workers.properties.erb - $workers_file_content = [], + $workers_file_content = {}, # Mount file content # See comments in template mod/jk/uriworkermap.properties.erb - $mount_file_content = [], + $mount_file_content = {}, ){ include ::apache From 1837d885025e9f66e6bc3a1cc00333693735059b Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Thu, 22 Jun 2017 11:14:21 -0700 Subject: [PATCH 1127/2267] (MODULES-5121) Allow ssl.conf to have better defaults ssl.conf location must be maintained to avoid duplicate ssl.confs being created in both mod_dir and confd_dir on rhel7 package updates, and must also be based on the parameter values passed into the base apache class for custom directories. --- manifests/init.pp | 18 ++++++++- manifests/mod/ssl.pp | 2 +- manifests/params.pp | 5 --- spec/classes/mod/ssl_spec.rb | 72 +++++++++++++++++++++++++----------- 4 files changed, 68 insertions(+), 29 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index a6d4e41fce..298c0526c8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -69,7 +69,7 @@ $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, $log_formats = {}, - $ssl_file = $::apache::params::ssl_file, + $ssl_file = undef, $ports_file = $::apache::params::ports_file, $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, @@ -103,6 +103,22 @@ default => '(event|itk|prefork|worker)' } + if $::osfamily == 'RedHat' and $::apache::version::distrelease == '7' { + # On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir) + # when all other module configs live in /etc/httpd/conf.modules.d (the + # mod_dir). On all other platforms and versions, ssl.conf lives in the + # mod_dir. This should maintain the expected location of ssl.conf + $_ssl_file = $ssl_file ? { + undef => "${apache::confd_dir}/ssl.conf", + default => $ssl_file + } + } else { + $_ssl_file = $ssl_file ? { + undef => "${apache::mod_dir}/ssl.conf", + default => $ssl_file + } + } + if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans validate_re($mpm_module, $valid_mpms_re) } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index e48c2d40a3..341e7bf1de 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -118,7 +118,7 @@ # $_apache_version file { 'ssl.conf': ensure => file, - path => $::apache::ssl_file, + path => $::apache::_ssl_file, mode => $::apache::file_mode, content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], diff --git a/manifests/params.pp b/manifests/params.pp index 5864477a37..5fbc95e6ab 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -74,7 +74,6 @@ $vhost_dir = "${httpd_dir}/conf.d" $vhost_enable_dir = undef $conf_file = 'httpd.conf' - $ssl_file = "${confd_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = 'run/httpd.pid' $logroot = '/var/log/httpd' @@ -215,7 +214,6 @@ $vhost_dir = "${httpd_dir}/sites-available" $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'apache2.conf' - $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = "\${APACHE_PID_FILE}" $logroot = '/var/log/apache2' @@ -356,7 +354,6 @@ $vhost_dir = "${httpd_dir}/Vhosts" $vhost_enable_dir = undef $conf_file = 'httpd.conf' - $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = '/var/run/httpd.pid' $logroot = '/var/log/apache24' @@ -427,7 +424,6 @@ $vhost_dir = "${httpd_dir}/vhosts.d" $vhost_enable_dir = undef $conf_file = 'httpd.conf' - $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/apache2' $logroot_mode = undef @@ -496,7 +492,6 @@ $vhost_dir = "${httpd_dir}/sites-available" $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'httpd.conf' - $ssl_file = "${mod_dir}/ssl.conf" $ports_file = "${conf_dir}/ports.conf" $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 5b6f8abe4a..18816bbd9f 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -18,31 +18,59 @@ it { expect { catalogue }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } end - context 'on a RedHat OS' do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, - } - end - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_package('mod_ssl') } - context 'with a custom package_name parameter' do - let :params do - { :package_name => 'httpd24-mod_ssl' } + context 'on a RedHat' do + context '6 OS' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } end it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_package('httpd24-mod_ssl') } - it { is_expected.not_to contain_package('mod_ssl') } - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/cache/mod_ssl/scache$512000$"$})} + it { is_expected.to contain_package('mod_ssl') } + it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.d/ssl.conf') } + context 'with a custom package_name parameter' do + let :params do + { :package_name => 'httpd24-mod_ssl' } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_package('httpd24-mod_ssl') } + it { is_expected.not_to contain_package('mod_ssl') } + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/cache/mod_ssl/scache$512000$"$})} + end + end + context '7 OS with custom directories for PR#1635' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :pre_condition do + "class { 'apache': + confd_dir => '/etc/httpd/conf.puppet.d', + default_mods => false, + default_vhost => false, + mod_dir => '/etc/httpd/conf.modules.puppet.d', + vhost_dir => '/etc/httpd/conf.puppet.d', + }" + end + it { is_expected.to contain_package('mod_ssl') } + it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.puppet.d/ssl.conf') } end end From 95ed3396e6e2a0ae7c8e0213234e28819ff2c038 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Mon, 26 Jun 2017 13:56:13 -0700 Subject: [PATCH 1128/2267] (MODULES-5144) Prep for puppet 5 --- metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata.json b/metadata.json index fa59827e98..ab052dcc89 100644 --- a/metadata.json +++ b/metadata.json @@ -9,7 +9,7 @@ "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 4.12.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 5.0.0"} ], "data_provider": null, "operatingsystem_support": [ @@ -72,7 +72,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 5.0.0" + "version_requirement": ">= 4.7.0 < 6.0.0" } ], "description": "Module for Apache configuration" From 0d94a2db0bb2042ab86b883b9800ce53e2440e25 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 30 Jun 2017 17:44:49 -0300 Subject: [PATCH 1129/2267] Remove duplicated include from apache::mod::jk --- manifests/mod/jk.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index e25a339fa3..89a3388555 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -56,8 +56,6 @@ $mount_file_content = {}, ){ - include ::apache - # Provides important variables include ::apache # Manages basic module config From f1c0f2b1bc81fa8a0e74d67a96725c5c405088a5 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 30 Jun 2017 17:45:24 -0300 Subject: [PATCH 1130/2267] Include basic test spec for apache::mod::jk --- spec/classes/mod/jk_spec.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 spec/classes/mod/jk_spec.rb diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb new file mode 100644 index 0000000000..49d124cf21 --- /dev/null +++ b/spec/classes/mod/jk_spec.rb @@ -0,0 +1,16 @@ +require 'spec_helper' + +describe 'apache::mod::jk', :type => :class do + it_behaves_like 'a mod class, without including apache' + + it { is_expected.to compile } + it { is_expected.to create_class('apache::mod::jk') } + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_apache__mod('jk') } + it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( + :ensure => file, + :content => //), + :content => /<\/IfModule>/), + } + +end From fd88a5121f26b062611a12e819d2b88504e09577 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 30 Jun 2017 17:56:07 -0300 Subject: [PATCH 1131/2267] Correct typo in spec test for apache::mod::jk --- spec/classes/mod/jk_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 49d124cf21..39fa501b2b 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -9,8 +9,8 @@ it { is_expected.to contain_apache__mod('jk') } it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( :ensure => file, - :content => //), - :content => /<\/IfModule>/), - } + :content => //, + :content => /<\/IfModule>/, + )} end From 7f8bf4167ca6619b56ece832053fc4f84fed4b88 Mon Sep 17 00:00:00 2001 From: Richard Anderson Date: Mon, 3 Jul 2017 04:59:19 -0500 Subject: [PATCH 1132/2267] Fix single quoted string (#1623) single_quote_string_with_variables:ERROR:single quoted string containing a variable found --- examples/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/vhost.pp b/examples/vhost.pp index 28edf25cf0..440a56d4b0 100644 --- a/examples/vhost.pp +++ b/examples/vhost.pp @@ -165,7 +165,7 @@ { comment => 'Rewrite to lower case', rewrite_cond => ['%{REQUEST_URI} [A-Z]'], rewrite_map => ['lc int:tolower'], - rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + rewrite_rule => ["(.*) \${lc:\$1} [R=301,L]"], } ], } From 56a7d6dcbc919797fdd2ba187973f431bc156375 Mon Sep 17 00:00:00 2001 From: Diomidis Spinellis Date: Mon, 3 Jul 2017 13:10:20 +0300 Subject: [PATCH 1133/2267] MODULES-4946 Add HttpProtocolOptions support (#1629) --- README.md | 5 +++++ manifests/init.pp | 2 ++ manifests/params.pp | 5 +++++ manifests/vhost.pp | 18 ++++++++++++++++++ spec/acceptance/apache_parameters_spec.rb | 17 +++++++++++++++++ spec/defines/vhost_spec.rb | 3 +++ templates/httpd.conf.erb | 4 ++++ templates/vhost/_http_protocol_options.erb | 1 + 8 files changed, 55 insertions(+) mode change 100644 => 100755 README.md mode change 100644 => 100755 manifests/init.pp mode change 100644 => 100755 spec/acceptance/apache_parameters_spec.rb mode change 100644 => 100755 templates/httpd.conf.erb create mode 100644 templates/vhost/_http_protocol_options.erb diff --git a/README.md b/README.md old mode 100644 new mode 100755 index 0cae55acf0..c36821b5a2 --- a/README.md +++ b/README.md @@ -126,6 +126,7 @@ [`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage [Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html +[`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions [`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional [`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include @@ -998,6 +999,10 @@ Sets the Apache server's base configuration directory. This is useful for specia - **Gentoo**: `/etc/apache2` - **Red Hat**: `/etc/httpd` +##### http_protocol_options` + +Specifies the strictness of HTTP protocol checks. Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. Default '`Strict LenientMethods Allow0.9`'. + ##### `keepalive` Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'On'. diff --git a/manifests/init.pp b/manifests/init.pp old mode 100644 new mode 100755 index 298c0526c8..b07760b373 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -60,6 +60,7 @@ $manage_group = true, $user = $::apache::params::user, $group = $::apache::params::group, + $http_protocol_options = $::apache::params::http_protocol_options, $supplementary_groups = [], $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, @@ -333,6 +334,7 @@ # - $error_documents # - $error_documents_path # - $apxs_workaround + # - $http_protocol_options # - $keepalive # - $keepalive_timeout # - $max_keepalive_requests diff --git a/manifests/params.pp b/manifests/params.pp index 5fbc95e6ab..7bda90b8aa 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -144,6 +144,7 @@ 'nss' => 'libmodnss.so', } $conf_template = 'apache/httpd.conf.erb' + $http_protocol_options = undef $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 @@ -271,6 +272,7 @@ 'shib2' => $shib2_lib, } $conf_template = 'apache/httpd.conf.erb' + $http_protocol_options = undef $keepalive = 'Off' $keepalive_timeout = 15 $max_keepalive_requests = 100 @@ -396,6 +398,7 @@ $mod_libs = { } $conf_template = 'apache/httpd.conf.erb' + $http_protocol_options = undef $keepalive = 'Off' $keepalive_timeout = 15 $max_keepalive_requests = 100 @@ -463,6 +466,7 @@ $mod_libs = { } $conf_template = 'apache/httpd.conf.erb' + $http_protocol_options = undef $keepalive = 'Off' $keepalive_timeout = 15 $max_keepalive_requests = 100 @@ -529,6 +533,7 @@ 'php53' => '/usr/lib64/apache2/mod_php5.so', } $conf_template = 'apache/httpd.conf.erb' + $http_protocol_options = undef $keepalive = 'Off' $keepalive_timeout = 15 $max_keepalive_requests = 100 diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e28dff266d..4c143c0d1e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -64,6 +64,7 @@ $error_log_file = undef, $error_log_pipe = undef, $error_log_syslog = undef, + $http_protocol_options = undef, $modsec_audit_log = undef, $modsec_audit_log_file = undef, $modsec_audit_log_pipe = undef, @@ -187,6 +188,13 @@ validate_bool($ip_based) validate_bool($access_log) validate_bool($error_log) + if $http_protocol_options != undef { + validate_re($http_protocol_options, '^((Strict|Unsafe)?\s*(\b(RegisteredMethods|LenientMethods))?\s*(\b(Allow0\.9|Require1\.0))?)$', + "${http_protocol_options} is not supported for http_protocol_options. + Allowed value is any sequence of the following alternative values: + 'Strict' or Unsafe, 'RegisteredMethods' or 'LenientMethods', and + 'Allow0.9' or 'Require1.0'.") + } if $modsec_audit_log != undef { validate_bool($modsec_audit_log) } @@ -1156,6 +1164,16 @@ } } + # Template uses: + # - $http_protocol_options + if $http_protocol_options { + concat::fragment { "${name}-http_protocol_options": + target => "${priority_real}${filename}.conf", + order => 350, + content => template('apache/vhost/_http_protocol_options.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb old mode 100644 new mode 100755 index aa7a5c8b55..cc600f1cdd --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -237,6 +237,23 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end end + describe 'http_protocol_options' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" + apply_manifest(pp, :catch_failures => true) + end + end + + # Actually >= 2.4.24, but the minor version is not provided + if $apache_version >= '2.4' + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'HttpProtocolOptions Unsafe RegisteredMethods Require1.0' } + end + end + end + describe 'server_root' do describe 'setup' do it 'applies cleanly' do diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4796f0bf2a..3fcca3a6f3 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -407,6 +407,7 @@ 'krb_auth_realms' => ['EXAMPLE.ORG','EXAMPLE.NET'], 'krb_5keytab' => '/tmp/keytab5', 'krb_local_user_mapping' => 'off', + 'http_protocol_options' => 'Strict LenientMethods Allow0.9', 'keepalive' => 'on', 'keepalive_timeout' => '100', 'max_keepalive_requests' => '1000', @@ -617,6 +618,8 @@ :content => /^\s+KrbSaveCredentials\soff$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( :content => /^\s+KrbVerifyKDC\son$/)} + it { is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with( + :content => /^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( :content => /^\s+KeepAlive\son$/)} it { is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb old mode 100644 new mode 100755 index 4c22b17d77..c01859adeb --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -11,6 +11,10 @@ KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> LimitRequestFieldSize <%= @limitreqfieldsize %> +# Actually >= 2.4.24, but the minor version is not provided +<%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +HttpProtocolOptions <%= @http_protocol_options %> +<%- end -%> <%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> RewriteLock <%= @rewrite_lock %> diff --git a/templates/vhost/_http_protocol_options.erb b/templates/vhost/_http_protocol_options.erb new file mode 100644 index 0000000000..efad7e6d85 --- /dev/null +++ b/templates/vhost/_http_protocol_options.erb @@ -0,0 +1 @@ +HttpProtocolOptions <%= @http_protocol_options %> From d619dd71375e16da785811f32fa78b3b38232075 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 15:50:06 -0300 Subject: [PATCH 1134/2267] Include RHEL 6 context and facts required by included classes --- spec/classes/mod/jk_spec.rb | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 39fa501b2b..fcd439b4a9 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -3,14 +3,26 @@ describe 'apache::mod::jk', :type => :class do it_behaves_like 'a mod class, without including apache' - it { is_expected.to compile } - it { is_expected.to create_class('apache::mod::jk') } - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( - :ensure => file, - :content => //, - :content => /<\/IfModule>/, - )} + context "with only required facts and no parameters" do + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + } + end + + it { is_expected.to compile } + it { is_expected.to create_class('apache::mod::jk') } + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_apache__mod('jk') } + it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( + :ensure => file, + :content => //, + :content => /<\/IfModule>/, + )} + + end end From 1c2a3d84b9cdec7c254d8cc23b456c22bd42877b Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 16:13:15 -0300 Subject: [PATCH 1135/2267] Remove parameters from jk.conf file in mod::jk spec test --- spec/classes/mod/jk_spec.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index fcd439b4a9..e4e3dafdc6 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -17,11 +17,7 @@ it { is_expected.to create_class('apache::mod::jk') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( - :ensure => file, - :content => //, - :content => /<\/IfModule>/, - )} + it { is_expected.to contain_file('jk.conf') } end From 156a087ef4d82295f909cb1d4141d32c5ec64a39 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 16:15:36 -0300 Subject: [PATCH 1136/2267] Revert "Remove parameters from jk.conf file in mod::jk spec test" This reverts commit 1c2a3d84b9cdec7c254d8cc23b456c22bd42877b. --- spec/classes/mod/jk_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index e4e3dafdc6..fcd439b4a9 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -17,7 +17,11 @@ it { is_expected.to create_class('apache::mod::jk') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf') } + it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( + :ensure => file, + :content => //, + :content => /<\/IfModule>/, + )} end From 4b0b1c0f05f9c6a93c5d7bc5b9c37f921b7e6524 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 16:59:34 -0300 Subject: [PATCH 1137/2267] Add correctly quoted parameters for jk.conf file in mod::jk spec test --- spec/classes/mod/jk_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index fcd439b4a9..16d691a4c5 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -18,7 +18,7 @@ it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( - :ensure => file, + :ensure => 'file', :content => //, :content => /<\/IfModule>/, )} From 725b54cad64c847ef7027ce5310273d1b275a0bf Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 17:52:04 -0300 Subject: [PATCH 1138/2267] Include shared context in apache::mod::jk spec test --- spec/classes/mod/jk_spec.rb | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 16d691a4c5..7b59fc8349 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -3,6 +3,18 @@ describe 'apache::mod::jk', :type => :class do it_behaves_like 'a mod class, without including apache' + shared_examples 'minimal resources' do + it { is_expected.to compile } + it { is_expected.to create_class('apache::mod::jk') } + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_apache__mod('jk') } + it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( + :ensure => 'file', + :content => //, + :content => /<\/IfModule>/, + )} + end + context "with only required facts and no parameters" do let :facts do @@ -13,15 +25,7 @@ } end - it { is_expected.to compile } - it { is_expected.to create_class('apache::mod::jk') } - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( - :ensure => 'file', - :content => //, - :content => /<\/IfModule>/, - )} + it_behaves_like 'minimal resources' end From 7b246f954f041ec9b6ec5914669ddb6244292aa8 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 3 Jul 2017 17:52:31 -0300 Subject: [PATCH 1139/2267] Include compile deps test in apache::mod::jk spec test --- spec/classes/mod/jk_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 7b59fc8349..e8ef1ef21e 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -5,6 +5,7 @@ shared_examples 'minimal resources' do it { is_expected.to compile } + it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('apache::mod::jk') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } From cd3af621fb2124efa82942e0ba2537af2c75ea7e Mon Sep 17 00:00:00 2001 From: tphoney Date: Tue, 4 Jul 2017 13:51:27 +0100 Subject: [PATCH 1140/2267] (MODULES-4946) no tests HttpProtocolOptions ubuntu --- spec/acceptance/apache_parameters_spec.rb | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index cc600f1cdd..eb4eb27b4e 100755 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -238,18 +238,20 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } end describe 'http_protocol_options' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" - apply_manifest(pp, :catch_failures => true) + # Actually >= 2.4.24, but the minor version is not provided + # https://bugs.launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.15 + # basically older versions of the ubuntu package cause issues + if $apache_version >= '2.4' and fact('operatingsystem') != 'Ubuntu' + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" + apply_manifest(pp, :catch_failures => true) + end end - end - # Actually >= 2.4.24, but the minor version is not provided - if $apache_version >= '2.4' describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'HttpProtocolOptions Unsafe RegisteredMethods Require1.0' } + it { is_expected.to be_file } + it { is_expected.to contain 'HttpProtocolOptions Unsafe RegisteredMethods Require1.0' } end end end From 310f694a0c6d7aef9cab56948c10276dc3f22031 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 4 Jul 2017 13:25:27 -0300 Subject: [PATCH 1141/2267] Include multiple file lines check in apache::mod::jk spec test --- spec/classes/mod/jk_spec.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index e8ef1ef21e..8c04ec8d54 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -9,11 +9,8 @@ it { is_expected.to create_class('apache::mod::jk') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]').with( - :ensure => 'file', - :content => //, - :content => /<\/IfModule>/, - )} + it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]') } + verify_contents(catalogue, 'jk.conf', ['', '']) end context "with only required facts and no parameters" do From 11b47a0500bf023f18ded5435283ed4c04f4e3e8 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 4 Jul 2017 13:48:27 -0300 Subject: [PATCH 1142/2267] Move catalogue check from shared example in apache::mod::jk spec test --- spec/classes/mod/jk_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 8c04ec8d54..8d9f299b3f 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -10,7 +10,6 @@ it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]') } - verify_contents(catalogue, 'jk.conf', ['', '']) end context "with only required facts and no parameters" do @@ -24,6 +23,7 @@ end it_behaves_like 'minimal resources' + verify_contents(catalogue, 'jk.conf', ['', '']) end From 3903714b8e449b92b7f4b2535a55f14c6a409c34 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Tue, 4 Jul 2017 14:05:45 -0300 Subject: [PATCH 1143/2267] Move "verify_contents" to "it" block in mod::jk spec test --- spec/classes/mod/jk_spec.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 8d9f299b3f..af17f45be7 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -23,7 +23,9 @@ end it_behaves_like 'minimal resources' - verify_contents(catalogue, 'jk.conf', ['', '']) + it { + verify_contents(catalogue, 'jk.conf', ['', '']) + } end From a9247596c1444193f6a09b3f1eab60e8db1fca08 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 5 Jul 2017 09:54:44 +0100 Subject: [PATCH 1144/2267] (MODULES-4883) pairing down tests for sles --- spec/acceptance/apache_parameters_spec.rb | 4 +- spec/acceptance/default_mods_spec.rb | 64 ++++++++++++----------- spec/acceptance/mod_php_spec.rb | 2 +- 3 files changed, 36 insertions(+), 34 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index eb4eb27b4e..3a52bb3934 100755 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -240,8 +240,8 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } describe 'http_protocol_options' do # Actually >= 2.4.24, but the minor version is not provided # https://bugs.launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.15 - # basically older versions of the ubuntu package cause issues - if $apache_version >= '2.4' and fact('operatingsystem') != 'Ubuntu' + # basically versions of the ubuntu or sles apache package cause issue + if $apache_version >= '2.4' && (fact('operatingsystem') != 'Ubuntu' || fact('operatingsystem') != 'SLES') describe 'setup' do it 'applies cleanly' do pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index ab241e4551..35706c9a28 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -19,38 +19,40 @@ class { 'apache': end end - describe 'no default mods and failing' do - before :all do - pp = <<-PP - include apache::params - class { 'apache': default_mods => false, service_ensure => stopped, } - PP - apply_manifest(pp) - end - # Using puppet_apply as a helper - it 'should apply with errors' do - pp = <<-EOS - class { 'apache': - default_mods => false, - } - apache::vhost { 'defaults.example.com': - docroot => '#{$doc_root}/defaults', - aliases => { - alias => '/css', - path => '#{$doc_root}/css', - }, - directories => [ - { - 'path' => "#{$doc_root}/admin", - 'auth_basic_fake' => 'demo demopass', - } - ], - setenv => 'TEST1 one', - } - EOS + unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') + describe 'no default mods and failing' do + before :all do + pp = <<-PP + include apache::params + class { 'apache': default_mods => false, service_ensure => stopped, } + PP + apply_manifest(pp) + end + # Using puppet_apply as a helper + it 'should apply with errors' do + pp = <<-EOS + class { 'apache': + default_mods => false, + } + apache::vhost { 'defaults.example.com': + docroot => '#{$doc_root}/defaults', + aliases => { + alias => '/css', + path => '#{$doc_root}/css', + }, + directories => [ + { + 'path' => "#{$doc_root}/admin", + 'auth_basic_fake' => 'demo demopass', + } + ], + setenv => 'TEST1 one', + } + EOS - apply_manifest(pp, { :expect_failures => true }) - end + apply_manifest(pp, { :expect_failures => true }) + end + end describe service($service_name) do it { is_expected.not_to be_running } diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 45b901fae9..59be2baaa3 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' require_relative './version.rb' -unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemrelease') == '12.0') +unless (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12') describe 'apache::mod::php class' do context "default php config" do it 'succeeds in puppeting php' do From f7870c0117ccd8591725aecdd60ddae401cdf40d Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 6 Jul 2017 09:51:47 +0100 Subject: [PATCH 1145/2267] (MODULES-4883) clean os logic around test --- spec/acceptance/apache_parameters_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 3a52bb3934..2ba1a44529 100755 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -241,7 +241,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } # Actually >= 2.4.24, but the minor version is not provided # https://bugs.launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.15 # basically versions of the ubuntu or sles apache package cause issue - if $apache_version >= '2.4' && (fact('operatingsystem') != 'Ubuntu' || fact('operatingsystem') != 'SLES') + if $apache_version >= '2.4' && fact('operatingsystem') !~ /Ubuntu|SLES/ describe 'setup' do it 'applies cleanly' do pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" From 39f9d4ec418139b6b9c933794fef6e238d96c1e5 Mon Sep 17 00:00:00 2001 From: "Angel L. Mateo" Date: Thu, 6 Jul 2017 13:08:49 +0200 Subject: [PATCH 1146/2267] Don't install proxy_html package in ubuntu xenial In Ubuntu Xenial, proxy_html module is include in apache standard packages, so don't try to install it --- manifests/params.pp | 74 ++++++++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 25 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 7bda90b8aa..0682173415 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -231,34 +231,58 @@ if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) { # Only the major version is used here $php_version = '5' + $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'authnz_pam' => 'libapache2-mod-authnz-pam', + 'dav_svn' => 'libapache2-svn', + 'fastcgi' => 'libapache2-mod-fastcgi', + 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', + 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', + 'lookup_identity' => 'libapache2-mod-lookup-identity', + 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'phpXXX' => 'libapache2-mod-phpXXX', + 'proxy_html' => 'libapache2-mod-proxy-html', + 'python' => 'libapache2-mod-python', + 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', + 'shib2' => 'libapache2-mod-shib2', + 'suphp' => 'libapache2-mod-suphp', + 'wsgi' => 'libapache2-mod-wsgi', + 'xsendfile' => 'libapache2-mod-xsendfile', + } } else { # major.minor version used since Debian stretch and Ubuntu Xenial $php_version = '7.0' - } - $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-svn', - 'fastcgi' => 'libapache2-mod-fastcgi', - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', - 'lookup_identity' => 'libapache2-mod-lookup-identity', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'proxy_html' => 'libapache2-mod-proxy-html', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-modsecurity', - 'shib2' => 'libapache2-mod-shib2', - 'suphp' => 'libapache2-mod-suphp', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', + $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', + 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', + 'authnz_pam' => 'libapache2-mod-authnz-pam', + 'dav_svn' => 'libapache2-svn', + 'fastcgi' => 'libapache2-mod-fastcgi', + 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', + 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', + 'lookup_identity' => 'libapache2-mod-lookup-identity', + 'nss' => 'libapache2-mod-nss', + 'pagespeed' => 'mod-pagespeed-stable', + 'passenger' => 'libapache2-mod-passenger', + 'perl' => 'libapache2-mod-perl2', + 'phpXXX' => 'libapache2-mod-phpXXX', + 'python' => 'libapache2-mod-python', + 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', + 'shib2' => 'libapache2-mod-shib2', + 'suphp' => 'libapache2-mod-suphp', + 'wsgi' => 'libapache2-mod-wsgi', + 'xsendfile' => 'libapache2-mod-xsendfile', + } } $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' From ce8224a706e388bc62f05efdc47279d5e08831a9 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Thu, 6 Jul 2017 14:40:34 -0700 Subject: [PATCH 1147/2267] (MODULES-5187) mysnc puppet 5 and ruby 2.4 --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4981b25921..0c6f904c32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,10 +22,10 @@ matrix: script: bundle exec rake beaker services: docker sudo: required - - rvm: 2.3.1 + - rvm: 2.4.0 bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" - - rvm: 2.1.7 + env: PUPPET_GEM_VERSION="~> 5.0" + - rvm: 2.1.9 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 4.0" notifications: From c8328c3518877abaa5d821724ce2e6ecef5179ac Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 7 Jul 2017 16:56:13 -0300 Subject: [PATCH 1148/2267] Remove template mod/jk.conf.erb comment indentations from target file --- templates/mod/jk.conf.erb | 58 +++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 155552b85d..8a8a102706 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -120,35 +120,35 @@ <%- if @strip_session -%> JkStripSession <%= @strip_session %> <%- end -%> - <%# -%> - <%# Global locations for mod_jk are defined in array location_list -%> - <%# Each array item is a hash with quoted* property name as key -%> - <%# and value as value itself -%> - <%# You can define a comment in a special 'comment' key -%> - <%# -%> - <%# Example: -%> - <%# -%> - <%# # Configures jkstatus -%> - <%# JkMount status -%> - <%# Order deny,allow -%> - <%# Deny from all -%> - <%# Allow from 127.0.0.1 -%> - <%# -%> - <%# -%> - <%# Is defined as: -%> - <%# location_list = [ -%> - <%# { -%> - <%# 'Location' => '/jkstatus/', -%> - <%# 'Comment' => 'Configures jkstatus', -%> - <%# 'JkMount' => 'status', -%> - <%# 'Order' => 'deny,allow', -%> - <%# 'Deny from' => 'all', -%> - <%# 'Allow from' => '127.0.0.1', -%> - <%# }, -%> - <%# ] -%> - <%# * Keys must be quoted to alow arbitrary case and/or multi-word keys -%> - <%# (BTW, note the case of 'Location' and 'Comment' keys) -%> - <%# -%> + <%-# -%> + <%-# Global locations for mod_jk are defined in array location_list -%> + <%-# Each array item is a hash with quoted* property name as key -%> + <%-# and value as value itself -%> + <%-# You can define a comment in a special 'comment' key -%> + <%-# -%> + <%-# Example: -%> + <%-# -%> + <%-# # Configures jkstatus -%> + <%-# JkMount status -%> + <%-# Order deny,allow -%> + <%-# Deny from all -%> + <%-# Allow from 127.0.0.1 -%> + <%-# -%> + <%-# -%> + <%-# Is defined as: -%> + <%-# location_list = [ -%> + <%-# { -%> + <%-# 'Location' => '/jkstatus/', -%> + <%-# 'Comment' => 'Configures jkstatus', -%> + <%-# 'JkMount' => 'status', -%> + <%-# 'Order' => 'deny,allow', -%> + <%-# 'Deny from' => 'all', -%> + <%-# 'Allow from' => '127.0.0.1', -%> + <%-# }, -%> + <%-# ] -%> + <%-# * Keys must be quoted to allow arbitrary case and/or multi-word keys -%> + <%-# (BTW, note the case of 'Location' and 'Comment' keys) -%> + <%-# -%> <%- if @location_list -%> <%- @location_list.each do |location_tag| -%> From 0703f0c710368708e0d2a60fd7bd75fcfbf892a9 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 7 Jul 2017 16:56:52 -0300 Subject: [PATCH 1149/2267] Include necessary defaults for log and shared RAM files --- manifests/mod/jk.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 89a3388555..a1b29568be 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -11,7 +11,7 @@ class apache::mod::jk ( $workers_file = undef, $worker_property = {}, - $shm_file = undef, + $shm_file = "${::apache::logroot}/jk-runtime-status", $shm_size = undef, $mount_file = undef, $mount_file_reload = undef, @@ -21,7 +21,7 @@ $mount_copy = undef, $worker_indicator = undef, $watchdog_interval = undef, - $log_file = undef, + $log_file = "${::apache::logroot}/mod_jk.log", $log_level = undef, $log_stamp_format = undef, $request_log_format = undef, From bf7f6028b04fafc0e8e4be0a705c9a44a3350340 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 7 Jul 2017 17:36:41 -0300 Subject: [PATCH 1150/2267] Mock inherited parameters in spec test for mod::jk --- spec/classes/mod/jk_spec.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index af17f45be7..45874eb321 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -22,6 +22,13 @@ } end + let :params do + { + :log_file => '/var/log/httpd/mod_jk.log', + :shm_file => '/var/log/httpd/jk-runtime-status', + } + end + it_behaves_like 'minimal resources' it { verify_contents(catalogue, 'jk.conf', ['', '']) From cc0c87c000ddb0fbfc2d57716551ec546b9c89e3 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 7 Jul 2017 17:48:55 -0300 Subject: [PATCH 1151/2267] Use precondition to inherit params in spec test for mod::jk --- spec/classes/mod/jk_spec.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 45874eb321..5a67345ef3 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -22,11 +22,8 @@ } end - let :params do - { - :log_file => '/var/log/httpd/mod_jk.log', - :shm_file => '/var/log/httpd/jk-runtime-status', - } + let(:pre_condition) do + 'include apache' end it_behaves_like 'minimal resources' From 26bf77e9fbab2d3d8b177eab2a01bf82495e182f Mon Sep 17 00:00:00 2001 From: TP Honey Date: Mon, 10 Jul 2017 16:29:32 +0100 Subject: [PATCH 1152/2267] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index e2f208cf9a..6ea11d0a42 100644 --- a/README.md +++ b/README.md @@ -2400,7 +2400,6 @@ Sets the [`ForceType`][] directive, which forces Apache to serve all matching fi Lets Apache set custom content character sets per directory and/or file extension - ##### `headers` Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Valid options: A string, an array of strings, or undef. Default: undef. From f1d08ac4cea76e8288ffd0a706f91410df9b7e36 Mon Sep 17 00:00:00 2001 From: CA App Synthetic Monitor Date: Mon, 10 Jul 2017 17:34:19 +0200 Subject: [PATCH 1153/2267] When absolute path is specified for access_log_file/error_log_file, don't prepend logbase (#1633) * When absolute path is specified for access_log_file/error_log_file, don't prepend logbase --- manifests/vhost.pp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4c143c0d1e..9e925ca800 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -400,7 +400,12 @@ if $access_log and !$access_logs { if $access_log_file { - $_logs_dest = "${logroot}/${access_log_file}" + if $access_log_file =~ /^\// { + # Absolute path provided - don't prepend $logroot + $_logs_dest = $access_log_file + } else { + $_logs_dest = "${logroot}/${access_log_file}" + } } elsif $access_log_pipe { $_logs_dest = $access_log_pipe } elsif $access_log_syslog { @@ -423,7 +428,12 @@ } if $error_log_file { - $error_log_destination = "${logroot}/${error_log_file}" + if $error_log_file =~ /^\// { + # Absolute path provided - don't prepend $logroot + $error_log_destination = $error_log_file + } else { + $error_log_destination = "${logroot}/${error_log_file}" + } } elsif $error_log_pipe { $error_log_destination = $error_log_pipe } elsif $error_log_syslog { From a5f3bf2477ddfb391447c55e5e0b3cd4f87540d9 Mon Sep 17 00:00:00 2001 From: Matthew Gyurgyik Date: Mon, 10 Jul 2017 11:41:58 -0400 Subject: [PATCH 1154/2267] ensure installed for package mod_security_crs (#1594) --- manifests/mod/security.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 4fab446500..ce057a554f 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -53,7 +53,7 @@ if $crs_package { package { $crs_package: - ensure => 'latest', + ensure => 'installed', before => [ File[$::apache::confd_dir], File[$modsec_dir], From c5cb0f841a3dde1a7b8644b6771a4d23874aaf98 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 12 Jul 2017 13:37:42 -0700 Subject: [PATCH 1155/2267] (MODULES-4404) remove params from apache class doc parameters loadfile_name, ssl_stapling, and ssl_stapling_return_errors are all valid parameters but none of them are in the apache class as is claimed in the README. this commit removes them. --- README.md | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/README.md b/README.md index 297c758c20..7402de419a 100755 --- a/README.md +++ b/README.md @@ -1029,12 +1029,6 @@ Specifies the location where [Apache module][Apache modules] files are stored. D > **Note**: Do not configure this parameter manually without special reason. -##### `loadfile_name` - -Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. - -This can be used to set the module load order. - ##### `log_level` Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. @@ -1211,18 +1205,6 @@ Determines whether Puppet should use a specific command to restart the HTTPD ser Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). Default: undef. It is possible to override this on a vhost level. -##### `ssl_stapling` - -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Valid options: Boolean. Default: false. It is possible to override this on a vhost level. - -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. - -##### `ssl_stapling_return_errors` - -Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. No default. It is possible to override this on a vhost level. - -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. - ##### `timeout` Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Default: 120. From cc59a4bf56a6dd303320efebd3da6903ccab1d5f Mon Sep 17 00:00:00 2001 From: Jennifer Solman Date: Wed, 12 Jul 2017 16:26:52 -0700 Subject: [PATCH 1156/2267] (MODULES-2808) documented mod_nss added entry in README for mod_nss module --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 297c758c20..6e413e4fac 100755 --- a/README.md +++ b/README.md @@ -1781,6 +1781,17 @@ Installs and configures [`mod_negotiation`][]. - `force_language_priority`: Sets the `ForceLanguagePriority` option. Valid option: String. Default: `Prefer Fallback`. - `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] +##### Class: `apache::mod::nss` + +An SSL provider for Apache using the NSS crypto libraries + +**Parameters within `apache::mod::nss`:** + +- `transfer_log`: path to access.log +- `error_log`: path to error.log +- `passwd_file`: path to file used for NSSPassPhraseDialog directive +- `port`: SSL port. Defaults to 8443 + ##### Class: `apache::mod::pagespeed` Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth. From 7df1777bd9797e73c769c3a37591d626cbe61569 Mon Sep 17 00:00:00 2001 From: Jennifer Solman Date: Thu, 13 Jul 2017 15:14:59 -0700 Subject: [PATCH 1157/2267] (MODULES-2808) documentation added "(see [`apache::mod::nss`][])" note to entry in modules list --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e413e4fac..951e978f4f 100755 --- a/README.md +++ b/README.md @@ -1420,7 +1420,7 @@ The following Apache modules have supported classes, many of which allow for par * `mime` * `mime_magic`\* * `negotiation` -* `nss`\* +* `nss`\* (see [`apache::mod::nss`][]) * `pagespeed` (see [`apache::mod::pagespeed`][]) * `passenger`\* (see [`apache::mod::passenger`][]) * `perl` From 83d51d8e9d6d7706bd27e5a95a07205efdc87960 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:57:25 +0200 Subject: [PATCH 1158/2267] bump stdlib to 4.13.1 to get datatypes --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index ab052dcc89..12d26bf58e 100644 --- a/metadata.json +++ b/metadata.json @@ -8,7 +8,7 @@ "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 4.12.0 < 5.0.0"}, + {"name":"puppetlabs/stdlib","version_requirement":">= 4.13.1 < 5.0.0"}, {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 5.0.0"} ], "data_provider": null, From 109731afb92cbe54ac62ee92bc4a0ce8423c0db2 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:58:19 +0200 Subject: [PATCH 1159/2267] bump to minimal recommended concat version --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 12d26bf58e..2cc613e014 100644 --- a/metadata.json +++ b/metadata.json @@ -9,7 +9,7 @@ "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 4.13.1 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 5.0.0"} + {"name":"puppetlabs/concat","version_requirement":">= 2.2.1 < 5.0.0"} ], "data_provider": null, "operatingsystem_support": [ From 3c8d106e1f9c08b990f8a1b0d4ce25d4ed6fdab7 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 22:13:10 +0200 Subject: [PATCH 1160/2267] replace validate_* with datatypes in service.pp --- manifests/service.pp | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/manifests/service.pp b/manifests/service.pp index f90097d0bb..ff082dccbf 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -17,19 +17,17 @@ # # class apache::service ( - $service_name = $::apache::params::service_name, - $service_enable = true, - $service_ensure = 'running', - $service_manage = true, - $service_restart = undef + $service_name = $::apache::params::service_name, + Boolean $service_enable = true, + $service_ensure = 'running', + Boolean $service_manage = true, + $service_restart = undef ) { + # The base class must be included first because parameter defaults depend on it if ! defined(Class['apache::params']) { fail('You must include the apache::params class before using any apache defined resources') } - validate_bool($service_enable) - validate_bool($service_manage) - case $service_ensure { true, false, 'running', 'stopped': { $_service_ensure = $service_ensure From 2f299ecca96b9714f2fbb94722e0baa6c1708205 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 22:14:45 +0200 Subject: [PATCH 1161/2267] replace validate_* with datatypes in ldap.pp --- manifests/mod/authnz_ldap.pp | 7 ++++--- manifests/mod/ldap.pp | 22 ++++++++++------------ 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 033c1be514..0451a7150c 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,9 +1,10 @@ # lint:ignore:variable_is_lowercase required for compatibility class apache::mod::authnz_ldap ( - $verify_server_cert = true, - $verifyServerCert = undef, - $package_name = undef, + Boolean $verify_server_cert = true, + $verifyServerCert = undef, + $package_name = undef, ) { + include ::apache include '::apache::mod::ldap' ::apache::mod { 'authnz_ldap': diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index c3fbb2611c..3e51592227 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -1,19 +1,17 @@ class apache::mod::ldap ( - $apache_version = undef, - $package_name = undef, - $ldap_trusted_global_cert_file = undef, - $ldap_trusted_global_cert_type = 'CA_BASE64', - $ldap_shared_cache_size = undef, - $ldap_cache_entries = undef, - $ldap_cache_ttl = undef, - $ldap_opcache_entries = undef, - $ldap_opcache_ttl = undef, + $apache_version = undef, + $package_name = undef, + $ldap_trusted_global_cert_file = undef, + Optional[String] $ldap_trusted_global_cert_type = 'CA_BASE64', + $ldap_shared_cache_size = undef, + $ldap_cache_entries = undef, + $ldap_cache_ttl = undef, + $ldap_opcache_entries = undef, + $ldap_opcache_ttl = undef, ){ + include ::apache $_apache_version = pick($apache_version, $apache::apache_version) - if ($ldap_trusted_global_cert_file) { - validate_string($ldap_trusted_global_cert_type) - } ::apache::mod { 'ldap': package => $package_name, } From edcb5ebc1e202054319c942a985c25060b25415c Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 22:15:37 +0200 Subject: [PATCH 1162/2267] replace validate_* with datatypes in passenger.pp --- manifests/mod/passenger.pp | 60 ++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 35b4eff22d..e8a0d999b4 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,40 +1,38 @@ class apache::mod::passenger ( - $passenger_conf_file = $::apache::params::passenger_conf_file, - $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, - $passenger_high_performance = undef, - $passenger_pool_idle_time = undef, - $passenger_max_request_queue_size = undef, - $passenger_max_requests = undef, - $passenger_spawn_method = undef, - $passenger_stat_throttle_rate = undef, - $rack_autodetect = undef, - $rails_autodetect = undef, - $passenger_root = $::apache::params::passenger_root, - $passenger_ruby = $::apache::params::passenger_ruby, - $passenger_default_ruby = $::apache::params::passenger_default_ruby, - $passenger_max_pool_size = undef, - $passenger_min_instances = undef, - $passenger_max_instances_per_app = undef, - $passenger_use_global_queue = undef, - $passenger_app_env = undef, - $passenger_log_file = undef, - $passenger_log_level = undef, - $passenger_data_buffer_dir = undef, - $manage_repo = true, - $mod_package = undef, - $mod_package_ensure = undef, - $mod_lib = undef, - $mod_lib_path = undef, - $mod_id = undef, - $mod_path = undef, + $passenger_conf_file = $::apache::params::passenger_conf_file, + $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, + $passenger_high_performance = undef, + $passenger_pool_idle_time = undef, + $passenger_max_request_queue_size = undef, + $passenger_max_requests = undef, + Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef, + $passenger_stat_throttle_rate = undef, + $rack_autodetect = undef, + $rails_autodetect = undef, + $passenger_root = $::apache::params::passenger_root, + $passenger_ruby = $::apache::params::passenger_ruby, + $passenger_default_ruby = $::apache::params::passenger_default_ruby, + $passenger_max_pool_size = undef, + $passenger_min_instances = undef, + $passenger_max_instances_per_app = undef, + $passenger_use_global_queue = undef, + $passenger_app_env = undef, + Optional[Stdlib::Absoluteppath] $passenger_log_file = undef, + $passenger_log_level = undef, + $passenger_data_buffer_dir = undef, + $manage_repo = true, + $mod_package = undef, + $mod_package_ensure = undef, + $mod_lib = undef, + $mod_lib_path = undef, + $mod_id = undef, + $mod_path = undef, ) inherits ::apache::params { + include ::apache if $passenger_spawn_method { validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") } - if $passenger_log_file { - validate_absolute_path($passenger_log_file) - } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { From 10b326c79d5f6386a939efebedaf37456dee60be Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 22:18:04 +0200 Subject: [PATCH 1163/2267] replace validate_* with datatypes in status.pp --- manifests/mod/status.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index d30a690de8..c1f92d8e94 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -26,14 +26,14 @@ # } # class apache::mod::status ( - $allow_from = ['127.0.0.1','::1'], - $extended_status = 'On', - $apache_version = undef, - $status_path = '/server-status', + Array $allow_from = ['127.0.0.1','::1'], + $extended_status = 'On', + $apache_version = undef, + $status_path = '/server-status', ) inherits ::apache::params { + include ::apache $_apache_version = pick($apache_version, $apache::apache_version) - validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } # Template uses $allow_from, $extended_status, $_apache_version, $status_path From 8f995e6076e946a23c27f4740a017c0c85fe8cea Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:40:05 +0200 Subject: [PATCH 1164/2267] replace validate_* with datatypes in php.pp --- manifests/mod/php.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 9b3b5b8b6c..e087e4b3e5 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -1,14 +1,15 @@ class apache::mod::php ( - $package_name = undef, - $package_ensure = 'present', - $path = undef, - $extensions = ['.php'], - $content = undef, - $template = 'apache/mod/php.conf.erb', - $source = undef, - $root_group = $::apache::params::root_group, - $php_version = $::apache::params::php_version, + $package_name = undef, + $package_ensure = 'present', + $path = undef, + Array $extensions = ['.php'], + $content = undef, + $template = 'apache/mod/php.conf.erb', + $source = undef, + $root_group = $::apache::params::root_group, + $php_version = $::apache::params::php_version, ) inherits apache::params { + include ::apache $mod = "php${php_version}" @@ -21,7 +22,6 @@ else { fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']') } - validate_array($extensions) if $source and ($content or $template != 'apache/mod/php.conf.erb') { warning('source and content or template parameters are provided. source parameter will be used') From bb2320d2f2da58c0d1cef3f63df66d134d171dcb Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:41:03 +0200 Subject: [PATCH 1165/2267] replace validate_* with datatypes in custom_config.pp --- manifests/custom_config.pp | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 188f3ba820..6bffa05c7f 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -1,13 +1,13 @@ # See README.md for usage information define apache::custom_config ( - $ensure = 'present', - $confdir = $::apache::confd_dir, - $content = undef, - $priority = '25', - $source = undef, - $verify_command = $::apache::params::verify_command, - $verify_config = true, - $filename = undef, + Enum['absent', 'present'] $ensure = 'present', + $confdir = $::apache::confd_dir, + $content = undef, + $priority = '25', + $source = undef, + $verify_command = $::apache::params::verify_command, + Boolean $verify_config = true, + $filename = undef, ) { if $content and $source { @@ -18,12 +18,6 @@ fail('One of $content and $source must be specified.') } - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. - Allowed values are 'present' and 'absent'.") - - validate_bool($verify_config) - if $filename { $_filename = $filename } else { From 4ea09787bb34ea40f7e8b1f86e7b8c3beb6fb5f6 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:44:01 +0200 Subject: [PATCH 1166/2267] replace validate_* with datatypes in ext_filter.pp --- manifests/mod/ext_filter.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp index aa14c10259..11550320c2 100644 --- a/manifests/mod/ext_filter.pp +++ b/manifests/mod/ext_filter.pp @@ -1,10 +1,7 @@ class apache::mod::ext_filter( - $ext_filter_define = undef + Optional[Hash] $ext_filter_define = undef ) { include ::apache - if $ext_filter_define { - validate_hash($ext_filter_define) - } ::apache::mod { 'ext_filter': } From a70b40025c18aa2d35044c04fe82ef3b6aa0776f Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:44:48 +0200 Subject: [PATCH 1167/2267] replace validate_* with datatypes in authnz_ldap.pp --- manifests/mod/authnz_ldap.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 0451a7150c..d18de0e30e 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -18,8 +18,6 @@ $_verify_server_cert = $verify_server_cert } - validate_bool($_verify_server_cert) - # Template uses: # - $_verify_server_cert file { 'authnz_ldap.conf': From 5fdf7ea91456a2e5167c91ce806fe297dd13ef19 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:45:35 +0200 Subject: [PATCH 1168/2267] replace validate_* with datatypes in dir.pp --- manifests/mod/dir.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index e41aa86ad6..3c994d3e13 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -2,10 +2,10 @@ # Parameters: # - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex class apache::mod::dir ( - $dir = 'public_html', - $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], + $dir = 'public_html', + Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], ) { - validate_array($indexes) + include ::apache ::apache::mod { 'dir': } From 22cef0d29476c8afd0cb844fb19aeca50f3585df Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:48:18 +0200 Subject: [PATCH 1169/2267] replace validate_* with datatypes in proxy_balancer.pp --- manifests/mod/proxy_balancer.pp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp index fdb4b831ad..dbc86df427 100644 --- a/manifests/mod/proxy_balancer.pp +++ b/manifests/mod/proxy_balancer.pp @@ -1,12 +1,9 @@ class apache::mod::proxy_balancer( - $manager = false, - $manager_path = '/balancer-manager', - $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, + Boolean $manager = false, + Stdlib::Absolutepath $manager_path = '/balancer-manager', + Array $allow_from = ['127.0.0.1','::1'], + $apache_version = $::apache::apache_version, ) { - validate_bool($manager) - validate_string($manager_path) - validate_array($allow_from) include ::apache::mod::proxy include ::apache::mod::proxy_http From 2de8fc77c4ece09db197624762088dcdd0cef8d5 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:50:45 +0200 Subject: [PATCH 1170/2267] replace validate_* with datatypes in ssl.pp --- manifests/mod/ssl.pp | 48 ++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 29 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 341e7bf1de..d27b6b8eeb 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,23 +1,24 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_cryptodevice = 'builtin', - $ssl_options = [ 'StdEnvVars' ], - $ssl_openssl_conf_cmd = undef, - $ssl_ca = undef, - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', - $ssl_honorcipherorder = true, - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - $ssl_proxy_protocol = [], - $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seed_bytes = '512', - $ssl_sessioncache = $::apache::params::ssl_sessioncache, - $ssl_sessioncachetimeout = '300', - $ssl_stapling = false, - $ssl_stapling_return_errors = undef, - $ssl_mutex = undef, - $apache_version = undef, - $package_name = undef, + Boolean $ssl_compression = false, + $ssl_cryptodevice = 'builtin', + $ssl_options = [ 'StdEnvVars' ], + $ssl_openssl_conf_cmd = undef, + $ssl_ca = undef, + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', + Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true, + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + Array $ssl_proxy_protocol = [], + $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', + String $ssl_sessioncache = $::apache::params::ssl_sessioncache, + $ssl_sessioncachetimeout = '300', + Boolean $ssl_stapling = false, + Optional[Boolean] $ssl_stapling_return_errors = undef, + $ssl_mutex = undef, + $apache_version = undef, + $package_name = undef, ) inherits ::apache::params { + include ::apache include ::apache::mod::mime $_apache_version = pick($apache_version, $apache::apache_version) @@ -52,11 +53,6 @@ } } - validate_bool($ssl_compression) - - validate_array($ssl_proxy_protocol) - validate_string($ssl_sessioncache) - if is_bool($ssl_honorcipherorder) { $_ssl_honorcipherorder = $ssl_honorcipherorder } else { @@ -67,12 +63,6 @@ } } - validate_bool($ssl_stapling) - - if $ssl_stapling_return_errors != undef { - validate_bool($ssl_stapling_return_errors) - } - $stapling_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ocsp(32768)", 'redhat' => '/run/httpd/ssl_stapling(32768)', From 5384437ee4c46778fc9e7cbc32780e362ad66459 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:51:49 +0200 Subject: [PATCH 1171/2267] replace validate_* with datatypes in auth_cas.pp --- manifests/mod/auth_cas.pp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp index 673cfb103d..00de62242a 100644 --- a/manifests/mod/auth_cas.pp +++ b/manifests/mod/auth_cas.pp @@ -1,7 +1,7 @@ class apache::mod::auth_cas ( - $cas_login_url, - $cas_validate_url, - $cas_cookie_path = $::apache::params::cas_cookie_path, + String $cas_login_url, + String $cas_validate_url, + String $cas_cookie_path = $::apache::params::cas_cookie_path, $cas_cookie_path_mode = '0750', $cas_version = 2, $cas_debug = 'Off', @@ -25,8 +25,6 @@ $suppress_warning = false, ) inherits ::apache::params { - validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) - if $::osfamily == 'RedHat' and ! $suppress_warning { warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') } From 77182ad43df79e01bcb4e6934d0e1f131aa30f3e Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:53:15 +0200 Subject: [PATCH 1172/2267] replace validate_* with datatypes in dumpio.pp --- manifests/mod/dumpio.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/manifests/mod/dumpio.pp b/manifests/mod/dumpio.pp index 62276162d3..c79f6da38c 100644 --- a/manifests/mod/dumpio.pp +++ b/manifests/mod/dumpio.pp @@ -1,10 +1,8 @@ class apache::mod::dumpio( - $dump_io_input = 'Off', - $dump_io_output = 'Off', + Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off', + Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off', ) { include ::apache - validate_re(downcase($dump_io_input), '^(on|off)$', "${dump_io_input} is not supported for dump_io_input. Allowed values are 'On' and 'Off'.") - validate_re(downcase($dump_io_output), '^(on|off)$', "${dump_io_output} is not supported for dump_io_output. Allowed values are 'On' and 'Off'.") ::apache::mod { 'dumpio': } file{'dumpio.conf': From 70fcc3d70a2c07059293b3c61481fd76707b8fed Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:54:07 +0200 Subject: [PATCH 1173/2267] replace validate_* with datatypes in status.pp --- manifests/mod/status.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index c1f92d8e94..54d0d88871 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -26,15 +26,14 @@ # } # class apache::mod::status ( - Array $allow_from = ['127.0.0.1','::1'], - $extended_status = 'On', - $apache_version = undef, - $status_path = '/server-status', + Array $allow_from = ['127.0.0.1','::1'], + Enum['On', 'Off', 'on', 'off'] $extended_status = 'On', + $apache_version = undef, + $status_path = '/server-status', ) inherits ::apache::params { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) - validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } # Template uses $allow_from, $extended_status, $_apache_version, $status_path file { 'status.conf': From 9fb5f79bbe03379b291e35c660ef1cc5ad9f3b54 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 11 May 2017 23:55:52 +0200 Subject: [PATCH 1174/2267] replace validate_* with datatypes in passenger.pp --- manifests/mod/passenger.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e8a0d999b4..3b17d3db3e 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -17,7 +17,7 @@ $passenger_max_instances_per_app = undef, $passenger_use_global_queue = undef, $passenger_app_env = undef, - Optional[Stdlib::Absoluteppath] $passenger_log_file = undef, + Optional[Stdlib::Absolutepath] $passenger_log_file = undef, $passenger_log_level = undef, $passenger_data_buffer_dir = undef, $manage_repo = true, @@ -30,9 +30,6 @@ ) inherits ::apache::params { include ::apache - if $passenger_spawn_method { - validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") - } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { From 0e5af25d81cb60bc0311eadcc3c9d42b47036907 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 12 May 2017 00:27:50 +0200 Subject: [PATCH 1175/2267] replace validate_* with datatypes in init.pp --- manifests/init.pp | 170 +++++++++++++++++++++------------------------- 1 file changed, 76 insertions(+), 94 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b07760b373..94f4cd5a09 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,91 +13,83 @@ # Sample Usage: # class apache ( - $apache_name = $::apache::params::apache_name, - $service_name = $::apache::params::service_name, - $default_mods = true, - $default_vhost = true, - $default_charset = undef, - $default_confd_files = true, - $default_ssl_vhost = false, - $default_ssl_cert = $::apache::params::default_ssl_cert, - $default_ssl_key = $::apache::params::default_ssl_key, - $default_ssl_chain = undef, - $default_ssl_ca = undef, - $default_ssl_crl_path = undef, - $default_ssl_crl = undef, - $default_ssl_crl_check = undef, - $default_type = 'none', - $dev_packages = $::apache::params::dev_packages, - $ip = undef, - $service_enable = true, - $service_manage = true, - $service_ensure = 'running', - $service_restart = undef, - $purge_configs = true, - $purge_vhost_dir = undef, - $purge_vdir = false, - $serveradmin = 'root@localhost', - $sendfile = 'On', - $error_documents = false, - $timeout = '120', - $httpd_dir = $::apache::params::httpd_dir, - $server_root = $::apache::params::server_root, - $conf_dir = $::apache::params::conf_dir, - $confd_dir = $::apache::params::confd_dir, - $vhost_dir = $::apache::params::vhost_dir, - $vhost_enable_dir = $::apache::params::vhost_enable_dir, - $vhost_include_pattern = $::apache::params::vhost_include_pattern, - $mod_dir = $::apache::params::mod_dir, - $mod_enable_dir = $::apache::params::mod_enable_dir, - $mpm_module = $::apache::params::mpm_module, - $lib_path = $::apache::params::lib_path, - $conf_template = $::apache::params::conf_template, - $servername = $::apache::params::servername, - $pidfile = $::apache::params::pidfile, - $rewrite_lock = undef, - $manage_user = true, - $manage_group = true, - $user = $::apache::params::user, - $group = $::apache::params::group, - $http_protocol_options = $::apache::params::http_protocol_options, - $supplementary_groups = [], - $keepalive = $::apache::params::keepalive, - $keepalive_timeout = $::apache::params::keepalive_timeout, - $max_keepalive_requests = $::apache::params::max_keepalive_requests, - $limitreqfieldsize = '8190', - $logroot = $::apache::params::logroot, - $logroot_mode = $::apache::params::logroot_mode, - $log_level = $::apache::params::log_level, - $log_formats = {}, - $ssl_file = undef, - $ports_file = $::apache::params::ports_file, - $docroot = $::apache::params::docroot, - $apache_version = $::apache::version::default, - $server_tokens = 'OS', - $server_signature = 'On', - $trace_enable = 'On', - $allow_encoded_slashes = undef, - $file_e_tag = undef, - $package_ensure = 'installed', - $use_optional_includes = $::apache::params::use_optional_includes, - $use_systemd = $::apache::params::use_systemd, - $mime_types_additional = $::apache::params::mime_types_additional, - $file_mode = $::apache::params::file_mode, - $root_directory_options = $::apache::params::root_directory_options, - $root_directory_secured = false, - $error_log = $::apache::params::error_log, - $scriptalias = $::apache::params::scriptalias, - $access_log_file = $::apache::params::access_log_file, + $apache_name = $::apache::params::apache_name, + $service_name = $::apache::params::service_name, + $default_mods = true, + Boolean $default_vhost = true, + $default_charset = undef, + Boolean $default_confd_files = true, + Boolean $default_ssl_vhost = false, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $default_ssl_crl_check = undef, + $default_type = 'none', + $dev_packages = $::apache::params::dev_packages, + $ip = undef, + Boolean $service_enable = true, + Boolean $service_manage = true, + $service_ensure = 'running', + $service_restart = undef, + $purge_configs = true, + $purge_vhost_dir = undef, + $purge_vdir = false, + $serveradmin = 'root@localhost', + $sendfile = 'On', + $error_documents = false, + $timeout = '120', + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, + $confd_dir = $::apache::params::confd_dir, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $vhost_include_pattern = $::apache::params::vhost_include_pattern, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $lib_path = $::apache::params::lib_path, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, + $pidfile = $::apache::params::pidfile, + Optional[Stdlib::Absolutepath] $rewrite_lock = undef, + Boolean $manage_user = true, + Boolean $manage_group = true, + $user = $::apache::params::user, + $group = $::apache::params::group, + $http_protocol_options = $::apache::params::http_protocol_options, + $supplementary_groups = [], + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, + $max_keepalive_requests = $::apache::params::max_keepalive_requests, + $limitreqfieldsize = '8190', + $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, + $log_level = $::apache::params::log_level, + $log_formats = {}, + $ssl_file = undef, + $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, + $apache_version = $::apache::version::default, + $server_tokens = 'OS', + $server_signature = 'On', + $trace_enable = 'On', + Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, + $file_e_tag = undef, + $package_ensure = 'installed', + Boolean $use_optional_includes = $::apache::params::use_optional_includes, + $use_systemd = $::apache::params::use_systemd, + $mime_types_additional = $::apache::params::mime_types_additional, + $file_mode = $::apache::params::file_mode, + $root_directory_options = $::apache::params::root_directory_options, + Boolean $root_directory_secured = false, + $error_log = $::apache::params::error_log, + $scriptalias = $::apache::params::scriptalias, + $access_log_file = $::apache::params::access_log_file, ) inherits ::apache::params { - validate_bool($default_vhost) - validate_bool($default_ssl_vhost) - validate_bool($default_confd_files) - # true/false is sufficient for both ensure and enable - validate_bool($service_enable) - validate_bool($service_manage) - validate_bool($use_optional_includes) - validate_bool($root_directory_secured) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', @@ -124,10 +116,6 @@ validate_re($mpm_module, $valid_mpms_re) } - if $allow_encoded_slashes { - validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") - } - # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. # NOTE: the same strategy may be introduced for other OSes. For this, you # should delete the 'if' block below and modify all MPM modules' manifests @@ -144,7 +132,6 @@ # declare the web server user and group # Note: requiring the package means the package ought to create them and not puppet - validate_bool($manage_user) if $manage_user { user { $user: ensure => present, @@ -153,7 +140,6 @@ require => Package['httpd'], } } - validate_bool($manage_group) if $manage_group { group { $group: ensure => present, @@ -316,10 +302,6 @@ default => false } - if $rewrite_lock { - validate_absolute_path($rewrite_lock) - } - # Template uses: # - $pidfile # - $user From d6952b21ec66d7ce8b69dd0c2f2a0debca54e18f Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 12 May 2017 01:04:37 +0200 Subject: [PATCH 1176/2267] replace validate_* with datatypes in vhost.pp --- manifests/vhost.pp | 439 +++++++++++------------------ spec/defines/custom_config_spec.rb | 13 - 2 files changed, 172 insertions(+), 280 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4aa27c6eb5..9e5d1f607e 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,179 +1,178 @@ # See README.md for usage information define apache::vhost( - $docroot, - $manage_docroot = true, - $virtual_docroot = false, - $port = undef, - $ip = undef, - $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - $serveradmin = undef, - $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_crl_check = $::apache::default_ssl_crl_check, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - $ssl_proxy_verify = undef, - $ssl_proxy_verify_depth = undef, - $ssl_proxy_ca_cert = undef, - $ssl_proxy_check_peer_cn = undef, - $ssl_proxy_check_peer_name = undef, - $ssl_proxy_check_peer_expire = undef, - $ssl_proxy_machine_cert = undef, - $ssl_proxy_protocol = undef, - $ssl_options = undef, - $ssl_openssl_conf_cmd = undef, - $ssl_proxyengine = false, - $ssl_stapling = undef, - $ssl_stapling_timeout = undef, - $ssl_stapling_return_errors = undef, - $priority = undef, - $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - $logroot_ensure = 'directory', - $logroot_mode = undef, - $logroot_owner = undef, - $logroot_group = undef, - $log_level = undef, - $access_log = true, - $access_log_file = false, - $access_log_pipe = false, - $access_log_syslog = false, - $access_log_format = false, - $access_log_env_var = false, - $access_logs = undef, - $aliases = undef, - $directories = undef, - $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - $http_protocol_options = undef, - $modsec_audit_log = undef, - $modsec_audit_log_file = undef, - $modsec_audit_log_pipe = undef, - $error_documents = [], - $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_dest_match = undef, - $proxy_dest_reverse_match = undef, - $proxy_pass = undef, - $proxy_pass_match = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_flags = {}, - $php_values = {}, - $php_admin_flags = {}, - $php_admin_values = {}, - $no_proxy_uris = [], - $no_proxy_uris_match = [], - $proxy_preserve_host = false, - $proxy_add_headers = undef, - $proxy_error_override = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $redirectmatch_dest = undef, - $rack_base_uris = undef, - $passenger_base_uris = undef, - $headers = undef, - $request_headers = undef, - $filters = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $rewrite_inherit = false, - $setenv = [], - $setenvif = [], - $setenvifnocase = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases_match = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $wsgi_chunked_request = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $fastcgi_idle_timeout = undef, - $additional_includes = [], - $use_optional_includes = $::apache::use_optional_includes, - $apache_version = $::apache::apache_version, - $allow_encoded_slashes = undef, - $suexec_user_group = undef, - $passenger_app_root = undef, - $passenger_app_env = undef, - $passenger_ruby = undef, - $passenger_min_instances = undef, - $passenger_start_timeout = undef, - $passenger_pre_start = undef, - $passenger_user = undef, - $passenger_high_performance = undef, - $passenger_nodejs = undef, - $passenger_sticky_sessions = undef, - $passenger_startup_file = undef, - $add_default_charset = undef, - $modsec_disable_vhost = undef, - $modsec_disable_ids = undef, - $modsec_disable_ips = undef, - $modsec_disable_msgs = undef, - $modsec_disable_tags = undef, - $modsec_body_limit = undef, - $jk_mounts = undef, - $auth_kerb = false, - $krb_method_negotiate = 'on', - $krb_method_k5passwd = 'on', - $krb_authoritative = 'on', - $krb_auth_realms = [], - $krb_5keytab = undef, - $krb_local_user_mapping = undef, - $krb_verify_kdc = 'on', - $krb_servicename = 'HTTP', - $krb_save_credentials = 'off', - $keepalive = undef, - $keepalive_timeout = undef, - $max_keepalive_requests = undef, - $cas_attribute_prefix = undef, - $cas_attribute_delimiter = undef, - $cas_scrub_request_headers = undef, - $cas_sso_enabled = undef, - $cas_login_url = undef, - $cas_validate_url = undef, - $cas_validate_saml = undef, + Variant[Boolean,String] $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + Boolean $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + $serveradmin = undef, + Boolean $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_crl_check = $::apache::default_ssl_crl_check, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, + $ssl_proxy_verify_depth = undef, + $ssl_proxy_ca_cert = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, + $ssl_proxy_machine_cert = undef, + $ssl_proxy_protocol = undef, + $ssl_options = undef, + $ssl_openssl_conf_cmd = undef, + Boolean $ssl_proxyengine = false, + Optional[Boolean] $ssl_stapling = undef, + $ssl_stapling_timeout = undef, + $ssl_stapling_return_errors = undef, + $priority = undef, + Boolean $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + Enum['directory', 'absent'] $logroot_ensure = 'directory', + $logroot_mode = undef, + $logroot_owner = undef, + $logroot_group = undef, + $log_level = undef, + Boolean $access_log = true, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + $access_logs = undef, + $aliases = undef, + $directories = undef, + Boolean $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + $http_protocol_options = undef, + $modsec_audit_log = undef, + $modsec_audit_log_file = undef, + $modsec_audit_log_pipe = undef, + $error_documents = [], + Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_dest_match = undef, + $proxy_dest_reverse_match = undef, + $proxy_pass = undef, + $proxy_pass_match = undef, + $suphp_addhandler = $::apache::params::suphp_addhandler, + Enum['on', 'off'] $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, + $php_admin_flags = {}, + $php_admin_values = {}, + $no_proxy_uris = [], + $no_proxy_uris_match = [], + $proxy_preserve_host = false, + $proxy_add_headers = undef, + $proxy_error_override = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $rack_base_uris = undef, + $passenger_base_uris = undef, + $headers = undef, + $request_headers = undef, + $filters = undef, + Optional[Array] $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $rewrite_inherit = false, + $setenv = [], + $setenvif = [], + $setenvifnocase = [], + $block = [], + Enum['absent', 'present'] $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + Optional[Hash] $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + Optional[Hash] $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + Optional[Hash] $wsgi_script_aliases_match = undef, + Optional[Hash] $wsgi_script_aliases = undef, + Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + Optional[String] $custom_fragment = undef, + Optional[Hash] $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $fastcgi_idle_timeout = undef, + $additional_includes = [], + $use_optional_includes = $::apache::use_optional_includes, + $apache_version = $::apache::apache_version, + Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, + $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_app_env = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, + $passenger_user = undef, + $passenger_high_performance = undef, + $passenger_nodejs = undef, + Optional[Boolean] $passenger_sticky_sessions = undef, + $passenger_startup_file = undef, + $add_default_charset = undef, + $modsec_disable_vhost = undef, + $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + $modsec_disable_msgs = undef, + $modsec_disable_tags = undef, + $modsec_body_limit = undef, + $jk_mounts = undef, + Boolean $auth_kerb = false, + $krb_method_negotiate = 'on', + $krb_method_k5passwd = 'on', + $krb_authoritative = 'on', + $krb_auth_realms = [], + $krb_5keytab = undef, + $krb_local_user_mapping = undef, + $krb_verify_kdc = 'on', + $krb_servicename = 'HTTP', + $krb_save_credentials = 'off', + Optional[Enum['on', 'off']] $keepalive = undef, + $keepalive_timeout = undef, + $max_keepalive_requests = undef, + $cas_attribute_prefix = undef, + $cas_attribute_delimiter = undef, + $cas_scrub_request_headers = undef, + $cas_sso_enabled = undef, + $cas_login_url = undef, + $cas_validate_url = undef, + $cas_validate_saml = undef, ) { + # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -181,15 +180,6 @@ $apache_name = $::apache::apache_name - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. - Allowed values are 'present' and 'absent'.") - validate_re($suphp_engine, '^(on|off)$', - "${suphp_engine} is not supported for suphp_engine. - Allowed values are 'on' and 'off'.") - validate_bool($ip_based) - validate_bool($access_log) - validate_bool($error_log) if $http_protocol_options != undef { validate_re($http_protocol_options, '^((Strict|Unsafe)?\s*(\b(RegisteredMethods|LenientMethods))?\s*(\b(Allow0\.9|Require1\.0))?)$', "${http_protocol_options} is not supported for http_protocol_options. @@ -197,17 +187,7 @@ 'Strict' or Unsafe, 'RegisteredMethods' or 'LenientMethods', and 'Allow0.9' or 'Require1.0'.") } - if $modsec_audit_log != undef { - validate_bool($modsec_audit_log) - } - validate_bool($ssl) - validate_bool($default_vhost) - validate_bool($ssl_proxyengine) - if $ssl_stapling != undef { - validate_bool($ssl_stapling) - } if $rewrites { - validate_array($rewrites) unless empty($rewrites) { $rewrites_flattened = delete_undef_values(flatten([$rewrites])) validate_hash($rewrites_flattened[0]) @@ -221,18 +201,6 @@ "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } - if $wsgi_pass_authorization { - validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', - "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. - Allowed values are 'on' and 'off'.") - } - - if $wsgi_chunked_request { - validate_re(downcase($wsgi_chunked_request), '^(on|off)$', - "${wsgi_chunked_request} is not supported for wsgi_chunked_request. - Allowed values are 'on' and 'off'.") - } - # Deprecated backwards-compatibility if $rewrite_base { warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') @@ -244,26 +212,6 @@ warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') } - if $wsgi_script_aliases { - validate_hash($wsgi_script_aliases) - } - if $wsgi_script_aliases_match { - validate_hash($wsgi_script_aliases_match) - } - if $wsgi_daemon_process_options { - validate_hash($wsgi_daemon_process_options) - } - if $wsgi_import_script_options { - validate_hash($wsgi_import_script_options) - } - if $itk { - validate_hash($itk) - } - - validate_re($logroot_ensure, '^(directory|absent)$', - "${logroot_ensure} is not supported for logroot_ensure. - Allowed values are 'directory' and 'absent'.") - if $log_level { validate_apache_log_level($log_level) } @@ -280,53 +228,10 @@ fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") } - if $fallbackresource { - validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') - } - - if $custom_fragment { - validate_string($custom_fragment) - } - - if $allow_encoded_slashes { - validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") - } - - validate_bool($auth_kerb) - - # Validate the docroot as a string if: - # - $manage_docroot is true - if $manage_docroot { - validate_string($docroot) - } - - if $ssl_proxy_verify { - validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.") - } - if $ssl_proxy_verify_depth { validate_integer($ssl_proxy_verify_depth) } - if $ssl_proxy_check_peer_cn { - validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.") - } - if $ssl_proxy_check_peer_name { - validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.") - } - - if $ssl_proxy_check_peer_expire { - validate_re($ssl_proxy_check_peer_expire,'(^on$|^off$)',"${ssl_proxy_check_peer_expire} is not permitted for ssl_proxy_check_peer_expire. Allowed values are 'on' or 'off'.") - } - - if $keepalive { - validate_re($keepalive,'(^on$|^off$)',"${keepalive} is not permitted for keepalive. Allowed values are 'on' or 'off'.") - } - - if $passenger_sticky_sessions { - validate_bool($passenger_sticky_sessions) - } - # Input validation ends if $ssl and $ensure == 'present' { diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index 7d566b0716..5f996fd6db 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -121,18 +121,5 @@ }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./) end end - context 'bad ensure' do - let :params do - { - 'content' => 'foo', - 'ensure' => 'foo', - } - end - it do - expect { - catalogue - }.to raise_error(Puppet::Error, /is not supported for ensure/) - end - end end end From 149cf31ea65fbadbd6c48701bf5d3123f66b5b87 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 12 May 2017 01:05:31 +0200 Subject: [PATCH 1177/2267] drop legacy warnings --- manifests/vhost.pp | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e5d1f607e..780947c2a7 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -201,17 +201,6 @@ "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } - # Deprecated backwards-compatibility - if $rewrite_base { - warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') - } - if $rewrite_rule { - warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') - } - if $rewrite_cond { - warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') - } - if $log_level { validate_apache_log_level($log_level) } From 444b4e7bcab718cbb04875106fe589fbb3201f72 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Fri, 12 May 2017 16:50:24 +0200 Subject: [PATCH 1178/2267] replace validate_re with assert_type --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 94f4cd5a09..4d91f2602f 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -113,7 +113,7 @@ } if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans - validate_re($mpm_module, $valid_mpms_re) + assert_type(Pattern[$valid_mpms_re], $mpm_module) } # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. From 62ac72b8faf403bca233af391bae3a2c90b4d2fc Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 16 May 2017 00:51:44 +0200 Subject: [PATCH 1179/2267] drop legacy tests --- spec/classes/apache_spec.rb | 6 ------ spec/classes/mod/passenger_spec.rb | 6 ------ spec/classes/service_spec.rb | 16 ---------------- 3 files changed, 28 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 321b5e4152..715ed41244 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -563,12 +563,6 @@ it { is_expected.not_to contain_class('apache::mod::peruser') } it { is_expected.not_to contain_class('apache::mod::prefork') } end - context "when declaring mpm_module => breakme" do - let :params do - { :mpm_module => 'breakme' } - end - it { expect { catalogue }.to raise_error Puppet::Error, /does not match/ } - end end describe "different templates for httpd.conf" do diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 3f485b42ab..200d45706f 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -68,12 +68,6 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } end - describe "with passenger_spawn_method => bogus" do - let :params do - { :passenger_spawn_method => 'bogus' } - end - it { is_expected.to raise_error(Puppet::Error, /not permitted for passenger_spawn_method/) } - end describe "with passenger_spawn_method => direct" do let :params do { :passenger_spawn_method => 'direct' } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index f53937a7ff..a065abc2fc 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -53,22 +53,6 @@ } end - context "$service_enable must be a bool" do - let (:params) {{ :service_enable => 'not-a-boolean' }} - - it 'should fail' do - expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) - end - end - - context "$service_manage must be a bool" do - let (:params) {{ :service_manage => 'not-a-boolean' }} - - it 'should fail' do - expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/) - end - end - context "with $service_ensure => 'running'" do let (:params) {{ :service_ensure => 'running', }} it { is_expected.to contain_service("httpd").with( From 93f00fefea4f5bd42a63465dd23d29b0b851c425 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 14 Jul 2017 12:46:34 -0700 Subject: [PATCH 1180/2267] re-add missing vhost parameters --- manifests/vhost.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 780947c2a7..e34c334c01 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -28,6 +28,8 @@ Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, $ssl_proxy_verify_depth = undef, $ssl_proxy_ca_cert = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef, + Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, $ssl_proxy_machine_cert = undef, $ssl_proxy_protocol = undef, From 25ca934cdf269c1662ea847af58d888641abca61 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 12 Jul 2017 13:49:17 -0700 Subject: [PATCH 1181/2267] (MODULES-4445) remove deprecated parameter in authnz_ldap the $verifyServerCert parameter in the authnz_ldap module class is deprecated and this removes it and updates the template for the upcoming major release. --- manifests/mod/authnz_ldap.pp | 10 +--------- templates/mod/authnz_ldap.conf.erb | 2 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index d18de0e30e..cc9ab67f02 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,7 +1,6 @@ # lint:ignore:variable_is_lowercase required for compatibility class apache::mod::authnz_ldap ( Boolean $verify_server_cert = true, - $verifyServerCert = undef, $package_name = undef, ) { @@ -11,15 +10,8 @@ package => $package_name, } - if $verifyServerCert { - warning('Class[\'apache::mod::authnz_ldap\'] parameter verifyServerCert is deprecated in favor of verify_server_cert') - $_verify_server_cert = $verifyServerCert - } else { - $_verify_server_cert = $verify_server_cert - } - # Template uses: - # - $_verify_server_cert + # - $verify_server_cert file { 'authnz_ldap.conf': ensure => file, path => "${::apache::mod_dir}/authnz_ldap.conf", diff --git a/templates/mod/authnz_ldap.conf.erb b/templates/mod/authnz_ldap.conf.erb index 8d73b239d5..ed1334ec27 100644 --- a/templates/mod/authnz_ldap.conf.erb +++ b/templates/mod/authnz_ldap.conf.erb @@ -1,4 +1,4 @@ -<% if @_verify_server_cert == true -%> +<% if @verify_server_cert == true -%> LDAPVerifyServerCert On <% else -%> LDAPVerifyServerCert Off From f1c37edd5f60dcd80542bfd4c5df09fc4e9bc91d Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 19 Jul 2017 11:06:09 -0700 Subject: [PATCH 1182/2267] (MODULES-4933) Allow custom UserDir string --- manifests/mod/userdir.pp | 20 ++++++++++-- spec/classes/mod/userdir_spec.rb | 53 ++++++++++++++++++++++++++++++++ templates/mod/userdir.conf.erb | 2 +- 3 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 spec/classes/mod/userdir_spec.rb diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index ea6ee193dd..203b93dd11 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -1,14 +1,30 @@ class apache::mod::userdir ( - $home = '/home', - $dir = 'public_html', + $home = undef, + $dir = undef, $disable_root = true, $apache_version = undef, + $path = '/home/*/public_html', $overrides = [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ], $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ], ) { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) + if $home or $dir { + $_home = $home ? { + undef => '/home', + default => $home, + } + $_dir = $dir ? { + undef => 'public_html', + default => $dir, + } + warning('home and dir are deprecated; use path instead') + $_path = "${_home}/*/${_dir}" + } else { + $_path = $path + } + ::apache::mod { 'userdir': } # Template uses $home, $dir, $disable_root, $_apache_version diff --git a/spec/classes/mod/userdir_spec.rb b/spec/classes/mod/userdir_spec.rb new file mode 100644 index 0000000000..9f23ba274b --- /dev/null +++ b/spec/classes/mod/userdir_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe 'apache::mod::userdir', :type => :class do + context "on a Debian OS" do + let :pre_condition do + 'class { "apache": + default_mods => false, + mod_dir => "/tmp/junk", + }' + end + let :facts do + { + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "default parameters" do + it { should compile } + end + context "with dir set to something" do + let :params do + { + :dir => 'hi', + } + end + it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/home/\*/hi$})} + end + context "with home set to something" do + let :params do + { + :home => '/u', + } + end + it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/u/\*/public_html$})} + end + context "with path set to something" do + let :params do + { + :path => 'public_html /usr/web http://www.example.com/', + } + end + it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+public_html /usr/web http://www\.example\.com/$})} + end + end +end diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index c02a9188d6..323a1af1da 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -2,7 +2,7 @@ <% if @disable_root -%> UserDir disabled root <% end -%> - UserDir <%= @home %>/*/<%= @dir %> + UserDir <%= @_path %> /*/<%= @dir %>"> AllowOverride <%= @overrides.join(' ') %> From 56e580082c0cc56e99c7807daad2d0c973e808e9 Mon Sep 17 00:00:00 2001 From: Tom Downes Date: Mon, 3 Jul 2017 10:15:59 -0500 Subject: [PATCH 1183/2267] Ensure that ProxyPreserveHost is set even when ProxyPass (etc) are not. Proxying can be enabled with the when the [P] flag is given to a RewriteRule, not only when ProxyPass is used. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index e34c334c01..f0e228c452 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -750,7 +750,7 @@ # - $proxy_preserve_host # - $proxy_add_headers # - $no_proxy_uris - if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match { + if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host { concat::fragment { "${name}-proxy": target => "${priority_real}${filename}.conf", order => 160, From 50fa55e2962de530349198cd2ae0d73af7eddcb9 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 20 Jul 2017 11:02:58 +0200 Subject: [PATCH 1184/2267] add passenger_max_requests option per vhost --- README.md | 5 +++++ manifests/vhost.pp | 4 +++- spec/defines/vhost_spec.rb | 1 + templates/vhost/_passenger.erb | 3 +++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a637628171..5c61ac39fe 100755 --- a/README.md +++ b/README.md @@ -2703,6 +2703,11 @@ Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/refe Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. +##### `passenger_max_requests` + +Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas +sengermaxrequests), the maximum number of requests an application process will process. + ##### `passenger_max_instances_per_app` Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f0e228c452..98bbfcb571 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -138,6 +138,7 @@ $passenger_app_env = undef, $passenger_ruby = undef, $passenger_min_instances = undef, + $passenger_max_requests = undef, $passenger_start_timeout = undef, $passenger_pre_start = undef, $passenger_user = undef, @@ -247,7 +248,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { + if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { include ::apache::mod::passenger } @@ -996,6 +997,7 @@ # - $passenger_app_env # - $passenger_ruby # - $passenger_min_instances + # - $passenger_max_requests # - $passenger_start_timeout # - $passenger_pre_start # - $passenger_user diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 422a993d55..bb447247b2 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -396,6 +396,7 @@ 'passenger_app_env' => 'test', 'passenger_ruby' => '/usr/bin/ruby1.9.1', 'passenger_min_instances' => '1', + 'passenger_max_requests' => '1000', 'passenger_start_timeout' => '600', 'passenger_pre_start' => 'http://localhost/myapp', 'passenger_high_performance' => true, diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index a380016b3b..f0401a9492 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -10,6 +10,9 @@ <% if @passenger_min_instances -%> PassengerMinInstances <%= @passenger_min_instances %> <% end -%> +<% if @passenger_max_requests -%> + PassengerMaxRequests <%= @passenger_max_requests %> +<% end -%> <% if @passenger_start_timeout -%> PassengerStartTimeout <%= @passenger_start_timeout %> <% end -%> From 5510c261c7c453151cc7d401a7fbee72e6d6a07d Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Thu, 20 Jul 2017 13:16:58 -0700 Subject: [PATCH 1185/2267] README formatting cleanup --- README.md | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 812e3ce279..0fb94463ea 100644 --- a/README.md +++ b/README.md @@ -1059,7 +1059,7 @@ Default: 'Off'. ##### `keepalive_timeout` -Sets the [`KeepAliveTimeout`] directive, which determines the [TODO: number of seconds?] amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. Default: '15'. @@ -1712,7 +1712,7 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Default: 'Off'. -- `cas_idle_timeout`: Sets the idle timeout limit, in seconds. TODO: is this correct? +- `cas_idle_timeout`: Sets the idle timeout limit, in seconds. Default: `undef`. @@ -1754,7 +1754,7 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Default: '2'. -- `suppress_warning`: Suppress warning about being on RedHat (Hint: mod_auth_cas package is now available in epel-testing repo). TODO: how does this hint relate to this warning? +- `suppress_warning`: Suppress warning about being on RedHat (`mod_auth_cas` package is now available in epel-testing repo). Default: `false`. @@ -1849,7 +1849,7 @@ Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to gener Default: `undef`. -* `verify_server_cert`: Whether to verify the server certificate. TODO: this didn't say anything, so I'm guessing? is this true, false, undef? +* `verify_server_cert`: Whether to verify the server certificate. Default: `undef`. @@ -1872,7 +1872,7 @@ class { '::apache::mod::cluster': Default: '6666'. -* `server_advertise`: Whether the server should advertise. TODO: what does advertise mean? +* `server_advertise`: Whether the server should advertise. Default: `true`. @@ -1896,9 +1896,9 @@ class { '::apache::mod::cluster': Default: `true`. -* `ip`: Specifies the IP address to listen to. TODO: is this required or does it have a default? +* `ip`: Specifies the IP address to listen to. -* `allowed_network`: Balanced members network. TODO: What does this do? Is there a default? +* `allowed_network`: Balanced members network. * `version`: Specifies the `mod_cluster` version. Version 1.3.0 or greater is required for httpd 2.4. @@ -2137,7 +2137,7 @@ Installs and configures [`mod_negotiation`][]. * `force_language_priority`: Sets the `ForceLanguagePriority` option. - Values: A string. TODO: What are options for the string? + Values: A string. Default: `Prefer Fallback`. @@ -2578,7 +2578,7 @@ Declare one `apache::balancer` defined type for each Apache load balancing group ##### `name` -Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. TODO: isn't the default for this generated from something? +Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. ##### `proxy_set` @@ -3278,24 +3278,18 @@ Default: 'directory'. Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). -Values: TODO what values - Default: `undef`. ##### `logroot_owner` Sets individual user access to the logroot directory. -Values: TODO what values - Defaults to `undef`. ##### `logroot_group` Sets group access to the [`logroot`][] directory. -Values: TODO what values - Defaults to `undef`. ##### `log_level` @@ -3304,7 +3298,7 @@ Specifies the verbosity of the error log. Values: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. -Default: 'warn' for the global server configuration, which can be overridden on a per-virtual host basis. +Default: 'warn' for the global server configuration. Can be overridden on a per-virtual host basis. ###### `modsec_body_limit` @@ -3379,6 +3373,7 @@ apache::vhost { 'sample.example.net': modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, } ``` + Default: `undef`. ##### `modsec_audit*` @@ -3536,6 +3531,8 @@ Boolean. Default: `undef`. Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. +TODO: BOOKMARK + ##### `php_flags & values` Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. @@ -4625,6 +4622,7 @@ apache::vhost { 'sample.example.net': ssl_verify_depth => 1, } ``` + ##### `ssl_proxy_protocol` Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy. It will only connect to servers using one of the provided protocols. Default: `undef`. From facd9fce3d579b81217421a3eb60b8480ce5566a Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Thu, 20 Jul 2017 15:41:57 -0700 Subject: [PATCH 1186/2267] more loc edit formatting --- README.md | 363 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 249 insertions(+), 114 deletions(-) diff --git a/README.md b/README.md index f9513190eb..37ea07c394 100755 --- a/README.md +++ b/README.md @@ -2505,7 +2505,7 @@ ${modsec\_dir}/activated\_rules. * `logroot`: Configures the location of audit and debug logs. - Defaults to the Apache log directory (Redhat: `/var/log/httpd`, Debian: `/var/log/apache2`). + Defaults to the Apache log directory (Redhat: `/var/log/httpd`, Debian: `/var/log/apache2`). * `audit_log_releavant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. @@ -3599,15 +3599,17 @@ Boolean. Default: `undef`. Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. -TODO: BOOKMARK - ##### `php_flags & values` -Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. +Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. + +Default: '{}'. ##### `php_admin_flags & values` -Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Default: '{}'. +Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. + +Default: '{}'. ##### `port` @@ -3615,7 +3617,7 @@ Sets the port the host is configured on. The module's defaults ensure the host l ##### `priority` -Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Default: '25'. +Sets the relative load-order for Apache HTTPD VirtualHost configuration files. If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match. @@ -3623,13 +3625,19 @@ If nothing matches the priority, the first name-based virtual host is used. Like To omit the priority prefix in file names, pass a priority of `false`. +Default: '25'. + ##### `proxy_dest` -Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Default: `undef`. +Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. + +Default: `undef`. ##### `proxy_pass` -Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to `undef`. Optionally parameters can be added as an array. +Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array. + +Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -3673,15 +3681,21 @@ This directive is equivalent to [`proxy_pass`][], but takes regular expressions, ##### `rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Default: `undef`. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. + +Default: `undef`. #####`passenger_base_uris` -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Default: `undef`. +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. + +Default: `undef`. ##### `redirect_dest` -Specifies the address to redirect to. Default: `undef`. +Specifies the address to redirect to. + +Default: `undef`. ##### `redirect_source` @@ -3697,7 +3711,9 @@ apache::vhost { 'site.name.fdqn': ##### `redirect_status` -Specifies the status to append to the redirect. Default: `undef`. +Specifies the status to append to the redirect. + +Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -3706,9 +3722,15 @@ apache::vhost { 'site.name.fdqn': } ``` -##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` +##### `redirectmatch_*` -Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Default: `undef`. +* `redirectmatch_regexp` +* `redirectmatch_status` +* `redirectmatch_dest` + +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. + +Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -3721,7 +3743,9 @@ apache::vhost { 'site.name.fdqn': ##### `request_headers` -Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Default: `undef`. +Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. + +Default: `undef`. ``` puppet apache::vhost { 'site.name.fdqn': @@ -3732,9 +3756,14 @@ apache::vhost { 'site.name.fdqn': ], } ``` + ##### `rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Default: `undef`. +Creates URL rewrite rules. Expects an array of hashes. + +Values: Hash keys that are any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. + +Default: `undef`. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -3808,7 +3837,9 @@ Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on wh ##### `rewrite_inherit` -Determines whether the virtual host inherits global rewrite rules. Default: `false`. +Determines whether the virtual host inherits global rewrite rules. + +Default: `false`. Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: @@ -3824,8 +3855,6 @@ apache::vhost { 'site.name.fdqn': > **Note**: The `rewrites` parameter is **required** for this to have effect -###### Some background - Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives: ``` ApacheConf @@ -3837,7 +3866,9 @@ Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/doc ##### `scriptalias` -Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. Default: `undef`. +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. + +Default: `undef`. ##### `scriptaliases` @@ -3870,19 +3901,27 @@ The ScriptAlias and ScriptAliasMatch directives are created in the order specifi ##### `serveradmin` -Specifies the email address Apache displays when it renders one of its error pages. Default: `undef`. +Specifies the email address Apache displays when it renders one of its error pages. + +Default: `undef`. ##### `serveraliases` -Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Default: '[]'. +Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. + +Default: '[]'. ##### `servername` -Sets the servername corresponding to the hostname you connect to the virtual host at. Default: the title of the resource. +Sets the servername corresponding to the hostname you connect to the virtual host at. + +Default: the title of the resource. ##### `setenv` -Used by HTTPD to set environment variables for virtual hosts. Default: '[]'. +Used by HTTPD to set environment variables for virtual hosts. + +Default: '[]'. Example: @@ -3894,13 +3933,21 @@ apache::vhost { 'setenv.example.com': ##### `setenvif` -Used by HTTPD to conditionally set environment variables for virtual hosts. Default: '[]'. +Used by HTTPD to conditionally set environment variables for virtual hosts. + +Default: '[]'. ##### `setenvifnocase` -Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). Default: '[]'. +Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). + +Default: '[]'. + +##### `suphp_*` -##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` +* `suphp_addhandler` +* `suphp_configpath` +* `suphp_engine` Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). @@ -3925,11 +3972,15 @@ apache::vhost { 'suphp.example.com': ##### `vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. Default: '*'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. + +Default: '*'. ##### `virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Default: `false`. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. + +Default: `false`. ``` puppet apache::vhost { 'subdomain.loc': @@ -3941,7 +3992,13 @@ apache::vhost { 'subdomain.loc': } ``` -##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` +##### `wsgi*` + +* `wsgi_daemon_process` +* `wsgi_daemon_process_options` +* `wsgi_process_group` +* `wsgi_script_aliases` +* `wsgi_pass_authorization` Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). @@ -4006,7 +4063,7 @@ apache::vhost { 'sample.example.net': Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: -###### `addhandlers` +##### `addhandlers` Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`. @@ -4023,7 +4080,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `allow` +##### `allow` Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. @@ -4038,7 +4095,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `allow_override` +##### `allow_override` Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. @@ -4053,19 +4110,19 @@ apache::vhost { 'sample.example.net': } ``` -###### `auth_basic_authoritative` +##### `auth_basic_authoritative` Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. -###### `auth_basic_fake` +##### `auth_basic_fake` Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. -###### `auth_basic_provider` +##### `auth_basic_provider` Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. -###### `auth_digest_algorithm` +##### `auth_digest_algorithm` Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. @@ -4073,67 +4130,67 @@ Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/m Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. -###### `auth_digest_nonce_lifetime` +##### `auth_digest_nonce_lifetime` Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. -###### `auth_digest_provider` +##### `auth_digest_provider` Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. -###### `auth_digest_qop` +##### `auth_digest_qop` Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. -###### `auth_digest_shmem_size` +##### `auth_digest_shmem_size` Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. -###### `auth_group_file` +##### `auth_group_file` Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. -###### `auth_name` +##### `auth_name` Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. -###### `auth_require` +##### `auth_require` Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). -###### `auth_type` +##### `auth_type` Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. -###### `auth_user_file` +##### `auth_user_file` Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. -###### `auth_merging` +##### `auth_merging` Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined -###### `auth_ldap_url` +##### `auth_ldap_url` Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl), which determines URL of LDAP-server(s) if AuthBasicProvider 'ldap' is used -###### `auth_ldap_bind_dn` +##### `auth_ldap_bind_dn` Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used. -###### `auth_ldap_bind_password` +##### `auth_ldap_bind_password` Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used. -###### `auth_ldap_group_attribute` +##### `auth_ldap_group_attribute` Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. Defaults are: "member" and "uniquemember". -###### `auth_ldap_group_attribute_is_dn` +##### `auth_ldap_group_attribute_is_dn` Sets value for [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn), specifies if member of a ldapgroup is a dn or simple username. When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. valid values are: "on" or "off" -###### `custom_fragment` +##### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. @@ -4160,19 +4217,19 @@ ProxyStatus On', } ``` -###### `dav` +##### `dav` Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either 'On', 'Off' or the name of the provider. A value of 'On' enables the default filesystem provider implemented by the `mod_dav_fs` module. -###### `dav_depth_infinity` +##### `dav_depth_infinity` Sets the value for [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity), which is used to enable the processing of `PROPFIND` requests having a `Depth: Infinity` header. -###### `dav_min_timeout` +##### `dav_min_timeout` Sets the value for [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout), which sets the time the server holds a lock on a DAV resource. The value should be the number of seconds to set. -###### `deny` +##### `deny` Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. @@ -4187,7 +4244,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `error_documents` +##### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. @@ -4205,7 +4262,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `ext_filter_options` +##### `ext_filter_options` Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. @@ -4221,7 +4278,7 @@ apache::vhost { 'filter.example.org': } ``` -###### `geoip_enable` +##### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. @@ -4237,7 +4294,7 @@ apache::vhost { 'first.example.com': } ``` -###### `headers` +##### `headers` Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. @@ -4251,7 +4308,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `index_options` +##### `index_options` Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). @@ -4268,7 +4325,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `index_order_default` +##### `index_order_default` Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. @@ -4301,7 +4358,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `limit` +##### `limit` Creates a [Limit](https://httpd.apache.org/docs/current/mod/core.html#limit) block inside the Directory block, which can also contain `require` directives. @@ -4321,7 +4378,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `limit_except` +##### `limit_except` Creates a [LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept) block inside the Directory block, which can also contain `require` directives. @@ -4341,7 +4398,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `mellon_enable` +##### `mellon_enable` Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. @@ -4382,7 +4439,7 @@ to environment variables. - `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider. - `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username. -###### `options` +##### `options` Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. @@ -4397,7 +4454,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `order` +##### `order` Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. @@ -4412,7 +4469,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `passenger_enabled` +##### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. @@ -4429,16 +4486,16 @@ apache::vhost { 'sample.example.net': > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. -###### `php_value` and `php_flag` +##### `php_value` and `php_flag` `php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -###### `php_admin_value` and `php_admin_flag` +##### `php_admin_value` and `php_admin_flag` `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -###### `require` +##### `require` Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. @@ -4490,7 +4547,7 @@ apache::vhost { 'sample.example.net': -###### `satisfy` +##### `satisfy` Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. @@ -4505,7 +4562,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `sethandler` +##### `sethandler` Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler). @@ -4520,7 +4577,7 @@ apache::vhost { 'sample.example.net': } ``` -###### `set_output_filter` +##### `set_output_filter` Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). @@ -4535,7 +4592,7 @@ apache::vhost{ 'filter.example.net': } ``` -###### `rewrites` +##### `rewrites` Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. @@ -4562,7 +4619,7 @@ apache::vhost { 'secure.example.net': > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. -###### `shib_request_settings` +##### `shib_request_settings` Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. @@ -4578,11 +4635,11 @@ apache::vhost { 'secure.example.net': } ``` -###### `shib_use_headers` +##### `shib_use_headers` When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -###### `ssl_options` +##### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. @@ -4600,7 +4657,7 @@ apache::vhost { 'secure.example.net': } ``` -###### `suphp` +##### `suphp` A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`. @@ -4617,7 +4674,7 @@ apache::vhost { 'secure.example.net': ], } ``` -###### `additional_includes` +##### `additional_includes` Specifies paths to additional static, specific Apache configuration files in virtual host directories. Values: a array of string path. @@ -4638,60 +4695,90 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` ##### `ssl` -Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean. Default: `false`. +Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean. + +Default: `false`. ##### `ssl_ca` -Specifies the SSL certificate authority. Default: `undef`. +Specifies the SSL certificate authority. + +Default: `undef`. ##### `ssl_cert` -Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo. +Specifies the SSL certification. Defaults are based on your OS. + +* RedHat: '/etc/pki/tls/certs/localhost.crt' +* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' +* FreeBSD: '/usr/local/etc/apache22/server.crt' +* Gentoo: '/etc/ssl/apache2/server.crt' ##### `ssl_protocol` -Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults: 'all', '-SSLv2', '-SSLv3'. +Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. + +Defaults: 'all', '-SSLv2', '-SSLv3'. ##### `ssl_cipher` -Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default: 'HIGH:MEDIUM:!aNULL:!MD5'. +Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). + +Default: 'HIGH:MEDIUM:!aNULL:!MD5'. ##### `ssl_honorcipherorder` -Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Default: `true`. In addition to `true`/`false` Boolean values, will also accept case-insensitive Strings 'on' or 'off'. +Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Values: + +Values: Boolean, 'on', 'off'. + +Default: `true`. ##### `ssl_certs_dir` Specifies the location of the SSL certification directory. Default: Depends on operating system. -- **Debian:** '/etc/ssl/certs' -- **Red Hat:** '/etc/pki/tls/certs' -- **FreeBSD:** `undef` -- **Gentoo:** '/etc/ssl/apache2' +- Debian: '/etc/ssl/certs' +- Red Hat: '/etc/pki/tls/certs' +- FreeBSD: `undef` +- Gentoo: '/etc/ssl/apache2' ##### `ssl_chain` -Specifies the SSL chain. Default: `undef`. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. +Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. + +Default: `undef`. ##### `ssl_crl` -Specifies the certificate revocation list to use. Default: `undef`. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +Default: `undef`. ##### `ssl_crl_path` -Specifies the location of the certificate revocation list. Default: `undef`. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +Default: `undef`. ##### `ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). Default: `undef`. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. + +Default: `undef`. ##### `ssl_key` -Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL key. Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. + +* RedHat: '/etc/pki/tls/private/localhost.key' +* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' +* FreeBSD: '/usr/local/etc/apache22/server.key' +* Gentoo: '/etc/ssl/apache2/server.key' ##### `ssl_verify_client` -Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Values are: 'none', 'optional', 'require', and 'optional_no_ca'. Default: `undef`. +Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. ``` puppet apache::vhost { 'sample.example.net': @@ -4700,9 +4787,14 @@ apache::vhost { 'sample.example.net': } ``` +Values: 'none', 'optional', 'require', and 'optional_no_ca'. + +Default: `undef`. + + ##### `ssl_verify_depth` -Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Default: `undef`. +Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. ``` puppet apache::vhost { 'sample.example.net': @@ -4711,26 +4803,37 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef`. + ##### `ssl_proxy_protocol` -Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy. It will only connect to servers using one of the provided protocols. Default: `undef`. +Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols. +Default: `undef`. ##### `ssl_proxy_verify` -Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. Default: `undef`. +Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. + +Default: `undef`. ##### `ssl_proxy_verify_depth` -Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate. (A depth of 0 means that self-signed remote server certificates are accepted only, the default depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server) Default: undef. +Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate. + +A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server. + +Default: `undef` ##### `ssl_proxy_ca_cert` -Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: undef. +Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. + +Default: `undef` ##### `ssl_proxy_machine_cert` -Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Default: `undef`. +Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. ``` puppet apache::vhost { 'sample.example.net': @@ -4739,21 +4842,35 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef` + ##### `ssl_proxy_check_peer_cn` -Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Values: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. + +Values: 'on', 'off'. + +Default: `undef` ##### `ssl_proxy_check_peer_name` -Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. Values: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. + +Values: 'on', 'off'. + +Default: `undef` ##### `ssl_proxy_check_peer_expire` -Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. Values: 'on', 'off'. Default: `undef`. +Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. + +Values: 'on', 'off'. + +Default: `undef` ##### `ssl_options` -Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. Default: `undef`. +Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. A string: @@ -4773,32 +4890,48 @@ apache::vhost { 'sample.example.net': } ``` +Default: `undef`. + ##### `ssl_openssl_conf_cmd` -Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: `undef`. +Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. + +Default: `undef` ##### `ssl_proxyengine` -Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Values: Boolean. Default: `true`. +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). + +Boolean. + +Default: `true`. ##### `ssl_stapling` -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). Values: Boolean or `undef`. Default: `undef`, meaning use what is set globally. +Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Boolean or `undef`. + +Default: `undef` + ##### `ssl_stapling_timeout` -Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive. No default. +Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Default: none. + ##### `ssl_stapling_return_errors` -Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. No default. +Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. This parameter only applies to Apache 2.4 or higher and is ignored on older versions. +Default: none. + #### Defined type: FastCGI Server This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. @@ -4851,7 +4984,7 @@ Force a write to the client as data is received from the application. By default ##### `faux_path` -`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. +Does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. ##### `alias` @@ -4893,7 +5026,9 @@ Default: '25'. Specifies whether to validate the configuration file before notifying the Apache service. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ### Private defined types From b7e251a175958e6b863b4c40e7b3ba7d9adf5819 Mon Sep 17 00:00:00 2001 From: Ben Roberts Date: Thu, 8 Jun 2017 10:22:11 +0100 Subject: [PATCH 1187/2267] MODULES-3838 Pass mod_packages through init.pp to allow end user overrides --- manifests/init.pp | 1 + manifests/mod.pp | 2 +- manifests/mod/php.pp | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 4d91f2602f..516c966ad2 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -47,6 +47,7 @@ $confd_dir = $::apache::params::confd_dir, $vhost_dir = $::apache::params::vhost_dir, $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $mod_packages = $::apache::params::mod_packages, $vhost_include_pattern = $::apache::params::vhost_include_pattern, $mod_dir = $::apache::params::mod_dir, $mod_enable_dir = $::apache::params::mod_enable_dir, diff --git a/manifests/mod.pp b/manifests/mod.pp index 8958d1276f..ddef130c8e 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -46,7 +46,7 @@ } # Determine if we have a package - $mod_packages = $::apache::params::mod_packages + $mod_packages = $::apache::mod_packages if $package { $_package = $package } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index e087e4b3e5..c7c0048884 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -38,7 +38,7 @@ } # Determine if we have a package - $mod_packages = $::apache::params::mod_packages + $mod_packages = $::apache::mod_packages if $package_name { $_package_name = $package_name } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack From 040bd1fa0455658b4ad260966f58654063988f49 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 21 Jul 2017 13:49:56 -0700 Subject: [PATCH 1188/2267] (maint) adds docs and some specs for mod_packages adds an entry in the README and a usage example as well as a couple of unit tests in apache_spec --- README.md | 14 ++++++++++++++ spec/classes/apache_spec.rb | 29 +++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/README.md b/README.md index 37ea07c394..65489705da 100755 --- a/README.md +++ b/README.md @@ -1178,6 +1178,20 @@ Default: Depends on operating system. - **Gentoo**: `/etc/apache2/modules.d` - **Red Hat**: `/etc/httpd/conf.d` +##### `mod_packages` + +Allows the user to override default module package names. + +```puppet +class { '::apache': + mod_packages => merge($::apache::mod_params { + 'auth_kerb' => 'httpd24-mod_auth_kerb', + } +} +``` + +Hash. Default: `$apache::params::mod_packages` + ##### `mpm_module` Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Values: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 715ed41244..56025ab3ff 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -10,6 +10,7 @@ :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', :is_pe => false, @@ -126,6 +127,20 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} } end + context "when overriding with mod_packages" do + let :params do + { :mod_packages => { 'dav_svn' => 'foobarbaz' } } + end + let :pre_condition do + "apache::mod { 'dav_svn': }" + end + + it { is_expected.to contain_file("dav_svn.load") } + it { is_expected.to contain_package('foobarbaz') } + it { is_expected.to_not contain_file("fcgid.load") } + it { is_expected.to_not contain_package('libapache2-svn') } + end + # Assert that both load files and conf files are placed and symlinked for these mods [ 'alias', @@ -451,6 +466,20 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } end + context "when overriding with mod_packages" do + let :params do + { :mod_packages => { 'dav_svn' => 'foobarbaz' } } + end + let :pre_condition do + "apache::mod { 'dav_svn': }" + end + + it { is_expected.to contain_file("dav_svn.load") } + it { is_expected.to contain_package('foobarbaz') } + it { is_expected.to_not contain_file("fcgid.load") } + it { is_expected.to_not contain_package('mod_dav_svn') } + end + context "when specifying slash encoding behaviour" do let :params do { :allow_encoded_slashes => 'nodecode' } From 36da2f69209049f4baff0f8edc405946e320bd83 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 21 Jul 2017 15:54:32 -0700 Subject: [PATCH 1189/2267] (MODULES-3838) Add spec test for mod_package override and update readme --- README.md | 7 ++++--- spec/classes/apache_spec.rb | 29 ----------------------------- spec/classes/mod/auth_kerb_spec.rb | 29 +++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 65489705da..90f4a7094d 100755 --- a/README.md +++ b/README.md @@ -1183,10 +1183,11 @@ Default: Depends on operating system. Allows the user to override default module package names. ```puppet -class { '::apache': - mod_packages => merge($::apache::mod_params { +include apache::params +class { 'apache': + mod_packages => merge($::apache::params::mod_packages, { 'auth_kerb' => 'httpd24-mod_auth_kerb', - } + }) } ``` diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 56025ab3ff..715ed41244 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -10,7 +10,6 @@ :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', - :operatingsystemmajrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', :is_pe => false, @@ -127,20 +126,6 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} } end - context "when overriding with mod_packages" do - let :params do - { :mod_packages => { 'dav_svn' => 'foobarbaz' } } - end - let :pre_condition do - "apache::mod { 'dav_svn': }" - end - - it { is_expected.to contain_file("dav_svn.load") } - it { is_expected.to contain_package('foobarbaz') } - it { is_expected.to_not contain_file("fcgid.load") } - it { is_expected.to_not contain_package('libapache2-svn') } - end - # Assert that both load files and conf files are placed and symlinked for these mods [ 'alias', @@ -466,20 +451,6 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} } end - context "when overriding with mod_packages" do - let :params do - { :mod_packages => { 'dav_svn' => 'foobarbaz' } } - end - let :pre_condition do - "apache::mod { 'dav_svn': }" - end - - it { is_expected.to contain_file("dav_svn.load") } - it { is_expected.to contain_package('foobarbaz') } - it { is_expected.to_not contain_file("fcgid.load") } - it { is_expected.to_not contain_package('mod_dav_svn') } - end - context "when specifying slash encoding behaviour" do let :params do { :allow_encoded_slashes => 'nodecode' } diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 74b6827d0f..0f77a627ef 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -74,4 +74,33 @@ it { is_expected.to contain_package("www-apache/mod_auth_kerb") } end end + context "overriding mod_packages" do + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + let :pre_condition do + <<-EOS + include apache::params + class { 'apache': + mod_packages => merge($::apache::params::mod_packages, { + 'auth_kerb' => 'httpd24-mod_auth_kerb', + }) + } + EOS + end + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("httpd24-mod_auth_kerb") } + it { is_expected.to_not contain_package("mod_auth_kerb") } + end + end end From ccbddecf7bc7f77cc0af269bf53a261674f2a01c Mon Sep 17 00:00:00 2001 From: Patrick Schoenfeld Date: Tue, 17 Jan 2017 16:26:03 +0100 Subject: [PATCH 1190/2267] add parser function apache_pw_hash This commit adds a new parser function apache_pw_hash, which allows generating password hashes to be used in htpasswd files. --- README.md | 7 ++++ lib/puppet/parser/functions/apache_pw_hash.rb | 14 ++++++++ .../parser/functions/apache_pw_hash_spec.rb | 32 +++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 lib/puppet/parser/functions/apache_pw_hash.rb create mode 100644 spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb diff --git a/README.md b/README.md index 90f4a7094d..75c416b123 100755 --- a/README.md +++ b/README.md @@ -5067,6 +5067,13 @@ Links the `activated_rules` from [`apache::mod::security`][] to the respective C The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. +### Functions +#### apache_pw_hash +Hashes a password in a format suitable for htpasswd files read by apache. + +Currently uses SHA-hashes, because although this format is considered insecure, its the +most secure format supported by the most platforms. + ## Limitations ### General diff --git a/lib/puppet/parser/functions/apache_pw_hash.rb b/lib/puppet/parser/functions/apache_pw_hash.rb new file mode 100644 index 0000000000..7f187f3377 --- /dev/null +++ b/lib/puppet/parser/functions/apache_pw_hash.rb @@ -0,0 +1,14 @@ +Puppet::Parser::Functions::newfunction(:apache_pw_hash, :type => :rvalue, :doc => <<-EOS +Hashes a password in a format suitable for htpasswd files read by apache. + +Currently uses SHA-hashes, because although this format is considered insecure, its the +most secure format supported by the most platforms. +EOS +) do |args| + raise(Puppet::ParseError, "apache_pw_hash() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1 + raise(Puppet::ParseError, "apache_pw_hash(): first argument must be a string") unless args[0].is_a? String + raise(Puppet::ParseError, "apache_pw_hash(): first argument must not be empty") if args[0].empty? + + password = args[0] + return '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(password)) +end diff --git a/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb b/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb new file mode 100644 index 0000000000..3e2f75cbae --- /dev/null +++ b/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb @@ -0,0 +1,32 @@ +require 'spec_helper' + +describe "the apache_pw_hash function" do + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it "should exist" do + expect(Puppet::Parser::Functions.function("apache_pw_hash")).to eq("function_apache_pw_hash") + end + + it "should raise a ParseError if there is less than 1 arguments" do + expect { scope.function_apache_pw_hash([]) }.to( raise_error(Puppet::ParseError)) + end + + it "should raise an Puppet::ParseError if argument is an empty string" do + expect { scope.function_apache_pw_hash(['']) }.to( raise_error(Puppet::ParseError)) + end + + context "when argument is not a string" do + it { expect { scope.function_apache_pw_hash([1]) }.to( raise_error(Puppet::ParseError)) } + it { expect { scope.function_apache_pw_hash([true]) }.to( raise_error(Puppet::ParseError)) } + it { expect { scope.function_apache_pw_hash([{}]) }.to( raise_error(Puppet::ParseError)) } + it { expect { scope.function_apache_pw_hash([[]]) }.to( raise_error(Puppet::ParseError)) } + end + + it "should raise an Puppet::ParseError if argument is not a string" do + expect { scope.function_apache_pw_hash([1]) }.to( raise_error(Puppet::ParseError)) + end + + it "should return proper hash" do + expect(scope.function_apache_pw_hash(['test'])).to(eq('{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=')) + end +end From 594d115bb2c0c25e69499b9fdc2033c191fcd9b0 Mon Sep 17 00:00:00 2001 From: Zhechka Toteva Date: Thu, 6 Jul 2017 14:52:34 +0200 Subject: [PATCH 1191/2267] Add proxy_pass in directory template for location directive --- templates/vhost/_directories.erb | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 8a17064323..e4a7d7791b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -336,6 +336,39 @@ <%- end -%> <%- end -%> <%- end -%> + <%- if directory['proxy_pass'] and directory['provider'] and directory['provider'].match('location') -%> + <%- directory['proxy_pass'].flatten.compact.each do |proxy| -%> + ProxyPass <%= proxy['url'] %> + <%- if proxy['params'] -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + <%- if not proxy['reverse_cookies'].nil? -%> + <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> + <%- if reverse_cookies['path'] -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- if reverse_cookies['domain'] -%> + ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var %> + <%- end -%> + <%- end -%> + <% end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> From 3128d55d0ea82d3ff99aed971a1587f91193a053 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Mon, 24 Jul 2017 19:14:42 +0200 Subject: [PATCH 1192/2267] Use puppet 4 types to avoid deprecation warnings --- manifests/init.pp | 4 ++-- manifests/mod/negotiation.pp | 10 ++-------- manifests/mod/ssl.pp | 2 +- manifests/vhost.pp | 5 +---- 4 files changed, 6 insertions(+), 15 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 516c966ad2..7f9c2b99e2 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -271,7 +271,7 @@ if $::apache::conf_dir and $::apache::params::conf_file { if $::osfamily == 'gentoo' { $error_documents_path = '/usr/share/apache2/error' - if is_array($default_mods) { + if $default_mods =~ Array { if versioncmp($apache_version, '2.4') >= 0 { if defined('apache::mod::ssl') { ::portage::makeconf { 'apache2_modules': @@ -336,7 +336,7 @@ # preserve back-wards compatibility to the times when default_mods was # only a boolean value. Now it can be an array (too) - if is_array($default_mods) { + if $default_mods =~ Array { class { '::apache::default_mods': all => false, mods => $default_mods, diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index c7c34b81fe..1bdea6bbb3 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -1,17 +1,11 @@ class apache::mod::negotiation ( - $force_language_priority = 'Prefer Fallback', - $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', + Variant[Array[String], String] $force_language_priority = 'Prefer Fallback', + Variant[Array[String], String] $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ], ) { include ::apache - if !is_array($force_language_priority) and !is_string($force_language_priority) { - fail('force_languague_priority must be a string or array of strings') - } - if !is_array($language_priority) and !is_string($language_priority) { - fail('force_languague_priority must be a string or array of strings') - } ::apache::mod { 'negotiation': } # Template uses no variables diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index d27b6b8eeb..76726b8e56 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -53,7 +53,7 @@ } } - if is_bool($ssl_honorcipherorder) { + if $ssl_honorcipherorder =~ Boolean { $_ssl_honorcipherorder = $ssl_honorcipherorder } else { $_ssl_honorcipherorder = $ssl_honorcipherorder ? { diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 98bbfcb571..18217deebe 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -59,7 +59,7 @@ $access_log_syslog = false, $access_log_format = false, $access_log_env_var = false, - $access_logs = undef, + Optional[Array] $access_logs = undef, $aliases = undef, $directories = undef, Boolean $error_log = true, @@ -324,9 +324,6 @@ 'env' => $access_log_env_var }] } elsif $access_logs { - if !is_array($access_logs) { - fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") - } $_access_logs = $access_logs } From 6a9dcbb3358fa2a074198010bf255a7110f003a5 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 24 Jul 2017 15:55:44 -0300 Subject: [PATCH 1193/2267] Add missing parens in mod/jk spec test --- spec/classes/mod/jk_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 5a67345ef3..5a26ecc280 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -14,7 +14,7 @@ context "with only required facts and no parameters" do - let :facts do + let (:facts) do { :osfamily => 'RedHat', :operatingsystem => 'RedHat', From e09e690f447e2d6da9453baeb8e22494894234bd Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 24 Jul 2017 13:06:29 -0700 Subject: [PATCH 1194/2267] (MODULES-5197) release 2.0.0 prep --- CHANGELOG.md | 132 +++++++++++++++++++++++++++++++++++++++----------- metadata.json | 4 +- 2 files changed, 107 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e921ccc215..7c8fa2b838 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,54 @@ -## Supported Release 1.11.0 -#### Summary +# Change log + +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) +and this project adheres to [Semantic Versioning](http://semver.org). + +## Supported Release [2.0.0] +### Summary +Major release **removing Puppet 3 support** and other backwards-incompatible changes. + +#### Added +- support for FileETag directive configurable with the `file_e_tag` parameter +- ability to configure multiple ports per vhost +- RequestHeader directive to vhost template ([MODULES-4156](https://tickets.puppet.com/browse/MODULES-4156)) +- customizability for AllowOverride directive in userdir.conf ([MODULES-4516](https://tickets.puppet.com/browse/MODULES-4516)) +- AdvertiseFrequency directive for cluster.conf ([MODULES-4500](https://tickets.puppet.com/browse/MODULES-4500)) +- `ssl_proxy_protocol` and `ssl_sessioncache` parameters for mod::ssl ([MODULES-4737](https://tickets.puppet.com/browse/MODULES-4737)) +- SSLCACertificateFile directive in ssl.conf configurable with `ssl_ca` parameter +- mod::authnz_pam +- mod::intercept_form_submit +- mod::lookup_identity +- Suse compatibility for mod::proxy_html +- support for AddCharset directive configurable with `add_charset` parameter +- support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with `ssl_proxy_verify_depth` and `ssl_proxy_ca_cert` respectively +- `manage_security_crs` parameter for mod::security +- support for LimitExcept directive configurable with `limit_except` parameter +- support for WSGIRestrictEmbedded directive configurable with `wsgi_restrict_embedded` parameter +- support for custom UserDir path ([MODULES-4933](https://tickets.puppet.com/browse/MODULES-4933)) +- support for PassengerMaxRequests directive configurable with `passenger_max_requests` +- option to override module package names with `mod_packages` parameter ([MODULES-3838](https://tickets.puppet.com/browse/MODULES-3838)) + +#### Removed +- enclose_ipv6 as it was added to puppetlabs-stdlib +- deprecated `$verifyServerCert` parameter from the `apache::mod::authnz_ldap` class ([MODULES-4445](https://tickets.puppet.com/browse/MODULES-4445)) + +#### Changed +- `keepalive` default to 'On' from 'Off' +- Puppet version compatibility to ">= 4.7.0 < 6.0.0" +- puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0" +- `ssl_cipher` to explicitly disable 3DES because of Sweet32 + +#### Fixed +- various issues in the vhost template +- use of deprecated `include_src` parameter in vhost_spec +- management of ssl.conf on RedHat systems +- various SLES/Suse params +- mod::cgi ordering for FreeBSD +- issue where ProxyPreserveHost could not be set without other Proxy* directives +- the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch + +## Supported Release [1.11.0] +### Summary This release adds SLES12 Support and many more features and bugfixes. #### Features @@ -68,7 +117,7 @@ This release adds SLES12 Support and many more features and bugfixes. - (MODULES-3744) Process $crs_package before $modsec_dir - (MODULES-1491) Adds `::apache` include to mods that need it -## Supported Release 1.10.0 +## Supported Release [1.10.0] #### Summary This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. @@ -89,7 +138,7 @@ This release fixes backwards compatibility bugs introduced in 1.9.0. Also includ - Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0. - Set actual path to apachectl on FreeBSD. Fixes snippets verification. -## Supported Release 1.9.0 [DELETED] +## Supported Release [1.9.0] [DELETED] #### Features - Added `apache_version` fact - Added `apache::balancer::target` attribute @@ -169,7 +218,7 @@ This release fixes backwards compatibility bugs introduced in 1.9.0. Also includ - Fixed xml2enc for proxy\_html on debian - Fixed a problem where the apache service restarts too fast -## Supported Release 1.8.1 +## Supported Release [1.8.1] ### Summary This release includes bug fixes and a documentation update. @@ -178,7 +227,7 @@ This release includes bug fixes and a documentation update. - Fixes a bug where passenger.conf was vulnerable to purging. - Removes the pin of the concat module dependency. -## 2016-01-26 - Supported Release 1.8.0 +## Supported Release [1.8.0] ### Summary This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. @@ -219,12 +268,12 @@ This release includes a lot of bug fixes and feature updates, including support - Added X-Forwarded-For into log_formats defaults. - (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration. -## Supported Release 1.7.1 +## Supported Release [1.7.1] ###Summary Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. -## 2015-11-17 - Supported Release 1.7.0 +## Supported Release [1.7.0] ### Summary This release includes many new features and bugfixes. There are test, documentation and misc improvements. @@ -272,7 +321,7 @@ This release includes many new features and bugfixes. There are test, documentat - allow multiple IP addresses per vhost - default document root update for Ubuntu 14.04 and Debian 8 -## 2015-07-28 - Supported Release 1.6.0 +## Supported Release [1.6.0] ### Summary This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. @@ -286,7 +335,7 @@ This release includes a couple of new features, along with test and documentatio - Do not use systemd on Amazon Linux - Add missing docs for `timeout` parameter (MODULES-2148) -## 2015-06-11 - Supported Release 1.5.0 +## Supported Release [1.5.0] ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. @@ -318,11 +367,11 @@ parameters for greater configuration control. - Fix userdir access permissions - Fix issue where the module was trying to use systemd on Amazon Linux. -## 2015-04-28 - Supported Release 1.4.1 +## Supported Release [1.4.1] This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. -## 2015-03-17 - Supported Release 1.4.0 +## Supported Release [1.4.0] ###Summary This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` @@ -365,7 +414,7 @@ This release fixes the issue where the docroot was still managed even if the def - Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` - Remove old Debian work-around that removed `passenger_extra.conf` -## 2015-02-17 - Supported Release 1.3.0 +## Supported Release [1.3.0] ### Summary This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. @@ -424,7 +473,7 @@ This release has many new features and bugfixes, including the ability to option - Fix indentation in `vhost/_directories.erb` template (MODULES-1688) - Create symlinks on all distros if `vhost_enable_dir` is specified -## 2014-09-30 - Supported Release 1.2.0 +## Supported Release [1.2.0] ### Summary This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. @@ -527,13 +576,13 @@ This release features many improvements and bugfixes, including several new defi * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. -## 2014-07-15 - Supported Release 1.1.1 +## Supported Release [1.1.1] ### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. -## 2014-04-14 Supported Release 1.1.0 +## Supported Release [1.1.0] ### Summary @@ -568,7 +617,7 @@ through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. -## 2014-03-04 Supported Release 1.0.1 +## Supported Release [1.0.1] ### Summary This is a supported release. This release removes a testing symlink that can @@ -581,7 +630,7 @@ modulepath. * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. -## 2014-03-04 Supported Release 1.0.0 +## Supported Release [1.0.0] ### Summary This is a supported release. This release introduces Apache 2.4 support for @@ -605,7 +654,7 @@ Debian and RHEL based osfamilies. --- -## 2014-01-31 Release 0.11.0 +## Supported Release [0.11.0] ### Summary: This release adds preliminary support for Windows compatibility and multiple rewrite support. @@ -642,7 +691,7 @@ This release adds preliminary support for Windows compatibility and multiple rew - Fix $ports_file reference in Namevirtualhost. -## 2013-12-05 Release 0.10.0 +## Supported Release [0.10.0] ### Summary: This release adds FreeBSD osfamily support and various other improvements to some mods. @@ -681,7 +730,7 @@ This release adds FreeBSD osfamily support and various other improvements to som - only apply Directory defaults when provider is a directory - Working mod_authnz_ldap support on Debian/Ubuntu -## 2013-09-06 Release 0.9.0 +## Supported Release [0.9.0] ### Summary: This release adds more parameters to the base apache class and apache defined resource to make the module more flexible. It also adds or enhances SuPHP, @@ -739,13 +788,13 @@ Class['apache::service']` - Made `aliases` able to take a single alias hash instead of requiring an array. -## 2013-07-26 Release 0.8.1 +## Supported Release [0.8.1] #### Bugfixes: - Update `apache::mpm_module` detection for worker/prefork - Update `apache::mod::cgi` and `apache::mod::cgid` detection for worker/prefork -## 2013-07-16 Release 0.8.0 +## Supported Release [0.8.0] #### Features: - Add `servername` parameter to `apache` class - Add `proxy_set` parameter to `apache::balancer` define @@ -757,7 +806,7 @@ worker/prefork - Fix `apache::mod::*` to notify the service on config change - Documentation updates -## 2013-07-09 Release 0.7.0 +## Supported Release [0.7.0] #### Changes: - Essentially rewrite the module -- too many to list - `apache::vhost` has many abilities -- see README.md for details @@ -767,12 +816,12 @@ worker/prefork #### Bugfixes: - Many. And many more to come -## 2013-03-2 Release 0.6.0 +## Supported Release [0.6.0] - update travis tests (add more supported versions) - add access log_parameter - make purging of vhost dir configurable -## 2012-08-24 Release 0.4.0 +## Supported Release [0.4.0] #### Changes: - `include apache` is now required when using `apache::mod::*` @@ -781,7 +830,7 @@ worker/prefork - Fix formatting in vhost template - Fix spec tests such that they pass -## 2012-05-08 Puppet Labs - 0.0.4 +## Supported Release [0.0.4] * e62e362 Fix broken tests for ssl, vhost, vhost::* * 42c6363 Changes to match style guide and pass puppet-lint without error * 42bc8ba changed name => path for file resources in order to name namevar by it's name @@ -814,3 +863,32 @@ worker/prefork * 6a5b11a Ensure installed * f672e46 a2mod fix * 8a56ee9 add pthon support to apache + +[2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 +[1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0 +[1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0 +[1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0 +[1.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.0...1.8.1 +[1.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.1...1.8.0 +[1.7.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.0...1.7.1 +[1.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.6.0...1.7.0 +[1.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.5.0...1.6.0 +[1.5.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.1...1.5.0 +[1.4.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.0...1.4.1 +[1.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.3.0...1.4.0 +[1.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.2.0...1.3.0 +[1.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.1...1.2.0 +[1.1.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.0...1.1.1 +[1.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.1...1.1.0 +[1.0.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.0...1.0.1 +[1.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0 +[0.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...0.11.0 +[0.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...0.10.0 +[0.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...0.9.0 +[0.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.8.0...0.8.1 +[0.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.7.0...0.8.0 +[0.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0 +[0.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.5.0-rc1...0.6.0 +[0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1 +[0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0 +[0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4 diff --git a/metadata.json b/metadata.json index 2cc613e014..710223ff62 100644 --- a/metadata.json +++ b/metadata.json @@ -1,7 +1,7 @@ { "name": "puppetlabs-apache", - "version": "1.11.0", - "author": "puppetlabs", + "version": "2.0.0", + "author": "puppet", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", From 47e0176afb893b54872d735b642be294abbea901 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Mon, 24 Jul 2017 19:14:57 +0200 Subject: [PATCH 1195/2267] Remove lint ignore that's no longer needed --- manifests/mod/authnz_ldap.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index cc9ab67f02..560909f871 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -1,4 +1,3 @@ -# lint:ignore:variable_is_lowercase required for compatibility class apache::mod::authnz_ldap ( Boolean $verify_server_cert = true, $package_name = undef, @@ -22,4 +21,3 @@ notify => Class['apache::service'], } } -# lint:endignore From 44255069783d75dfe0307ba810c89fb363d4de52 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 24 Jul 2017 17:52:27 -0300 Subject: [PATCH 1196/2267] Change parameters in mod::jk to try to fix spec test --- manifests/mod/jk.pp | 16 ++++++++++++++-- spec/classes/mod/jk_spec.rb | 6 +++++- templates/mod/jk.conf.erb | 8 ++++---- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index a1b29568be..cf2e4b6699 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -11,7 +11,8 @@ class apache::mod::jk ( $workers_file = undef, $worker_property = {}, - $shm_file = "${::apache::logroot}/jk-runtime-status", + $logroot = undef, + $shm_file = 'jk-runtime-status', $shm_size = undef, $mount_file = undef, $mount_file_reload = undef, @@ -21,7 +22,7 @@ $mount_copy = undef, $worker_indicator = undef, $watchdog_interval = undef, - $log_file = "${::apache::logroot}/mod_jk.log", + $log_file = 'mod_jk.log', $log_level = undef, $log_stamp_format = undef, $request_log_format = undef, @@ -68,6 +69,16 @@ notify => Class['apache::service'], } + # Shared memory and log paths + if $logroot == undef { + $shm_path = ${::apache::logroot}/${shm_file} + $log_path = ${::apache::logroot}/${log_file} + } + else { + $shm_path = ${logroot}/${shm_file} + $log_path = ${logroot}/${log_file} + } + # Main config file file {'jk.conf': path => "${::apache::mod_dir}/jk.conf", @@ -78,6 +89,7 @@ ], } + } # Workers file if $workers_file != undef { $workers_path = $workers_file ? { diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 5a26ecc280..f7a9f70c86 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -22,10 +22,14 @@ } end - let(:pre_condition) do + let (:pre_condition) do 'include apache' end + let (:params) do + :logroot => '/var/log/httpd' + end + it_behaves_like 'minimal resources' it { verify_contents(catalogue, 'jk.conf', ['', '']) diff --git a/templates/mod/jk.conf.erb b/templates/mod/jk.conf.erb index 8a8a102706..c0d5bc2fff 100644 --- a/templates/mod/jk.conf.erb +++ b/templates/mod/jk.conf.erb @@ -10,8 +10,8 @@ JkWorkerProperty <%= property %>=<%= value %> <%- end -%> <%- end -%> - <%- if @shm_file -%> - JkShmFile <%= @shm_file %> + <%- if @shm_path -%> + JkShmFile <%= @shm_path %> <%- end -%> <%- if @shm_size -%> JkShmSize <%= @shm_size %> @@ -44,8 +44,8 @@ <%- if @watchdog_interval -%> JkWatchdogInterval <%= @watchdog_interval %> <%- end -%> - <%- if @log_file -%> - JkLogFile <%= @log_file %> + <%- if @log_path -%> + JkLogFile <%= @log_path %> <%- end -%> <%- if @log_level -%> JkLogLevel <%= @log_level %> From c563532a0446caa81568697cb45f2def9101cebd Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 24 Jul 2017 17:58:09 -0300 Subject: [PATCH 1197/2267] Fix quoting in mod::jk --- manifests/mod/jk.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index cf2e4b6699..1e66ce5781 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -71,12 +71,12 @@ # Shared memory and log paths if $logroot == undef { - $shm_path = ${::apache::logroot}/${shm_file} - $log_path = ${::apache::logroot}/${log_file} + $shm_path = "${::apache::logroot}/${shm_file}" + $log_path = "${::apache::logroot}/${log_file}" } else { - $shm_path = ${logroot}/${shm_file} - $log_path = ${logroot}/${log_file} + $shm_path = "${logroot}/${shm_file}" + $log_path = "${logroot}/${log_file}" } # Main config file @@ -89,7 +89,6 @@ ], } - } # Workers file if $workers_file != undef { $workers_path = $workers_file ? { From 5819cb65a058bb36e5755f3b76e404fa0ddb58d4 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Tue, 25 Jul 2017 12:52:20 +0100 Subject: [PATCH 1198/2267] (maint) - Updating format of Doc Putting default and boolean on seperate lines. --- README.md | 410 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 249 insertions(+), 161 deletions(-) diff --git a/README.md b/README.md index 75c416b123..d3c4c806bc 100755 --- a/README.md +++ b/README.md @@ -615,7 +615,7 @@ apache::vhost { 'second.example.com': } ``` -You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. +You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: @@ -837,7 +837,7 @@ class { 'apache': } Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. -Values: 'on', 'off', 'nodecode'. +Values: 'on', 'off', 'nodecode'. Default: `undef`. @@ -845,7 +845,7 @@ Default: `undef`. Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. -Default: Depends on operating system and release version detected by the [`apache::version`][] class. +Default: Depends on operating system and release version detected by the [`apache::version`][] class. ##### `conf_dir` @@ -866,7 +866,7 @@ Default: `apache/httpd.conf.erb`. ##### `confd_dir` -Sets the location of the Apache server's custom configuration directory. +Sets the location of the Apache server's custom configuration directory. Default: Depends on operating system. @@ -885,7 +885,9 @@ Default: `undef`. Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `default_mods` @@ -907,7 +909,9 @@ Sets the default certificate authority for the Apache server. Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. -Boolean. Default: `undef`. +Boolean. + +Default: `undef`. ##### `default_ssl_cert` @@ -970,7 +974,7 @@ Default: Depends on operating system. ##### `default_ssl_vhost` -Configures a default [SSL][SSL encryption] virtual host. +Configures a default [SSL][SSL encryption] virtual host. If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: @@ -988,7 +992,9 @@ apache::vhost { 'default-ssl': > **Note**: SSL virtual hosts only respond to HTTPS queries. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `default_type` @@ -998,17 +1004,19 @@ Default: `undef`. ##### `default_vhost` -Configures a default virtual host when the class is declared. +Configures a default virtual host when the class is declared. To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`. > **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `dev_packages` -Configures a specific dev package to use. +Configures a specific dev package to use. Values: A string or array of strings. @@ -1045,7 +1053,9 @@ Default: Depends on operating system. Determines whether to enable [custom error documents][] on the Apache server. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `group` @@ -1068,7 +1078,11 @@ Default: Depends on operating system. ##### http_protocol_options` -Specifies the strictness of HTTP protocol checks. Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. Default '`Strict LenientMethods Allow0.9`'. +Specifies the strictness of HTTP protocol checks. + +Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. + +Default '`Strict LenientMethods Allow0.9`'. ##### `keepalive` @@ -1092,7 +1106,9 @@ Default: '100'. ##### `lib_path` -Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on operating system. +Specifies the location where [Apache module][Apache modules] files are stored. + +Default: Depends on operating system. - **Debian** and **Gentoo**: `/usr/lib/apache2/modules` - **FreeBSD**: `/usr/local/libexec/apache24` @@ -1151,11 +1167,15 @@ When `false`, stops Puppet from creating the group resource. If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `supplementary_groups` -A list of groups to which the user belongs. These groups are in addition to the primary group. Default: No additional groups. +A list of groups to which the user belongs. These groups are in addition to the primary group. + +Default: No additional groups. Notice: This option only has an effect when `manage_user` is set to true. @@ -1165,7 +1185,9 @@ When `false`, stops Puppet from creating the user resource. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `mod_dir` @@ -1215,7 +1237,7 @@ Default: Depends on operating system. Controls the `package` resource's [`ensure`][] attribute. Values: 'absent', 'installed' (or equivalent 'present'), or a version string. Default: 'installed'. - + ##### `pidfile` Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm. @@ -1238,7 +1260,9 @@ Removes all other Apache configs and virtual hosts. Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `purge_vhost_dir` @@ -1246,7 +1270,9 @@ If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parame Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. -Boolean. Default: same as [`purge_configs`][]. +Boolean. + +Default: same as [`purge_configs`][]. ##### `rewrite_lock` @@ -1268,7 +1294,7 @@ Default: 'root@localhost'. ##### `servername` -Sets the Apache server name via Apache's [`ServerName`][] directive. +Sets the Apache server name via Apache's [`ServerName`][] directive. Setting to `false` will not set ServerName at all. @@ -1301,11 +1327,13 @@ Default: 'OS'. Determines whether Puppet enables the Apache HTTPD service when the system is booted. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `service_ensure` -Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped'). +Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped'). The `false` or 'stopped' values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker. @@ -1325,7 +1353,9 @@ Default: Depends on operating system. Determines whether Puppet manages the HTTPD service's state. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `service_restart` @@ -1337,19 +1367,11 @@ Default: `undef`. ##### `ssl_ca` -Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). Default: undef. It is possible to override this on a vhost level. - - - - - - - - - - +Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). +It is possible to override this on a vhost level. +Default: `undef`. ##### `timeout` @@ -1370,7 +1392,9 @@ Default: 'On'. Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `file_mode` @@ -1382,13 +1406,17 @@ Default: '0644'. ##### `root_directory_options` -Array of the desired options for the / directory in httpd.conf. Defaults to 'FollowSymLinks'. +Array of the desired options for the / directory in httpd.conf. + +Defaults: 'FollowSymLinks'. ##### `root_directory_secured` Sets the default access policy for the / directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `vhost_dir` @@ -1408,7 +1436,7 @@ Defines the pattern for files included from the `vhost_dir`. If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. Default: '*', also for BC with previous versions of this module. TODO: what does "also for BC" mean? - + Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. ##### `user` @@ -1448,7 +1476,7 @@ Default: Depends on operating system: ##### `scriptalias` -Directory to use for global script alias +Directory to use for global script alias Default: Depends on operating system: @@ -1472,7 +1500,9 @@ Default: Depends on operating system: #### Class: `apache::dev` -Installs Apache development libraries. Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system: +Installs Apache development libraries. + +Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system: - **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions. - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. @@ -1485,7 +1515,7 @@ Creates [`apache::vhost`][] defined types. **Parameters**: -* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters. +* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters. Values: A [hash][], where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters. @@ -1657,9 +1687,9 @@ class{'apache::mod::diskio': * `dump_io_input`: Dump all input data to the error log. Values: 'On', 'Off'. - + Default: 'Off'. - + * `dump_io_output`: Dump all output data to the error log. Values: 'On', 'Off'. @@ -1675,32 +1705,34 @@ Installs and manages [`mod_mpm_event`][]. You cannot include `apache::mod::event * `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Setting this to `false` removes the parameter. Default: '511'. - + * `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Setting these to `false` removes the parameters. Default: '150'. - + * `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Setting these to `false` removes the parameters. Default: '0'. - + * `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Setting these to `false` removes the parameters. Default: '75' and '25', respectively. - + * `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Setting this to `false` removes the parameter. Default: '25'. - + * `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Setting this to `false` removes the parameter. Default: '2'. - + * `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Setting this to `false` removes the parameter. Default: '64'. - -* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. Setting this to `false` removes the parameter. + +* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. + + Default: '25'. Setting this to `false` removes the parameter. ##### Class: `apache::mod::auth_cas` @@ -1715,9 +1747,9 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe - `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML validation is enabled. Default: CAS_. - + - `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`. - + Default: , - `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. @@ -1736,7 +1768,7 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Default: `undef`. -- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: `undef`. @@ -1753,7 +1785,7 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Default: '0750'. - `cas_debug`: Determines whether to enable the module's debugging mode. - + Default: 'Off'. - `cas_idle_timeout`: Sets the idle timeout limit, in seconds. @@ -1775,8 +1807,8 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe - `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). Default: 'Off'. - -- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. + +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: `undef`. @@ -1860,9 +1892,9 @@ class { 'apache::mod::authn_dbd': * `authn_dbd_alias`: Name for the 'AuthnProviderAlias'. * `authn_dbd_dbdriver`: Specifies the database driver to use. - + Default: 'mysql'. - + * `authn_dbd_exptime`: corresponds to DBDExptime. Default: 300. @@ -1870,7 +1902,7 @@ class { 'apache::mod::authn_dbd': * `authn_dbd_keep`: Corresponds to DBDKeep. Default: 8. - + * `authn_dbd_max`: Corresponds to DBDMax. Default: 20. @@ -1892,9 +1924,9 @@ Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to gener * `package_name`: The name of the package. Default: `undef`. - + * `verify_server_cert`: Whether to verify the server certificate. - + Default: `undef`. ##### Class: `apache::mod::cluster` @@ -1915,12 +1947,12 @@ class { '::apache::mod::cluster': * `port`: mod_cluster listen port. Default: '6666'. - + * `server_advertise`: Whether the server should advertise. Default: `true`. - -* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds]. + +* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds]. Default: 10. @@ -1928,8 +1960,8 @@ class { '::apache::mod::cluster': Default: '127.0.0.1'. -* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds. - +* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds. + Default: 60. * `max_keep_alive_requests`: Maximum number of requests kept alive. @@ -1955,7 +1987,7 @@ Installs and configures [`mod_deflate`][]. * `types`: An [array][] of [MIME types][MIME `content*type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. - + * `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' }. @@ -1968,16 +2000,18 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate * `expires_active`: Enables generation of `Expires` headers for a document realm. - Boolean. Default: `true`. + Boolean. + + Default: `true`. * `expires_default`: Specifies the default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: `undef`. - + * `expires_by_type`: Describes a set of [MIME `content*type`][] and their expiration times. Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content*type` (i.e. 'text/json') and its value following valid [interval syntax][]. - + Default: `undef`. ##### Class: `apache::mod::ext_filter` @@ -2047,27 +2081,33 @@ Installs and manages [`mod_geoip`][]. * `enable`: Determines whether to globally enable [`mod_geoip`][]. - Boolean. Default: `false`. - + Boolean. + + Default: `false`. + * `flag`: Sets the GeoIP flag. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. - + Default: 'Standard'. - + * `output`: Defines which output variables to use. Values: 'All', 'Env', 'Request', 'Notes'. - + Default: 'All'. * `enable_utf8`: Changes the output from ISO*8859*1 (Latin*1) to UTF*8. - Boolean. Default: `undef`. + Boolean. + + Default: `undef`. * `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. - Boolean. Default: `undef`. + Boolean. + + Default: `undef`. * `scan_proxy_header_field`: Specifies the header [`mod_geoip`][] uses to determine the client's IP address. @@ -2075,7 +2115,9 @@ Installs and manages [`mod_geoip`][]. * `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found. - Boolean. Default: `undef`. + Boolean. + + Default: `undef`. ##### Class: `apache::mod::info` @@ -2086,7 +2128,7 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of * `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server*info`. Values: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. - + Default: ['127.0.0.1','::1']. * `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. @@ -2096,7 +2138,9 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of * `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server*info`. - Boolean. Default: `true`. + Boolean. + + Default: `true`. ##### Class: `apache::mod::passenger` @@ -2107,9 +2151,9 @@ Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that * `passenger_high_performance`: Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). Values: 'On', 'Off'. - + Default: `undef`. - + * `passenger_pool_idle_time`: Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). Default: `undef`. @@ -2182,9 +2226,9 @@ Installs and configures [`mod_negotiation`][]. * `force_language_priority`: Sets the `ForceLanguagePriority` option. Values: A string. - + Default: `Prefer Fallback`. - + * `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW' ] @@ -2197,7 +2241,7 @@ An SSL provider for Apache using the NSS crypto libraries. - `transfer_log`: path to access.log - `error_log`: path to error.log -- `passwd_file`: path to file used for NSSPassPhraseDialog directive +- `passwd_file`: path to file used for NSSPassPhraseDialog directive - `port`: SSL port. Defaults to 8443 ##### Class: `apache::mod::pagespeed` @@ -2306,15 +2350,15 @@ Installs and manages [`mod_proxy_balancer`][], which provides load balancing. * `manager`: Determines whether to enable balancer manager support. Default: `false`. - + * `manager_path`: The server location of the balancer manager. Default: '/balancer*manager'. - + * `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer*manager`. Default: ['127.0.0.1','::1']. - + * `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. Default: the value of [`$::apache::apache_version`][`apache_version`]. On Apache 2.4 or greater, `mod_slotmem_shm` is loaded. @@ -2335,7 +2379,7 @@ Default values for these parameters depend on your operating system. Most of thi ##### Class: `apache::mod::proxy_html` -**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. +**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. ##### Class: `apache::mod::reqtimeout` @@ -2343,10 +2387,10 @@ Installs and configures [`mod_reqtimeout`][]. **Parameters** -* `timeouts`: Sets the [`RequestReadTimeout`][] option. +* `timeouts`: Sets the [`RequestReadTimeout`][] option. Values: A string or [array][]. - + Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. ##### Class: `apache::mod::rewrite` @@ -2400,7 +2444,7 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] * `ssl_honorcipherorder` Default: `true`. - + * `ssl_openssl_conf_cmd` Default: `undef`. @@ -2416,25 +2460,25 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] * `ssl_protocol` Default: [ 'all', '*SSLv2', '*SSLv3' ]. - + * `ssl_random_seed_bytes` Values: A string. - + Default: '512'. - + * `ssl_sessioncachetimeout` Values: A string. - + Default: '300'. - + * `ssl_mutex`: Values: See [mod_ssl][mod_ssl] documentation. Default: Based on the OS: - + * RedHat/FreeBSD/Suse/Gentoo: 'default'. * Debian/Ubuntu + Apache >= 2.4: 'default'. * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. @@ -2447,15 +2491,15 @@ Installs [`mod_status`][] and uses the `status.conf.erb` template to generate it **Parameters**: -* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. +* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. * `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Values: 'Off', 'On'. - + Default: 'On'. - + * `status_path`: The server location of the status page. Default: '/server-status'. @@ -2477,7 +2521,7 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b Default: 'GET HEAD POST OPTIONS'. -* `content_types`: A list of one or more allowed [MIME types][MIME `content*type`]. +* `content_types`: A list of one or more allowed [MIME types][MIME `content*type`]. Default: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'. @@ -2488,7 +2532,7 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b * `manage_security_crs`: Manage security_crs.conf rules file. Default: `true`. - + * `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. @@ -2502,7 +2546,7 @@ ${modsec\_dir}/activated\_rules. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. -* `restricted_headers`: A list of restricted headers separated by slashes and spaces. +* `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'. @@ -2529,27 +2573,27 @@ ${modsec\_dir}/activated\_rules. * `audit_log_parts`: Sets the sections to be put in the [audit log][]. Default: 'ABIJDEFHZ'. - + * `anomaly_score_blocking`: Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. Default: 'off'. - + * `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: 5. - + * `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: 4. - + * `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: 5. - + * `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: 4. - + * `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. Default: 3. @@ -2565,11 +2609,11 @@ Default: 2. * `secrequestbodylimit`: Sets the maximum request body size ModSecurity accepts for buffering. Default: '13107200'. - + * `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity accepts for buffering, excluding the size of any files being transported in the request. Default: '131072'. - + * `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity stores in memory. Default: '131072' @@ -2583,26 +2627,26 @@ Enables Python support via [`mod_wsgi`][]. * `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: `undef`. - + * If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally. - + * `package_name`: Names the package that installs `mod_wsgi`. Default: `undef`. -* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. +* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Values: A string specifying a path. Default: `undef`. - + * `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site*packages'. Values: A string specifying a path. - + Default: `undef`. -* `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'. +* `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'. Values: On|Off|undef. @@ -2660,7 +2704,9 @@ Sets the title of the balancer cluster and name of the `conf.d` file containing ##### `proxy_set` -Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. Default: '{}'. +Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. + +Default: '{}'. ##### `collect_exported` @@ -2672,7 +2718,9 @@ To dynamically declare backend servers via exported resources collected on a cen If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. -Boolean. Default: `true`. +Boolean. + +Default: `true`. #### Defined type: `apache::balancermember` @@ -2756,7 +2804,9 @@ Default: '/usr/sbin/apachectl -t'. Specifies whether to validate the configuration file before notifying the Apache service. -Boolean. Default: `true`. +Boolean. + +Default: `true`. #### Defined type: `apache::fastcgi::server` @@ -2877,9 +2927,11 @@ For the custom fragment's `order` parameter, the `apache::vhost` defined type us ##### `access_log` -Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). + +Boolean. -Boolean. Default: `true`. +Default: `true`. ##### `access_log_env_var` @@ -2923,13 +2975,17 @@ Determines whether the virtual host creates a [`Listen`][] statement. Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `use_optional_includes` Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `additional_includes` @@ -3016,11 +3072,13 @@ Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_validate_saml` -Parse response from CAS server for SAML. Default: The value set by [`apache::mod::auth_cas`][]. +Parse response from CAS server for SAML. + +Default: The value set by [`apache::mod::auth_cas`][]. ##### `cas_validate_url` -Sets the URL to use when validating a client-presented ticket in an HTTP query string. +Sets the URL to use when validating a client-presented ticket in an HTTP query string. Defaults to the value set by [`apache::mod::auth_cas`][]. @@ -3084,13 +3142,17 @@ Default: `undef`. Determines whether Puppet manages the [`docroot`][] directory. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `error_log` Specifies whether `*_error.log` directives should be configured. -Boolean. Default: `true`. +Boolean. + +Default: `true`. ##### `error_log_file` @@ -3114,7 +3176,9 @@ Determines whether to send all error log messages to syslog. This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. -Boolean. Default: `undef`. +Boolean. + +Default: `undef`. ##### `error_documents` @@ -3157,7 +3221,7 @@ Default: `undef`. Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files. -Values: 'INode', 'MTime', 'Size', 'All', 'None'. +Values: 'INode', 'MTime', 'Size', 'All', 'None'. Default: `undef`, which uses Apache's default setting of 'MTime Size'. @@ -3198,7 +3262,7 @@ Sets the IP address the virtual host listens on. By default, uses Apache's defau Values: A string or an array of strings. -Default: `undef`. +Default: `undef`. ##### `ip_based` @@ -3263,7 +3327,7 @@ apache::vhost { 'sample.example.net': } ``` Default: `undef`. - + ##### `keepalive` Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect. @@ -3292,7 +3356,7 @@ Default: `undef`. ##### `auth_kerb` -Enable [`mod_auth_kerb`][] parameters for a virtual host. +Enable [`mod_auth_kerb`][] parameters for a virtual host. Usage typically looks like: @@ -3320,7 +3384,9 @@ Related parameters follow the names of `mod_auth_kerb` directives: - `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`. - `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `krb_verify_kdc` @@ -3392,7 +3458,9 @@ Default: `undef`. Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. -Boolean. Default: `undef`. +Boolean. + +Default: `undef`. ###### `modsec_disable_ids` @@ -3492,25 +3560,31 @@ Default: []. ##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). +Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `proxy_add_headers` -Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). +Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. -Boolean. Default: `false`. +Boolean. + +Default: `false`. ##### `proxy_error_override` -Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. +Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. + +Boolean. -Boolean. Default: `false`. +Default: `false`. ##### `options` @@ -3559,7 +3633,7 @@ Default: `undef`. ##### `passenger_log_level` -This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. +This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. Default: Passenger versions less than 3.0.0: '0'; 5.0.0 and later: '3'. @@ -3598,7 +3672,11 @@ Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/refe ##### `passenger_high_performance` -Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. Values: `true`, `false`. Default: `undef`. +Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. + +Values: `true`, `false`. + +Default: `undef`. ##### `passenger_nodejs` @@ -3608,7 +3686,9 @@ Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apa Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. -Boolean. Default: `undef`. +Boolean. + +Default: `undef`. ##### `passenger_startup_file` @@ -3758,7 +3838,7 @@ apache::vhost { 'site.name.fdqn': ##### `request_headers` -Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. +Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. Default: `undef`. @@ -3774,7 +3854,7 @@ apache::vhost { 'site.name.fdqn': ##### `rewrites` -Creates URL rewrite rules. Expects an array of hashes. +Creates URL rewrite rules. Expects an array of hashes. Values: Hash keys that are any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. @@ -3916,7 +3996,7 @@ The ScriptAlias and ScriptAliasMatch directives are created in the order specifi ##### `serveradmin` -Specifies the email address Apache displays when it renders one of its error pages. +Specifies the email address Apache displays when it renders one of its error pages. Default: `undef`. @@ -3928,7 +4008,7 @@ Default: '[]'. ##### `servername` -Sets the servername corresponding to the hostname you connect to the virtual host at. +Sets the servername corresponding to the hostname you connect to the virtual host at. Default: the title of the resource. @@ -4199,7 +4279,9 @@ Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/ ##### `auth_ldap_group_attribute` -Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. Defaults are: "member" and "uniquemember". +Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. + +Default: "member" and "uniquemember". ##### `auth_ldap_group_attribute_is_dn` @@ -4722,7 +4804,9 @@ Default: `undef`. ##### `ssl_cert` -Specifies the SSL certification. Defaults are based on your OS. +Specifies the SSL certification. + +Default: Depends on operating system. * RedHat: '/etc/pki/tls/certs/localhost.crt' * Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' @@ -4737,7 +4821,7 @@ Defaults: 'all', '-SSLv2', '-SSLv3'. ##### `ssl_cipher` -Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). +Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Default: 'HIGH:MEDIUM:!aNULL:!MD5'. @@ -4751,7 +4835,9 @@ Default: `true`. ##### `ssl_certs_dir` -Specifies the location of the SSL certification directory. Default: Depends on operating system. +Specifies the location of the SSL certification directory. + +Default: Depends on operating system. - Debian: '/etc/ssl/certs' - Red Hat: '/etc/pki/tls/certs' @@ -4762,7 +4848,7 @@ Specifies the location of the SSL certification directory. Default: Depends on o Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. -Default: `undef`. +Default: `undef`. ##### `ssl_crl` @@ -4774,7 +4860,7 @@ Default: `undef`. Specifies the location of the certificate revocation list. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -Default: `undef`. +Default: `undef`. ##### `ssl_crl_check` @@ -4784,7 +4870,9 @@ Default: `undef`. ##### `ssl_key` -Specifies the SSL key. Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. +Specifies the SSL key. + +Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. * RedHat: '/etc/pki/tls/private/localhost.key' * Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' @@ -4909,13 +4997,13 @@ Default: `undef`. ##### `ssl_openssl_conf_cmd` -Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. +Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Default: `undef` ##### `ssl_proxyengine` -Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). +Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Boolean. @@ -5039,7 +5127,7 @@ Default: '25'. ##### `verify_config` -Specifies whether to validate the configuration file before notifying the Apache service. +Specifies whether to validate the configuration file before notifying the Apache service. Boolean. From 5996386cf96f1a9a761fab23f761e6be5e99ce76 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Tue, 25 Jul 2017 09:25:33 -0700 Subject: [PATCH 1199/2267] (maint) require base64 the apache_pw_hash function tests fail on puppet 4.7.1 because of 'uninitialized constant Base64'. Base64 is ruby stdlib, not core, so this requires it defensively. --- lib/puppet/parser/functions/apache_pw_hash.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/puppet/parser/functions/apache_pw_hash.rb b/lib/puppet/parser/functions/apache_pw_hash.rb index 7f187f3377..29d4b5eeb8 100644 --- a/lib/puppet/parser/functions/apache_pw_hash.rb +++ b/lib/puppet/parser/functions/apache_pw_hash.rb @@ -1,3 +1,5 @@ +require 'base64' + Puppet::Parser::Functions::newfunction(:apache_pw_hash, :type => :rvalue, :doc => <<-EOS Hashes a password in a format suitable for htpasswd files read by apache. From 2de5f94ec74e97d56610363cbdf95c013c60c9b4 Mon Sep 17 00:00:00 2001 From: Mark Dechiaro Date: Tue, 25 Jul 2017 15:11:35 -0500 Subject: [PATCH 1200/2267] Add ShibCompatValidUser option to vhost config --- README.md | 5 +++++ manifests/vhost.pp | 11 +++++++++++ templates/vhost/_shib.erb | 4 ++++ 3 files changed, 20 insertions(+) create mode 100644 templates/vhost/_shib.erb diff --git a/README.md b/README.md index 75c416b123..aa41b1eefd 100755 --- a/README.md +++ b/README.md @@ -4654,6 +4654,11 @@ apache::vhost { 'secure.example.net': When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +##### `shib_compat_valid_user` + +Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" Apache behavior when proces +sing the "valid-user" and "user" Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. + ##### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 18217deebe..d8bb70a08d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -174,6 +174,7 @@ $cas_login_url = undef, $cas_validate_url = undef, $cas_validate_saml = undef, + Optional[String] $shib_compat_valid_user = undef, ) { # The base class must be included first because it is used by parameter defaults @@ -1087,6 +1088,16 @@ } } + # Template uses: + # - $shibboleth_enabled + if $shibboleth_enabled { + concat::fragment { "${name}-shibboleth": + target => "${priority_real}${filename}.conf", + order => 350, + content => template('apache/vhost/_shib.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/templates/vhost/_shib.erb b/templates/vhost/_shib.erb new file mode 100644 index 0000000000..610e4a439b --- /dev/null +++ b/templates/vhost/_shib.erb @@ -0,0 +1,4 @@ + ## Shibboleth +<% if @shib_compat_valid_user -%> + ShibCompatValidUser <%= @shib_compat_valid_user %> +<% end -%> From d1428488d159470aa1e99ef8eddc7a1de8f92a9f Mon Sep 17 00:00:00 2001 From: Mark Dechiaro Date: Tue, 25 Jul 2017 15:48:52 -0500 Subject: [PATCH 1201/2267] Add better doc for shib_compat_valid_user --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index aa41b1eefd..1e4e3ed57d 100755 --- a/README.md +++ b/README.md @@ -4656,8 +4656,7 @@ When set to 'On', this turns on the use of request headers to publish attributes ##### `shib_compat_valid_user` -Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" Apache behavior when proces -sing the "valid-user" and "user" Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. +Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" Apache behavior when processing the "valid-user" and "user" Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. This key is disabled if `apache::mod::shib` is not defined. ##### `ssl_options` From a40b46feb7c706b9ca7ae8632bc6bf9c67455089 Mon Sep 17 00:00:00 2001 From: Glenn Sarti Date: Thu, 27 Jul 2017 14:52:35 -0700 Subject: [PATCH 1202/2267] (maint) modulesync 915cde70e20 --- Gemfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Gemfile b/Gemfile index 46cb2eacec..a9f0161c79 100644 --- a/Gemfile +++ b/Gemfile @@ -33,13 +33,13 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}" group :development do - gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-dev-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" + gem "puppet-module-win-dev-r#{minor_version}", '0.0.7', :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] + gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') end group :system_tests do @@ -50,6 +50,7 @@ group :system_tests do gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION']) gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') + gem "puppet-blacksmith", '~> 3.4', :require => false end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) From c706e090ff332e42b4ef5d38ade99b72cf62b5b9 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Fri, 28 Jul 2017 16:06:28 +0100 Subject: [PATCH 1203/2267] (MODULES-5324) Adding documentation for overrides Adding documentation for the overrides param for apache::mod::userdir. Also removing ' to solve a formatting issue. --- README.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d3c4c806bc..cf8abd9af0 100755 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ [`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl [`apache::mod::status`]: #class-apachemodstatus +[`apache::mod::userdir`]: #class-apachemoduserdir [`apache::mod::worker`]: #class-apachemodworker [`apache::mod::wsgi`]: #class-apachemodwsgi [`apache::params`]: #class-apacheparams @@ -1076,7 +1077,7 @@ Default: Depends on operating system. - **Gentoo**: `/etc/apache2` - **Red Hat**: `/etc/httpd` -##### http_protocol_options` +##### `http_protocol_options` Specifies the strictness of HTTP protocol checks. @@ -1620,7 +1621,7 @@ The following Apache modules have supported classes, many of which allow for par * `ssl`\* (see [`apache::mod::ssl`][]) * `status`\* (see [`apache::mod::status`][]) * `suphp` -* `userdir`\* +* `userdir`\* (see [`apache::mod::userdir`][]) * `version` * `vhost_alias` * `worker`\* @@ -2504,6 +2505,16 @@ Installs [`mod_status`][] and uses the `status.conf.erb` template to generate it Default: '/server-status'. +##### Class: `apache::mod::userdir` + +Allows user-specific directories to be accessed using the `http://example.com/~user/` syntax. All parameters can be found in in the [official Apache documentation](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html). + +**Parameters**: + +* `overrides`: An [array][] of directive-types. + + Default: '[ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]'. + ##### Class: `apache::mod::version` Installs [`mod_version`][] on many operating systems and Apache configurations. From b61986063bcded7b28344c1783e95758ede2314a Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Fri, 28 Jul 2017 23:10:35 +0200 Subject: [PATCH 1204/2267] use ERB comment to keep it out of the generated file --- templates/httpd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index c01859adeb..ddb40b57e2 100755 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -11,7 +11,7 @@ KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> LimitRequestFieldSize <%= @limitreqfieldsize %> -# Actually >= 2.4.24, but the minor version is not provided +<%# Actually >= 2.4.24, but the minor version is not provided -%> <%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> HttpProtocolOptions <%= @http_protocol_options %> <%- end -%> From 3600c1081a6abdaeffa25820befc1fe6c4ab9ea4 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 31 Jul 2017 12:47:01 -0300 Subject: [PATCH 1205/2267] Correct params reference in mod/jk spec test --- spec/classes/mod/jk_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index f7a9f70c86..dfc213b2a9 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -27,7 +27,7 @@ end let (:params) do - :logroot => '/var/log/httpd' + { :logroot => '/var/log/httpd' } end it_behaves_like 'minimal resources' From cea6bbfa64f4a78bf6253ac45503b5f6374a2cbd Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 31 Jul 2017 12:47:51 -0300 Subject: [PATCH 1206/2267] Remove unnecessary check for parameter ...mod::jk::logroot --- manifests/mod/jk.pp | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 1e66ce5781..0aa12daf4f 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -11,7 +11,7 @@ class apache::mod::jk ( $workers_file = undef, $worker_property = {}, - $logroot = undef, + $logroot = $::apache::logroot, $shm_file = 'jk-runtime-status', $shm_size = undef, $mount_file = undef, @@ -70,14 +70,8 @@ } # Shared memory and log paths - if $logroot == undef { - $shm_path = "${::apache::logroot}/${shm_file}" - $log_path = "${::apache::logroot}/${log_file}" - } - else { - $shm_path = "${logroot}/${shm_file}" - $log_path = "${logroot}/${log_file}" - } + $shm_path = "${logroot}/${shm_file}" + $log_path = "${logroot}/${log_file}" # Main config file file {'jk.conf': From 100eb5253829a1e668d568b1cdba1dd8d23c47e8 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 31 Jul 2017 13:00:07 -0300 Subject: [PATCH 1207/2267] Revert "Remove unnecessary check for parameter ...mod::jk::logroot" This reverts commit cea6bbfa64f4a78bf6253ac45503b5f6374a2cbd. Setting default value from other class (::apache) breaks spec test, which does not parse the other class --- manifests/mod/jk.pp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 0aa12daf4f..1e66ce5781 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -11,7 +11,7 @@ class apache::mod::jk ( $workers_file = undef, $worker_property = {}, - $logroot = $::apache::logroot, + $logroot = undef, $shm_file = 'jk-runtime-status', $shm_size = undef, $mount_file = undef, @@ -70,8 +70,14 @@ } # Shared memory and log paths - $shm_path = "${logroot}/${shm_file}" - $log_path = "${logroot}/${log_file}" + if $logroot == undef { + $shm_path = "${::apache::logroot}/${shm_file}" + $log_path = "${::apache::logroot}/${log_file}" + } + else { + $shm_path = "${logroot}/${shm_file}" + $log_path = "${logroot}/${log_file}" + } # Main config file file {'jk.conf': From eb232b9774756c8cf73190109ff91279523a01e1 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 31 Jul 2017 13:40:36 -0300 Subject: [PATCH 1208/2267] Include Debian 8 context in mod/jk spec test --- spec/classes/mod/jk_spec.rb | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index dfc213b2a9..ba35c438dd 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -12,7 +12,7 @@ it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]') } end - context "with only required facts and no parameters" do + context "RHEL 6 with only required facts and no parameters" do let (:facts) do { @@ -37,4 +37,29 @@ end + context "Debian 8 with only required facts and no parameters" do + + let (:facts) do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '8', + } + end + + let (:pre_condition) do + 'include apache' + end + + let (:params) do + { :logroot => '/var/log/apache2' } + end + + it_behaves_like 'minimal resources' + it { + verify_contents(catalogue, 'jk.conf', ['', '']) + } + + end + end From 7b1397fb2a15e7ec54a913c7c059b71929a7c97f Mon Sep 17 00:00:00 2001 From: Steve Traylen Date: Tue, 1 Aug 2017 12:10:28 +0200 Subject: [PATCH 1209/2267] Expose loadfile_name option to mod::python class This is a work around to a particular clash between these two lines. ```puppet class{'apache::mod::python':} class{'collectd::plugin::python':} ``` Both classes create a file resource `file{'python.load':}` This patch allows the resource name to be configured for `apache::mod::python` setup. There is an altenative more perfect solution to use a better more unique name space by default e.g `file{"apache_${_loadfile_name}:` but this would touch so many test files.... This change is fully backwards compatible. * [collectd::plugin::python](https://github.com/voxpupuli/puppet-collectd/blob/master/manifests/plugin.pp#L16) --- README.md | 12 +++++++++++- manifests/mod/python.pp | 8 ++++++-- spec/classes/mod/python_spec.rb | 8 ++++++++ 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 13da71ce33..e48386ecfd 100755 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ [`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::python`]: #class-apachemodpython [`apache::mod::security`]: #class-apachemodsecurity [`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl @@ -187,6 +188,7 @@ [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html [`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html [`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_python`]: http://modpython.org/ [`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [`mod_security`]: https://www.modsecurity.org/ [`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html @@ -1611,7 +1613,7 @@ The following Apache modules have supported classes, many of which allow for par * `proxy_balancer` * `proxy_html` (see [`apache::mod::proxy_html`][]) * `proxy_http` -* `python` +* `python` (see [`apache::mod::python`][]) * `reqtimeout` * `remoteip`\* * `rewrite` @@ -2477,6 +2479,14 @@ Default values for these parameters depend on your operating system. Most of thi **Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. +##### Class: `apache::mod::python` + +Installs and configures [`mod_python`][]. + +**Parameters** + +* `loadfile_name`: Sets the name of the configuration file that is used to load the python module. + ##### Class: `apache::mod::reqtimeout` Installs and configures [`mod_reqtimeout`][]. diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp index 75af350114..67f578d419 100644 --- a/manifests/mod/python.pp +++ b/manifests/mod/python.pp @@ -1,6 +1,10 @@ -class apache::mod::python { +class apache::mod::python ( + Optional[String] $loadfile_name = undef, +) { include ::apache - ::apache::mod { 'python': } + ::apache::mod { 'python': + loadfile_name => $loadfile_name, + } } diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 1393293a97..622a558c37 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -37,6 +37,14 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod("python") } it { is_expected.to contain_package("mod_python") } + it { is_expected.to contain_file("python.load").with_path('/etc/httpd/conf.d/python.load') } + + describe "with loadfile_name specified" do + let :params do + { :loadfile_name => 'FooBar' } + end + it { is_expected.to contain_file("FooBar").with_path('/etc/httpd/conf.d/FooBar') } + end end context "on a FreeBSD OS" do let :facts do From 1c73f6d96c64f3f7efe0412319e0e8edb4499668 Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sat, 5 Aug 2017 18:38:26 -0500 Subject: [PATCH 1210/2267] Adds all documented mod_passenger options to apache::mod::passenger * Parsed https://www.phusionpassenger.com/library/config/apache/reference for all options * Took care of maintaining older options * Add specs for all options * added warnings a failures if passenger_installed_version is set --- manifests/mod/passenger.pp | 695 +++++++++++++++++++++++++++-- spec/classes/mod/passenger_spec.rb | 323 +++++++++++--- templates/mod/passenger.conf.erb | 246 +++++++++- 3 files changed, 1126 insertions(+), 138 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 3b17d3db3e..c809a997a4 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,35 +1,568 @@ class apache::mod::passenger ( - $passenger_conf_file = $::apache::params::passenger_conf_file, - $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, - $passenger_high_performance = undef, - $passenger_pool_idle_time = undef, - $passenger_max_request_queue_size = undef, - $passenger_max_requests = undef, - Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef, - $passenger_stat_throttle_rate = undef, - $rack_autodetect = undef, - $rails_autodetect = undef, - $passenger_root = $::apache::params::passenger_root, - $passenger_ruby = $::apache::params::passenger_ruby, - $passenger_default_ruby = $::apache::params::passenger_default_ruby, - $passenger_max_pool_size = undef, - $passenger_min_instances = undef, - $passenger_max_instances_per_app = undef, - $passenger_use_global_queue = undef, - $passenger_app_env = undef, - Optional[Stdlib::Absolutepath] $passenger_log_file = undef, - $passenger_log_level = undef, - $passenger_data_buffer_dir = undef, - $manage_repo = true, - $mod_package = undef, - $mod_package_ensure = undef, - $mod_lib = undef, - $mod_lib_path = undef, - $mod_id = undef, - $mod_path = undef, + $manage_repo = true, + $mod_id = undef, + $mod_lib = undef, + $mod_lib_path = undef, + $mod_package = undef, + $mod_package_ensure = undef, + $mod_path = undef, + $passenger_allow_encoded_slashes = undef, + $passenger_app_env = undef, + $passenger_app_group_name = undef, + $passenger_app_root = undef, + $passenger_app_type = undef, + $passenger_base_uri = undef, + $passenger_buffer_response = undef, + $passenger_buffer_upload = undef, + $passenger_concurrency_model = undef, + $passenger_conf_file = $::apache::params::passenger_conf_file, + $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, + $passenger_data_buffer_dir = undef, + $passenger_debug_log_file = undef, + $passenger_debugger = undef, + $passenger_default_group = undef, + $passenger_default_ruby = $::apache::params::passenger_default_ruby, + $passenger_default_user = undef, + $passenger_disable_security_update_check = undef, + $passenger_enabled = undef, + $passenger_error_override = undef, + $passenger_file_descriptor_log_file = undef, + $passenger_fly_with = undef, + $passenger_force_max_concurrent_requests_per_process = undef, + $passenger_friendly_error_pages = undef, + $passenger_group = undef, + $passenger_high_performance = undef, + $passenger_installed_version = undef, + $passenger_instance_registry_dir = undef, + $passenger_load_shell_envvars = undef, + Optional[Stdlib::Absolutepath] $passenger_log_file = undef, + $passenger_log_level = undef, + $passenger_lve_min_uid = undef, + $passenger_max_instances = undef, + $passenger_max_instances_per_app = undef, + $passenger_max_pool_size = undef, + $passenger_max_preloader_idle_time = undef, + $passenger_max_request_queue_size = undef, + $passenger_max_request_time = undef, + $passenger_max_requests = undef, + $passenger_memory_limit = undef, + $passenger_meteor_app_settings = undef, + $passenger_min_instances = undef, + $passenger_nodejs = undef, + $passenger_pool_idle_time = undef, + $passenger_pre_start = undef, + $passenger_python = undef, + $passenger_resist_deployment_errors = undef, + $passenger_resolve_symlinks_in_document_root = undef, + $passenger_response_buffer_high_watermark = undef, + $passenger_restart_dir = undef, + $passenger_rolling_restarts = undef, + $passenger_root = $::apache::params::passenger_root, + $passenger_ruby = $::apache::params::passenger_ruby, + $passenger_security_update_check_proxy = undef, + $passenger_show_version_in_header = undef, + $passenger_socket_backlog = undef, + Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef, + $passenger_start_timeout = undef, + $passenger_startup_file = undef, + $passenger_stat_throttle_rate = undef, + $passenger_sticky_sessions = undef, + $passenger_sticky_sessions_cookie_name = undef, + $passenger_thread_count = undef, + $passenger_use_global_queue = undef, + $passenger_user = undef, + $passenger_user_switching = undef, + $rack_auto_detect = undef, + $rack_autodectect = undef, + $rack_autodetect = undef, + $rack_base_uri = undef, + $rack_env = undef, + $rails_allow_mod_rewrite = undef, + $rails_app_spawner_idle_time = undef, + $rails_auto_detect = undef, + $rails_autodetect = undef, + $rails_base_uri = undef, + $rails_default_user = undef, + $rails_env = undef, + $rails_framework_spawner_idle_time = undef, + $rails_ruby = undef, + $rails_spawn_method = undef, + $rails_user_switching = undef, + $union_station_filter = undef, + $union_station_gateway_address = undef, + $union_station_gateway_cert = undef, + $union_station_gateway_port = undef, + $union_station_key = undef, + $union_station_proxy_address = undef, + $union_station_support = undef, + $wsgi_auto_detect = undef, ) inherits ::apache::params { - include ::apache + # Checking version support + if $passenger_installed_version { + if $passenger_allow_encoded_slashes { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_app_env { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_app_group_name { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_app_root { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_app_type { + if (versioncmp($passenger_installed_version, '4.0.25') < 0) { + fail("Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_base_uri { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_buffer_response { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_buffer_upload { + if (versioncmp($passenger_installed_version, '4.0.26') < 0) { + fail("Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_concurrency_model { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_data_buffer_dir { + if (versioncmp($passenger_installed_version, '5.0.0') < 0) { + fail("Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_debug_log_file { + if (versioncmp($passenger_installed_version, '5.0.5') > 0) { + warning("DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.") + } + if (versioncmp($passenger_installed_version, '5.0.5') < 0) { + fail("Passenger config option :: passenger_debug_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_debugger { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_default_group { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_default_ruby { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_default_user { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_disable_security_update_check { + if (versioncmp($passenger_installed_version, '5.1.0') < 0) { + fail("Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_enabled { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_error_override { + if (versioncmp($passenger_installed_version, '4.0.24') < 0) { + fail("Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_file_descriptor_log_file { + if (versioncmp($passenger_installed_version, '5.0.5') < 0) { + fail("Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_fly_with { + if (versioncmp($passenger_installed_version, '4.0.45') < 0) { + fail("Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_force_max_concurrent_requests_per_process { + if (versioncmp($passenger_installed_version, '5.0.22') < 0) { + fail("Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_friendly_error_pages { + if (versioncmp($passenger_installed_version, '4.0.42') < 0) { + fail("Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_group { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_high_performance { + if (versioncmp($passenger_installed_version, '2.0.0') < 0) { + fail("Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_instance_registry_dir { + if (versioncmp($passenger_installed_version, '5.0.0') < 0) { + fail("Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_load_shell_envvars { + if (versioncmp($passenger_installed_version, '4.0.20') < 0) { + fail("Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_log_file { + if (versioncmp($passenger_installed_version, '5.0.5') < 0) { + fail("Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_log_level { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_lve_min_uid { + if (versioncmp($passenger_installed_version, '5.0.28') < 0) { + fail("Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_instances { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_instances_per_app { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_pool_size { + if (versioncmp($passenger_installed_version, '1.0.0') < 0) { + fail("Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_preloader_idle_time { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_request_queue_size { + if (versioncmp($passenger_installed_version, '4.0.15') < 0) { + fail("Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_request_time { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_max_requests { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_memory_limit { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_meteor_app_settings { + if (versioncmp($passenger_installed_version, '5.0.7') < 0) { + fail("Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_min_instances { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_nodejs { + if (versioncmp($passenger_installed_version, '4.0.24') < 0) { + fail("Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_pool_idle_time { + if (versioncmp($passenger_installed_version, '1.0.0') < 0) { + fail("Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_pre_start { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_python { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_resist_deployment_errors { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_resolve_symlinks_in_document_root { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_response_buffer_high_watermark { + if (versioncmp($passenger_installed_version, '5.0.0') < 0) { + fail("Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_restart_dir { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_rolling_restarts { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_root { + if (versioncmp($passenger_installed_version, '1.0.0') < 0) { + fail("Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_ruby { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_security_update_check_proxy { + if (versioncmp($passenger_installed_version, '5.1.0') < 0) { + fail("Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_show_version_in_header { + if (versioncmp($passenger_installed_version, '5.1.0') < 0) { + fail("Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_socket_backlog { + if (versioncmp($passenger_installed_version, '5.0.24') < 0) { + fail("Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_spawn_method { + if (versioncmp($passenger_installed_version, '2.0.0') < 0) { + fail("Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_start_timeout { + if (versioncmp($passenger_installed_version, '4.0.15') < 0) { + fail("Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_startup_file { + if (versioncmp($passenger_installed_version, '4.0.25') < 0) { + fail("Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_stat_throttle_rate { + if (versioncmp($passenger_installed_version, '2.2.0') < 0) { + fail("Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_sticky_sessions { + if (versioncmp($passenger_installed_version, '4.0.45') < 0) { + fail("Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_sticky_sessions_cookie_name { + if (versioncmp($passenger_installed_version, '4.0.45') < 0) { + fail("Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_thread_count { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_use_global_queue { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: passenger_use_global_queue :: ") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_use_global_queue is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_user { + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $passenger_user_switching { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rack_auto_detect { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: rack_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rack_base_uri { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rack_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rack_env { + if (versioncmp($passenger_installed_version, '2.0.0') < 0) { + fail("Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_allow_mod_rewrite { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: rails_allow_mod_rewrite is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_app_spawner_idle_time { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: rails_app_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_auto_detect { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: rails_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_base_uri { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rails_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_default_user { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rails_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_env { + if (versioncmp($passenger_installed_version, '2.0.0') < 0) { + fail("Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_framework_spawner_idle_time { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: rails_framework_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_ruby { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rails_ruby is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_spawn_method { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rails_spawn_method is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $rails_user_switching { + if (versioncmp($passenger_installed_version, '3.0.0') > 0) { + warning("DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.") + } + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: rails_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_filter { + if (versioncmp($passenger_installed_version, '3.0.5') < 0) { + fail("Passenger config option :: union_station_filter is not introduced until version 3.0.5 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_gateway_address { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: union_station_gateway_address is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_gateway_cert { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: union_station_gateway_cert is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_gateway_port { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: union_station_gateway_port is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_key { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: union_station_key is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_proxy_address { + if (versioncmp($passenger_installed_version, '3.0.11') < 0) { + fail("Passenger config option :: union_station_proxy_address is not introduced until version 3.0.11 :: ${passenger_installed_version} is the version reported") + } + } + if $union_station_support { + if (versioncmp($passenger_installed_version, '3.0.0') < 0) { + fail("Passenger config option :: union_station_support is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") + } + } + if $wsgi_auto_detect { + if (versioncmp($passenger_installed_version, '4.0.0') > 0) { + fail("REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + } + if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + fail("Passenger config option :: wsgi_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + } + } + } # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { @@ -85,25 +618,93 @@ loadfile_name => 'zpassenger.load', } } - # Template uses: - # - $passenger_root - # - $passenger_ruby - # - $passenger_default_ruby - # - $passenger_max_pool_size - # - $passenger_min_instances - # - $passenger_max_instances_per_app - # - $passenger_high_performance - # - $passenger_max_requests - # - $passenger_spawn_method - # - $passenger_stat_throttle_rate - # - $passenger_use_global_queue - # - $passenger_log_file - # - $passenger_log_level - # - $passenger_app_env - # - $passenger_data_buffer_dir - # - $rack_autodetect - # - $rails_autodetect + # - $passenger_allow_encoded_slashes : since 4.0.0 + # - $passenger_app_env : since 4.0.0 + # - $passenger_app_group_name : since 4.0.0 + # - $passenger_app_root : since 4.0.0 + # - $passenger_app_type : since 4.0.25 + # - $passenger_base_uri : since 4.0.0 + # - $passenger_buffer_response : since 4.0.0 + # - $passenger_buffer_upload : since 4.0.26 + # - $passenger_concurrency_model : since 4.0.0 + # - $passenger_data_buffer_dir : since 5.0.0 + # - $passenger_debug_log_file : since 5.0.5 + # - $passenger_debugger : since 3.0.0 + # - $passenger_default_group : since 3.0.0 + # - $passenger_default_ruby : since 4.0.0 + # - $passenger_default_user : since 3.0.0 + # - $passenger_disable_security_update_check : since 5.1.0 + # - $passenger_enabled : since 4.0.0 + # - $passenger_error_override : since 4.0.24 + # - $passenger_file_descriptor_log_file : since 5.0.5 + # - $passenger_fly_with : since 4.0.45 + # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22 + # - $passenger_friendly_error_pages : since 4.0.42 + # - $passenger_group : since 4.0.0 + # - $passenger_high_performance : since 2.0.0 + # - $passenger_instance_registry_dir : since 5.0.0 + # - $passenger_load_shell_envvars : since 4.0.20 + # - $passenger_log_file : since 5.0.5 + # - $passenger_log_level : since 3.0.0 + # - $passenger_lve_min_uid : since 5.0.28 + # - $passenger_max_instances : since 3.0.0 + # - $passenger_max_instances_per_app : since 3.0.0 + # - $passenger_max_pool_size : since 1.0.0 + # - $passenger_max_preloader_idle_time : since 4.0.0 + # - $passenger_max_request_queue_size : since 4.0.15 + # - $passenger_max_request_time : since 3.0.0 + # - $passenger_max_requests : since 3.0.0 + # - $passenger_memory_limit : since 3.0.0 + # - $passenger_meteor_app_settings : since 5.0.7 + # - $passenger_min_instances : since 3.0.0 + # - $passenger_nodejs : since 4.0.24 + # - $passenger_pool_idle_time : since 1.0.0 + # - $passenger_pre_start : since 3.0.0 + # - $passenger_python : since 4.0.0 + # - $passenger_resist_deployment_errors : since 3.0.0 + # - $passenger_resolve_symlinks_in_document_root : since 3.0.0 + # - $passenger_response_buffer_high_watermark : since 5.0.0 + # - $passenger_restart_dir : since 3.0.0 + # - $passenger_rolling_restarts : since 3.0.0 + # - $passenger_root : since 1.0.0 + # - $passenger_ruby : since 4.0.0 + # - $passenger_security_update_check_proxy : since 5.1.0 + # - $passenger_show_version_in_header : since 5.1.0 + # - $passenger_socket_backlog : since 5.0.24 + # - $passenger_spawn_method : since 2.0.0 + # - $passenger_start_timeout : since 4.0.15 + # - $passenger_startup_file : since 4.0.25 + # - $passenger_stat_throttle_rate : since 2.2.0 + # - $passenger_sticky_sessions : since 4.0.45 + # - $passenger_sticky_sessions_cookie_name : since 4.0.45 + # - $passenger_thread_count : since 4.0.0 + # - $passenger_use_global_queue : since 4.0.0 + # - $passenger_user : since 4.0.0 + # - $passenger_user_switching : since 3.0.0 + # - $rack_auto_detect : since 4.0.0 + # - $rack_base_uri : since 3.0.0 + # - $rack_env : since 2.0.0 + # - $rails_allow_mod_rewrite : since 4.0.0 + # - $rails_app_spawner_idle_time : since 4.0.0 + # - $rails_auto_detect : since 4.0.0 + # - $rails_base_uri : since 3.0.0 + # - $rails_default_user : since 3.0.0 + # - $rails_env : since 2.0.0 + # - $rails_framework_spawner_idle_time : since 4.0.0 + # - $rails_ruby : since 3.0.0 + # - $rails_spawn_method : since 3.0.0 + # - $rails_user_switching : since 3.0.0 + # - $union_station_filter : since 3.0.5 + # - $union_station_gateway_address : since 3.0.0 + # - $union_station_gateway_cert : since 3.0.0 + # - $union_station_gateway_port : since 3.0.0 + # - $union_station_key : since 3.0.0 + # - $union_station_proxy_address : since 3.0.11 + # - $union_station_support : since 3.0.0 + # - $wsgi_auto_detect : since 4.0.0 + # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class + # - $rack_autodectect : this options is only for backward compatiblity with older versions of this class file { 'passenger.conf': ensure => file, path => "${::apache::mod_dir}/${passenger_conf_file}", diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 200d45706f..5c3c115239 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -2,6 +2,185 @@ describe 'apache::mod::passenger', :type => :class do it_behaves_like "a mod class, without including apache" + context "validating all passenger params - using Debian" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("libapache2-mod-passenger") } + it { is_expected.to contain_file('zpassenger.load').with({ + 'path' => '/etc/apache2/mods-available/zpassenger.load', + }) } + it { is_expected.to contain_file('passenger.conf').with({ + 'path' => '/etc/apache2/mods-available/passenger.conf', + }) } + + passenger_config_options = { + 'passenger_allow_encoded_slashes' => {Type: 'OnOff', PassOpt: :PassengerAllowEncodedSlashes}, + 'passenger_app_env' => {Type: 'String', PassOpt: :PassengerAppEnv}, + 'passenger_app_group_name' => {Type: 'String', PassOpt: :PassengerAppGroupName}, + 'passenger_app_root' => {Type: 'FullPath', PassOpt: :PassengerAppRoot}, + 'passenger_app_type' => {Type: 'String', PassOpt: :PassengerAppType}, + 'passenger_base_uri' => {Type: 'URI', PassOpt: :PassengerBaseURI}, + 'passenger_buffer_response' => {Type: 'OnOff', PassOpt: :PassengerBufferResponse}, + 'passenger_buffer_upload' => {Type: 'OnOff', PassOpt: :PassengerBufferUpload}, + 'passenger_concurrency_model' => {Type: ["process", "thread"], PassOpt: :PassengerConcurrencyModel}, + 'passenger_data_buffer_dir' => {Type: 'FullPath', PassOpt: :PassengerDataBufferDir}, + 'passenger_debug_log_file' => {Type: 'String', PassOpt: :PassengerDebugLogFile}, + 'passenger_debugger' => {Type: 'OnOff', PassOpt: :PassengerDebugger}, + 'passenger_default_group' => {Type: 'String', PassOpt: :PassengerDefaultGroup}, + 'passenger_default_ruby' => {Type: 'FullPath', PassOpt: :PassengerDefaultRuby}, + 'passenger_default_user' => {Type: 'String', PassOpt: :PassengerDefaultUser}, + 'passenger_disable_security_update_check' => {Type: 'OnOff', PassOpt: :PassengerDisableSecurityUpdateCheck}, + 'passenger_enabled' => {Type: 'OnOff', PassOpt: :PassengerEnabled}, + 'passenger_error_override' => {Type: 'OnOff', PassOpt: :PassengerErrorOverride}, + 'passenger_file_descriptor_log_file' => {Type: 'FullPath', PassOpt: :PassengerFileDescriptorLogFile}, + 'passenger_fly_with' => {Type: 'FullPath', PassOpt: :PassengerFlyWith}, + 'passenger_force_max_concurrent_requests_per_process' => {Type: 'Integer', PassOpt: :PassengerForceMaxConcurrentRequestsPerProcess}, + 'passenger_friendly_error_pages' => {Type: 'OnOff', PassOpt: :PassengerFriendlyErrorPages}, + 'passenger_group' => {Type: 'String', PassOpt: :PassengerGroup}, + 'passenger_high_performance' => {Type: 'OnOff', PassOpt: :PassengerHighPerformance}, + 'passenger_instance_registry_dir' => {Type: 'FullPath', PassOpt: :PassengerInstanceRegistryDir}, + 'passenger_load_shell_envvars' => {Type: 'OnOff', PassOpt: :PassengerLoadShellEnvvars}, + 'passenger_log_file' => {Type: 'FullPath', PassOpt: :PassengerLogFile}, + 'passenger_log_level' => {Type: 'Integer', PassOpt: :PassengerLogLevel}, + 'passenger_lve_min_uid' => {Type: 'Integer', PassOpt: :PassengerLveMinUid}, + 'passenger_max_instances' => {Type: 'Integer', PassOpt: :PassengerMaxInstances}, + 'passenger_max_instances_per_app' => {Type: 'Integer', PassOpt: :PassengerMaxInstancesPerApp}, + 'passenger_max_pool_size' => {Type: 'Integer', PassOpt: :PassengerMaxPoolSize}, + 'passenger_max_preloader_idle_time' => {Type: 'Integer', PassOpt: :PassengerMaxPreloaderIdleTime}, + 'passenger_max_request_queue_size' => {Type: 'Integer', PassOpt: :PassengerMaxRequestQueueSize}, + 'passenger_max_request_time' => {Type: 'Integer', PassOpt: :PassengerMaxRequestTime}, + 'passenger_max_requests' => {Type: 'Integer', PassOpt: :PassengerMaxRequests}, + 'passenger_memory_limit' => {Type: 'Integer', PassOpt: :PassengerMemoryLimit}, + 'passenger_meteor_app_settings' => {Type: 'FullPath', PassOpt: :PassengerMeteorAppSettings}, + 'passenger_min_instances' => {Type: 'Integer', PassOpt: :PassengerMinInstances}, + 'passenger_nodejs' => {Type: 'FullPath', PassOpt: :PassengerNodejs}, + 'passenger_pool_idle_time' => {Type: 'Integer', PassOpt: :PassengerPoolIdleTime}, + 'passenger_pre_start' => {Type: 'URI', PassOpt: :PassengerPreStart}, + 'passenger_python' => {Type: 'FullPath', PassOpt: :PassengerPython}, + 'passenger_resist_deployment_errors' => {Type: 'OnOff', PassOpt: :PassengerResistDeploymentErrors}, + 'passenger_resolve_symlinks_in_document_root' => {Type: 'OnOff', PassOpt: :PassengerResolveSymlinksInDocumentRoot}, + 'passenger_response_buffer_high_watermark' => {Type: 'Integer', PassOpt: :PassengerResponseBufferHighWatermark}, + 'passenger_restart_dir' => {Type: 'Path', PassOpt: :PassengerRestartDir}, + 'passenger_rolling_restarts' => {Type: 'OnOff', PassOpt: :PassengerRollingRestarts}, + 'passenger_root' => {Type: 'FullPath', PassOpt: :PassengerRoot}, + 'passenger_ruby' => {Type: 'FullPath', PassOpt: :PassengerRuby}, + 'passenger_security_update_check_proxy' => {Type: 'URI', PassOpt: :PassengerSecurityUpdateCheckProxy}, + 'passenger_show_version_in_header' => {Type: 'OnOff', PassOpt: :PassengerShowVersionInHeader}, + 'passenger_socket_backlog' => {Type: 'Integer', PassOpt: :PassengerSocketBacklog}, + 'passenger_spawn_method' => {Type: ["smart", "direct"], PassOpt: :PassengerSpawnMethod}, + 'passenger_start_timeout' => {Type: 'Integer', PassOpt: :PassengerStartTimeout}, + 'passenger_startup_file' => {Type: 'RelPath', PassOpt: :PassengerStartupFile}, + 'passenger_stat_throttle_rate' => {Type: 'Integer', PassOpt: :PassengerStatThrottleRate}, + 'passenger_sticky_sessions' => {Type: 'OnOff', PassOpt: :PassengerStickySessions}, + 'passenger_sticky_sessions_cookie_name' => {Type: 'String', PassOpt: :PassengerStickySessionsCookieName}, + 'passenger_thread_count' => {Type: 'Integer', PassOpt: :PassengerThreadCount}, + 'passenger_use_global_queue' => {Type: 'String', PassOpt: :PassengerUseGlobalQueue}, + 'passenger_user' => {Type: 'String', PassOpt: :PassengerUser}, + 'passenger_user_switching' => {Type: 'OnOff', PassOpt: :PassengerUserSwitching}, + 'rack_auto_detect' => {Type: 'String', PassOpt: :RackAutoDetect}, + 'rack_base_uri' => {Type: 'String', PassOpt: :RackBaseURI}, + 'rack_env' => {Type: 'String', PassOpt: :RackEnv}, + 'rails_allow_mod_rewrite' => {Type: 'String', PassOpt: :RailsAllowModRewrite}, + 'rails_app_spawner_idle_time' => {Type: 'String', PassOpt: :RailsAppSpawnerIdleTime}, + 'rails_auto_detect' => {Type: 'String', PassOpt: :RailsAutoDetect}, + 'rails_base_uri' => {Type: 'String', PassOpt: :RailsBaseURI}, + 'rails_default_user' => {Type: 'String', PassOpt: :RailsDefaultUser}, + 'rails_env' => {Type: 'String', PassOpt: :RailsEnv}, + 'rails_framework_spawner_idle_time' => {Type: 'String', PassOpt: :RailsFrameworkSpawnerIdleTime}, + 'rails_ruby' => {Type: 'String', PassOpt: :RailsRuby}, + 'rails_spawn_method' => {Type: 'String', PassOpt: :RailsSpawnMethod}, + 'rails_user_switching' => {Type: 'String', PassOpt: :RailsUserSwitching}, + 'union_station_filter' => {Type: 'QuotedString', PassOpt: :UnionStationFilter}, + 'union_station_gateway_address' => {Type: 'URI', PassOpt: :UnionStationGatewayAddress}, + 'union_station_gateway_cert' => {Type: 'FullPath', PassOpt: :UnionStationGatewayCert}, + 'union_station_gateway_port' => {Type: 'Integer', PassOpt: :UnionStationGatewayPort}, + 'union_station_key' => {Type: 'String', PassOpt: :UnionStationKey}, + 'union_station_proxy_address' => {Type: 'URI', PassOpt: :UnionStationProxyAddress}, + 'union_station_support' => {Type: 'OnOff', PassOpt: :UnionStationSupport}, + 'wsgi_auto_detect' => {Type: 'String', PassOpt: :WsgiAutoDetect}, + 'rails_autodetect' => {Type: 'OnOff', PassOpt: :RailsAutoDetect}, + 'rack_autodetect' => {Type: 'OnOff', PassOpt: :RackAutoDetect}, + } + passenger_config_options.each do |config_option, config_hash| + puppetized_config_option = config_option + valid_config_values = [] + case config_hash[:Type] + when 'QuotedString' + valid_config_values = ['"a quoted string"'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value.gsub(/\"/, '')}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} "#{valid_value}"$/) } + end + end + when 'FullPath', 'RelPath', 'Path' + valid_config_values = ['/some/path/to/somewhere'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => #{valid_value}" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} "#{valid_value}"$/) } + end + end + when 'URI', 'String' + valid_config_values = ['some_string_for_you'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => #{valid_value}" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + end + end + when 'Integer' + valid_config_values = [100] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => #{valid_value}" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + end + end + when 'OnOff' + valid_config_values = ['on', 'off'] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + end + end + else + valid_config_values = config_hash[:Type] + valid_config_values.each do |valid_value| + describe "with #{puppetized_config_option} => '#{valid_value}'" do + let :params do + { puppetized_config_option.to_sym => valid_value } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + end + end + end + end + end context "on a Debian OS" do let :facts do { @@ -25,7 +204,7 @@ it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - describe "with passenger_root => '/usr/lib/example'" do + describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end @@ -122,11 +301,17 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerAppEnv foo$/) } end + describe "with passenger_instance_registry_dir => '/var/run/passenger-instreg'" do + let :params do + { :passenger_instance_registry_dir => '/var/run/passenger-instreg' } + end + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerInstanceRegistryDir "/var/run/passenger-instreg"$}) } + end describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do let :params do { :passenger_log_file => '/var/log/apache2/passenger.log' } end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile /var/log/apache2/passenger.log$}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile "/var/log/apache2/passenger.log"$}) } end describe "with passenger_log_level => 3" do let :params do @@ -162,15 +347,15 @@ context "with Ubuntu 12.04 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '12.04', - :kernel => 'Linux', - :operatingsystem => 'Ubuntu', - :lsbdistrelease => '12.04', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '12.04', + :kernel => 'Linux', + :operatingsystem => 'Ubuntu', + :lsbdistrelease => '12.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -182,15 +367,15 @@ context "with Ubuntu 14.04 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '14.04', - :operatingsystem => 'Ubuntu', - :kernel => 'Linux', - :lsbdistrelease => '14.04', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '14.04', + :operatingsystem => 'Ubuntu', + :kernel => 'Linux', + :lsbdistrelease => '14.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -202,15 +387,15 @@ context "with Debian 7 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '7.3', - :operatingsystem => 'Debian', - :kernel => 'Linux', - :lsbdistcodename => 'wheezy', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '7.3', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'wheezy', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -222,15 +407,15 @@ context "with Debian 8 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '8.0', - :operatingsystem => 'Debian', - :kernel => 'Linux', - :lsbdistcodename => 'jessie', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '8.0', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'jessie', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -243,13 +428,13 @@ context "on a RedHat OS" do let :rh_facts do { - :osfamily => 'RedHat', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'RedHat', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -260,13 +445,13 @@ it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("mod_passenger") } it { is_expected.to contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } it { is_expected.to contain_file('passenger_package.conf').without_content } it { is_expected.to contain_file('passenger_package.conf').without_source } it { is_expected.to contain_file('zpassenger.load').with({ - 'path' => '/etc/httpd/conf.d/zpassenger.load', - }) } + 'path' => '/etc/httpd/conf.d/zpassenger.load', + }) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } describe "with passenger_root => '/usr/lib/example'" do @@ -287,24 +472,24 @@ let(:facts) { rh_facts.merge(:operatingsystemrelease => '7') } it { is_expected.to contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } it { is_expected.to contain_file('zpassenger.load').with({ - 'path' => '/etc/httpd/conf.modules.d/zpassenger.load', - }) } + 'path' => '/etc/httpd/conf.modules.d/zpassenger.load', + }) } end end context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -314,14 +499,14 @@ context "on a Gentoo OS" do let :facts do { - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :is_pe => false, + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 03ff534d25..17b13f9dc6 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -1,61 +1,263 @@ + # The Passenger Apache module configuration file is being # managed by Puppet and changes will be overwritten. - <%- if @passenger_root -%> - PassengerRoot "<%= @passenger_root %>" + <%- if @passenger_allow_encoded_slashes -%> + PassengerAllowEncodedSlashes <%= @passenger_allow_encoded_slashes %> <%- end -%> - <%- if @passenger_ruby -%> - PassengerRuby "<%= @passenger_ruby %>" + <%- if @passenger_app_env -%> + PassengerAppEnv <%= @passenger_app_env %> + <%- end -%> + <%- if @passenger_app_group_name -%> + PassengerAppGroupName <%= @passenger_app_group_name %> + <%- end -%> + <%- if @passenger_app_root -%> + PassengerAppRoot "<%= @passenger_app_root %>" + <%- end -%> + <%- if @passenger_app_type -%> + PassengerAppType <%= @passenger_app_type %> + <%- end -%> + <%- if @passenger_base_uri -%> + PassengerBaseURI <%= @passenger_base_uri %> + <%- end -%> + <%- if @passenger_buffer_response -%> + PassengerBufferResponse <%= @passenger_buffer_response %> + <%- end -%> + <%- if @passenger_buffer_upload -%> + PassengerBufferUpload <%= @passenger_buffer_upload %> + <%- end -%> + <%- if @passenger_concurrency_model -%> + PassengerConcurrencyModel <%= @passenger_concurrency_model %> + <%- end -%> + <%- if @passenger_data_buffer_dir -%> + PassengerDataBufferDir "<%= @passenger_data_buffer_dir %>" + <%- end -%> + <%- if @passenger_debug_log_file -%> + PassengerDebugLogFile <%= @passenger_debug_log_file %> + <%- end -%> + <%- if @passenger_debugger -%> + PassengerDebugger <%= @passenger_debugger %> + <%- end -%> + <%- if @passenger_default_group -%> + PassengerDefaultGroup <%= @passenger_default_group %> <%- end -%> <%- if @passenger_default_ruby -%> PassengerDefaultRuby "<%= @passenger_default_ruby %>" <%- end -%> + <%- if @passenger_default_user -%> + PassengerDefaultUser <%= @passenger_default_user %> + <%- end -%> + <%- if @passenger_disable_security_update_check -%> + PassengerDisableSecurityUpdateCheck <%= @passenger_disable_security_update_check %> + <%- end -%> + <%- if @passenger_enabled -%> + PassengerEnabled <%= @passenger_enabled %> + <%- end -%> + <%- if @passenger_error_override -%> + PassengerErrorOverride <%= @passenger_error_override %> + <%- end -%> + <%- if @passenger_file_descriptor_log_file -%> + PassengerFileDescriptorLogFile "<%= @passenger_file_descriptor_log_file %>" + <%- end -%> + <%- if @passenger_fly_with -%> + PassengerFlyWith "<%= @passenger_fly_with %>" + <%- end -%> + <%- if @passenger_force_max_concurrent_requests_per_process -%> + PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %> + <%- end -%> + <%- if @passenger_friendly_error_pages -%> + PassengerFriendlyErrorPages <%= @passenger_friendly_error_pages %> + <%- end -%> + <%- if @passenger_group -%> + PassengerGroup <%= @passenger_group %> + <%- end -%> <%- if @passenger_high_performance -%> PassengerHighPerformance <%= @passenger_high_performance %> <%- end -%> - <%- if @passenger_max_pool_size -%> - PassengerMaxPoolSize <%= @passenger_max_pool_size %> + <%- if @passenger_instance_registry_dir -%> + PassengerInstanceRegistryDir "<%= @passenger_instance_registry_dir %>" <%- end -%> - <%- if @passenger_min_instances -%> - PassengerMinInstances <%= @passenger_min_instances %> + <%- if @passenger_load_shell_envvars -%> + PassengerLoadShellEnvvars <%= @passenger_load_shell_envvars %> + <%- end -%> + <%- if @passenger_log_file -%> + PassengerLogFile "<%= @passenger_log_file %>" + <%- end -%> + <%- if @passenger_log_level -%> + PassengerLogLevel <%= @passenger_log_level %> + <%- end -%> + <%- if @passenger_lve_min_uid -%> + PassengerLveMinUid <%= @passenger_lve_min_uid %> + <%- end -%> + <%- if @passenger_max_instances -%> + PassengerMaxInstances <%= @passenger_max_instances %> <%- end -%> <%- if @passenger_max_instances_per_app -%> PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %> <%- end -%> - <%- if @passenger_pool_idle_time -%> - PassengerPoolIdleTime <%= @passenger_pool_idle_time %> + <%- if @passenger_max_pool_size -%> + PassengerMaxPoolSize <%= @passenger_max_pool_size %> + <%- end -%> + <%- if @passenger_max_preloader_idle_time -%> + PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %> <%- end -%> <%- if @passenger_max_request_queue_size -%> PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %> <%- end -%> + <%- if @passenger_max_request_time -%> + PassengerMaxRequestTime <%= @passenger_max_request_time %> + <%- end -%> <%- if @passenger_max_requests -%> PassengerMaxRequests <%= @passenger_max_requests %> <%- end -%> + <%- if @passenger_memory_limit -%> + PassengerMemoryLimit <%= @passenger_memory_limit %> + <%- end -%> + <%- if @passenger_meteor_app_settings -%> + PassengerMeteorAppSettings "<%= @passenger_meteor_app_settings %>" + <%- end -%> + <%- if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> + <%- end -%> + <%- if @passenger_nodejs -%> + PassengerNodejs "<%= @passenger_nodejs %>" + <%- end -%> + <%- if @passenger_pool_idle_time -%> + PassengerPoolIdleTime <%= @passenger_pool_idle_time %> + <%- end -%> + <%- if @passenger_pre_start -%> + PassengerPreStart <%= @passenger_pre_start %> + <%- end -%> + <%- if @passenger_python -%> + PassengerPython "<%= @passenger_python %>" + <%- end -%> + <%- if @passenger_resist_deployment_errors -%> + PassengerResistDeploymentErrors <%= @passenger_resist_deployment_errors %> + <%- end -%> + <%- if @passenger_resolve_symlinks_in_document_root -%> + PassengerResolveSymlinksInDocumentRoot <%= @passenger_resolve_symlinks_in_document_root %> + <%- end -%> + <%- if @passenger_response_buffer_high_watermark -%> + PassengerResponseBufferHighWatermark <%= @passenger_response_buffer_high_watermark %> + <%- end -%> + <%- if @passenger_restart_dir -%> + PassengerRestartDir "<%= @passenger_restart_dir %>" + <%- end -%> + <%- if @passenger_rolling_restarts -%> + PassengerRollingRestarts <%= @passenger_rolling_restarts %> + <%- end -%> + <%- if @passenger_root -%> + PassengerRoot "<%= @passenger_root %>" + <%- end -%> + <%- if @passenger_ruby -%> + PassengerRuby "<%= @passenger_ruby %>" + <%- end -%> + <%- if @passenger_security_update_check_proxy -%> + PassengerSecurityUpdateCheckProxy <%= @passenger_security_update_check_proxy %> + <%- end -%> + <%- if @passenger_show_version_in_header -%> + PassengerShowVersionInHeader <%= @passenger_show_version_in_header %> + <%- end -%> + <%- if @passenger_socket_backlog -%> + PassengerSocketBacklog <%= @passenger_socket_backlog %> + <%- end -%> <%- if @passenger_spawn_method -%> PassengerSpawnMethod <%= @passenger_spawn_method %> <%- end -%> + <%- if @passenger_start_timeout -%> + PassengerStartTimeout <%= @passenger_start_timeout %> + <%- end -%> + <%- if @passenger_startup_file -%> + PassengerStartupFile "<%= @passenger_startup_file %>" + <%- end -%> <%- if @passenger_stat_throttle_rate -%> PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %> <%- end -%> - <%- if @rack_autodetect -%> - RackAutoDetect <%= @rack_autodetect %> + <%- if @passenger_sticky_sessions -%> + PassengerStickySessions <%= @passenger_sticky_sessions %> <%- end -%> - <%- if @rails_autodetect -%> - RailsAutoDetect <%= @rails_autodetect %> + <%- if @passenger_sticky_sessions_cookie_name -%> + PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %> + <%- end -%> + <%- if @passenger_thread_count -%> + PassengerThreadCount <%= @passenger_thread_count %> <%- end -%> <%- if @passenger_use_global_queue -%> PassengerUseGlobalQueue <%= @passenger_use_global_queue %> <%- end -%> - <%- if @passenger_app_env -%> - PassengerAppEnv <%= @passenger_app_env %> + <%- if @passenger_user -%> + PassengerUser <%= @passenger_user %> <%- end -%> - <%- if @passenger_log_file -%> - PassengerLogFile <%= @passenger_log_file %> + <%- if @passenger_user_switching -%> + PassengerUserSwitching <%= @passenger_user_switching %> <%- end -%> - <%- if @passenger_log_level -%> - PassengerLogLevel <%= @passenger_log_level %> + <%- if @rack_auto_detect -%> + RackAutoDetect <%= @rack_auto_detect %> <%- end -%> - <%- if @passenger_data_buffer_dir -%> - PassengerDataBufferDir <%= @passenger_data_buffer_dir %> + <%- if @rack_base_uri -%> + RackBaseURI <%= @rack_base_uri %> + <%- end -%> + <%- if @rack_env -%> + RackEnv <%= @rack_env %> + <%- end -%> + <%- if @rails_allow_mod_rewrite -%> + RailsAllowModRewrite <%= @rails_allow_mod_rewrite %> + <%- end -%> + <%- if @rails_app_spawner_idle_time -%> + RailsAppSpawnerIdleTime <%= @rails_app_spawner_idle_time %> + <%- end -%> + <%- if @rails_auto_detect -%> + RailsAutoDetect <%= @rails_auto_detect %> + <%- end -%> + <%- if @rails_base_uri -%> + RailsBaseURI <%= @rails_base_uri %> + <%- end -%> + <%- if @rails_default_user -%> + RailsDefaultUser <%= @rails_default_user %> + <%- end -%> + <%- if @rails_env -%> + RailsEnv <%= @rails_env %> + <%- end -%> + <%- if @rails_framework_spawner_idle_time -%> + RailsFrameworkSpawnerIdleTime <%= @rails_framework_spawner_idle_time %> + <%- end -%> + <%- if @rails_ruby -%> + RailsRuby <%= @rails_ruby %> + <%- end -%> + <%- if @rails_spawn_method -%> + RailsSpawnMethod <%= @rails_spawn_method %> + <%- end -%> + <%- if @rails_user_switching -%> + RailsUserSwitching <%= @rails_user_switching %> + <%- end -%> + <%- if @union_station_filter -%> + UnionStationFilter "<%= @union_station_filter %>" + <%- end -%> + <%- if @union_station_gateway_address -%> + UnionStationGatewayAddress <%= @union_station_gateway_address %> + <%- end -%> + <%- if @union_station_gateway_cert -%> + UnionStationGatewayCert "<%= @union_station_gateway_cert %>" + <%- end -%> + <%- if @union_station_gateway_port -%> + UnionStationGatewayPort <%= @union_station_gateway_port %> + <%- end -%> + <%- if @union_station_key -%> + UnionStationKey <%= @union_station_key %> + <%- end -%> + <%- if @union_station_proxy_address -%> + UnionStationProxyAddress <%= @union_station_proxy_address %> + <%- end -%> + <%- if @union_station_support -%> + UnionStationSupport <%= @union_station_support %> + <%- end -%> + <%- if @wsgi_auto_detect -%> + WsgiAutoDetect <%= @wsgi_auto_detect %> + <%- end -%> + <%- if @rails_autodetect -%> + RailsAutoDetect <%= @rails_autodetect %> + <%- end -%> + <%- if @rack_autodetect -%> + RackAutoDetect <%= @rack_autodetect %> <%- end -%> From 5a9717f3883541b33e2d7578136bafe90235bc7f Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sat, 5 Aug 2017 21:13:50 -0500 Subject: [PATCH 1211/2267] Fix accpetance test error for mod_passenger * Remove the RubyMine formatter configuration from the ERB template * Remove pending message from spec/acceptance/mod_passenger_spec The message is not needed any more because puppet manages the passenger.conf file now --- spec/acceptance/mod_passenger_spec.rb | 3 --- templates/mod/passenger.conf.erb | 1 - 2 files changed, 4 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 4761d2c5bf..9243335dcc 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -2,9 +2,6 @@ require_relative './version.rb' describe 'apache::mod::passenger class' do - pending 'This cannot run in the same test run as apache::vhost with passenger - as the passenger.conf file is not yet managed by puppet and will be wiped out - between tests and not replaced' case fact('osfamily') when 'Debian' conf_file = "#{$mod_dir}/passenger.conf" diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 17b13f9dc6..8373307767 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -1,4 +1,3 @@ - # The Passenger Apache module configuration file is being # managed by Puppet and changes will be overwritten. From bc13cb08963c32d1f41f01ef43a05e672852302f Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sun, 6 Aug 2017 00:31:47 -0500 Subject: [PATCH 1212/2267] Add acceptance test for mod_passenger options * validates the passenger_installed_version options fires the version checking for each option * Fix a few linting errors --- manifests/mod/passenger.pp | 33 ++-- spec/acceptance/mod_passenger_spec.rb | 230 +++++++++++++++----------- 2 files changed, 150 insertions(+), 113 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index c809a997a4..777e10d937 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -73,7 +73,6 @@ $passenger_user = undef, $passenger_user_switching = undef, $rack_auto_detect = undef, - $rack_autodectect = undef, $rack_autodetect = undef, $rack_base_uri = undef, $rack_env = undef, @@ -152,7 +151,7 @@ } if $passenger_debug_log_file { if (versioncmp($passenger_installed_version, '5.0.5') > 0) { - warning("DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.") + warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.') } if (versioncmp($passenger_installed_version, '5.0.5') < 0) { fail("Passenger config option :: passenger_debug_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") @@ -405,9 +404,9 @@ } if $passenger_use_global_queue { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: passenger_use_global_queue :: ") + fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: no longer used after version 4.0.0 and is on by default') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { + if (versioncmp($passenger_installed_version, '2.0.4') < 0) { fail("Passenger config option :: passenger_use_global_queue is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") } } @@ -421,9 +420,9 @@ fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") } } - if $rack_auto_detect { + if ($rack_auto_detect or $rack_autodetect) { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } if (versioncmp($passenger_installed_version, '4.0.0') < 0) { fail("Passenger config option :: rack_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") @@ -431,7 +430,7 @@ } if $rack_base_uri { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.") + warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rack_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -452,15 +451,15 @@ } if $rails_app_spawner_idle_time { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.") + fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.') } if (versioncmp($passenger_installed_version, '4.0.0') < 0) { fail("Passenger config option :: rails_app_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") } } - if $rails_auto_detect { + if ($rails_auto_detect or $rails_autodetect) { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } if (versioncmp($passenger_installed_version, '4.0.0') < 0) { fail("Passenger config option :: rails_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") @@ -468,7 +467,7 @@ } if $rails_base_uri { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.") + warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rails_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -476,7 +475,7 @@ } if $rails_default_user { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.") + warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rails_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -489,7 +488,7 @@ } if $rails_framework_spawner_idle_time { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.") + fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.') } if (versioncmp($passenger_installed_version, '4.0.0') < 0) { fail("Passenger config option :: rails_framework_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") @@ -497,7 +496,7 @@ } if $rails_ruby { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.") + warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rails_ruby is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -505,7 +504,7 @@ } if $rails_spawn_method { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.") + warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rails_spawn_method is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -513,7 +512,7 @@ } if $rails_user_switching { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.") + warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.') } if (versioncmp($passenger_installed_version, '3.0.0') < 0) { fail("Passenger config option :: rails_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") @@ -556,7 +555,7 @@ } if $wsgi_auto_detect { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail("REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.") + fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } if (versioncmp($passenger_installed_version, '4.0.0') < 0) { fail("Passenger config option :: wsgi_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 9243335dcc..4a28c46287 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -83,123 +83,161 @@ EOS case fact('osfamily') - when 'Debian' - context "default passenger config" do - it 'succeeds in puppeting passenger' do - pp = <<-EOS + when 'Debian' + context 'passenger config with passenger_installed_version set' do + it 'should fail when an option is not valid for $passenger_installed_version' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '4.0.0', + passenger_instance_registry_dir => '/some/path/to/nowhere' + } + EOS + apply_manifest(pp, :expect_failures => true) do |r| + expect(r.stderr).to match(/passenger_instance_registry_dir is not introduced until version 5.0.0/) + end + end + it 'should fail when an option is removed' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '5.0.0', + rails_autodetect => 'on' + } + EOS + apply_manifest(pp, :expect_failures => true) do |r| + expect(r.stderr).to match(/REMOVED PASSENGER OPTION/) + end + end + it 'should warn when an option is deprecated' do + pp = <<-EOS + class { 'apache': } + class { 'apache::mod::passenger': + passenger_installed_version => '5.0.0', + rails_ruby => '/some/path/to/ruby' + } + EOS + apply_manifest(pp, :catch_failures => true) do |r| + expect(r.stderr).to match(/DEPRECATED PASSENGER OPTION/) + end + end + end + context "default passenger config" do + it 'succeeds in puppeting passenger' do + pp = <<-EOS /* stock apache and mod_passenger */ class { 'apache': } class { 'apache::mod::passenger': } #{pp_rackapp} - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' - else - it { should be_enabled } + EOS + apply_manifest(pp, :catch_failures => true) end - it { is_expected.to be_running } - end - describe file(conf_file) do - it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } - - case fact('operatingsystem') - when 'Ubuntu' - case fact('lsbdistrelease') - when '10.04' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when '12.04' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when '14.04' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } - when '16.04' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } - else - # This may or may not work on Ubuntu releases other than the above - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - end - when 'Debian' - case fact('lsbdistcodename') - when 'wheezy' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when 'jessie' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' else - # This may or may not work on Debian releases other than the above - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } + it { should be_enabled } end + it { is_expected.to be_running } end - end - - describe file(load_file) do - it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } - end - it 'should output status via passenger-memory-stats' do - shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| - expect(r.stdout).to match(/Apache processes/) - expect(r.stdout).to match(/Nginx processes/) - expect(r.stdout).to match(/Passenger processes/) - - # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain - # these two lines - unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) - expect(r.stdout).to match(/### Processes: [0-9]+/) - expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) + describe file(conf_file) do + it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '12.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '14.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + when '16.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + else + # This may or may not work on Ubuntu releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when 'jessie' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + else + # This may or may not work on Debian releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + end end + end - expect(r.exit_code).to eq(0) + describe file(load_file) do + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } end - end - # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, - # even when the passenger process is successfully installed and running - unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' - it 'should output status via passenger-status' do - # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| - # spacing may vary - expect(r.stdout).to match(/[\-]+ General information [\-]+/) - if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or - fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' - expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) - expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) - expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) - else - expect(r.stdout).to match(/max[ ]+= [0-9]+/) - expect(r.stdout).to match(/count[ ]+= [0-9]+/) - expect(r.stdout).to match(/active[ ]+= [0-9]+/) - expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) - expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) + it 'should output status via passenger-memory-stats' do + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) + + # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain + # these two lines + unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end expect(r.exit_code).to eq(0) end end - end - it 'should answer to passenger.example.com' do - shell("/usr/bin/curl passenger.example.com:80") do |r| - expect(r.stdout).to match(/^hello world<\/b>$/) - expect(r.exit_code).to eq(0) + # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, + # even when the passenger process is successfully installed and running + unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' + it 'should output status via passenger-status' do + # xml output not available on ubunutu <= 10.04, so sticking with default pool output + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| + # spacing may vary + expect(r.stdout).to match(/[\-]+ General information [\-]+/) + if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or + fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' + expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) + expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) + expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) + else + expect(r.stdout).to match(/max[ ]+= [0-9]+/) + expect(r.stdout).to match(/count[ ]+= [0-9]+/) + expect(r.stdout).to match(/active[ ]+= [0-9]+/) + expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) + expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) + end + + expect(r.exit_code).to eq(0) + end + end + end + + it 'should answer to passenger.example.com' do + shell("/usr/bin/curl passenger.example.com:80") do |r| + expect(r.stdout).to match(/^hello world<\/b>$/) + expect(r.exit_code).to eq(0) + end end - end - end + end end end From 267e0a8d523f76ffbe7758212facbba0017d29e2 Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sun, 6 Aug 2017 15:40:04 -0500 Subject: [PATCH 1213/2267] MODULES-5426 : Fix bug for REMOVED options The code generator was using the introduction version number as the removed verison number. --- manifests/mod/passenger.pp | 49 ++++---------------------------------- 1 file changed, 4 insertions(+), 45 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 777e10d937..23a21f522f 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -97,7 +97,6 @@ $wsgi_auto_detect = undef, ) inherits ::apache::params { include ::apache - # Checking version support if $passenger_installed_version { if $passenger_allow_encoded_slashes { if (versioncmp($passenger_installed_version, '4.0.0') < 0) { @@ -153,9 +152,6 @@ if (versioncmp($passenger_installed_version, '5.0.5') > 0) { warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.') } - if (versioncmp($passenger_installed_version, '5.0.5') < 0) { - fail("Passenger config option :: passenger_debug_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") - } } if $passenger_debugger { if (versioncmp($passenger_installed_version, '3.0.0') < 0) { @@ -404,10 +400,10 @@ } if $passenger_use_global_queue { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: no longer used after version 4.0.0 and is on by default') + fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ') } if (versioncmp($passenger_installed_version, '2.0.4') < 0) { - fail("Passenger config option :: passenger_use_global_queue is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") + fail('Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported') } } if $passenger_user { @@ -420,21 +416,15 @@ fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") } } - if ($rack_auto_detect or $rack_autodetect) { + if $rack_auto_detect { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: rack_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rack_base_uri { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rack_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rack_env { if (versioncmp($passenger_installed_version, '2.0.0') < 0) { @@ -445,41 +435,26 @@ if (versioncmp($passenger_installed_version, '4.0.0') > 0) { warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.") } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: rails_allow_mod_rewrite is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_app_spawner_idle_time { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: rails_app_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } - if ($rails_auto_detect or $rails_autodetect) { + if $rails_auto_detect { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: rails_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_base_uri { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rails_base_uri is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_default_user { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rails_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_env { if (versioncmp($passenger_installed_version, '2.0.0') < 0) { @@ -490,33 +465,21 @@ if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: rails_framework_spawner_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_ruby { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rails_ruby is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_spawn_method { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rails_spawn_method is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $rails_user_switching { if (versioncmp($passenger_installed_version, '3.0.0') > 0) { warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.') } - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: rails_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } } if $union_station_filter { if (versioncmp($passenger_installed_version, '3.0.5') < 0) { @@ -557,12 +520,8 @@ if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: wsgi_auto_detect is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } } } - # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': From 015263ab1f9d1beea88ad5d76af2791c7b18f44d Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sun, 6 Aug 2017 15:47:56 -0500 Subject: [PATCH 1214/2267] MODULES-5426 : Update comments in the list of template vars --- manifests/mod/passenger.pp | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 23a21f522f..1feea3e165 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -587,7 +587,7 @@ # - $passenger_buffer_upload : since 4.0.26 # - $passenger_concurrency_model : since 4.0.0 # - $passenger_data_buffer_dir : since 5.0.0 - # - $passenger_debug_log_file : since 5.0.5 + # - $passenger_debug_log_file : since unkown, probably deprecated # - $passenger_debugger : since 3.0.0 # - $passenger_default_group : since 3.0.0 # - $passenger_default_ruby : since 4.0.0 @@ -637,22 +637,22 @@ # - $passenger_sticky_sessions : since 4.0.45 # - $passenger_sticky_sessions_cookie_name : since 4.0.45 # - $passenger_thread_count : since 4.0.0 - # - $passenger_use_global_queue : since 4.0.0 + # - $passenger_use_global_queue : since 2.0.4 # - $passenger_user : since 4.0.0 # - $passenger_user_switching : since 3.0.0 - # - $rack_auto_detect : since 4.0.0 - # - $rack_base_uri : since 3.0.0 + # - $rack_auto_detect : since unkown, probably deprecated + # - $rack_base_uri : since unkown, probably deprecated # - $rack_env : since 2.0.0 - # - $rails_allow_mod_rewrite : since 4.0.0 - # - $rails_app_spawner_idle_time : since 4.0.0 - # - $rails_auto_detect : since 4.0.0 - # - $rails_base_uri : since 3.0.0 - # - $rails_default_user : since 3.0.0 + # - $rails_allow_mod_rewrite : since unkown, probably deprecated + # - $rails_app_spawner_idle_time : since unkown, probably deprecated + # - $rails_auto_detect : since unkown, probably deprecated + # - $rails_base_uri : since unkown, probably deprecated + # - $rails_default_user : since unkown, probably deprecated # - $rails_env : since 2.0.0 - # - $rails_framework_spawner_idle_time : since 4.0.0 - # - $rails_ruby : since 3.0.0 - # - $rails_spawn_method : since 3.0.0 - # - $rails_user_switching : since 3.0.0 + # - $rails_framework_spawner_idle_time : since unkown, probably deprecated + # - $rails_ruby : since unkown, probably deprecated + # - $rails_spawn_method : since unkown, probably deprecated + # - $rails_user_switching : since unkown, probably deprecated # - $union_station_filter : since 3.0.5 # - $union_station_gateway_address : since 3.0.0 # - $union_station_gateway_cert : since 3.0.0 @@ -660,9 +660,9 @@ # - $union_station_key : since 3.0.0 # - $union_station_proxy_address : since 3.0.11 # - $union_station_support : since 3.0.0 - # - $wsgi_auto_detect : since 4.0.0 + # - $wsgi_auto_detect : since unkown, probably deprecated # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class - # - $rack_autodectect : this options is only for backward compatiblity with older versions of this class + # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class file { 'passenger.conf': ensure => file, path => "${::apache::mod_dir}/${passenger_conf_file}", From 39952b123f9a584eeea0253db77b0b4bb3d5f20b Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sun, 6 Aug 2017 16:42:56 -0500 Subject: [PATCH 1215/2267] MODULES-5426 : Update the README.md mod_passenger documentation --- README.md | 125 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 101 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 13da71ce33..08b2d3aa25 100755 --- a/README.md +++ b/README.md @@ -2242,33 +2242,110 @@ $mount_file_content = { Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). -**Parameters**: - -* `passenger_high_performance`: Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance). - - Values: 'On', 'Off'. - - Default: `undef`. - -* `passenger_pool_idle_time`: Sets the [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime). - - Default: `undef`. - -* `passenger_max_pool_size`: Sets the [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize). +The current set of server configurations settings were taking directly from the [`Passenger Reference`](https://www.phusionpassenger.com/library/config/apache/reference/). Deprecation warning and removal failure messages can be enabled by setting the passenger_installed_version to +the version number installed on the server. - Default: `undef`. - -* `passenger_max_request_queue_size`: Sets the [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize). - - Default: `undef`. - -* `passenger_max_requests`: Sets the [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests). - - Default: `undef`. +**Parameters**: -* `passenger_data_buffer_dir`: Sets the [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir). +|parameter|default value|passenger config setting|notes| +|---------|-------------|------------------------|-----| +|manage_repo|true|n/a|| +|mod_id|undef|n/a|| +|mod_lib|undef|n/a|| +|mod_lib_path|undef|n/a|| +|mod_package|undef|n/a|| +|mod_package_ensure|undef|n/a|| +|mod_path|undef|n/a|| +|passenger_allow_encoded_slashes|undef|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|| +|passenger_app_env|undef|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|| +|passenger_app_group_name|undef|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|| +|passenger_app_root|undef|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|| +|passenger_app_type|undef|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|| +|passenger_base_uri|undef|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|| +|passenger_buffer_response|undef|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|| +|passenger_buffer_upload|undef|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|| +|passenger_concurrency_model|undef|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|| +|passenger_conf_file|$::apache::params::passenger_conf_file|n/a|| +|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a|| +|passenger_data_buffer_dir|undef|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|| +|passenger_debug_log_file|undef|PassengerDebugLogFile|This option has been renamed in version 5.0.5 to PassengerLogFile.| +|passenger_debugger|undef|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|| +|passenger_default_group|undef|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|| +|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|| +|passenger_default_user|undef|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|| +|passenger_disable_security_update_check|undef|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|| +|passenger_enabled|undef|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|| +|passenger_error_override|undef|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|| +|passenger_file_descriptor_log_file|undef|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|| +|passenger_fly_with|undef|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|| +|passenger_force_max_concurrent_requests_per_process|undef|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|| +|passenger_friendly_error_pages|undef|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|| +|passenger_group|undef|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|| +|passenger_high_performance|undef|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|| +|passenger_installed_version|undef|n/a|When set, puppet will issue warnings and failures for deprecated and removed passenger configuration options| +|passenger_instance_registry_dir|undef|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|| +|passenger_load_shell_envvars|undef|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|| +|passenger_log_file|undef|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|| +|passenger_log_level|undef|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|| +|passenger_lve_min_uid|undef|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|| +|passenger_max_instances|undef|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|| +|passenger_max_instances_per_app|undef|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|| +|passenger_max_pool_size|undef|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|| +|passenger_max_preloader_idle_time|undef|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|| +|passenger_max_request_queue_size|undef|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|| +|passenger_max_request_time|undef|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|| +|passenger_max_requests|undef|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|| +|passenger_memory_limit|undef|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|| +|passenger_meteor_app_settings|undef|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|| +|passenger_min_instances|undef|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|| +|passenger_nodejs|undef|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|| +|passenger_pool_idle_time|undef|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|| +|passenger_pre_start|undef|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|| +|passenger_python|undef|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|| +|passenger_resist_deployment_errors|undef|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|| +|passenger_resolve_symlinks_in_document_root|undef|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|| +|passenger_response_buffer_high_watermark|undef|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|| +|passenger_restart_dir|undef|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|| +|passenger_rolling_restarts|undef|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|| +|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|| +|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|| +|passenger_security_update_check_proxy|undef|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|| +|passenger_show_version_in_header|undef|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|| +|passenger_socket_backlog|undef|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|| +|passenger_spawn_method|undef|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|| +|passenger_start_timeout|undef|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|| +|passenger_startup_file|undef|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|| +|passenger_stat_throttle_rate|undef|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|| +|passenger_sticky_sessions|undef|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|| +|passenger_sticky_sessions_cookie_name|undef|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|| +|passenger_thread_count|undef|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|| +|passenger_use_global_queue|undef|PassengerUseGlobalQueue|| +|passenger_user|undef|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|| +|passenger_user_switching|undef|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|| +|rack_auto_detect|undef|RackAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| +|rack_autodetect|undef|n/a|see rack_auto_detect| +|rack_base_uri|undef|RackBaseURI|Deprecated in 3.0.0 in favor of PassengerBaseURI.| +|rack_env|undef|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|| +|rails_allow_mod_rewrite|undef|RailsAllowModRewrite|This option doesn't do anything anymore in since version 4.0.0.| +|rails_app_spawner_idle_time|undef|RailsAppSpawnerIdleTime|This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.| +|rails_auto_detect|undef|RailsAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| +|rails_autodetect|undef|n/a|see rails_auto_detect| +|rails_base_uri|undef|RailsBaseURI|Deprecated in 3.0.0 in favor of PassengerBaseURI.| +|rails_default_user|undef|RailsDefaultUser|Deprecated in 3.0.0 in favor of PassengerDefaultUser.| +|rails_env|undef|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|| +|rails_framework_spawner_idle_time|undef|RailsFrameworkSpawnerIdleTime|This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.| +|rails_ruby|undef|RailsRuby|Deprecated in 3.0.0 in favor of PassengerRuby.| +|rails_spawn_method|undef|RailsSpawnMethod|Deprecated in 3.0.0 in favor of PassengerSpawnMethod.| +|rails_user_switching|undef|RailsUserSwitching|Deprecated in 3.0.0 in favor of PassengerUserSwitching.| +|union_station_filter|undef|[`UnionStationFilter`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationFilter)|| +|union_station_gateway_address|undef|[`UnionStationGatewayAddress`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayAddress)|| +|union_station_gateway_cert|undef|[`UnionStationGatewayCert`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayCert)|| +|union_station_gateway_port|undef|[`UnionStationGatewayPort`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayPort)|| +|union_station_key|undef|[`UnionStationKey`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationKey)|| +|union_station_proxy_address|undef|[`UnionStationProxyAddress`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationProxyAddress)|| +|union_station_support|undef|[`UnionStationSupport`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationSupport)|| +|wsgi_auto_detect|undef|WsgiAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| - Default: `undef`. ##### Class: `apache::mod::ldap` From a902627e901d44b00127bff9dd280b525bf483bf Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Sun, 6 Aug 2017 17:15:18 -0500 Subject: [PATCH 1216/2267] MODULES-5426 : Fix error introduced during refactor --- manifests/mod/passenger.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 1feea3e165..18fbe54670 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -416,7 +416,7 @@ fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") } } - if $rack_auto_detect { + if ($rack_auto_detect or $rack_autodetect) { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } @@ -441,7 +441,7 @@ fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.') } } - if $rails_auto_detect { + if ($rails_auto_detect or $rails_autodetect) { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') } From ebe8f47fb5450be51d8e60bad9a1e6a9b1f56370 Mon Sep 17 00:00:00 2001 From: Kyle Decot Date: Tue, 10 Jan 2017 11:16:25 -0500 Subject: [PATCH 1217/2267] Adds apache::mod::macro --- README.md | 1 + manifests/mod/macro.pp | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 manifests/mod/macro.pp diff --git a/README.md b/README.md index 13da71ce33..c985ac908d 100755 --- a/README.md +++ b/README.md @@ -1595,6 +1595,7 @@ The following Apache modules have supported classes, many of which allow for par * `jk` (see [`apache::mod::jk`]) * `ldap` (see [`apache::mod::ldap`][]) * `lookup_identity` +* `macro` (see [`apache:mod:macro`][]) * `mime` * `mime_magic`\* * `negotiation` diff --git a/manifests/mod/macro.pp b/manifests/mod/macro.pp new file mode 100644 index 0000000000..2a1218bad4 --- /dev/null +++ b/manifests/mod/macro.pp @@ -0,0 +1,4 @@ +class apache::mod::macro { + include ::apache + ::apache::mod { 'macro': } +} From d0ced7885b0e1d0ac38b8cf5c14001399bebd09d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Defortis?= Date: Thu, 10 Aug 2017 18:10:50 +0200 Subject: [PATCH 1218/2267] MODULES-5452 - add $options to `balancer` type - New param `$options` to `apache::balancer` defined type so that it is possible to create Proxy block such as: ```puppet # Note the additional options 'timeout=4' and 'nonce=none': BalancerMember ajp://spam:8009 retry=30 ... ``` --- README.md | 6 ++++++ manifests/balancer.pp | 12 +++++++++++- spec/defines/balancer_spec.rb | 16 ++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 13da71ce33..5e0d7d9291 100755 --- a/README.md +++ b/README.md @@ -2814,6 +2814,12 @@ Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. Default: '{}'. +##### `options` + +Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the balancer URL, and accepts any key-value pairs available to [`ProxyPass`][]. + +Default: []. + ##### `collect_exported` Determines whether to use [exported resources][]. diff --git a/manifests/balancer.pp b/manifests/balancer.pp index 41db8a8dc8..9f824d2d82 100644 --- a/manifests/balancer.pp +++ b/manifests/balancer.pp @@ -35,6 +35,9 @@ # apache::balancermember with array arguments, which allows you to deploy # everything in 1 run) # +# [*options*] +# Array, default empty. If given, additional directives may be added to the +# block. # # === Examples # @@ -46,6 +49,7 @@ $proxy_set = {}, $collect_exported = true, $target = undef, + $options = [], ) { include ::apache::mod::proxy_balancer @@ -63,6 +67,12 @@ $_target = "${::apache::confd_dir}/balancer_${name}.conf" } + if !empty($options) { + $_options = " ${join($options, ' ')}" + } else { + $_options = '' + } + concat { "apache_balancer_${name}": owner => '0', group => '0', @@ -74,7 +84,7 @@ concat::fragment { "00-${name}-header": target => "apache_balancer_${name}", order => '01', - content => "\n", + content => "\n", } if $collect_exported { diff --git a/spec/defines/balancer_spec.rb b/spec/defines/balancer_spec.rb index 3b43e3fd7a..e2452e395d 100644 --- a/spec/defines/balancer_spec.rb +++ b/spec/defines/balancer_spec.rb @@ -21,6 +21,12 @@ let :pre_condition do 'include apache' end + describe "works when only declaring resource title" do + it { should contain_concat('apache_balancer_myapp') } + it { should_not contain_apache__mod('slotmem_shm') } + it { should_not contain_apache__mod('lbmethod_byrequests') } + it { should contain_concat__fragment('00-myapp-header').with_content(%r{^$}) } + end describe "accept a target parameter and use it" do let :params do { @@ -33,6 +39,16 @@ it { should_not contain_apache__mod('slotmem_shm') } it { should_not contain_apache__mod('lbmethod_byrequests') } end + describe "accept an options parameter and use it" do + let :params do + { + :options => ['timeout=0', 'nonce=none'], + } + end + it { should contain_concat__fragment('00-myapp-header').with_content( + %r{^$} + )} + end context "on jessie" do let(:facts) { super().merge({ :operatingsystemrelease => '8', From ecdee22556c78f0319e69b48253c8f691469b285 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Wed, 16 Aug 2017 16:54:55 +0200 Subject: [PATCH 1219/2267] Replace deprecated type checking with Puppet 4 types --- manifests/fastcgi/server.pp | 4 +-- manifests/vhost.pp | 53 ++++++++--------------------- spec/defines/fastcgi_server_spec.rb | 8 ++--- 3 files changed, 20 insertions(+), 45 deletions(-) diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp index 78363062ba..df53556af1 100644 --- a/manifests/fastcgi/server.pp +++ b/manifests/fastcgi/server.pp @@ -11,12 +11,12 @@ Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] - if is_absolute_path($host) { + if $host =~ Stdlib::Absolutepath { $socket = $host } file { "fastcgi-pool-${name}.conf": - ensure => present, + ensure => file, path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", owner => 'root', group => $::apache::params::root_group, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 18217deebe..3b9a2e69e2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -26,7 +26,7 @@ $ssl_verify_client = undef, $ssl_verify_depth = undef, Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, - $ssl_proxy_verify_depth = undef, + Optional[Integer[0]] $ssl_proxy_verify_depth = undef, $ssl_proxy_ca_cert = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, @@ -61,12 +61,12 @@ $access_log_env_var = false, Optional[Array] $access_logs = undef, $aliases = undef, - $directories = undef, + Optional[Variant[Hash, Array[Hash]]] $directories = undef, Boolean $error_log = true, $error_log_file = undef, $error_log_pipe = undef, $error_log_syslog = undef, - $http_protocol_options = undef, + Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef, $modsec_audit_log = undef, $modsec_audit_log_file = undef, $modsec_audit_log_pipe = undef, @@ -133,7 +133,7 @@ $use_optional_includes = $::apache::use_optional_includes, $apache_version = $::apache::apache_version, Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, - $suexec_user_group = undef, + Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef, $passenger_app_root = undef, $passenger_app_env = undef, $passenger_ruby = undef, @@ -148,10 +148,10 @@ $passenger_startup_file = undef, $add_default_charset = undef, $modsec_disable_vhost = undef, - $modsec_disable_ids = undef, + Optional[Variant[Hash, Array]] $modsec_disable_ids = undef, $modsec_disable_ips = undef, - $modsec_disable_msgs = undef, - $modsec_disable_tags = undef, + Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef, + Optional[Variant[Hash, Array]] $modsec_disable_tags = undef, $modsec_body_limit = undef, $jk_mounts = undef, Boolean $auth_kerb = false, @@ -183,27 +183,15 @@ $apache_name = $::apache::apache_name - if $http_protocol_options != undef { - validate_re($http_protocol_options, '^((Strict|Unsafe)?\s*(\b(RegisteredMethods|LenientMethods))?\s*(\b(Allow0\.9|Require1\.0))?)$', - "${http_protocol_options} is not supported for http_protocol_options. - Allowed value is any sequence of the following alternative values: - 'Strict' or Unsafe, 'RegisteredMethods' or 'LenientMethods', and - 'Allow0.9' or 'Require1.0'.") - } if $rewrites { unless empty($rewrites) { $rewrites_flattened = delete_undef_values(flatten([$rewrites])) - validate_hash($rewrites_flattened[0]) + assert_type(Array[Hash], $rewrites_flattened) } } # Input validation begins - if $suexec_user_group { - validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', - "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") - } - if $log_level { validate_apache_log_level($log_level) } @@ -220,10 +208,6 @@ fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") } - if $ssl_proxy_verify_depth { - validate_integer($ssl_proxy_verify_depth) - } - # Input validation ends if $ssl and $ensure == 'present' { @@ -479,9 +463,6 @@ ## Create a default directory list if none defined if $directories { - if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { - fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") - } $_directories = $directories } elsif $docroot { $_directory = { @@ -510,32 +491,26 @@ ## Create a global LocationMatch if locations aren't defined if $modsec_disable_ids { - if is_hash($modsec_disable_ids) { - $_modsec_disable_ids = $modsec_disable_ids - } elsif is_array($modsec_disable_ids) { + if $modsec_disable_ids =~ Array { $_modsec_disable_ids = { '.*' => $modsec_disable_ids } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + $_modsec_disable_ids = $modsec_disable_ids } } if $modsec_disable_msgs { - if is_hash($modsec_disable_msgs) { - $_modsec_disable_msgs = $modsec_disable_msgs - } elsif is_array($modsec_disable_msgs) { + if $modsec_disable_msgs =~ Array { $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_msgs' must be either a Hash of location/Msgs or an Array of Msgs") + $_modsec_disable_msgs = $modsec_disable_msgs } } if $modsec_disable_tags { - if is_hash($modsec_disable_tags) { - $_modsec_disable_tags = $modsec_disable_tags - } elsif is_array($modsec_disable_tags) { + if $modsec_disable_tags =~ Array { $_modsec_disable_tags = { '.*' => $modsec_disable_tags } } else { - fail("Apache::Vhost[${name}]: 'modsec_disable_tags' must be either a Hash of location/Tags or an Array of Tags") + $_modsec_disable_tags = $modsec_disable_tags } } diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index e415461cca..b147349aed 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -25,7 +25,7 @@ it { should contain_class("apache") } it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( - :ensure => 'present', + :ensure => 'file', :path => "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf" ) } end @@ -47,7 +47,7 @@ it { should contain_class("apache") } it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( - :ensure => 'present', + :ensure => 'file', :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf" ) } end @@ -68,7 +68,7 @@ it { should contain_class("apache") } it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( - :ensure => 'present', + :ensure => 'file', :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf" ) } end @@ -89,7 +89,7 @@ it { should contain_class("apache") } it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( - :ensure => 'present', + :ensure => 'file', :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf" ) } end From 30783e7ca0bc12d65af682210c0e425b3cd48a4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 17 Aug 2017 11:38:32 +0200 Subject: [PATCH 1220/2267] (maint) Improve version matching fact * '/' not being a special char, there is no need to escape it (removed preceding '\'); * '.' matching any char, escaping it is required so that it matches a dot char (added preceding '\'). --- lib/facter/apache_version.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index 63e4e1c2b5..4bd7337f4d 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -3,11 +3,11 @@ if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') Facter.debug "Matching apachectl '#{apache_version}'" - %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] + %r{^Server version: Apache/(\d+\.\d+(\.\d+)?)}.match(apache_version)[1] elsif Facter::Util::Resolution.which('apache2ctl') apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1') Facter.debug "Matching apache2ctl '#{apache_version}'" - %r{^Server version: Apache\/(\d+.\d+(.\d+)?)}.match(apache_version)[1] + %r{^Server version: Apache/(\d+\.\d+(\.\d+)?)}.match(apache_version)[1] end end end From 711d00f53faecf150aabc9809c796fb5829c6d74 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Thu, 17 Aug 2017 13:46:07 +0100 Subject: [PATCH 1221/2267] (MODULES-5501) - Remove unsupported Ubbuntu Removing older version of Ubuntu that are not supported by the module. --- metadata.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/metadata.json b/metadata.json index 710223ff62..88a87b6ea1 100644 --- a/metadata.json +++ b/metadata.json @@ -62,8 +62,6 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "10.04", - "12.04", "14.04", "16.04" ] From 7be697fb42413ccd955612620a7dce4904e0877b Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Thu, 17 Aug 2017 11:54:37 -0700 Subject: [PATCH 1222/2267] (MODULES-2765) removes testing section Removes the testing section and any references to it Adds a link to the CONTRIBUTING.md file --- README.md | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 13da71ce33..284a355a45 100755 --- a/README.md +++ b/README.md @@ -29,7 +29,6 @@ [Development]: #development [Contributing]: #contributing -[Testing]: #testing [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen @@ -90,6 +89,7 @@ [common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html [`confd_dir`]: #confd_dir [`content`]: #content +[CONTRIBUTING.md]: CONTRIBUTING.md [custom error documents]: https://httpd.apache.org/docs/current/custom-error.html [`custom_fragment`]: #custom_fragment @@ -5368,26 +5368,4 @@ The [`apache::mod::suphp`][] class is untested since repositories are missing co We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. -For more information, please read the complete [module contribution guide][]. - -### Testing - -This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation. - -#### Testing quickstart: Ruby > 1.8.7 - -``` -gem install bundler -bundle install -bundle exec rake spec -bundle exec rspec spec/acceptance -RS_DEBUG=yes bundle exec rspec spec/acceptance -``` - -#### Testing quickstart: Ruby = 1.8.7 - -``` -gem install bundler -bundle install --without system_tests -bundle exec rake spec -``` +For more information, please read the complete [module contribution guide][] and check out [CONTRIBUTING.md][]. From c689e70f0834d0a222d6516814be6cb2f71bb9c5 Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Sun, 6 Aug 2017 14:07:56 +0200 Subject: [PATCH 1223/2267] use Enum instead of validate_re for $sendfile --- manifests/init.pp | 3 +-- spec/classes/apache_spec.rb | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 7f9c2b99e2..39dc593334 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -38,7 +38,7 @@ $purge_vhost_dir = undef, $purge_vdir = false, $serveradmin = 'root@localhost', - $sendfile = 'On', + Enum['On', 'Off', 'on', 'off'] $sendfile = 'On', $error_documents = false, $timeout = '120', $httpd_dir = $::apache::params::httpd_dir, @@ -129,7 +129,6 @@ notify => Class['Apache::Service'], } } - validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) # declare the web server user and group # Note: requiring the package means the package ought to create them and not puppet diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 715ed41244..938c08cece 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -636,7 +636,7 @@ it "should fail" do expect do catalogue - end.to raise_error(Puppet::Error, /"foo" does not match/) + end.to raise_error(Puppet::PreformattedError, /Evaluation Error: Error while evaluating a Resource Statement, Class\[Apache\]: parameter 'sendfile' expects a match for Enum\['Off', 'On', 'off', 'on'\], got 'foo'/) end end context "On" do From e38d5154e525feb5ad1cf4afa55646016b6c143a Mon Sep 17 00:00:00 2001 From: Hailee Kenney Date: Fri, 18 Aug 2017 14:33:38 -0700 Subject: [PATCH 1224/2267] (MODULES-5458) Add docs for default vhost workaround Since there has repeatedly been some confusion with respect to overriding the `default` and `default_ssl` vhosts in apache, add some documentation explaining what is and isn't possible and a potential workaround. See MODULES-5193 for more details. --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 13da71ce33..269e4e831c 100755 --- a/README.md +++ b/README.md @@ -3029,6 +3029,15 @@ The `apache::vhost` defined type uses `concat::fragment` to build the configurat For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work. +> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, because vhosts with these titles are always managed by the module. This means that you cannot override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional workaround is to create a vhost named something else, such as `my default`, and ensure that the `default` and `default_ssl` vhosts are set to `false`: + +``` +class { 'apache': + default_vhost => false + default_ssl_vhost => false, +} +``` + **Parameters**: ##### `access_log` From a0362c26bc72f8800fa4a2b810fbe98099de283c Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Mon, 21 Aug 2017 16:44:30 -0500 Subject: [PATCH 1225/2267] MODULES-5426 : Update module from pull request comments * Remove whitespace added by auto-formatter * Make hash keys more canonical * Remove UnionStation options - UnionStation is no longer supported/offered by phusion. - All options are being removed from the passenger source * Add white space at the end of the the passenger.conf.erb template * Update the README to remove UnionStation as well as to add the context column. --- README.md | 191 +++++++-------- manifests/mod/passenger.pp | 218 +++++++---------- spec/acceptance/mod_passenger_spec.rb | 224 ++++++++--------- spec/classes/mod/passenger_spec.rb | 338 ++++++++++++-------------- templates/mod/passenger.conf.erb | 22 +- 5 files changed, 455 insertions(+), 538 deletions(-) diff --git a/README.md b/README.md index 08b2d3aa25..d4d606200e 100755 --- a/README.md +++ b/README.md @@ -2242,109 +2242,102 @@ $mount_file_content = { Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). -The current set of server configurations settings were taking directly from the [`Passenger Reference`](https://www.phusionpassenger.com/library/config/apache/reference/). Deprecation warning and removal failure messages can be enabled by setting the passenger_installed_version to +The current set of server configurations settings were taking directly from the [Passenger Reference](https://www.phusionpassenger.com/library/config/apache/reference/). Deprecation warning and removal failure messages can be enabled by setting the `passenger_installed_version` to the version number installed on the server. **Parameters**: -|parameter|default value|passenger config setting|notes| -|---------|-------------|------------------------|-----| -|manage_repo|true|n/a|| -|mod_id|undef|n/a|| -|mod_lib|undef|n/a|| -|mod_lib_path|undef|n/a|| -|mod_package|undef|n/a|| -|mod_package_ensure|undef|n/a|| -|mod_path|undef|n/a|| -|passenger_allow_encoded_slashes|undef|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|| -|passenger_app_env|undef|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|| -|passenger_app_group_name|undef|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|| -|passenger_app_root|undef|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|| -|passenger_app_type|undef|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|| -|passenger_base_uri|undef|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|| -|passenger_buffer_response|undef|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|| -|passenger_buffer_upload|undef|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|| -|passenger_concurrency_model|undef|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|| -|passenger_conf_file|$::apache::params::passenger_conf_file|n/a|| -|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a|| -|passenger_data_buffer_dir|undef|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|| -|passenger_debug_log_file|undef|PassengerDebugLogFile|This option has been renamed in version 5.0.5 to PassengerLogFile.| -|passenger_debugger|undef|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|| -|passenger_default_group|undef|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|| -|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|| -|passenger_default_user|undef|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|| -|passenger_disable_security_update_check|undef|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|| -|passenger_enabled|undef|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|| -|passenger_error_override|undef|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|| -|passenger_file_descriptor_log_file|undef|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|| -|passenger_fly_with|undef|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|| -|passenger_force_max_concurrent_requests_per_process|undef|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|| -|passenger_friendly_error_pages|undef|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|| -|passenger_group|undef|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|| -|passenger_high_performance|undef|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|| -|passenger_installed_version|undef|n/a|When set, puppet will issue warnings and failures for deprecated and removed passenger configuration options| -|passenger_instance_registry_dir|undef|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|| -|passenger_load_shell_envvars|undef|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|| -|passenger_log_file|undef|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|| -|passenger_log_level|undef|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|| -|passenger_lve_min_uid|undef|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|| -|passenger_max_instances|undef|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|| -|passenger_max_instances_per_app|undef|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|| -|passenger_max_pool_size|undef|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|| -|passenger_max_preloader_idle_time|undef|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|| -|passenger_max_request_queue_size|undef|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|| -|passenger_max_request_time|undef|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|| -|passenger_max_requests|undef|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|| -|passenger_memory_limit|undef|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|| -|passenger_meteor_app_settings|undef|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|| -|passenger_min_instances|undef|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|| -|passenger_nodejs|undef|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|| -|passenger_pool_idle_time|undef|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|| -|passenger_pre_start|undef|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|| -|passenger_python|undef|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|| -|passenger_resist_deployment_errors|undef|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|| -|passenger_resolve_symlinks_in_document_root|undef|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|| -|passenger_response_buffer_high_watermark|undef|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|| -|passenger_restart_dir|undef|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|| -|passenger_rolling_restarts|undef|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|| -|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|| -|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|| -|passenger_security_update_check_proxy|undef|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|| -|passenger_show_version_in_header|undef|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|| -|passenger_socket_backlog|undef|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|| -|passenger_spawn_method|undef|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|| -|passenger_start_timeout|undef|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|| -|passenger_startup_file|undef|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|| -|passenger_stat_throttle_rate|undef|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|| -|passenger_sticky_sessions|undef|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|| -|passenger_sticky_sessions_cookie_name|undef|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|| -|passenger_thread_count|undef|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|| -|passenger_use_global_queue|undef|PassengerUseGlobalQueue|| -|passenger_user|undef|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|| -|passenger_user_switching|undef|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|| -|rack_auto_detect|undef|RackAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| -|rack_autodetect|undef|n/a|see rack_auto_detect| -|rack_base_uri|undef|RackBaseURI|Deprecated in 3.0.0 in favor of PassengerBaseURI.| -|rack_env|undef|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|| -|rails_allow_mod_rewrite|undef|RailsAllowModRewrite|This option doesn't do anything anymore in since version 4.0.0.| -|rails_app_spawner_idle_time|undef|RailsAppSpawnerIdleTime|This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.| -|rails_auto_detect|undef|RailsAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| -|rails_autodetect|undef|n/a|see rails_auto_detect| -|rails_base_uri|undef|RailsBaseURI|Deprecated in 3.0.0 in favor of PassengerBaseURI.| -|rails_default_user|undef|RailsDefaultUser|Deprecated in 3.0.0 in favor of PassengerDefaultUser.| -|rails_env|undef|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|| -|rails_framework_spawner_idle_time|undef|RailsFrameworkSpawnerIdleTime|This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.| -|rails_ruby|undef|RailsRuby|Deprecated in 3.0.0 in favor of PassengerRuby.| -|rails_spawn_method|undef|RailsSpawnMethod|Deprecated in 3.0.0 in favor of PassengerSpawnMethod.| -|rails_user_switching|undef|RailsUserSwitching|Deprecated in 3.0.0 in favor of PassengerUserSwitching.| -|union_station_filter|undef|[`UnionStationFilter`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationFilter)|| -|union_station_gateway_address|undef|[`UnionStationGatewayAddress`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayAddress)|| -|union_station_gateway_cert|undef|[`UnionStationGatewayCert`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayCert)|| -|union_station_gateway_port|undef|[`UnionStationGatewayPort`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationGatewayPort)|| -|union_station_key|undef|[`UnionStationKey`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationKey)|| -|union_station_proxy_address|undef|[`UnionStationProxyAddress`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationProxyAddress)|| -|union_station_support|undef|[`UnionStationSupport`](https://www.phusionpassenger.com/library/config/apache/reference/#UnionStationSupport)|| -|wsgi_auto_detect|undef|WsgiAutoDetect|These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| +|parameter|default value|passenger config setting|context|notes| +|---------|-------------|------------------------|-------|-----| +|manage_repo|true|n/a||| +|mod_id|undef|n/a||| +|mod_lib|undef|n/a||| +|mod_lib_path|undef|n/a||| +|mod_package|undef|n/a||| +|mod_package_ensure|undef|n/a||| +|mod_path|undef|n/a||| +|passenger_allow_encoded_slashes|undef|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virutal-host htaccess directory || +|passenger_app_env|undef|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virutal-host htaccess directory || +|passenger_app_group_name|undef|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virutal-host htaccess directory || +|passenger_app_root|undef|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virutal-host htaccess directory || +|passenger_app_type|undef|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virutal-host htaccess directory || +|passenger_base_uri|undef|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virutal-host htaccess directory || +|passenger_buffer_response|undef|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virutal-host htaccess directory || +|passenger_buffer_upload|undef|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virutal-host htaccess directory || +|passenger_concurrency_model|undef|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virutal-host htaccess directory || +|passenger_conf_file|$::apache::params::passenger_conf_file|n/a||| +|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a||| +|passenger_data_buffer_dir|undef|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config || +|passenger_debug_log_file|undef|PassengerDebugLogFile|server-config |This option has been renamed in version 5.0.5 to PassengerLogFile.| +|passenger_debugger|undef|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virutal-host htaccess directory || +|passenger_default_group|undef|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config || +|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config || +|passenger_default_user|undef|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config || +|passenger_disable_security_update_check|undef|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config || +|passenger_enabled|undef|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virutal-host htaccess directory || +|passenger_error_override|undef|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virutal-host htaccess directory || +|passenger_file_descriptor_log_file|undef|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config || +|passenger_fly_with|undef|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config || +|passenger_force_max_concurrent_requests_per_process|undef|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virutal-host htaccess directory || +|passenger_friendly_error_pages|undef|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virutal-host htaccess directory || +|passenger_group|undef|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virutal-host directory || +|passenger_high_performance|undef|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virutal-host htaccess directory || +|passenger_installed_version|undef|n/a| |If set, will enable version checking of the passenger options against the value set.| +|passenger_instance_registry_dir|undef|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config || +|passenger_load_shell_envvars|undef|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virutal-host htaccess directory || +|passenger_log_file|undef|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config || +|passenger_log_level|undef|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config || +|passenger_lve_min_uid|undef|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virutal-host || +|passenger_max_instances|undef|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virutal-host htaccess directory || +|passenger_max_instances_per_app|undef|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config || +|passenger_max_pool_size|undef|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config || +|passenger_max_preloader_idle_time|undef|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virutal-host || +|passenger_max_request_queue_size|undef|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virutal-host htaccess directory || +|passenger_max_request_time|undef|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virutal-host htaccess directory || +|passenger_max_requests|undef|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virutal-host htaccess directory || +|passenger_memory_limit|undef|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virutal-host htaccess directory || +|passenger_meteor_app_settings|undef|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virutal-host htaccess directory || +|passenger_min_instances|undef|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virutal-host htaccess directory || +|passenger_nodejs|undef|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virutal-host htaccess directory || +|passenger_pool_idle_time|undef|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config || +|passenger_pre_start|undef|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virutal-host || +|passenger_python|undef|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virutal-host htaccess directory || +|passenger_resist_deployment_errors|undef|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virutal-host htaccess directory || +|passenger_resolve_symlinks_in_document_root|undef|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virutal-host htaccess directory || +|passenger_response_buffer_high_watermark|undef|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config || +|passenger_restart_dir|undef|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virutal-host htaccess directory || +|passenger_rolling_restarts|undef|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory || +|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config || +|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory || +|passenger_security_update_check_proxy|undef|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config || +|passenger_show_version_in_header|undef|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config || +|passenger_socket_backlog|undef|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config || +|passenger_spawn_method|undef|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virutal-host || +|passenger_start_timeout|undef|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virutal-host htaccess directory || +|passenger_startup_file|undef|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virutal-host htaccess directory || +|passenger_stat_throttle_rate|undef|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config || +|passenger_sticky_sessions|undef|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virutal-host htaccess directory || +|passenger_sticky_sessions_cookie_name|undef|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virutal-host htaccess directory || +|passenger_thread_count|undef|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virutal-host htaccess directory || +|passenger_use_global_queue|undef|PassengerUseGlobalQueue|server-config || +|passenger_user|undef|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virutal-host directory || +|passenger_user_switching|undef|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config || +|rack_auto_detect|undef|RackAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| +|rack_autodetect|undef|n/a||| +|rack_base_uri|undef|RackBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.| +|rack_env|undef|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virutal-host htaccess directory || +|rails_allow_mod_rewrite|undef|RailsAllowModRewrite|server-config |This option doesn't do anything anymore in since version 4.0.0.| +|rails_app_spawner_idle_time|undef|RailsAppSpawnerIdleTime|server-config |This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.| +|rails_auto_detect|undef|RailsAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| +|rails_autodetect|undef|n/a||| +|rails_base_uri|undef|RailsBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.| +|rails_default_user|undef|RailsDefaultUser|server-config |Deprecated in 3.0.0 in favor of PassengerDefaultUser.| +|rails_env|undef|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virutal-host htaccess directory || +|rails_framework_spawner_idle_time|undef|RailsFrameworkSpawnerIdleTime|server-config |This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.| +|rails_ruby|undef|RailsRuby|server-config |Deprecated in 3.0.0 in favor of PassengerRuby.| +|rails_spawn_method|undef|RailsSpawnMethod|server-config |Deprecated in 3.0.0 in favor of PassengerSpawnMethod.| +|rails_user_switching|undef|RailsUserSwitching|server-config |Deprecated in 3.0.0 in favor of PassengerUserSwitching.| +|wsgi_auto_detect|undef|WsgiAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| ##### Class: `apache::mod::ldap` diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 18fbe54670..96bdeafd50 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,3 +1,17 @@ +# Manages the settings for the mod_passenger +# The result is the /etc/mods-available/mod_passenger.conf file +# +# Where do we get these settings? +# Settings are dervied from https://www.phusionpassenger.com/library/config/apache/reference +# Also in passenger source code you can strip out what are all the available options by looking in +# * src/apache2_module/Configuration.cpp +# * src/apache2_module/ConfigurationCommands.cpp +# Note: in the src there are several undocumented settings. +# +# Change Log: +# * As of 08/13/2017 there are 84 available/deprecated/removed settings. +# * Around 08/20/2017 UnionStation was discontinued options were removed. +# * As of 08/20/2017 there are 77 available/deprecated/removed settings. class apache::mod::passenger ( $manage_repo = true, $mod_id = undef, @@ -87,13 +101,6 @@ $rails_ruby = undef, $rails_spawn_method = undef, $rails_user_switching = undef, - $union_station_filter = undef, - $union_station_gateway_address = undef, - $union_station_gateway_cert = undef, - $union_station_gateway_port = undef, - $union_station_key = undef, - $union_station_proxy_address = undef, - $union_station_support = undef, $wsgi_auto_detect = undef, ) inherits ::apache::params { include ::apache @@ -481,41 +488,6 @@ warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.') } } - if $union_station_filter { - if (versioncmp($passenger_installed_version, '3.0.5') < 0) { - fail("Passenger config option :: union_station_filter is not introduced until version 3.0.5 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_gateway_address { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: union_station_gateway_address is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_gateway_cert { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: union_station_gateway_cert is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_gateway_port { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: union_station_gateway_port is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_key { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: union_station_key is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_proxy_address { - if (versioncmp($passenger_installed_version, '3.0.11') < 0) { - fail("Passenger config option :: union_station_proxy_address is not introduced until version 3.0.11 :: ${passenger_installed_version} is the version reported") - } - } - if $union_station_support { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: union_station_support is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } if $wsgi_auto_detect { if (versioncmp($passenger_installed_version, '4.0.0') > 0) { fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') @@ -576,91 +548,85 @@ loadfile_name => 'zpassenger.load', } } + # Template uses: - # - $passenger_allow_encoded_slashes : since 4.0.0 - # - $passenger_app_env : since 4.0.0 - # - $passenger_app_group_name : since 4.0.0 - # - $passenger_app_root : since 4.0.0 - # - $passenger_app_type : since 4.0.25 - # - $passenger_base_uri : since 4.0.0 - # - $passenger_buffer_response : since 4.0.0 - # - $passenger_buffer_upload : since 4.0.26 - # - $passenger_concurrency_model : since 4.0.0 - # - $passenger_data_buffer_dir : since 5.0.0 - # - $passenger_debug_log_file : since unkown, probably deprecated - # - $passenger_debugger : since 3.0.0 - # - $passenger_default_group : since 3.0.0 - # - $passenger_default_ruby : since 4.0.0 - # - $passenger_default_user : since 3.0.0 - # - $passenger_disable_security_update_check : since 5.1.0 - # - $passenger_enabled : since 4.0.0 - # - $passenger_error_override : since 4.0.24 - # - $passenger_file_descriptor_log_file : since 5.0.5 - # - $passenger_fly_with : since 4.0.45 - # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22 - # - $passenger_friendly_error_pages : since 4.0.42 - # - $passenger_group : since 4.0.0 - # - $passenger_high_performance : since 2.0.0 - # - $passenger_instance_registry_dir : since 5.0.0 - # - $passenger_load_shell_envvars : since 4.0.20 - # - $passenger_log_file : since 5.0.5 - # - $passenger_log_level : since 3.0.0 - # - $passenger_lve_min_uid : since 5.0.28 - # - $passenger_max_instances : since 3.0.0 - # - $passenger_max_instances_per_app : since 3.0.0 - # - $passenger_max_pool_size : since 1.0.0 - # - $passenger_max_preloader_idle_time : since 4.0.0 - # - $passenger_max_request_queue_size : since 4.0.15 - # - $passenger_max_request_time : since 3.0.0 - # - $passenger_max_requests : since 3.0.0 - # - $passenger_memory_limit : since 3.0.0 - # - $passenger_meteor_app_settings : since 5.0.7 - # - $passenger_min_instances : since 3.0.0 - # - $passenger_nodejs : since 4.0.24 - # - $passenger_pool_idle_time : since 1.0.0 - # - $passenger_pre_start : since 3.0.0 - # - $passenger_python : since 4.0.0 - # - $passenger_resist_deployment_errors : since 3.0.0 - # - $passenger_resolve_symlinks_in_document_root : since 3.0.0 - # - $passenger_response_buffer_high_watermark : since 5.0.0 - # - $passenger_restart_dir : since 3.0.0 - # - $passenger_rolling_restarts : since 3.0.0 - # - $passenger_root : since 1.0.0 - # - $passenger_ruby : since 4.0.0 - # - $passenger_security_update_check_proxy : since 5.1.0 - # - $passenger_show_version_in_header : since 5.1.0 - # - $passenger_socket_backlog : since 5.0.24 - # - $passenger_spawn_method : since 2.0.0 - # - $passenger_start_timeout : since 4.0.15 - # - $passenger_startup_file : since 4.0.25 - # - $passenger_stat_throttle_rate : since 2.2.0 - # - $passenger_sticky_sessions : since 4.0.45 - # - $passenger_sticky_sessions_cookie_name : since 4.0.45 - # - $passenger_thread_count : since 4.0.0 - # - $passenger_use_global_queue : since 2.0.4 - # - $passenger_user : since 4.0.0 - # - $passenger_user_switching : since 3.0.0 - # - $rack_auto_detect : since unkown, probably deprecated - # - $rack_base_uri : since unkown, probably deprecated - # - $rack_env : since 2.0.0 - # - $rails_allow_mod_rewrite : since unkown, probably deprecated - # - $rails_app_spawner_idle_time : since unkown, probably deprecated - # - $rails_auto_detect : since unkown, probably deprecated - # - $rails_base_uri : since unkown, probably deprecated - # - $rails_default_user : since unkown, probably deprecated - # - $rails_env : since 2.0.0 - # - $rails_framework_spawner_idle_time : since unkown, probably deprecated - # - $rails_ruby : since unkown, probably deprecated - # - $rails_spawn_method : since unkown, probably deprecated - # - $rails_user_switching : since unkown, probably deprecated - # - $union_station_filter : since 3.0.5 - # - $union_station_gateway_address : since 3.0.0 - # - $union_station_gateway_cert : since 3.0.0 - # - $union_station_gateway_port : since 3.0.0 - # - $union_station_key : since 3.0.0 - # - $union_station_proxy_address : since 3.0.11 - # - $union_station_support : since 3.0.0 - # - $wsgi_auto_detect : since unkown, probably deprecated + # - $passenger_allow_encoded_slashes : since 4.0.0. + # - $passenger_app_env : since 4.0.0. + # - $passenger_app_group_name : since 4.0.0. + # - $passenger_app_root : since 4.0.0. + # - $passenger_app_type : since 4.0.25. + # - $passenger_base_uri : since 4.0.0. + # - $passenger_buffer_response : since 4.0.0. + # - $passenger_buffer_upload : since 4.0.26. + # - $passenger_concurrency_model : since 4.0.0. + # - $passenger_data_buffer_dir : since 5.0.0. + # - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5. + # - $passenger_debugger : since 3.0.0. + # - $passenger_default_group : since 3.0.0. + # - $passenger_default_ruby : since 4.0.0. + # - $passenger_default_user : since 3.0.0. + # - $passenger_disable_security_update_check : since 5.1.0. + # - $passenger_enabled : since 4.0.0. + # - $passenger_error_override : since 4.0.24. + # - $passenger_file_descriptor_log_file : since 5.0.5. + # - $passenger_fly_with : since 4.0.45. + # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22. + # - $passenger_friendly_error_pages : since 4.0.42. + # - $passenger_group : since 4.0.0. + # - $passenger_high_performance : since 2.0.0. + # - $passenger_instance_registry_dir : since 5.0.0. + # - $passenger_load_shell_envvars : since 4.0.20. + # - $passenger_log_file : since 5.0.5. + # - $passenger_log_level : since 3.0.0. + # - $passenger_lve_min_uid : since 5.0.28. + # - $passenger_max_instances : since 3.0.0. + # - $passenger_max_instances_per_app : since 3.0.0. + # - $passenger_max_pool_size : since 1.0.0. + # - $passenger_max_preloader_idle_time : since 4.0.0. + # - $passenger_max_request_queue_size : since 4.0.15. + # - $passenger_max_request_time : since 3.0.0. + # - $passenger_max_requests : since 3.0.0. + # - $passenger_memory_limit : since 3.0.0. + # - $passenger_meteor_app_settings : since 5.0.7. + # - $passenger_min_instances : since 3.0.0. + # - $passenger_nodejs : since 4.0.24. + # - $passenger_pool_idle_time : since 1.0.0. + # - $passenger_pre_start : since 3.0.0. + # - $passenger_python : since 4.0.0. + # - $passenger_resist_deployment_errors : since 3.0.0. + # - $passenger_resolve_symlinks_in_document_root : since 3.0.0. + # - $passenger_response_buffer_high_watermark : since 5.0.0. + # - $passenger_restart_dir : since 3.0.0. + # - $passenger_rolling_restarts : since 3.0.0. + # - $passenger_root : since 1.0.0. + # - $passenger_ruby : since 4.0.0. + # - $passenger_security_update_check_proxy : since 5.1.0. + # - $passenger_show_version_in_header : since 5.1.0. + # - $passenger_socket_backlog : since 5.0.24. + # - $passenger_spawn_method : since 2.0.0. + # - $passenger_start_timeout : since 4.0.15. + # - $passenger_startup_file : since 4.0.25. + # - $passenger_stat_throttle_rate : since 2.2.0. + # - $passenger_sticky_sessions : since 4.0.45. + # - $passenger_sticky_sessions_cookie_name : since 4.0.45. + # - $passenger_thread_count : since 4.0.0. + # - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0. + # - $passenger_user : since 4.0.0. + # - $passenger_user_switching : since 3.0.0. + # - $rack_auto_detect : since unkown. Deprecated in 4.0.0. + # - $rack_base_uri : since unkown. Deprecated in 3.0.0. + # - $rack_env : since 2.0.0. + # - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0. + # - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0. + # - $rails_auto_detect : since unkown. Deprecated in 4.0.0. + # - $rails_base_uri : since unkown. Deprecated in 3.0.0. + # - $rails_default_user : since unkown. Deprecated in 3.0.0. + # - $rails_env : since 2.0.0. + # - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0. + # - $rails_ruby : since unkown. Deprecated in 3.0.0. + # - $rails_spawn_method : since unkown. Deprecated in 3.0.0. + # - $rails_user_switching : since unkown. Deprecated in 3.0.0. + # - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0. # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class file { 'passenger.conf': diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 4a28c46287..8a38920966 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -83,45 +83,45 @@ EOS case fact('osfamily') - when 'Debian' - context 'passenger config with passenger_installed_version set' do - it 'should fail when an option is not valid for $passenger_installed_version' do - pp = <<-EOS + when 'Debian' + context 'passenger config with passenger_installed_version set' do + it 'should fail when an option is not valid for $passenger_installed_version' do + pp = <<-EOS class { 'apache': } class { 'apache::mod::passenger': passenger_installed_version => '4.0.0', passenger_instance_registry_dir => '/some/path/to/nowhere' } - EOS - apply_manifest(pp, :expect_failures => true) do |r| - expect(r.stderr).to match(/passenger_instance_registry_dir is not introduced until version 5.0.0/) - end + EOS + apply_manifest(pp, :expect_failures => true) do |r| + expect(r.stderr).to match(/passenger_instance_registry_dir is not introduced until version 5.0.0/) end - it 'should fail when an option is removed' do - pp = <<-EOS + end + it 'should fail when an option is removed' do + pp = <<-EOS class { 'apache': } class { 'apache::mod::passenger': passenger_installed_version => '5.0.0', rails_autodetect => 'on' } - EOS - apply_manifest(pp, :expect_failures => true) do |r| - expect(r.stderr).to match(/REMOVED PASSENGER OPTION/) - end + EOS + apply_manifest(pp, :expect_failures => true) do |r| + expect(r.stderr).to match(/REMOVED PASSENGER OPTION/) end - it 'should warn when an option is deprecated' do - pp = <<-EOS + end + it 'should warn when an option is deprecated' do + pp = <<-EOS class { 'apache': } class { 'apache::mod::passenger': passenger_installed_version => '5.0.0', rails_ruby => '/some/path/to/ruby' } - EOS - apply_manifest(pp, :catch_failures => true) do |r| - expect(r.stderr).to match(/DEPRECATED PASSENGER OPTION/) - end + EOS + apply_manifest(pp, :catch_failures => true) do |r| + expect(r.stderr).to match(/DEPRECATED PASSENGER OPTION/) end end + end context "default passenger config" do it 'succeeds in puppeting passenger' do pp = <<-EOS @@ -129,115 +129,115 @@ class { 'apache::mod::passenger': class { 'apache': } class { 'apache::mod::passenger': } #{pp_rackapp} - EOS - apply_manifest(pp, :catch_failures => true) + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') + pending 'Should be enabled - Bug 760616 on Debian 8' + else + it { should be_enabled } end + it { is_expected.to be_running } + end - describe service($service_name) do - if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') - pending 'Should be enabled - Bug 760616 on Debian 8' + describe file(conf_file) do + it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '12.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '14.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + when '16.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } else - it { should be_enabled } + # This may or may not work on Ubuntu releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } end - it { is_expected.to be_running } - end - - describe file(conf_file) do - it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } - - case fact('operatingsystem') - when 'Ubuntu' - case fact('lsbdistrelease') - when '10.04' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when '12.04' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when '14.04' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } - when '16.04' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } - else - # This may or may not work on Ubuntu releases other than the above - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - end - when 'Debian' - case fact('lsbdistcodename') - when 'wheezy' - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - when 'jessie' - it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerRuby/" } - else - # This may or may not work on Debian releases other than the above - it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } - it { is_expected.not_to contain "/PassengerDefaultRuby/" } - end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when 'jessie' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + else + # This may or may not work on Debian releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } end end + end - describe file(load_file) do - it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } - end - - it 'should output status via passenger-memory-stats' do - shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| - expect(r.stdout).to match(/Apache processes/) - expect(r.stdout).to match(/Nginx processes/) - expect(r.stdout).to match(/Passenger processes/) - - # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain - # these two lines - unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or - (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) - expect(r.stdout).to match(/### Processes: [0-9]+/) - expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) - end + describe file(load_file) do + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } + end - expect(r.exit_code).to eq(0) + it 'should output status via passenger-memory-stats' do + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) + + # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain + # these two lines + unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or + (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')) + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end + + expect(r.exit_code).to eq(0) end + end - # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, - # even when the passenger process is successfully installed and running - unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' - it 'should output status via passenger-status' do - # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| - # spacing may vary - expect(r.stdout).to match(/[\-]+ General information [\-]+/) - if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or - (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or - fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' - expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) - expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) - expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) - else - expect(r.stdout).to match(/max[ ]+= [0-9]+/) - expect(r.stdout).to match(/count[ ]+= [0-9]+/) - expect(r.stdout).to match(/active[ ]+= [0-9]+/) - expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) - expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) - end - - expect(r.exit_code).to eq(0) + # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger, + # even when the passenger process is successfully installed and running + unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' + it 'should output status via passenger-status' do + # xml output not available on ubunutu <= 10.04, so sticking with default pool output + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| + # spacing may vary + expect(r.stdout).to match(/[\-]+ General information [\-]+/) + if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' or + (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') or + fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' + expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) + expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) + expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) + else + expect(r.stdout).to match(/max[ ]+= [0-9]+/) + expect(r.stdout).to match(/count[ ]+= [0-9]+/) + expect(r.stdout).to match(/active[ ]+= [0-9]+/) + expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) + expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) end - end - end - it 'should answer to passenger.example.com' do - shell("/usr/bin/curl passenger.example.com:80") do |r| - expect(r.stdout).to match(/^hello world<\/b>$/) expect(r.exit_code).to eq(0) end end + end + it 'should answer to passenger.example.com' do + shell("/usr/bin/curl passenger.example.com:80") do |r| + expect(r.stdout).to match(/^hello world<\/b>$/) + expect(r.exit_code).to eq(0) + end end + + end end end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 5c3c115239..078003a769 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -27,97 +27,91 @@ }) } passenger_config_options = { - 'passenger_allow_encoded_slashes' => {Type: 'OnOff', PassOpt: :PassengerAllowEncodedSlashes}, - 'passenger_app_env' => {Type: 'String', PassOpt: :PassengerAppEnv}, - 'passenger_app_group_name' => {Type: 'String', PassOpt: :PassengerAppGroupName}, - 'passenger_app_root' => {Type: 'FullPath', PassOpt: :PassengerAppRoot}, - 'passenger_app_type' => {Type: 'String', PassOpt: :PassengerAppType}, - 'passenger_base_uri' => {Type: 'URI', PassOpt: :PassengerBaseURI}, - 'passenger_buffer_response' => {Type: 'OnOff', PassOpt: :PassengerBufferResponse}, - 'passenger_buffer_upload' => {Type: 'OnOff', PassOpt: :PassengerBufferUpload}, - 'passenger_concurrency_model' => {Type: ["process", "thread"], PassOpt: :PassengerConcurrencyModel}, - 'passenger_data_buffer_dir' => {Type: 'FullPath', PassOpt: :PassengerDataBufferDir}, - 'passenger_debug_log_file' => {Type: 'String', PassOpt: :PassengerDebugLogFile}, - 'passenger_debugger' => {Type: 'OnOff', PassOpt: :PassengerDebugger}, - 'passenger_default_group' => {Type: 'String', PassOpt: :PassengerDefaultGroup}, - 'passenger_default_ruby' => {Type: 'FullPath', PassOpt: :PassengerDefaultRuby}, - 'passenger_default_user' => {Type: 'String', PassOpt: :PassengerDefaultUser}, - 'passenger_disable_security_update_check' => {Type: 'OnOff', PassOpt: :PassengerDisableSecurityUpdateCheck}, - 'passenger_enabled' => {Type: 'OnOff', PassOpt: :PassengerEnabled}, - 'passenger_error_override' => {Type: 'OnOff', PassOpt: :PassengerErrorOverride}, - 'passenger_file_descriptor_log_file' => {Type: 'FullPath', PassOpt: :PassengerFileDescriptorLogFile}, - 'passenger_fly_with' => {Type: 'FullPath', PassOpt: :PassengerFlyWith}, - 'passenger_force_max_concurrent_requests_per_process' => {Type: 'Integer', PassOpt: :PassengerForceMaxConcurrentRequestsPerProcess}, - 'passenger_friendly_error_pages' => {Type: 'OnOff', PassOpt: :PassengerFriendlyErrorPages}, - 'passenger_group' => {Type: 'String', PassOpt: :PassengerGroup}, - 'passenger_high_performance' => {Type: 'OnOff', PassOpt: :PassengerHighPerformance}, - 'passenger_instance_registry_dir' => {Type: 'FullPath', PassOpt: :PassengerInstanceRegistryDir}, - 'passenger_load_shell_envvars' => {Type: 'OnOff', PassOpt: :PassengerLoadShellEnvvars}, - 'passenger_log_file' => {Type: 'FullPath', PassOpt: :PassengerLogFile}, - 'passenger_log_level' => {Type: 'Integer', PassOpt: :PassengerLogLevel}, - 'passenger_lve_min_uid' => {Type: 'Integer', PassOpt: :PassengerLveMinUid}, - 'passenger_max_instances' => {Type: 'Integer', PassOpt: :PassengerMaxInstances}, - 'passenger_max_instances_per_app' => {Type: 'Integer', PassOpt: :PassengerMaxInstancesPerApp}, - 'passenger_max_pool_size' => {Type: 'Integer', PassOpt: :PassengerMaxPoolSize}, - 'passenger_max_preloader_idle_time' => {Type: 'Integer', PassOpt: :PassengerMaxPreloaderIdleTime}, - 'passenger_max_request_queue_size' => {Type: 'Integer', PassOpt: :PassengerMaxRequestQueueSize}, - 'passenger_max_request_time' => {Type: 'Integer', PassOpt: :PassengerMaxRequestTime}, - 'passenger_max_requests' => {Type: 'Integer', PassOpt: :PassengerMaxRequests}, - 'passenger_memory_limit' => {Type: 'Integer', PassOpt: :PassengerMemoryLimit}, - 'passenger_meteor_app_settings' => {Type: 'FullPath', PassOpt: :PassengerMeteorAppSettings}, - 'passenger_min_instances' => {Type: 'Integer', PassOpt: :PassengerMinInstances}, - 'passenger_nodejs' => {Type: 'FullPath', PassOpt: :PassengerNodejs}, - 'passenger_pool_idle_time' => {Type: 'Integer', PassOpt: :PassengerPoolIdleTime}, - 'passenger_pre_start' => {Type: 'URI', PassOpt: :PassengerPreStart}, - 'passenger_python' => {Type: 'FullPath', PassOpt: :PassengerPython}, - 'passenger_resist_deployment_errors' => {Type: 'OnOff', PassOpt: :PassengerResistDeploymentErrors}, - 'passenger_resolve_symlinks_in_document_root' => {Type: 'OnOff', PassOpt: :PassengerResolveSymlinksInDocumentRoot}, - 'passenger_response_buffer_high_watermark' => {Type: 'Integer', PassOpt: :PassengerResponseBufferHighWatermark}, - 'passenger_restart_dir' => {Type: 'Path', PassOpt: :PassengerRestartDir}, - 'passenger_rolling_restarts' => {Type: 'OnOff', PassOpt: :PassengerRollingRestarts}, - 'passenger_root' => {Type: 'FullPath', PassOpt: :PassengerRoot}, - 'passenger_ruby' => {Type: 'FullPath', PassOpt: :PassengerRuby}, - 'passenger_security_update_check_proxy' => {Type: 'URI', PassOpt: :PassengerSecurityUpdateCheckProxy}, - 'passenger_show_version_in_header' => {Type: 'OnOff', PassOpt: :PassengerShowVersionInHeader}, - 'passenger_socket_backlog' => {Type: 'Integer', PassOpt: :PassengerSocketBacklog}, - 'passenger_spawn_method' => {Type: ["smart", "direct"], PassOpt: :PassengerSpawnMethod}, - 'passenger_start_timeout' => {Type: 'Integer', PassOpt: :PassengerStartTimeout}, - 'passenger_startup_file' => {Type: 'RelPath', PassOpt: :PassengerStartupFile}, - 'passenger_stat_throttle_rate' => {Type: 'Integer', PassOpt: :PassengerStatThrottleRate}, - 'passenger_sticky_sessions' => {Type: 'OnOff', PassOpt: :PassengerStickySessions}, - 'passenger_sticky_sessions_cookie_name' => {Type: 'String', PassOpt: :PassengerStickySessionsCookieName}, - 'passenger_thread_count' => {Type: 'Integer', PassOpt: :PassengerThreadCount}, - 'passenger_use_global_queue' => {Type: 'String', PassOpt: :PassengerUseGlobalQueue}, - 'passenger_user' => {Type: 'String', PassOpt: :PassengerUser}, - 'passenger_user_switching' => {Type: 'OnOff', PassOpt: :PassengerUserSwitching}, - 'rack_auto_detect' => {Type: 'String', PassOpt: :RackAutoDetect}, - 'rack_base_uri' => {Type: 'String', PassOpt: :RackBaseURI}, - 'rack_env' => {Type: 'String', PassOpt: :RackEnv}, - 'rails_allow_mod_rewrite' => {Type: 'String', PassOpt: :RailsAllowModRewrite}, - 'rails_app_spawner_idle_time' => {Type: 'String', PassOpt: :RailsAppSpawnerIdleTime}, - 'rails_auto_detect' => {Type: 'String', PassOpt: :RailsAutoDetect}, - 'rails_base_uri' => {Type: 'String', PassOpt: :RailsBaseURI}, - 'rails_default_user' => {Type: 'String', PassOpt: :RailsDefaultUser}, - 'rails_env' => {Type: 'String', PassOpt: :RailsEnv}, - 'rails_framework_spawner_idle_time' => {Type: 'String', PassOpt: :RailsFrameworkSpawnerIdleTime}, - 'rails_ruby' => {Type: 'String', PassOpt: :RailsRuby}, - 'rails_spawn_method' => {Type: 'String', PassOpt: :RailsSpawnMethod}, - 'rails_user_switching' => {Type: 'String', PassOpt: :RailsUserSwitching}, - 'union_station_filter' => {Type: 'QuotedString', PassOpt: :UnionStationFilter}, - 'union_station_gateway_address' => {Type: 'URI', PassOpt: :UnionStationGatewayAddress}, - 'union_station_gateway_cert' => {Type: 'FullPath', PassOpt: :UnionStationGatewayCert}, - 'union_station_gateway_port' => {Type: 'Integer', PassOpt: :UnionStationGatewayPort}, - 'union_station_key' => {Type: 'String', PassOpt: :UnionStationKey}, - 'union_station_proxy_address' => {Type: 'URI', PassOpt: :UnionStationProxyAddress}, - 'union_station_support' => {Type: 'OnOff', PassOpt: :UnionStationSupport}, - 'wsgi_auto_detect' => {Type: 'String', PassOpt: :WsgiAutoDetect}, - 'rails_autodetect' => {Type: 'OnOff', PassOpt: :RailsAutoDetect}, - 'rack_autodetect' => {Type: 'OnOff', PassOpt: :RackAutoDetect}, + 'passenger_allow_encoded_slashes' => {type: 'OnOff', pass_opt: :PassengerAllowEncodedSlashes}, + 'passenger_app_env' => {type: 'String', pass_opt: :PassengerAppEnv}, + 'passenger_app_group_name' => {type: 'String', pass_opt: :PassengerAppGroupName}, + 'passenger_app_root' => {type: 'FullPath', pass_opt: :PassengerAppRoot}, + 'passenger_app_type' => {type: 'String', pass_opt: :PassengerAppType}, + 'passenger_base_uri' => {type: 'URI', pass_opt: :PassengerBaseURI}, + 'passenger_buffer_response' => {type: 'OnOff', pass_opt: :PassengerBufferResponse}, + 'passenger_buffer_upload' => {type: 'OnOff', pass_opt: :PassengerBufferUpload}, + 'passenger_concurrency_model' => {type: ["process", "thread"], pass_opt: :PassengerConcurrencyModel}, + 'passenger_data_buffer_dir' => {type: 'FullPath', pass_opt: :PassengerDataBufferDir}, + 'passenger_debug_log_file' => {type: 'String', pass_opt: :PassengerDebugLogFile}, + 'passenger_debugger' => {type: 'OnOff', pass_opt: :PassengerDebugger}, + 'passenger_default_group' => {type: 'String', pass_opt: :PassengerDefaultGroup}, + 'passenger_default_ruby' => {type: 'FullPath', pass_opt: :PassengerDefaultRuby}, + 'passenger_default_user' => {type: 'String', pass_opt: :PassengerDefaultUser}, + 'passenger_disable_security_update_check' => {type: 'OnOff', pass_opt: :PassengerDisableSecurityUpdateCheck}, + 'passenger_enabled' => {type: 'OnOff', pass_opt: :PassengerEnabled}, + 'passenger_error_override' => {type: 'OnOff', pass_opt: :PassengerErrorOverride}, + 'passenger_file_descriptor_log_file' => {type: 'FullPath', pass_opt: :PassengerFileDescriptorLogFile}, + 'passenger_fly_with' => {type: 'FullPath', pass_opt: :PassengerFlyWith}, + 'passenger_force_max_concurrent_requests_per_process' => {type: 'Integer', pass_opt: :PassengerForceMaxConcurrentRequestsPerProcess}, + 'passenger_friendly_error_pages' => {type: 'OnOff', pass_opt: :PassengerFriendlyErrorPages}, + 'passenger_group' => {type: 'String', pass_opt: :PassengerGroup}, + 'passenger_high_performance' => {type: 'OnOff', pass_opt: :PassengerHighPerformance}, + 'passenger_instance_registry_dir' => {type: 'FullPath', pass_opt: :PassengerInstanceRegistryDir}, + 'passenger_load_shell_envvars' => {type: 'OnOff', pass_opt: :PassengerLoadShellEnvvars}, + 'passenger_log_file' => {type: 'FullPath', pass_opt: :PassengerLogFile}, + 'passenger_log_level' => {type: 'Integer', pass_opt: :PassengerLogLevel}, + 'passenger_lve_min_uid' => {type: 'Integer', pass_opt: :PassengerLveMinUid}, + 'passenger_max_instances' => {type: 'Integer', pass_opt: :PassengerMaxInstances}, + 'passenger_max_instances_per_app' => {type: 'Integer', pass_opt: :PassengerMaxInstancesPerApp}, + 'passenger_max_pool_size' => {type: 'Integer', pass_opt: :PassengerMaxPoolSize}, + 'passenger_max_preloader_idle_time' => {type: 'Integer', pass_opt: :PassengerMaxPreloaderIdleTime}, + 'passenger_max_request_queue_size' => {type: 'Integer', pass_opt: :PassengerMaxRequestQueueSize}, + 'passenger_max_request_time' => {type: 'Integer', pass_opt: :PassengerMaxRequestTime}, + 'passenger_max_requests' => {type: 'Integer', pass_opt: :PassengerMaxRequests}, + 'passenger_memory_limit' => {type: 'Integer', pass_opt: :PassengerMemoryLimit}, + 'passenger_meteor_app_settings' => {type: 'FullPath', pass_opt: :PassengerMeteorAppSettings}, + 'passenger_min_instances' => {type: 'Integer', pass_opt: :PassengerMinInstances}, + 'passenger_nodejs' => {type: 'FullPath', pass_opt: :PassengerNodejs}, + 'passenger_pool_idle_time' => {type: 'Integer', pass_opt: :PassengerPoolIdleTime}, + 'passenger_pre_start' => {type: 'URI', pass_opt: :PassengerPreStart}, + 'passenger_python' => {type: 'FullPath', pass_opt: :PassengerPython}, + 'passenger_resist_deployment_errors' => {type: 'OnOff', pass_opt: :PassengerResistDeploymentErrors}, + 'passenger_resolve_symlinks_in_document_root' => {type: 'OnOff', pass_opt: :PassengerResolveSymlinksInDocumentRoot}, + 'passenger_response_buffer_high_watermark' => {type: 'Integer', pass_opt: :PassengerResponseBufferHighWatermark}, + 'passenger_restart_dir' => {type: 'Path', pass_opt: :PassengerRestartDir}, + 'passenger_rolling_restarts' => {type: 'OnOff', pass_opt: :PassengerRollingRestarts}, + 'passenger_root' => {type: 'FullPath', pass_opt: :PassengerRoot}, + 'passenger_ruby' => {type: 'FullPath', pass_opt: :PassengerRuby}, + 'passenger_security_update_check_proxy' => {type: 'URI', pass_opt: :PassengerSecurityUpdateCheckProxy}, + 'passenger_show_version_in_header' => {type: 'OnOff', pass_opt: :PassengerShowVersionInHeader}, + 'passenger_socket_backlog' => {type: 'Integer', pass_opt: :PassengerSocketBacklog}, + 'passenger_spawn_method' => {type: ["smart", "direct"], pass_opt: :PassengerSpawnMethod}, + 'passenger_start_timeout' => {type: 'Integer', pass_opt: :PassengerStartTimeout}, + 'passenger_startup_file' => {type: 'RelPath', pass_opt: :PassengerStartupFile}, + 'passenger_stat_throttle_rate' => {type: 'Integer', pass_opt: :PassengerStatThrottleRate}, + 'passenger_sticky_sessions' => {type: 'OnOff', pass_opt: :PassengerStickySessions}, + 'passenger_sticky_sessions_cookie_name' => {type: 'String', pass_opt: :PassengerStickySessionsCookieName}, + 'passenger_thread_count' => {type: 'Integer', pass_opt: :PassengerThreadCount}, + 'passenger_use_global_queue' => {type: 'String', pass_opt: :PassengerUseGlobalQueue}, + 'passenger_user' => {type: 'String', pass_opt: :PassengerUser}, + 'passenger_user_switching' => {type: 'OnOff', pass_opt: :PassengerUserSwitching}, + 'rack_auto_detect' => {type: 'String', pass_opt: :RackAutoDetect}, + 'rack_autodetect' => {type: 'String', pass_opt: :RackAutoDetect}, + 'rack_base_uri' => {type: 'String', pass_opt: :RackBaseURI}, + 'rack_env' => {type: 'String', pass_opt: :RackEnv}, + 'rails_allow_mod_rewrite' => {type: 'String', pass_opt: :RailsAllowModRewrite}, + 'rails_app_spawner_idle_time' => {type: 'String', pass_opt: :RailsAppSpawnerIdleTime}, + 'rails_auto_detect' => {type: 'String', pass_opt: :RailsAutoDetect}, + 'rails_autodetect' => {type: 'String', pass_opt: :RailsAutoDetect}, + 'rails_base_uri' => {type: 'String', pass_opt: :RailsBaseURI}, + 'rails_default_user' => {type: 'String', pass_opt: :RailsDefaultUser}, + 'rails_env' => {type: 'String', pass_opt: :RailsEnv}, + 'rails_framework_spawner_idle_time' => {type: 'String', pass_opt: :RailsFrameworkSpawnerIdleTime}, + 'rails_ruby' => {type: 'String', pass_opt: :RailsRuby}, + 'rails_spawn_method' => {type: 'String', pass_opt: :RailsSpawnMethod}, + 'rails_user_switching' => {type: 'String', pass_opt: :RailsUserSwitching}, + 'wsgi_auto_detect' => {type: 'String', pass_opt: :WsgiAutoDetect}, } passenger_config_options.each do |config_option, config_hash| puppetized_config_option = config_option valid_config_values = [] - case config_hash[:Type] + case config_hash[:type] + # UnionStationFilter values are quoted strings when 'QuotedString' valid_config_values = ['"a quoted string"'] valid_config_values.each do |valid_value| @@ -125,7 +119,7 @@ let :params do { puppetized_config_option.to_sym => valid_value } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} "#{valid_value}"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:pass_opt]} "#{valid_value}"$/) } end end when 'FullPath', 'RelPath', 'Path' @@ -135,47 +129,37 @@ let :params do { puppetized_config_option.to_sym => valid_value } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} "#{valid_value}"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:pass_opt]} "#{valid_value}"$/) } end end - when 'URI', 'String' - valid_config_values = ['some_string_for_you'] + when 'URI', 'String', 'Integer' + valid_config_values = ['some_value_for_you'] valid_config_values.each do |valid_value| describe "with #{puppetized_config_option} => #{valid_value}" do let :params do { puppetized_config_option.to_sym => valid_value } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:pass_opt]} #{valid_value}$/) } end end - when 'Integer' - valid_config_values = [100] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => #{valid_value}" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } - end - end - when 'OnOff' + when 'OnOff' valid_config_values = ['on', 'off'] valid_config_values.each do |valid_value| describe "with #{puppetized_config_option} => '#{valid_value}'" do let :params do { puppetized_config_option.to_sym => valid_value } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:pass_opt]} #{valid_value}$/) } end end else - valid_config_values = config_hash[:Type] + valid_config_values = config_hash[:type] valid_config_values.each do |valid_value| describe "with #{puppetized_config_option} => '#{valid_value}'" do let :params do { puppetized_config_option.to_sym => valid_value } end - it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:PassOpt]} #{valid_value}$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ #{config_hash[:pass_opt]} #{valid_value}$/) } end end end @@ -204,7 +188,7 @@ it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - describe "with passenger_root => '/usr/lib/example'" do + describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end @@ -301,12 +285,6 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerAppEnv foo$/) } end - describe "with passenger_instance_registry_dir => '/var/run/passenger-instreg'" do - let :params do - { :passenger_instance_registry_dir => '/var/run/passenger-instreg' } - end - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerInstanceRegistryDir "/var/run/passenger-instreg"$}) } - end describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do let :params do { :passenger_log_file => '/var/log/apache2/passenger.log' } @@ -347,15 +325,15 @@ context "with Ubuntu 12.04 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '12.04', - :kernel => 'Linux', - :operatingsystem => 'Ubuntu', - :lsbdistrelease => '12.04', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '12.04', + :kernel => 'Linux', + :operatingsystem => 'Ubuntu', + :lsbdistrelease => '12.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -367,15 +345,15 @@ context "with Ubuntu 14.04 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '14.04', - :operatingsystem => 'Ubuntu', - :kernel => 'Linux', - :lsbdistrelease => '14.04', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '14.04', + :operatingsystem => 'Ubuntu', + :kernel => 'Linux', + :lsbdistrelease => '14.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -387,15 +365,15 @@ context "with Debian 7 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '7.3', - :operatingsystem => 'Debian', - :kernel => 'Linux', - :lsbdistcodename => 'wheezy', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '7.3', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'wheezy', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -407,15 +385,15 @@ context "with Debian 8 defaults" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '8.0', - :operatingsystem => 'Debian', - :kernel => 'Linux', - :lsbdistcodename => 'jessie', - :concat_basedir => '/dne', - :id => 'root', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'Debian', + :operatingsystemrelease => '8.0', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'jessie', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -428,13 +406,13 @@ context "on a RedHat OS" do let :rh_facts do { - :osfamily => 'RedHat', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'RedHat', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -445,13 +423,13 @@ it { is_expected.to contain_apache__mod('passenger') } it { is_expected.to contain_package("mod_passenger") } it { is_expected.to contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } it { is_expected.to contain_file('passenger_package.conf').without_content } it { is_expected.to contain_file('passenger_package.conf').without_source } it { is_expected.to contain_file('zpassenger.load').with({ - 'path' => '/etc/httpd/conf.d/zpassenger.load', - }) } + 'path' => '/etc/httpd/conf.d/zpassenger.load', + }) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } describe "with passenger_root => '/usr/lib/example'" do @@ -472,24 +450,24 @@ let(:facts) { rh_facts.merge(:operatingsystemrelease => '7') } it { is_expected.to contain_file('passenger_package.conf').with({ - 'path' => '/etc/httpd/conf.d/passenger.conf', - }) } + 'path' => '/etc/httpd/conf.d/passenger.conf', + }) } it { is_expected.to contain_file('zpassenger.load').with({ - 'path' => '/etc/httpd/conf.modules.d/zpassenger.load', - }) } + 'path' => '/etc/httpd/conf.modules.d/zpassenger.load', + }) } end end context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -499,14 +477,14 @@ context "on a Gentoo OS" do let :facts do { - :osfamily => 'Gentoo', - :operatingsystem => 'Gentoo', - :operatingsystemrelease => '3.16.1-gentoo', - :concat_basedir => '/dne', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - :is_pe => false, + :osfamily => 'Gentoo', + :operatingsystem => 'Gentoo', + :operatingsystemrelease => '3.16.1-gentoo', + :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index 8373307767..7d79207ce0 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -229,27 +229,6 @@ <%- if @rails_user_switching -%> RailsUserSwitching <%= @rails_user_switching %> <%- end -%> - <%- if @union_station_filter -%> - UnionStationFilter "<%= @union_station_filter %>" - <%- end -%> - <%- if @union_station_gateway_address -%> - UnionStationGatewayAddress <%= @union_station_gateway_address %> - <%- end -%> - <%- if @union_station_gateway_cert -%> - UnionStationGatewayCert "<%= @union_station_gateway_cert %>" - <%- end -%> - <%- if @union_station_gateway_port -%> - UnionStationGatewayPort <%= @union_station_gateway_port %> - <%- end -%> - <%- if @union_station_key -%> - UnionStationKey <%= @union_station_key %> - <%- end -%> - <%- if @union_station_proxy_address -%> - UnionStationProxyAddress <%= @union_station_proxy_address %> - <%- end -%> - <%- if @union_station_support -%> - UnionStationSupport <%= @union_station_support %> - <%- end -%> <%- if @wsgi_auto_detect -%> WsgiAutoDetect <%= @wsgi_auto_detect %> <%- end -%> @@ -259,4 +238,5 @@ <%- if @rack_autodetect -%> RackAutoDetect <%= @rack_autodetect %> <%- end -%> + From e7bb53091f02ff142e151ac343f56dbbef204bb2 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Thu, 17 Aug 2017 13:33:56 -0700 Subject: [PATCH 1226/2267] (MODULES-3942) make sure mod_alias is loaded with redirectmatch previously, when redirectmatch_* parameters were included, the RedirectMatch directive would be added to the vhost without mod_alias loaded. Since RedirectMatch is part of mod_alias, mod_alias is required. This change makes sure this happens whenever any of the three parameters are used. --- manifests/vhost.pp | 5 ++++- spec/defines/vhost_spec.rb | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 18217deebe..e5e3b6c251 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -410,7 +410,10 @@ } # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { + if ($scriptalias or $scriptaliases != []) + or ($aliases and $aliases != []) + or ($redirect_source and $redirect_dest) + or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){ if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index bb447247b2..737d2275c9 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1397,5 +1397,41 @@ :content => /^\s+Require all granted$/ ) } end + describe "redirectmatch_*" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :dparams do + { + :docroot => '/rspec/docroot', + :port => '84', + } + end + context "status" do + let (:params) { dparams.merge({:redirectmatch_status => "404"}) } + it { is_expected.to contain_class("apache::mod::alias")} + end + context "dest" do + let (:params) { dparams.merge({:redirectmatch_dest => "http://other.example.com$1.jpg"}) } + it { is_expected.to contain_class("apache::mod::alias")} + end + context "regexp" do + let (:params) { dparams.merge({:redirectmatch_regexp => "(.*)\.gif$"}) } + it { is_expected.to contain_class("apache::mod::alias")} + end + context "none" do + let (:params) { dparams } + it { is_expected.to_not contain_class("apache::mod::alias") } + end + end end end From 3ef9a56ed99cdacb82d50addd704bea2895a8bad Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 25 Aug 2017 11:55:02 -0700 Subject: [PATCH 1227/2267] (maint) allow arrays of arrays for $directories recently, $directories in vhost.pp was puppet4-ized. because we still support Apache 2.2, we need to continue to allow $directories to have nested arrays so that users can pass arrays of allow/deny rules for each directory. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9b8dade0dc..382771297c 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -61,7 +61,7 @@ $access_log_env_var = false, Optional[Array] $access_logs = undef, $aliases = undef, - Optional[Variant[Hash, Array[Hash]]] $directories = undef, + Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef, Boolean $error_log = true, $error_log_file = undef, $error_log_pipe = undef, From 8ebc42a8ec6c5347be4434e9a8df394467f1680b Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Fri, 25 Aug 2017 20:06:14 -0300 Subject: [PATCH 1228/2267] [Modules 5492] - Include treatment for absolute, relative and pipe paths for JkLogFile and JkShmFile for class mod::jk (#1671) * Move logroot treatment away from files treatment in mod::jk * Treat Log/Shm files with absolute paths in mod::jk * Add default case for Log/Shm files in mod::jk * Include in README subsection on ...mod::jk::logroot parameter * Include in README subsection on ...mod::jk::(shm|log)_file parameters * Include in README examples on ...mod::jk::(shm|log)_file parameters * Include context loop with one item in mod::jk spec test * Include conf file check for new contexts in mod::jk spec test * Include relative paths context in mod::jk spec test * Include absolute paths context in mod::jk spec test * Include pipe paths context in mod::jk spec test * Remove content check for jk.conf in mod::jk spec test * Create mod_dir variable in mod::jk class to ease spec test * Set mod_dir variable in mod::jk spec test * Try using symbol to test conf file in mod::jk spec test * Reverts all failed attempts to spec test jk.conf Revert "Try using symbol to test conf file in mod::jk spec test" This reverts commit b02c31d0fcfa252a6e66e552db94a8e4bb62f5d7. Revert "Set mod_dir variable in mod::jk spec test" This reverts commit 9f7e94199d3086c90137766dad6377d700a66514. Revert "Create mod_dir variable in mod::jk class to ease spec test" This reverts commit 39986b8b7f1fe57a85c6a2f93fa4500da5a40714. Revert "Remove content check for jk.conf in mod::jk spec test" This reverts commit d85e8a2ef5939f1e85e8219a4f311baf17fff337. Revert "Include pipe paths context in mod::jk spec test" This reverts commit 95dd58bc9f7840c35db43d3ba519ccebe3139277. Revert "Include absolute paths context in mod::jk spec test" This reverts commit 70e36e2b3a274983304ca0526b59b279d7260657. Revert "Include relative paths context in mod::jk spec test" This reverts commit 68c15aeb1cf06904e675b8bcd03a11fca9f04a65. Revert "Include conf file check for new contexts in mod::jk spec test" This reverts commit 45d040ce0e4a66ca3bed7699baf4f97947e04e44. Revert "Include context loop with one item in mod::jk spec test" This reverts commit f6bb97f4dcc01e652928d0af1f28ef7b6046f3d3. * Add mod_dir variable in mod::apache class to allow spec tests * Add mod_dir variable in mod::apache spec test * Correct mod_dir variable reference in class mod::jk * Add parameter in shared example of mod::jk spec test * Include path check for jk.conf in mod::jk spec test * Correct Debian path for jk.conf in mod::jk spec test * Compound matchers for same resource in mod::jk spec test * Include "and" in additional matcher for jk.conf in mod::jk spec test * Try to correct compound matchers syntax in mod::jk spec test * Remove compound matchers in mod::jk spec test * Move simple matcher to single line in mod::jk spec test * Include jk.conf check via "with_content" in mod::jk spec test * Correct jk.conf contents in mod::jk spec test * Correct line endings in jk.conf contents in mod::jk spec test * Create hash for (shm|log)_file parameters in mod::jk spec test * Add context iterated for (shm|log)_file in mod::jk spec test * Include iterated file content check in mod::jk spec test * Remove redundant jk.conf content check in mod::jk spec test * Add relative paths for (shm|log)_file in mod::jk spec test * Remove remaining redundant jk.conf content check in mod::jk spec test * Add absolute paths for (shm|log)_file in mod::jk spec test * Add pipe paths for (shm|log)_file in mod::jk spec test * Correct log_file pipe parameter in mod::jk spec test * Use "let" to set local variable in mod::jk spec test * Change symbol to var name in assignment in mod::jk spec test * Quote var name in assignment in mod::jk spec test * Correct symbol reference in mod::jk spec test * Change unecessary var for direct hash iteration in mod::jk spec test --- README.md | 32 +++++++++++++++++ manifests/mod/jk.pp | 33 +++++++++++------ spec/classes/mod/jk_spec.rb | 72 +++++++++++++++++++++++++++++++++++-- 3 files changed, 123 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 9b5baedb2f..636e45a599 100755 --- a/README.md +++ b/README.md @@ -2238,6 +2238,38 @@ $mount_file_content = { }, ``` +**shm\_file and log\_file** + +Depending on how these files are specified, the class creates their final path differently: +- Relative path: prepends supplied path with `logroot` (see below) +- Absolute path or pipe: uses supplied path as-is + +Examples (RHEL 6): + +``` +shm_file => 'shm_file' +# Ends up in +$shm_path = '/var/log/httpd/shm_file' +``` +``` +shm_file => '/run/shm_file' +# Ends up in +$shm_path = '/run/shm_file' +``` +``` +shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' +# Ends up in +$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' +``` + +> The default logroot is sane enough. Therefore, it is not recommended to specify absolute paths. + +**logroot** + +The base directory for `shm_file` and `log_file` is determined by the `logroot` parameter. If unspecified, defaults to `apache::params::logroot`. + +> The default logroot is sane enough. Therefore, it is not recommended to override it. + ##### Class: `apache::mod::passenger` Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 1e66ce5781..5fa0f73cc4 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -12,7 +12,7 @@ $workers_file = undef, $worker_property = {}, $logroot = undef, - $shm_file = 'jk-runtime-status', + $shm_file = undef, $shm_size = undef, $mount_file = undef, $mount_file_reload = undef, @@ -22,7 +22,7 @@ $mount_copy = undef, $worker_indicator = undef, $watchdog_interval = undef, - $log_file = 'mod_jk.log', + $log_file = undef, $log_level = undef, $log_stamp_format = undef, $request_log_format = undef, @@ -70,22 +70,33 @@ } # Shared memory and log paths - if $logroot == undef { - $shm_path = "${::apache::logroot}/${shm_file}" - $log_path = "${::apache::logroot}/${log_file}" + # If logroot unspecified, use default + $log_dir = $logroot ? { + undef => $::apache::logroot, + default => $logroot, } - else { - $shm_path = "${logroot}/${shm_file}" - $log_path = "${logroot}/${log_file}" + # If absolute path or pipe, use as-is + # If relative path, prepend with log directory + # If unspecified, use default + $shm_path = $shm_file ? { + undef => "${log_dir}/jk-runtime-status", + /^\"?[|\/]/ => $shm_file, + default => "${log_dir}/${shm_file}", + } + $log_path = $log_file ? { + undef => "${log_dir}/mod_jk.log", + /^\"?[|\/]/ => $log_file, + default => "${log_dir}/${log_file}", } # Main config file + $mod_dir = $::apache::mod_dir file {'jk.conf': - path => "${::apache::mod_dir}/jk.conf", + path => "${mod_dir}/jk.conf", content => template('apache/mod/jk.conf.erb'), require => [ - Exec["mkdir ${::apache::mod_dir}"], - File[$::apache::mod_dir], + Exec["mkdir ${mod_dir}"], + File[$mod_dir], ], } diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index ba35c438dd..68e5692677 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -3,13 +3,14 @@ describe 'apache::mod::jk', :type => :class do it_behaves_like 'a mod class, without including apache' - shared_examples 'minimal resources' do + shared_examples 'minimal resources' do |mod_dir| it { is_expected.to compile } it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('apache::mod::jk') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_apache__mod('jk') } it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]') } + it { is_expected.to contain_file('jk.conf').with({ :path => "#{mod_dir}/jk.conf" }) } end context "RHEL 6 with only required facts and no parameters" do @@ -30,7 +31,10 @@ { :logroot => '/var/log/httpd' } end - it_behaves_like 'minimal resources' + mod_dir = '/etc/httpd/conf.d' + let (:mod_dir) { mod_dir } + + it_behaves_like 'minimal resources', mod_dir it { verify_contents(catalogue, 'jk.conf', ['', '']) } @@ -55,11 +59,73 @@ { :logroot => '/var/log/apache2' } end - it_behaves_like 'minimal resources' + mod_dir = '/etc/apache2/mods-available' + let (:mod_dir) { mod_dir } + + it_behaves_like 'minimal resources', mod_dir it { verify_contents(catalogue, 'jk.conf', ['', '']) } end + { + :default => { + :shm_file => :undef, + :log_file => :undef, + :shm_path => '/var/log/httpd/jk-runtime-status', + :log_path => '/var/log/httpd/mod_jk.log', + }, + :relative => { + :shm_file => 'shm_file', + :log_file => 'log_file', + :shm_path => '/var/log/httpd/shm_file', + :log_path => '/var/log/httpd/log_file', + }, + :absolute => { + :shm_file => '/run/shm_file', + :log_file => '/tmp/log_file', + :shm_path => '/run/shm_file', + :log_path => '/tmp/log_file', + }, + :pipe => { + :shm_file => :undef, + :log_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"', + :shm_path => '/var/log/httpd/jk-runtime-status', + :log_path => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"', + }, + }.each do |option, paths| + context "RHEL 6 with #{option} shm_file and log_file paths" do + + let (:facts) do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + } + end + + let (:pre_condition) do + 'include apache' + end + + let (:params) do { + :logroot => '/var/log/httpd', + :shm_file => paths[:shm_file], + :log_file => paths[:log_file], + } end + + it { is_expected.to contain_file('jk.conf').with_content( + "# This file is generated automatically by Puppet - DO NOT EDIT\n"\ + "# Any manual changes will be overwritten\n"\ + "\n"\ + "\n"\ + " JkShmFile #{paths[:shm_path]}\n"\ + " JkLogFile #{paths[:log_path]}\n"\ + "\n" + ) } + + end + end + end From 0b083c0d9bbe4089b3cec21760826098b79f3472 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 28 Aug 2017 14:14:39 -0700 Subject: [PATCH 1229/2267] (maint) update userdir template Some changes were made to the userdir.pp to allow for custom paths in #1650. This updates the template to use the custom string not only for the UserDir directive but also the Directory path. --- spec/classes/mod/userdir_spec.rb | 3 +++ templates/mod/userdir.conf.erb | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/spec/classes/mod/userdir_spec.rb b/spec/classes/mod/userdir_spec.rb index 9f23ba274b..ae9863f5a8 100644 --- a/spec/classes/mod/userdir_spec.rb +++ b/spec/classes/mod/userdir_spec.rb @@ -32,6 +32,7 @@ } end it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/home/\*/hi$})} + it { should contain_file("userdir.conf").with_content(%r{^\s*\$})} end context "with home set to something" do let :params do @@ -40,6 +41,7 @@ } end it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+/u/\*/public_html$})} + it { should contain_file("userdir.conf").with_content(%r{^\s*\$})} end context "with path set to something" do let :params do @@ -48,6 +50,7 @@ } end it { should contain_file("userdir.conf").with_content(%r{^\s*UserDir\s+public_html /usr/web http://www\.example\.com/$})} + it { should contain_file("userdir.conf").with_content(%r{^\s*\$})} end end end diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index 323a1af1da..edf994c502 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -4,7 +4,7 @@ <% end -%> UserDir <%= @_path %> - /*/<%= @dir %>"> + "> AllowOverride <%= @overrides.join(' ') %> Options <%= @options.join(' ') %> From a441ce32fca224ed60d5c355e17deec9145bcebb Mon Sep 17 00:00:00 2001 From: Sergii Kipot Date: Wed, 30 Aug 2017 19:37:32 +0200 Subject: [PATCH 1230/2267] remoteip: Notify apache::service instead of service['httpd'] Otherwise service is restarted even if service_manage=false Signed-off-by: Sergii Kipot --- manifests/mod/remoteip.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp index 92010cf960..21ad57f3e0 100644 --- a/manifests/mod/remoteip.pp +++ b/manifests/mod/remoteip.pp @@ -25,6 +25,6 @@ content => template('apache/mod/remoteip.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } From c716a0031e3b7a9d0d8cb87fbdfa63ecf05d9394 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Thu, 31 Aug 2017 16:15:42 -0700 Subject: [PATCH 1231/2267] (maint) apache unit test failure I'm making an educated guess that the error log message for puppet 4.7.1 is formatted in a different way from 4.10.4. the end part of the message, "got 'foo'", may not be present in 4.7.1 or is in a different location. this change still captures the important part of the message while allowing tests to pass. --- spec/classes/apache_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 938c08cece..355f9f108d 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -636,7 +636,7 @@ it "should fail" do expect do catalogue - end.to raise_error(Puppet::PreformattedError, /Evaluation Error: Error while evaluating a Resource Statement, Class\[Apache\]: parameter 'sendfile' expects a match for Enum\['Off', 'On', 'off', 'on'\], got 'foo'/) + end.to raise_error(Puppet::PreformattedError, /Evaluation Error: Error while evaluating a Resource Statement, Class\[Apache\]: parameter 'sendfile' expects a match for Enum\['Off', 'On', 'off', 'on'\]/) end end context "On" do From dc85ed27cd0e9ab40e83f1a2e5cf7f615811b5b5 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Thu, 31 Aug 2017 21:03:01 -0300 Subject: [PATCH 1232/2267] [Modules 5519] Add port parameter in class mod::jk (#1679) * Add ip and port parameters to class apache::mod::jk * Add parameter to make binding conditional in class apache::mod::jk * Add binding parameters validation in apache::mod::jk * Add default binding params in mod::jk spec test * Add context with alternative binding port in mod::jk spec test * Add context without binding in mod::jk spec test * Add in README binding parameters info for class mod::jk * Add in README use cases for apache::mod::jk binding params * Change default param treatment in mod::jk to allow spec test * Correct parameters in mod::jk spec test * Use variable $facts for ip param default * Use facts for param defaults in mod::jk spec test * Correct facts hash reference in class mod::jk * Change param default treatment to allow spec test in class mod::jk * Add resource count in all contexts in mod::jk spec test * Change resource count for specific resource checks in mod::jk spec test * Add context for supplied IP param in mod::jk spec test * Align parameter values in class mod::jk * Change param apache::mod::jk::port type to integer * Change param apache::mod::jk::port type to integer in spec test --- README.md | 27 +++++++++- manifests/mod/jk.pp | 94 ++++++++++++++++++++--------------- spec/classes/mod/jk_spec.rb | 99 +++++++++++++++++++++++++++++++++++-- 3 files changed, 175 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index f1a8e50b9f..711386d66c 100755 --- a/README.md +++ b/README.md @@ -2154,6 +2154,7 @@ Installs and manages `mod_jk`, a connector for Apache httpd redirection to old v ``` puppet class { '::apache::mod::jk': + ip = '192.168.2.15', workers_file = 'conf/workers.properties', mount_file = 'conf/uriworkermap.properties', shm_file = 'run/jk.shm', @@ -2166,7 +2167,31 @@ class { '::apache::mod::jk': **Parameters within `apache::mod::jk`**: -The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for \*file_content: +The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for: + +**add_listen** + +Defines if a `Listen` directive according to parameters `ip` and `port` (see below), so that Apache listens to the IP/port combination and redirect to `mod_jk`. +Useful when another `Listen` directive, like `Listen *:` or `Listen `, can conflict with the one necessary for `mod_jk` binding. + +Type: Boolean +Default: true + +**ip** + +IP for binding to `mod_jk`. +Useful when the binding address is not the primary network interface IP. + +Type: String +Default: `$facts['ipaddress']` + +**port** + +Port for binding to `mod_jk`. +Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port. + +Type: String (numerical) +Default: '80' **workers\_file\_content** diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp index 5fa0f73cc4..eebfd2c2cf 100644 --- a/manifests/mod/jk.pp +++ b/manifests/mod/jk.pp @@ -9,52 +9,57 @@ # https://tomcat.apache.org/connectors-doc/reference/apache.html # class apache::mod::jk ( - $workers_file = undef, - $worker_property = {}, - $logroot = undef, - $shm_file = undef, - $shm_size = undef, - $mount_file = undef, - $mount_file_reload = undef, - $mount = {}, - $un_mount = {}, - $auto_alias = undef, - $mount_copy = undef, - $worker_indicator = undef, - $watchdog_interval = undef, - $log_file = undef, - $log_level = undef, - $log_stamp_format = undef, - $request_log_format = undef, - $extract_ssl = undef, - $https_indicator = undef, - $sslprotocol_indicator = undef, - $certs_indicator = undef, - $cipher_indicator = undef, - $certchain_prefix = undef, - $session_indicator = undef, - $keysize_indicator = undef, - $local_name_indicator = undef, - $ignore_cl_indicator = undef, - $local_addr_indicator = undef, - $local_port_indicator = undef, - $remote_host_indicator = undef, - $remote_addr_indicator = undef, - $remote_port_indicator = undef, - $remote_user_indicator = undef, - $auth_type_indicator = undef, - $options = [], - $env_var = {}, - $strip_session = undef, + # Binding to mod_jk + Optional[String] $ip = undef, + Integer $port = 80, + Boolean $add_listen = true, + # Conf file content + $workers_file = undef, + $worker_property = {}, + $logroot = undef, + $shm_file = 'jk-runtime-status', + $shm_size = undef, + $mount_file = undef, + $mount_file_reload = undef, + $mount = {}, + $un_mount = {}, + $auto_alias = undef, + $mount_copy = undef, + $worker_indicator = undef, + $watchdog_interval = undef, + $log_file = 'mod_jk.log', + $log_level = undef, + $log_stamp_format = undef, + $request_log_format = undef, + $extract_ssl = undef, + $https_indicator = undef, + $sslprotocol_indicator = undef, + $certs_indicator = undef, + $cipher_indicator = undef, + $certchain_prefix = undef, + $session_indicator = undef, + $keysize_indicator = undef, + $local_name_indicator = undef, + $ignore_cl_indicator = undef, + $local_addr_indicator = undef, + $local_port_indicator = undef, + $remote_host_indicator = undef, + $remote_addr_indicator = undef, + $remote_port_indicator = undef, + $remote_user_indicator = undef, + $auth_type_indicator = undef, + $options = [], + $env_var = {}, + $strip_session = undef, # Location list # See comments in template mod/jk.conf.erb - $location_list = [], + $location_list = [], # Workers file content # See comments in template mod/jk/workers.properties.erb - $workers_file_content = {}, + $workers_file_content = {}, # Mount file content # See comments in template mod/jk/uriworkermap.properties.erb - $mount_file_content = {}, + $mount_file_content = {}, ){ # Provides important variables @@ -62,6 +67,15 @@ # Manages basic module config ::apache::mod { 'jk': } + # Binding to mod_jk + if $add_listen { + $_ip = $ip ? { + undef => $facts['ipaddress'], + default => $ip, + } + ensure_resource('apache::listen', "${_ip}:${port}", {}) + } + # File resource common parameters File { ensure => file, diff --git a/spec/classes/mod/jk_spec.rb b/spec/classes/mod/jk_spec.rb index 68e5692677..57305c1233 100644 --- a/spec/classes/mod/jk_spec.rb +++ b/spec/classes/mod/jk_spec.rb @@ -13,13 +13,19 @@ it { is_expected.to contain_file('jk.conf').with({ :path => "#{mod_dir}/jk.conf" }) } end - context "RHEL 6 with only required facts and no parameters" do + default_ip = '192.168.1.1' + altern8_ip = '10.1.2.3' + default_port = 80 + altern8_port = 8008 + + context "RHEL 6 with only required facts and default parameters" do let (:facts) do { :osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :ipaddress => default_ip, } end @@ -28,26 +34,30 @@ end let (:params) do - { :logroot => '/var/log/httpd' } + { + :logroot => '/var/log/httpd', + } end mod_dir = '/etc/httpd/conf.d' let (:mod_dir) { mod_dir } it_behaves_like 'minimal resources', mod_dir + it { is_expected.to contain_apache__listen("#{default_ip}:#{default_port}") } it { verify_contents(catalogue, 'jk.conf', ['', '']) } end - context "Debian 8 with only required facts and no parameters" do + context "Debian 8 with only required facts and default parameters" do let (:facts) do { :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '8', + :ipaddress => default_ip, } end @@ -56,19 +66,100 @@ end let (:params) do - { :logroot => '/var/log/apache2' } + { + :logroot => '/var/log/apache2', + } end mod_dir = '/etc/apache2/mods-available' let (:mod_dir) { mod_dir } it_behaves_like 'minimal resources', mod_dir + it { is_expected.to contain_apache__listen("#{default_ip}:#{default_port}") } it { verify_contents(catalogue, 'jk.conf', ['', '']) } end + context "RHEL 6 with required facts and alternative IP" do + + let (:facts) do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :ipaddress => default_ip, + } + end + + let (:pre_condition) do + 'include apache' + end + + let (:params) do + { + :ip => altern8_ip, + :logroot => '/var/log/httpd', + } + end + + it { is_expected.to contain_apache__listen("#{altern8_ip}:#{default_port}") } + + end + + context "RHEL 6 with required facts and alternative port" do + + let (:facts) do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :ipaddress => default_ip, + } + end + + let (:pre_condition) do + 'include apache' + end + + let (:params) do + { + :port => altern8_port, + :logroot => '/var/log/httpd', + } + end + + it { is_expected.to contain_apache__listen("#{default_ip}:#{altern8_port}") } + + end + + context "RHEL 6 with required facts and no binding" do + + let (:facts) do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :ipaddress => default_ip, + } + end + + let (:pre_condition) do + 'include apache' + end + + let (:params) do + { + :add_listen => false, + :logroot => '/var/log/httpd', + } + end + + it { is_expected.not_to contain_apache__listen("#{default_ip}:#{default_port}") } + + end + { :default => { :shm_file => :undef, From 5cbd310ab0a0c80b1342bccc35d59dbc3ddf8218 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Fri, 1 Sep 2017 13:08:59 -0700 Subject: [PATCH 1233/2267] (MODULES-2062) updates prefork.conf params for apache 2.4 MaxClients is now MaxRequestWorkers and MaxRequestsPerChild is now MaxConnectionsPerChild. This updates the manifest, template, and adds a couple unit tests. Unit tests for every OS did not seem necessary since all that is being tested is an if block. --- manifests/mod/prefork.pp | 27 ++++++++++++++++++++------- spec/classes/mod/prefork_spec.rb | 8 +++++++- templates/mod/prefork.conf.erb | 12 ++++++++++-- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index f35551ce6a..989de6e5b0 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -1,11 +1,13 @@ class apache::mod::prefork ( - $startservers = '8', - $minspareservers = '5', - $maxspareservers = '20', - $serverlimit = '256', - $maxclients = '256', - $maxrequestsperchild = '4000', - $apache_version = undef, + $startservers = '8', + $minspareservers = '5', + $maxspareservers = '20', + $serverlimit = '256', + $maxclients = '256', + $maxrequestworkers = undef, + $maxrequestsperchild = '4000', + $maxconnectionsperchild = undef, + $apache_version = undef, ) { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) @@ -23,6 +25,15 @@ if defined(Class['apache::mod::worker']) { fail('May not include both apache::mod::prefork and apache::mod::worker on the same node') } + + if versioncmp($_apache_version, '2.3.13') < 0 { + if $maxrequestworkers == undef { + warning("For newer versions of Apache, \$maxclients is deprecated, please use \$maxrequestworkers.") + } elsif $maxconnectionsperchild == undef { + warning("For newer versions of Apache, \$maxrequestsperchild is deprecated, please use \$maxconnectionsperchild.") + } + } + File { owner => 'root', group => $::apache::params::root_group, @@ -35,7 +46,9 @@ # - $maxspareservers # - $serverlimit # - $maxclients + # - $maxrequestworkers # - $maxrequestsperchild + # - $maxconnectionsperchild file { "${::apache::mod_dir}/prefork.conf": ensure => file, content => template('apache/mod/prefork.conf.erb'), diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 3e2954fc71..cbbca2ed4f 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -79,12 +79,16 @@ 'require' => 'Package[httpd]', }) } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").without({ 'content' => /MaxRequestWorkers/ }) } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").without({ 'content' => /MaxConnectionsPerChild/ }) } end context "with Apache version >= 2.4" do let :params do { - :apache_version => '2.4', + :apache_version => '2.4', + :maxrequestworkers => '512', + :maxconnectionsperchild => '4000' } end @@ -95,6 +99,8 @@ 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n", }) } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").without({ 'content' => /MaxClients/ }) } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").without({ 'content' => /MaxRequestsPerChild/ }) } end end context "on a FreeBSD OS" do diff --git a/templates/mod/prefork.conf.erb b/templates/mod/prefork.conf.erb index aabfdf7b22..ab4a871c6e 100644 --- a/templates/mod/prefork.conf.erb +++ b/templates/mod/prefork.conf.erb @@ -3,6 +3,14 @@ MinSpareServers <%= @minspareservers %> MaxSpareServers <%= @maxspareservers %> ServerLimit <%= @serverlimit %> - MaxClients <%= @maxclients %> - MaxRequestsPerChild <%= @maxrequestsperchild %> + <%- if @maxrequestworkers -%> + MaxRequestWorkers <%= @maxrequestworkers %> + <%- elsif @maxclients -%> + MaxClients <%= @maxclients %> + <%- end -%> + <%- if @maxconnectionsperchild -%> + MaxConnectionsPerChild <%= @maxconnectionsperchild %> + <%- elsif @maxrequestsperchild -%> + MaxRequestsPerChild <%= @maxrequestsperchild %> + <%- end -%> From 9a8c62e45adc62ca60dd8a8132bb2c5d702a2880 Mon Sep 17 00:00:00 2001 From: tenajsystems <31551697+tenajsystems@users.noreply.github.com> Date: Fri, 1 Sep 2017 16:54:48 -0400 Subject: [PATCH 1234/2267] updated log formats to include client ip This change will ensure that apache logs the correct client ip instead of the loadbalancer ip when the apache server is behind a load balancer --- templates/httpd.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index ddb40b57e2..e0a36eb7f8 100755 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -85,10 +85,10 @@ Include "<%= @mod_load_dir %>/*.conf" Include "<%= @ports_file %>" <% unless @log_formats.has_key?('combined') -%> -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined <% end -%> <% unless @log_formats.has_key?('common') -%> -LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%a %l %u %t \"%r\" %>s %b" common <% end -%> <% unless @log_formats.has_key?('referer') -%> LogFormat "%{Referer}i -> %U" referer From 8115523ae70fefb967d955ab6e55fc2ce5dc5f07 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Thu, 15 Jun 2017 17:00:02 -0400 Subject: [PATCH 1235/2267] Add PassengerSpawnMethod to vhost --- manifests/vhost.pp | 6 ++++-- templates/vhost/_passenger.erb | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 382771297c..8d2edde44a 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -134,6 +134,7 @@ $apache_version = $::apache::apache_version, Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef, + $passenger_spawn_method = undef, $passenger_app_root = undef, $passenger_app_env = undef, $passenger_ruby = undef, @@ -232,7 +233,7 @@ include ::apache::mod::suexec } - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { + if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { include ::apache::mod::passenger } @@ -968,6 +969,7 @@ } # Template uses: + # - $passenger_spawn_method # - $passenger_app_root # - $passenger_app_env # - $passenger_ruby @@ -979,7 +981,7 @@ # - $passenger_nodejs # - $passenger_sticky_sessions # - $passenger_startup_file - if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ + if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ concat::fragment { "${name}-passenger": target => "${priority_real}${filename}.conf", order => 300, diff --git a/templates/vhost/_passenger.erb b/templates/vhost/_passenger.erb index f0401a9492..46e53764d7 100644 --- a/templates/vhost/_passenger.erb +++ b/templates/vhost/_passenger.erb @@ -1,3 +1,6 @@ +<% if @passenger_spawn_method -%> + PassengerSpawnMethod <%= @passenger_spawn_method %> +<% end -%> <% if @passenger_app_root -%> PassengerAppRoot <%= @passenger_app_root %> <% end -%> From d44f1dee24433aef78eb48a8e96933c460b9b819 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Thu, 15 Jun 2017 17:26:38 -0400 Subject: [PATCH 1236/2267] Add Doc for passenger_spawn_method --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 711386d66c..52947d7c67 100755 --- a/README.md +++ b/README.md @@ -3780,6 +3780,10 @@ Sets the overrides for the specified virtual host. Accepts an array of [AllowOve Default: '[none]'. +##### `passenger_spawn_method` + +Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. + ##### `passenger_app_root` Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. From eb23c7086b457690d7d0ba523077224f515e4438 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Tue, 5 Sep 2017 08:33:38 -0500 Subject: [PATCH 1237/2267] Add passenger_spawn_method to spec tests --- spec/defines/vhost_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 737d2275c9..85dc72e37b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -392,6 +392,7 @@ 'use_optional_includes' => true, 'suexec_user_group' => 'root root', 'allow_encoded_slashes' => 'nodecode', + 'passenger_spawn_method' => 'direct', 'passenger_app_root' => '/usr/share/myapp', 'passenger_app_env' => 'test', 'passenger_ruby' => '/usr/bin/ruby1.9.1', From 7bb35c2293c12ce52329a4391fe1f20389efef06 Mon Sep 17 00:00:00 2001 From: epackorigan Date: Fri, 25 Aug 2017 10:45:36 -0700 Subject: [PATCH 1238/2267] (MODULES-5471) ssl/tls client auth fix If $ssl_certs_dir defaults to a location that contains certificates, apache will trust implicitly all the certificates presented by the client for auth that were issues by *any* certificates in that location. Note: * In Gentoo, $ssl_certs_dir was pointing to /etc/apache2/ssl, which may have been safe, or used for storing CA certs to check client auth. Gentoo users may need to set that value explicitly after upgrade. fix extra space Only include directives when needed. Do not include directives that have no effect. SSLCA* directives are only meaningful when 'ssl_verify_client' is set (when you want to handle client cert authentication, and how to verify those certs being presented to the server by the client). missed one of the directives for client auth missed one directive that doesn't need to be included unless you are doing ssl client authentication. Update README.md test for ssl_certs_dir and ssl_ca There should probably be tests for each variation (`ssl_verify_client` + any of the client authentication directives. Updated to simpler/clearer tests hopefully this will make more sense. Run tests on different files. not quite sure how that works. rename vhost for each additional test rename the apache::vhost for each test. (maint) remove extra space on line 146 adding idempotent verifications to each test. making sure that the resources are idempotent. changes reflected in the changelog mention in the changelog * the fix for auth * the defaults being changed * the directives no longer being included unless needed. reverting changes to changelog. --- README.md | 20 ++++----- manifests/params.pp | 8 ++-- spec/acceptance/apache_ssl_spec.rb | 70 ++++++++++++++++++++++++++++-- templates/vhost/_ssl.erb | 28 ++++++------ 4 files changed, 91 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 9b5baedb2f..1aa7d05b67 100755 --- a/README.md +++ b/README.md @@ -1369,7 +1369,7 @@ Default: `undef`. ##### `ssl_ca` -Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile). +Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile) to use to verify certificate used in ssl client authentication. It is possible to override this on a vhost level. @@ -4913,7 +4913,7 @@ Default: `false`. ##### `ssl_ca` -Specifies the SSL certificate authority. +Specifies the SSL certificate authority to be used to verify client certificates used for authentication. You must also set `ssl_verify_client` to use this. Default: `undef`. @@ -4950,14 +4950,9 @@ Default: `true`. ##### `ssl_certs_dir` -Specifies the location of the SSL certification directory. +Specifies the location of the SSL certification directory to verify client certs. Will not be used unless `ssl_verify_client` is also set (see below). -Default: Depends on operating system. - -- Debian: '/etc/ssl/certs' -- Red Hat: '/etc/pki/tls/certs' -- FreeBSD: `undef` -- Gentoo: '/etc/ssl/apache2' +Default: undef ##### `ssl_chain` @@ -4973,13 +4968,13 @@ Default: `undef`. ##### `ssl_crl_path` -Specifies the location of the certificate revocation list. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list to verify certificates for client authentication with. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) Default: `undef`. ##### `ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive] for ssl client authentication (https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. Default: `undef`. @@ -5012,11 +5007,12 @@ Default: `undef`. ##### `ssl_verify_depth` -Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. +Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. You must set `ssl_verify_client` for it to take effect. ``` puppet apache::vhost { 'sample.example.net': … + ssl_verify_client => 'require', ssl_verify_depth => 1, } ``` diff --git a/manifests/params.pp b/manifests/params.pp index a74bbaf48e..666fd224f3 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -49,6 +49,9 @@ $modsec_audit_log_parts = 'ABIJDEFHZ' + # no client certs should be trusted for auth by default. + $ssl_certs_dir = undef + if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::operatingsystem == 'SLES') { $verify_command = '/usr/sbin/apache2ctl -t' } elsif $::operatingsystem == 'FreeBSD' { @@ -83,7 +86,6 @@ $dev_packages = 'httpd-devel' $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' $default_ssl_key = '/etc/pki/tls/private/localhost.key' - $ssl_certs_dir = '/etc/pki/tls/certs' $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)' $passenger_conf_file = 'passenger_extra.conf' $passenger_conf_package_file = 'passenger.conf' @@ -223,7 +225,6 @@ $mpm_module = 'worker' $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' - $ssl_certs_dir = '/etc/ssl/certs' $ssl_sessioncache = "\${APACHE_RUN_DIR}/ssl_scache(512000)" $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' @@ -389,7 +390,6 @@ $dev_packages = undef $default_ssl_cert = '/usr/local/etc/apache24/server.crt' $default_ssl_key = '/usr/local/etc/apache24/server.key' - $ssl_certs_dir = undef $ssl_sessioncache = '/var/run/ssl_scache(512000)' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef @@ -459,7 +459,6 @@ $dev_packages = undef $default_ssl_cert = '/etc/ssl/apache2/server.crt' $default_ssl_key = '/etc/ssl/apache2/server.key' - $ssl_certs_dir = '/etc/ssl/apache2' $ssl_sessioncache = '/var/run/ssl_scache(512000)' $passenger_root = '/usr' $passenger_ruby = '/usr/bin/ruby' @@ -528,7 +527,6 @@ $mpm_module = 'prefork' $default_ssl_cert = '/etc/apache2/ssl.crt/server.crt' $default_ssl_key = '/etc/apache2/ssl.key/server.key' - $ssl_certs_dir = '/etc/ssl/certs' $ssl_sessioncache = '/var/lib/apache2/ssl_scache(512000)' $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' diff --git a/spec/acceptance/apache_ssl_spec.rb b/spec/acceptance/apache_ssl_spec.rb index 5df551a414..0eab1de107 100644 --- a/spec/acceptance/apache_ssl_spec.rb +++ b/spec/acceptance/apache_ssl_spec.rb @@ -19,6 +19,7 @@ class { 'apache': } EOS apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end describe file("#{$vhost_dir}/15-default-ssl.conf") do @@ -26,11 +27,11 @@ class { 'apache': it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.not_to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.not_to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.not_to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } if $apache_version == '2.4' - it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + it { is_expected.not_to contain 'SSLCARevocationCheck "chain"' } else it { is_expected.not_to contain 'SSLCARevocationCheck' } end @@ -66,6 +67,7 @@ class { 'apache': } EOS apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end describe file("#{$vhost_dir}/25-test_ssl.conf") do @@ -74,6 +76,7 @@ class { 'apache': it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } it { is_expected.to contain 'SSLProxyEngine On' } @@ -91,4 +94,63 @@ class { 'apache': end end + describe 'vhost ssl ssl_ca only' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + } + + apache::vhost { 'test_ssl_ca_only': + docroot => '/tmp/test', + ssl => true, + ssl_cert => '/tmp/ssl_cert', + ssl_key => '/tmp/ssl_key', + ssl_ca => '/tmp/ssl_ca', + ssl_verify_client => 'test', + } + EOS + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe file("#{$vhost_dir}/25-test_ssl_ca_only.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.not_to contain 'SSLCACertificatePath' } + end + end + + describe 'vhost ssl ssl_certs_dir' do + it 'runs without error' do + pp = <<-EOS + class { 'apache': + service_ensure => stopped, + } + + apache::vhost { 'test_ssl_certs_dir_only': + docroot => '/tmp/test', + ssl => true, + ssl_cert => '/tmp/ssl_cert', + ssl_key => '/tmp/ssl_key', + ssl_certs_dir => '/tmp', + ssl_verify_client => 'test', + } + EOS + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe file("#{$vhost_dir}/25-test_ssl_certs_dir_only.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } + it { is_expected.to contain 'SSLVerifyClient test' } + it { is_expected.not_to contain 'SSLCACertificateFile' } + end + end + end diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index e70efebda5..826a99bd58 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,6 +7,17 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> + <%- if @ssl_protocol -%> + SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> + <%- end -%> + <%- if @ssl_cipher -%> + SSLCipherSuite <%= @ssl_cipher %> + <%- end -%> + <%- if @ssl_honorcipherorder -%> + SSLHonorCipherOrder <%= @ssl_honorcipherorder %> + <%- end -%> + <%- if @ssl_verify_client -%> + SSLVerifyClient <%= @ssl_verify_client %> <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> @@ -19,23 +30,12 @@ <%- if @ssl_crl -%> SSLCARevocationFile "<%= @ssl_crl %>" <%- end -%> + <%- if @ssl_verify_depth -%> + SSLVerifyDepth <%= @ssl_verify_depth %> + <%- end -%> <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> SSLCARevocationCheck "<%= @ssl_crl_check %>" <%- end -%> - <%- if @ssl_protocol -%> - SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> - <%- end -%> - <%- if @ssl_cipher -%> - SSLCipherSuite <%= @ssl_cipher %> - <%- end -%> - <%- if @ssl_honorcipherorder -%> - SSLHonorCipherOrder <%= @ssl_honorcipherorder %> - <%- end -%> - <%- if @ssl_verify_client -%> - SSLVerifyClient <%= @ssl_verify_client %> - <%- end -%> - <%- if @ssl_verify_depth -%> - SSLVerifyDepth <%= @ssl_verify_depth %> <%- end -%> <%- if @ssl_options -%> SSLOptions <%= Array(@ssl_options).join(' ') %> From 8aceb3a190533e220df795f23198097174596b65 Mon Sep 17 00:00:00 2001 From: jbondpdx Date: Wed, 6 Sep 2017 15:23:15 -0700 Subject: [PATCH 1239/2267] remove TODOs from README --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 90f4a7094d..ad5c0f97b6 100755 --- a/README.md +++ b/README.md @@ -1407,7 +1407,7 @@ Defines the pattern for files included from the `vhost_dir`. If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. -Default: '*', also for BC with previous versions of this module. TODO: what does "also for BC" mean? +Default: '*'. Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. @@ -2252,7 +2252,7 @@ Installs and configures `mod_passenger`. >**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() -**Parameters**: [TODO: parameters were not listed (except `manage_repo`), so I pulled them out of the manifest. I need to know what these parameters do and what their values can be OR a link that points external documentation for the parameter mapping (as with mod_pagespeed above) ] +**Parameters**: * `passenger_conf_file`: `$::apache::params::passenger_conf_file` * `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` @@ -2289,8 +2289,6 @@ Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its conf **Parameters within `apache::mod::proxy`**: -TODO: What do these parameters do? - - `allow_from`: Default: `undef`. - `apache_version`: Default: `undef`. - `package_name`: Default: `undef`. @@ -2740,7 +2738,7 @@ Default: '25'. ##### `source` -Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. TODO: is this required or does it have a default value? +Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. Default: `undef` From 47cfc913f5edbd949294aa2934160fe9b5daaf9a Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Mon, 24 Jul 2017 13:06:29 -0700 Subject: [PATCH 1240/2267] (MODULES-5514) release 2.1.0 prep --- CHANGELOG.md | 37 +++++++++++++++++++++++++++++++++++++ metadata.json | 3 +-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c8fa2b838..7efa9b8753 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,30 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## Supported Release [2.1.0] +### Summary +This is a feature release including a security patch (CVE-2017-2299) + +#### Added +- `apache::mod::jk` class for managing the mod_jk connector +- `apache_pw_hash` function +- the ProxyPass directive in location contexts +- more Puppet 4 type validation +- `apache::mod::macro` class for managing mod_macro + +#### Changed +- $ssl_certs_dir default to `undef` for all platorms +- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` + +#### Fixed +- issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942)) +- issue with `$directories` parameter in `apache::vhost` +- issue in UserDir template where the UserDir path did not match the Directory path +- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** + +#### Removed +- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze) + ## Supported Release [2.0.0] ### Summary Major release **removing Puppet 3 support** and other backwards-incompatible changes. @@ -47,6 +71,17 @@ Major release **removing Puppet 3 support** and other backwards-incompatible cha - issue where ProxyPreserveHost could not be set without other Proxy* directives - the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch +## Supported Release [1.11.1] +#### Summary +This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher. + +#### Changed +- $ssl_certs_dir default to `undef` for all platorms +- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` + +#### Fixed +- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471)) + ## Supported Release [1.11.0] ### Summary This release adds SLES12 Support and many more features and bugfixes. @@ -864,7 +899,9 @@ worker/prefork * f672e46 a2mod fix * 8a56ee9 add pthon support to apache +[2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 [2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 +[1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1 [1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0 [1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0 [1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0 diff --git a/metadata.json b/metadata.json index 88a87b6ea1..a4410508ba 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "2.0.0", + "version": "2.1.0", "author": "puppet", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", @@ -47,7 +47,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "6", "7", "8" ] From 7376d7e6765e72c7c650b0d91fb0abe1d0d7afb4 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Tue, 5 Sep 2017 10:08:26 -0500 Subject: [PATCH 1241/2267] Add EnableCapabilities for itk --- manifests/mod/itk.pp | 1 + templates/mod/itk.conf.erb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 8ceb56d2ba..38dad00713 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -5,6 +5,7 @@ $serverlimit = '256', $maxclients = '256', $maxrequestsperchild = '4000', + $enablecapabilities = undef, $apache_version = undef, ) { include ::apache diff --git a/templates/mod/itk.conf.erb b/templates/mod/itk.conf.erb index f45f2b35dd..fe6ef19be4 100644 --- a/templates/mod/itk.conf.erb +++ b/templates/mod/itk.conf.erb @@ -5,4 +5,7 @@ ServerLimit <%= @serverlimit %> MaxClients <%= @maxclients %> MaxRequestsPerChild <%= @maxrequestsperchild %> + <%- if (not @enablecapabilities.nil?) && (scope.function_versioncmp([@_apache_version, '2.4']) >= 0) -%> + EnableCapabilities <%= scope.function_bool2httpd([@enablecapabilities]) %> + <%- end -%> From 48039ac75c745851db5110983d8805bd423b92e7 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Tue, 5 Sep 2017 11:03:05 -0500 Subject: [PATCH 1242/2267] spec tests for itk EnableCapabilities --- spec/classes/mod/itk_spec.rb | 62 ++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 27369f1443..2b55f35566 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -34,6 +34,15 @@ it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/itk.load") } it { is_expected.to contain_package("apache2-mpm-itk") } + + context "with enablecapabilities set" do + let :params do + super().merge({:enablecapabilities => true}) + end + + it { is_expected.not_to contain_file('/etc/apache2/mods-available/itk.conf').with_content( + /EnableCapabilities/) } + end end context "with Apache version >= 2.4" do @@ -53,6 +62,11 @@ }) } it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } + + context "with enablecapabilities not set" do + it { is_expected.not_to contain_file('/etc/apache2/mods-available/itk.conf').with_content( + /EnableCapabilities/) } + end end end context "on a RedHat OS" do @@ -84,6 +98,15 @@ 'require' => 'Package[httpd]', }) } + + context "with enablecapabilities set" do + let :params do + super().merge({:enablecapabilities => 'On'}) + end + + it { is_expected.not_to contain_file('/etc/httpd/conf.d/itk.conf').with_content( + /EnableCapabilities/) } + end end context "with Apache version >= 2.4" do @@ -102,6 +125,15 @@ 'content' => "LoadModule mpm_itk_module modules/mod_mpm_itk.so\n" }) } + + context "with enablecapabilities set" do + let :params do + super().merge({:enablecapabilities => false}) + end + + it { is_expected.to contain_file('/etc/httpd/conf.d/itk.conf').with_content( + /EnableCapabilities Off/) } + end end end context "on a FreeBSD OS" do @@ -126,5 +158,35 @@ it { is_expected.not_to contain_apache__mod('itk') } it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') } it { is_expected.to contain_package("www/mod_mpm_itk") } + + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + context "with enablecapabilities not set" do + it { is_expected.not_to contain_file('/usr/local/etc/apache24/Modules/itk.conf').with_content( + /EnableCapabilities/) } + end + end + + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + context "with enablecapabilities set" do + let :params do + super().merge({:enablecapabilities => true}) + end + + it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/itk.conf').with_content( + /EnableCapabilities On/) } + end + end end end From ee705af4cf911b0515714f1ea09b95b51944d921 Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Wed, 13 Sep 2017 22:54:44 +1000 Subject: [PATCH 1243/2267] Updating translations for locales/ja/puppetlabs-apache.po --- locales/ja/puppetlabs-apache.po | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 locales/ja/puppetlabs-apache.po diff --git a/locales/ja/puppetlabs-apache.po b/locales/ja/puppetlabs-apache.po new file mode 100644 index 0000000000..1d61c897c9 --- /dev/null +++ b/locales/ja/puppetlabs-apache.po @@ -0,0 +1,28 @@ +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-03-21 14:19+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: 梅田智世 , 2017\n" +"Language-Team: Japanese (Japan) (https://www.transifex.com/puppet/teams/29089/ja_JP/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ja_JP\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Translate Toolkit 2.0.0\n" + +#. metadata.json +#: .summary +msgid "" +"Installs, configures, and manages Apache virtual hosts, web services, and " +"modules." +msgstr "Apacheバーチャルホスト、Webサービス、モジュールのインストール、設定、管理。" + +#. metadata.json +#: .description +msgid "Module for Apache configuration" +msgstr "Apache設定用のモジュール。" From f0deadbb88cc180cbb24bccd12b88764fc059ddc Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Wed, 13 Sep 2017 23:00:54 +1000 Subject: [PATCH 1244/2267] Updating translations for readmes/README_ja_JP.md --- readmes/README_ja_JP.md | 5389 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 5389 insertions(+) create mode 100644 readmes/README_ja_JP.md diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md new file mode 100644 index 0000000000..fdb38df172 --- /dev/null +++ b/readmes/README_ja_JP.md @@ -0,0 +1,5389 @@ +# apache + +[モジュールの概要]: #module-description + +[セットアップ]: #setup +[Apacheの使用を始める]: #beginning-with-apache + +[使用方法]: #usage +[バーチャルホストの設定]: #configuring-virtual-hosts +[SSLを使ったバーチャルホストの設定]: #configuring-virtual-hosts-with-ssl +[バーチャルホストのポートおよびアドレスのバインディング設定]: #configuring-virtual-host-port-and-address-bindings +[アプリおよびプロセッサのバーチャルホストの設定]: #configuring-virtual-hosts-for-apps-and-processors +[IPベースのバーチャルホストの設定]: #configuring-ip-based-virtual-hosts +[Apacheモジュールのインストール]: #installing-apache-modules +[任意モジュールのインストール]: #installing-arbitrary-modules +[固有モジュールのインストール]: #installing-specific-modules +[FastCGIサーバの設定]: #configuring-fastcgi-servers-to-handle-php-files +[ロードバランシングの例]: #load-balancing-examples +[apacheの影響]: #what-the-apache-module-affects + +[リファレンス]: #reference +[パブリッククラス]: #public-classes +[プライベートクラス]: #private-classes +[パブリック定義タイプ]: #public-defined-types +[プライベート定義タイプ]: #private-defined-types +[テンプレート]: #templates + +[制約事項]: #limitations + +[開発]: #development +[貢献]: #contributing +[テスト]: #testing + +[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset +[`add_listen`]: #add_listen +[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias +[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch +[エイリアスサーバ]: https://httpd.apache.org/docs/current/urlmapping.html +[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes +[`apache`]: #class-apache +[`apache_version`]: #apache_version +[`apache::balancer`]: #defined-type-apachebalancer +[`apache::balancermember`]: #defined-type-apachebalancermember +[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver +[`apache::mod`]: #defined-type-apachemod +[`apache::mod::`]: #classes-apachemodmodule-name +[`apache::mod::alias`]: #class-apachemodalias +[`apache::mod::auth_cas`]: #class-apachemodauth_cas +[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon +[`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd +[`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap +[`apache::mod::cluster`]: #class-apachemodcluster +[`apache::mod::disk_cache`]: #class-apachemoddisk_cache +[`apache::mod::dumpio`]: #class-apachemoddumpio +[`apache::mod::event`]: #class-apachemodevent +[`apache::mod::ext_filter`]: #class-apachemodext_filter +[`apache::mod::geoip`]: #class-apachemodgeoip +[`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::jk`]: #class-apachemodjk +[`apache::mod::ldap`]: #class-apachemodldap +[`apache::mod::passenger`]: #class-apachemodpassenger +[`apache::mod::peruser`]: #class-apachemodperuser +[`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy`]: #class-apachemodproxy +[`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer +[`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi +[`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::security`]: #class-apachemodsecurity +[`apache::mod::shib`]: #class-apachemodshib +[`apache::mod::ssl`]: #class-apachemodssl +[`apache::mod::status`]: #class-apachemodstatus +[`apache::mod::userdir`]: #class-apachemoduserdir +[`apache::mod::worker`]: #class-apachemodworker +[`apache::mod::wsgi`]: #class-apachemodwsgi +[`apache::params`]: #class-apacheparams +[`apache::version`]: #class-apacheversion +[`apache::vhost`]: #defined-type-apachevhost +[`apache::vhost::custom`]: #defined-type-apachevhostcustom +[`apache::vhost::WSGIImportScript`]: #wsgiimportscript +[Apache HTTPサーバ]: https://httpd.apache.org +[Apacheモジュール]: https://httpd.apache.org/docs/current/mod/ +[配列]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html + +[オーディットログ]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log + +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec + +[証明書失効リスト]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile +[証明書失効リストパス]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath +[コモンゲートウェイインターフェース]: https://httpd.apache.org/docs/current/howto/cgi.html +[`confd_dir`]: #confd_dir +[`content`]: #content +[カスタムエラードキュメント]: https://httpd.apache.org/docs/current/custom-error.html +[`custom_fragment`]: #custom_fragment + +[`default_mods`]: #default_mods +[`default_ssl_crl`]: #default_ssl_crl +[`default_ssl_crl_path`]: #default_ssl_crl_path +[`default_ssl_vhost`]: #default_ssl_vhost +[`dev_packages`]: #dev_packages +[`directory`]: #directory +[`directories`]: #parameter-directories-for-apachevhost +[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +[`docroot`]: #docroot +[`docroot_owner`]: #docroot_owner +[`docroot_group`]: #docroot_group +[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot + +[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile +[適用モード]: http://selinuxproject.org/page/Guide/Mode +[`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure +[`error_log_file`]: #error_log_file +[`error_log_syslog`]: #error_log_syslog +[`error_log_pipe`]: #error_log_pipe +[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype +[エクスポートリソース]: http://docs.puppet.com/latest/reference/lang_exported.md +[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus + +[Facter]: http://docs.puppet.com/facter/ +[FastCGI]: http://www.fastcgi.com/ +[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource +[`fallbackresource`]: #fallbackresource +[`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag +[フィルタルール]: https://httpd.apache.org/docs/current/filter.html +[`filters`]: #filters +[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype + +[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives +[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage + +[ハッシュ]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html +[`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions + +[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional +[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include +[インターバル構文]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn +[`ip`]: #ip +[`ip_based`]: #ip_based +[IPベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/ip-based.html + +[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive +[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout +[`keepalive`パラメータ]: #keepalive +[`keepalive_timeout`]: #keepalive_timeout +[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize + +[`lib`]: #lib +[`lib_path`]: #lib_path +[`Listen`]: https://httpd.apache.org/docs/current/bind.html +[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog +[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile +[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat +[`logroot`]: #logroot +[ログセキュリティ]: https://httpd.apache.org/docs/current/logs.html#security + +[`manage_docroot`]: #manage_docroot +[`manage_user`]: #manage_user +[`manage_group`]: #manage_group +[`supplementary_groups`]: #supplementary_groups +[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild +[`max_keepalive_requests`]: #max_keepalive_requests +[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers +[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads +[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml +[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads +[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html +[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html +[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external +[`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html +[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html +[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html +[`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html +[`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html +[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html +[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html +[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ +[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html +[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html +[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html +[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html +[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en +[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ +[`mod_php`]: http://php.net/manual/en/book.apache.php +[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html +[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html +[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html +[`mod_security`]: https://www.modsecurity.org/ +[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html +[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html +[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html +[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ +[モジュール貢献ガイド]: https://docs.puppet.com/forge/contributing.html +[`mpm_module`]: #mpm_module +[マルチプロセッシングモジュール]: https://httpd.apache.org/docs/current/mpm.html + +[名前ベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/name-based.html +[`no_proxy_uris`]: #no_proxy_uris + +[オープンソース版Puppet]: https://docs.puppet.com/puppet/ +[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options + +[`path`]: #path +[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr +[`port`]: #port +[`priority`]: #defined-types-apachevhost +[`proxy_dest`]: #proxy_dest +[`proxy_dest_match`]: #proxy_dest_match +[`proxy_pass`]: #proxy_pass +[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass +[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset +[Puppet Enterprise]: https://docs.puppet.com/pe/ +[Puppet Forge]: https://forge.puppet.com +[Puppet]: https://puppet.com +[Puppetモジュール]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html +[Puppetモジュールのコード]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[`purge_configs`]: #purge_configs +[`purge_vhost_dir`]: #purge_vhost_dir +[Python]: https://www.python.org/ + +[Rack]: http://rack.github.io/ +[`rack_base_uris`]: #rack_base_uris +[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt +[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout +[rspec-puppet]: http://rspec-puppet.com/ + +[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias +[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch +[`scriptalias`]: #scriptalias +[SELinux]: http://selinuxproject.org/ +[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin +[`serveraliases`]: #serveraliases +[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit +[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername +[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot +[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens +[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature +[サービス属性リスタート]: http://docs.puppet.com/latest/type.html#service-attribute-restart +[`source`]: #source +[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[SSL証明書のキーファイル]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile +[SSLチェーン]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile +[SSL暗号化]: https://httpd.apache.org/docs/current/ssl/index.html +[`ssl`]: #ssl +[`ssl_cert`]: #ssl_cert +[`ssl_compression`]: #ssl_compression +[`ssl_key`]: #ssl_key +[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers +[suPHP]: http://www.suphp.org/Home.html +[`suphp_addhandler`]: #suphp_addhandler +[`suphp_configpath`]: #suphp_configpath +[`suphp_engine`]: #suphp_engine +[対応するオペレーティングシステム]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix + +[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit +[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild +[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout +[テンプレート]: http://docs.puppet.com/puppet/latest/reference/lang_template.html +[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable + +[`verify_config`]: #verify_config +[`vhost`]: #defined-type-apachevhost +[`vhost_dir`]: #vhost_dir +[`virtual_docroot`]: #virtual_docroot + +[Webサーバゲートウェイインターフェース ]: https://www.python.org/dev/peps/pep-3333/#abstract +[`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html +[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html +[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html + +#### 目次 + +1. [モジュールの概要 - apacheモジュールとは？　何をするためのもの？][モジュールの概要] +2. [セットアップ - apacheの使用を開始するにあたっての基礎][セットアップ] + - [apacheモジュールが影響を与えるもの][apacheの影響] + - [Apacheの使用を始める - インストール][Apacheの使用を始める] +3. [使用方法 - 設定に使用できるクラスと定義タイプ][使用方法] + - [バーチャルホストの設定 - 使用開始に役立つ例][バーチャルホストの設定] + - [PHPファイルを処理するFastCGIサーバの設定][FastCGIサーバの設定] + - [エクスポートおよび非エクスポートリソースのロードバランシング][ロードバランシングの例] +4. [リファレンス - モジュールの機能と動作について][リファレンス] + - [パブリッククラス][] + - [プライベートクラス][] + - [パブリック定義タイプ][] + - [プライベート定義タイプ][] + - [テンプレート][] +5. [制約事項 - OSの互換性など][制約事項] +6. [開発 - モジュールへの貢献方法][開発] + - [apacheモジュールへの貢献][貢献] + - [テストの実施 - クイックガイド][テストの実施] + +## モジュールの概要 + +[Apache HTTPサーバ][] (Apache HTTPD、あるいは単にApacheとも呼ばれます)は、広く使用されているWebサーバです。この[Puppetモジュール][]によって、インフラ内でApacheを管理するための設定がシンプルなものになります。幅広いバーチャルホストセットアップを設定および管理し、[Apacheモジュール][]を効率的にインストールして設定することができます。 + +## セットアップ + +### apacheモジュールが影響を与えるもの: + +- (作成し、書き込みを行う)設定ファイルおよびディレクトリ + - **警告**: Puppetにより管理*されていない*設定はパージされます。 +- Apacheのパッケージ/サービス/設定ファイル +- Apacheモジュール +- バーチャルホスト +- リッスンするポート +- FreeBSDおよびGentooの`/etc/make.conf` + +Gentooでは、このモジュールは [`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooについては、いくつかのオプションが適用され、一部の機能や設定が有効になりますが、このモジュールに[対応するオペレーティングシステム][]ではない点に留意してください。 + +> **警告**: このモジュールにより、Apache設定ファイルおよびディレクトリが修正され、Puppetで管理されていない設定がパージされます。Apache設定はPuppetで管理する必要があります。これは、管理されていない設定ファイルにより、予期せぬ不具合が生じる可能性があるためです。 +> +>全面的なPuppet管理を一時的に無効にするには、[`apache`][]クラス宣言の[`purge_configs`][]パラメータをfalseに設定します。この手順は、カスタマイズした設定を保存し、リロケーションするための一時的な対策としてのみ推奨されます。 + +### Apacheの使用を始める + +デフォルトパラメータを用いてPuppetでApacheをインストールするには、[`apache`][]クラスを宣言します。 + +``` puppet +class { 'apache': } +``` + +デフォルトオプションを用いてこのクラスを宣言すると、モジュールでは以下のことが実行されます。 + +- オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 +- オペレーティングシステムに応じた[デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。 +- デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 +- ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 +- Apacheサービスを開始します。 + +Apacheのデフォルト設定は、オペレーティングシステムによって異なります。これらのデフォルトは、テスト環境では機能しますが、本稼働環境には推奨されません。実際のサイトに応じてクラスのパラメータをカスタマイズすることを推奨します。 + +例えば、以下の宣言では、apacheモジュールの[デフォルトのバーチャルホスト設定][バーチャルホストの設定]を使わずにApacheがインストールされるので、すべてのApacheバーチャルホストをカスタマイズすることができます。 + +``` puppet +class { 'apache': + default_vhost => false, +} +``` + +> **注意**: `default_vhost`を`false`に設定する場合、少なくとも1つの`apache::vhost`リソースを追加する必要があります。追加しなければ、Apacheは起動しません。デフォルトのバーチャルホストを設定するには、`apache`クラスで`default_vhost`を設定するか、[`apache::vhost`][]定義タイプを使用します。[`apache::vhost`][]定義タイプを用いて、追加の固有バーチャルホストを設定することもできます。 + +## 使用方法 + +### バーチャルホストの設定 + +デフォルトの[`apache`][]クラスは、ポート80にバーチャルホストを設定します。すべてのインターフェースをリッスンし、[`docroot`][]パラメータのデフォルトディレクトリ`/var/www`をサーブします。 + + +基本の[名前ベースのバーチャルホスト][]を設定するには、[`apache::vhost`][]定義タイプで[`port`][]および[`docroot`][]パラメータを指定します。 + +``` puppet +apache::vhost { 'vhost.example.com': + port => '80', + docroot => '/var/www/vhost', +} +``` + +すべてのバーチャルホストパラメータのリストについては、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 + +> **注意**: Apacheはバーチャルホストをアルファベット順に処理します。サーバ管理者は、バーチャルホスト設定ファイル名の先頭に数字を付けることで、 Apacheバーチャルホスト処理の優先順位を設定できます。[`apache::vhost`][]定義タイプは、デフォルトの [`priority`][]である15を適用します。これはPuppetではバーチャルホストのファイル名の先頭に`15-`が付いていると解釈されます。そのため、優先順位が同じサイトが複数ある場合や、`priority`パラメータの値をfalseに設定して優先順位番号を無効にした場合でも、Apacheはバーチャルホストをアルファベット順に処理します。 + +`docroot`のユーザおよびグループのオーナーシップを設定するには、[`docroot_owner`][]および[`docroot_group`][]パラメータを使用します。 + +``` puppet +apache::vhost { 'user.example.com': + port => '80', + docroot => '/var/www/user', + docroot_owner => 'www-data', + docroot_group => 'www-data', +} +``` + +#### SSLを使ったバーチャルホストの設定 + +[SSL encryption][]およびデフォルトのSSL証明書を使うようにバーチャルホストを設定するには、[`ssl`][]パラメータを設定します。また、[`port`][]パラメータを指定する必要もあります。通常は、'443'という値がHTTPSリクエストに対応します。 + +``` puppet +apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, +} +``` + +SSLおよび固有SSL証明書を使うようにバーチャルホストを設定するには、[`ssl_cert`][]および[`ssl_key`][]パラメータで証明書およびキーへのパスを使用します。 + +``` puppet +apache::vhost { 'cert.example.com': + port => '443', + docroot => '/var/www/cert', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', +} +``` + +同じドメインでSSLと暗号化されていないバーチャルホストを混ぜて設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言します。 + +``` puppet +# The non-ssl virtual host +apache::vhost { 'mix.example.com non-ssl': + servername => 'mix.example.com', + port => '80', + docroot => '/var/www/mix', +} + +# The SSL virtual host at the same domain +apache::vhost { 'mix.example.com ssl': + servername => 'mix.example.com', + port => '443', + docroot => '/var/www/mix', + ssl => true, +} +``` + +暗号化されていない接続をSSLにリダイレクトするようにバーチャルホストを設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言し、SSLが有効化されているバーチャルホストに、暗号化されていないリクエストをリダイレクトします。 + +``` puppet +apache::vhost { 'redirect.example.com non-ssl': + servername => 'redirect.example.com', + port => '80', + docroot => '/var/www/redirect', + redirect_status => 'permanent', + redirect_dest => 'https://redirect.example.com/' +} + +apache::vhost { 'redirect.example.com ssl': + servername => 'redirect.example.com', + port => '443', + docroot => '/var/www/redirect', + ssl => true, +} +``` + +#### バーチャルホストのポートおよびアドレスのバインディング設定　 + +バーチャルホストはデフォルトですべてのIPアドレス('\*')をリッスンします。特定のIPアドレスをリッスンするようにバーチャルホストを設定するには、[`ip`][]パラメータを使用します。 + +``` puppet +apache::vhost { 'ip.example.com': + ip => '127.0.0.1', + port => '80', + docroot => '/var/www/ip', +} +``` + +[`ip`][]パラメータにIPアドレスの配列を使えば、1つのバーチャルホストに複数のIPアドレスを設定することもできます。 + +``` puppet +apache::vhost { 'ip.example.com': + ip => ['127.0.0.1','169.254.1.1'], + port => '80', + docroot => '/var/www/ip', +} +``` + +[`port`][]パラメータにポートの配列を使えば、1つのバーチャルホストに複数のポートを設定することができます。 + +``` puppet +apache::vhost { 'ip.example.com': + ip => ['127.0.0.1'], + port => ['80','8080'] + docroot => '/var/www/ip', +} +``` + +[エイリアスサーバ][]を使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってエイリアスを指定します。 + +``` puppet +apache::vhost { 'aliases.example.com': + serveraliases => [ + 'aliases.example.org', + 'aliases.example.net', + ], + port => '80', + docroot => '/var/www/aliases', +} +``` + +`/var/www/example.com`に'http://example.com.loc'をマッピングするケースのように、同じ名前のディレクトリにマッピングされたサブドメイン用にワイルドカードエイリアスを使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってワイルドカードエイリアスを、[`virtual_docroot`][]パラメータを使ってドキュメントルートを定義します。 + +``` puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +``` + +[フィルタルール][]を使ってバーチャルホストを設定するには、[`filters`][]パラメータを使って、フィルタディレクティブを[array][]として渡します。 + +``` puppet +apache::vhost { 'subdomain.loc': + port => '80', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + docroot => '/var/www/html', +} +``` + +#### アプリおよびプロセッサのバーチャルホストの設定　 + +[suPHP][]を使ってバーチャルホストを設定するには、以下のパラメータを使用します。 + +* [`suphp_engine`][]、suPHPエンジンを有効にします。 +* [`suphp_addhandler`][]、MIMEタイプを定義します。 +* [`suphp_configpath`][]、suPHPがPHPインタープリタに渡すパスを設定します。 +* [`directory`][]、ディレクトリ、ファイル、ロケーションの各ディレクティブブロックを設定します。 + +例:　 + +``` puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => [ + { 'path' => '/home/appuser/myphpapp', + 'suphp' => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +``` + +[Python][]アプリケーション用の[Webサーバゲートウェイインターフェース][] (WSGI)を使ってバーチャルホストを設定するには、`wsgi`パラメータセットを使用します。 + +``` puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_import_script => '/var/www/demo.wsgi', + wsgi_import_script_options => { + process-group => 'wsgi', + application-group => '%{GLOBAL}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, +} +``` + +Apache 2.2.16の時点では、Apacheは[FallbackResource][]をサポートしています。これは、一般的なRewriteRulesに代わるシンプルなディレクティブです。[`fallbackresource`][]パラメータを使えば、FallbackResourceを設定できます。 + +``` puppet +apache::vhost { 'wordpress.example.com': + port => '80', + docroot => '/var/www/wordpress', + fallbackresource => '/index.php', +} +``` + +> **注意**: Apache 2.2.24以降では、`fallbackresource`パラメータがサポートするのは'disabled'値のみです。 + +[コモンゲートウェイインターフェース][] (CGI)ファイル用の指定ディレクトリを使ってバーチャルホストを設定するには、[`scriptalias`][]パラメータを使って`cgi-bin`パスを定義します。 + +``` puppet +apache::vhost { 'cgi.example.com': + port => '80', + docroot => '/var/www/cgi', + scriptalias => '/usr/lib/cgi-bin', +} +``` + +[Rack][]用のバーチャルホストを設定するには、[`rack_base_uris`][]パラメータを使用します。 + +``` puppet +apache::vhost { 'rack.example.com': + port => '80', + docroot => '/var/www/rack', + rack_base_uris => ['/rackapp1', '/rackapp2'], +} +``` + +#### IPベースのバーチャルホストの設定　 + +任意のポートをリッスンし、固有IPアドレスのリクエストに応答する[IPベースのバーチャルホスト][]を設定することができます。この例では、サーバはポート80および81をリッスンします。これは、この例のバーチャルホストが[`port`][]パラメータにより宣言されて_いない_ ためです。 + +``` puppet +apache::listen { '80': } + +apache::listen { '81': } +``` + +[`ip_based`][]パラメータを使ってIPベースのバーチャルホストを設定します。 + +``` puppet +apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, +} + +apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, +} +``` + +任意の[SSL][SSL暗号化]構成と暗号化されていない構成を組み合わせ、IPベースと[名前ベースのバーチャルホスト][]を混ぜて設定することもできます。 + +この例では、1つのIPアドレス(この例では、10.0.0.10)に2つのIPベースのバーチャルホストを追加します。一方はSSLを使用するもの、もう一方は暗号化されていないものです。 + +``` puppet +apache::vhost { 'The first IP-based virtual host, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', +} + +apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, +} +``` + +次に、第2のIPアドレス(10.0.0.20)に2つの名前ベースのバーチャルホストを追加します。 + +``` puppet +apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', +} + +apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', +} +``` + +10.0.0.10または10.0.0.20のいずれかで応答する名前ベースのバーチャルホストを追加するには、Apacheのデフォルトの`Listen 80`を無効にする**必要があります**。これは、前述のIPベースのバーチャルホストとコンフリクトするためです。無効にするには、[`add_listen`][]パラメータを`false`に設定します。 + +``` puppet +apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, +} + +apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, +} +``` + +### Apacheモジュールのインストール　 + +Puppet apacheモジュールを使って[Apacheモジュール][]をインストールするには、2つの方法があります。 + +- [`apache::mod::`][] クラスを使って、[パラメータを伴う固有のApacheモジュールをインストール][固有モジュールのインストール]する方法 +- [`apache::mod`][]定義タイプを使って、[任意のApacheモジュールをインストール][任意モジュールのインストール]する方法 + +#### 固有モジュールのインストール + +Puppet apacheモジュールは、多くの一般的な[Apacheモジュール][]のインストールをサポートしており、多くの場合、パラメータ化された設定オプションがあります。サポートされるApacheモジュールのリストについては、[`apache::mod::`][]クラスリファレンスを参照してください。 + +例えば、[`apache::mod::ssl`][]クラスを宣言すれば、デフォルト設定で`mod_ssl` Apacheモジュールをインストールすることができます。 + +``` puppet +class { 'apache::mod::ssl': } +``` + +[`apache::mod::ssl`][]には複数のパラメータ化されたオプションがあり、宣言する際に設定することができます。たとえば、圧縮を有効にして`mod_ssl`を有効化するには、[`ssl_compression`][]パラメータをtrueに設定します。 + +``` puppet +class { 'apache::mod::ssl': + ssl_compression => true, +} +``` + +一部のモジュールには必須条件があります。[`apache::mod::`][]のリファレンスを参照してください。 + +#### 任意モジュールのインストール + +オペレーティングシステムのパッケージマネージャでインストール可能な任意のモジュールの名前を[`apache::mod`][]定義タイプに渡し、それをインストールすることができます。固有モジュールクラスとは異なり、 [`apache::mod`][]定義タイプでは、インストールされている他のモジュールや固有のパラメータに基づいてインストールが調整されることはありません。Puppetはモジュールのパッケージを取得し、インストールするだけです。詳細な設定はユーザが必要に応じて行います。 + +例えば、[`mod_authnz_external`][] Apacheモジュールをインストールするには、'mod_authnz_external'の名前を使って定義タイプを宣言します。 + +``` puppet +apache::mod { 'mod_authnz_external': } +``` + +この方法でApacheモジュールを定義する際には、いくつかのオプションパラメータを指定できます。詳細については、[定義タイプのリファレンス][`apache::mod`]を参照してください。 + +### PHPファイルを処理するFastCGIサーバの設定 + +[`apache::fastcgi::server`][]定義タイプを追加すれば、 [FastCGI][]サーバで特定のファイルに関するリクエストを処理することができます。以下の例では、PHPリクエストを処理するFastCGIサーバをポート9000の127.0.0.1 (ローカルホスト)で定義しています。 + +``` puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +``` + +[`custom_fragment`][]パラメータを使えば、指定したファイルタイプがFastCGIサーバで処理されるように、バーチャルホストを設定することができます。 + +``` puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +``` + +### ロードバランシングの例 + +Apacheは、[`mod_proxy`][] Apacheモジュールを通じて、複数のグループのサーバにわたるロードバランシングをサポートしています。Puppetでは、[`apache::balancer`][]および[`apache::balancermember`][]定義タイプにより、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)をサポートしています。 + +[エクスポートリソース][]でロードバランシングを有効にするには、[`apache::balancermember`][]定義タイプをロードバランサメンバーサーバからエクスポートします。 + +``` puppet +@@apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +``` + +次に、プロキシサーバでロードバランシンググループを作成します。 + +``` puppet +apache::balancer { 'puppet00': } +``` + +リソースをエクスポートせずにロードバランシングを有効にするには、プロキシサーバで以下を宣言します。 + +``` puppet +apache::balancer { 'puppet00': } + +apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +``` + +次に、プロキシサーバで`apache::balancer`および`apache::balancermember`定義タイプを宣言します。 + +バランサで[ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset)ディレクティブを使うには、`apache::balancer`の[`proxy_set`](#proxy_set)パラメータを使用します。 + +``` puppet +apache::balancer { 'puppet01': + proxy_set => { + 'stickysession' => 'JSESSIONID', + 'lbmethod' => 'bytraffic', + }, +} +``` + +ロードバランシングのスケジューラのアルゴリズム(`lbmethod`)は、[mod_proxy_balancerドキュメント](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html)に記載されています。 + +## リファレンス + +- [**パブリッククラス**](#public-classes) + - [クラス: apache](#class-apache) + - [クラス: apache::dev](#class-apachedev) + - [クラス: apache::vhosts](#class-apachevhosts) + - [クラス: apache::mod::\*](#classes-apachemodname) +- [**プライベートクラス**](#private-classes) + - [クラス: apache::confd::no_accf](#class-apacheconfdno_accf) + - [クラス: apache::default_confd_files](#class-apachedefault_confd_files) + - [クラス: apache::default_mods](#class-apachedefault_mods) + - [クラス: apache::package](#class-apachepackage) + - [クラス: apache::params](#class-apacheparams) + - [クラス: apache::service](#class-apacheservice) + - [クラス: apache::version](#class-apacheversion) +- [**パブリック定義タイプ**](#public-defined-types) + - [定義タイプ: apache::balancer](#defined-type-apachebalancer) + - [定義タイプ: apache::balancermember](#defined-type-apachebalancermember) + - [定義タイプ: apache::custom_config](#defined-type-apachecustom_config) + - [定義タイプ: apache::fastcgi::server](#defined-type-fastcgi-server) + - [定義タイプ: apache::listen](#defined-type-apachelisten) + - [定義タイプ: apache::mod](#defined-type-apachemod) + - [定義タイプ: apache::namevirtualhost](#defined-type-apachenamevirtualhost) + - [定義タイプ: apache::vhost](#defined-type-apachevhost) + - [定義タイプ: apache::vhost::custom](#defined-type-apachevhostcustom) +- [**プライベート定義タイプ**](#private-defined-types) + - [定義タイプ: apache::default_mods::load](#defined-type-default_mods-load) + - [定義タイプ: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) + - [定義タイプ: apache::peruser::processor](#defined-type-apacheperuserprocessor) + - [定義タイプ: apache::security::file_link](#defined-type-apachesecurityfile_link) +- [**テンプレート**](#templates) + +### パブリッククラス + +#### クラス: `apache` + +システムでのApacheの基本的な設定とインストールをガイドします。 + +デフォルトオプションを用いてこのクラスを宣言すると、Puppetでは以下が実行されます。 + +- オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 +- [デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。デフォルトロケーションは、オペレーティングシステムによって異なります。 +- デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 +- ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 +- Apacheサービスを開始します。 + +ここでは、デフォルトの`apache`クラスを宣言するだけです。 + +``` puppet +class { 'apache': } +``` + +##### `allow_encoded_slashes` + +[`AllowEncodedSlashes`][]宣言のサーバデフォルトを設定します。これにより、'\'および'/'を含むURLに対する応答が変更されます。このパラメータを指定しない場合、サーバの設定でこの宣言が省かれ、Apacheのデフォルト設定'off'が使用されます。 + +値: 'on'、'off'、'nodecode'。 + +デフォルト値: `undef`。 + +##### `apache_version` + +使用するApacheのバージョンを定義し、モジュールテンプレートの挙動、パッケージ名、デフォルトのApacheモジュールを設定します。このパラメータを理由なく手動で設定することは、推奨していません。 + +デフォルト値: [`apache::version`][]クラスにより検出されたオペレーティングシステムとリリースバージョンによって異なります。 + +##### `conf_dir` + +Apacheサーバのメイン設定ファイルを置くディレクトリを設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd/conf` + +##### `conf_template` + +メインのApache設定ファイルで使用される[テンプレート][]を定義します。apacheモジュールは、`conf.d`エントリによりカスタマイズされた最小限の設定ファイルを使用するように設計されているため、このパラメータの変更には潜在的なリスクが伴います。 + +デフォルト値: `apache/httpd.conf.erb`。 + +##### `confd_dir` + +Apacheサーバのカスタム設定ディレクトリの場所を設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2/conf.d` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2/conf.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `default_charset` + +メイン設定ファイルで[`AddDefaultCharset`][]ディレクティブとして使用されます。 + +デフォルト値: `undef`。 + +##### `default_confd_files` + +[`confd_dir`][]パラメータにより定義されるディレクトリに、インクルード可能なApache設定ファイルのデフォルトセットを生成するかどうかを決定します。この設定ファイルは、サーバのオペレーティングシステムにApacheパッケージとともに通常インストールされるものに相当します。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `default_mods` + +オペレーティングシステムに応じたデフォルトの[Apacheモジュール][]のセットを設定して有効にするかどうかを決定します。 + +`false`の場合、Puppetはオペレーティングシステム上でHTTPデーモンを機能させるのに必要なApacheモジュールのみを含めます。[`apache::mod::`][]クラスまたは[`apache::mod`][]定義タイプを使えば、他のモジュールを個別に宣言することができます。 + +`true`の場合、Puppetはオペレーティングシステムと [`apache_version`][]および[`mpm_module`][]パラメータの値に応じて、その他のモジュールもインストールします。このモジュールリストは頻繁に変更されるので、最新のリストについては[Puppetモジュールのコード][]を参照してください。 + +このパラメータに配列が含まれる場合、Puppetは渡されたすべてのApacheモジュールを有効にします。 + +値: ブーリアンまたはApacheモジュール名の配列。 + +デフォルト値: `true`。 + +##### `default_ssl_ca` + +Apacheサーバのデフォルトの証明書認証局を設定します。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の認証局情報を用いてこのパラメータを更新する**必要があります**。 + +ブーリアン。 + +デフォルト値: `undef`。 + +##### `default_ssl_cert` + +[SSL暗号化][]証明書の保存場所を設定します。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の証明書ロケーション情報を用いてこのパラメータを更新する**必要があります**。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` +- **FreeBSD**: `/usr/local/etc/apache22/server.crt` +- **Gentoo**: `/etc/ssl/apache2/server.crt` +- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` + +##### `default_ssl_chain` + +デフォルトの[SSLチェーン][]の保存場所を設定します。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLチェーンを用いてこのパラメータを更新する**必要があります**。 + +デフォルト値: `undef`。 + +##### `default_ssl_crl` + +使用するデフォルトの[証明書失効リスト][] (CRL)ファイルのパスを設定します。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。このパラメータは、[`default_ssl_crl_path`][]とともに使用することも、その代わりに使用することもできます。 + +デフォルト値: `undef`。 + +##### `default_ssl_crl_path` + +サーバの[証明書失効リストパス][]を設定します。これにはCRLが含まれます。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境でこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。 + +デフォルト値: `undef`。 + +##### `default_ssl_crl_check` + +[`SSLCARevocationCheck`][]ディレクティブを通じてデフォルトの証明書失効チェックレベルを設定します。このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境で証明書失効リストを使用する際には、このパラメータを指定する**必要があります**。 + +デフォルト値: `undef`。 + +##### `default_ssl_key` + +[SSL証明書キーファイル][]の保存場所を設定します。 + +デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLキーのロケーションを用いてこのパラメータを更新する**必要があります**。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` +- **FreeBSD**: `/usr/local/etc/apache22/server.key` +- **Gentoo**: `/etc/ssl/apache2/server.key` +- **Red Hat**: `/etc/pki/tls/private/localhost.key` + + +##### `default_ssl_vhost` + +デフォルトの[SSL][SSL暗号化]バーチャルホストを設定します。 + +`true`の場合、Puppetは [`apache::vhost`][]定義タイプを用いて、以下のバーチャルホストを自動的に設定します。 + +```puppet +apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } +``` + +> **注意**: SSLバーチャルホストはHTTPSクエリにのみ応答します。 + + +ブーリアン。 + +デフォルト値: `false`。 + +##### `default_type` + +_Apache 2.2のみ_。サーバが他の方法で適切な`content-type`を決定できない場合に送信される[MIME `content-type`][]を設定します。このディレクティブはApache 2.4以降では廃止予定になっており、設定ファイルの下位互換性確保の目的でのみ使われます。 + +デフォルト値: `undef`。 + +##### `default_vhost` + +クラスが宣言された際にデフォルトのバーチャルホストを設定します。 + +[カスタマイズしたバーチャルホスト][バーチャルホストの設定]を設定するには、このパラメータの値を`false`に設定します。 + +> **注意**: 少なくとも1つのバーチャルホストがなければ、Apacheは起動しません。このパラメータを`false`に設定する場合は、別の場所でバーチャルホストを設定する必要があります。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `dev_packages` + +使用する固有devパッケージを設定します。 + +値: 文字列または文字列の配列。 + +IUS yumリポジトリからhttpd 2.4を使用する例: + +``` puppet +include ::apache::dev +class { 'apache': + apache_name => 'httpd24u', + dev_packages => 'httpd24u-devel', +} +``` + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Red Hat:** 'httpd-devel' +- **Debian 8/Ubuntu 13.10以降:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] +- **それ以前のDebian/Ubuntuバージョン:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] +- **FreeBSD, Gentoo:** `undef` +- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] + +##### `docroot` + +デフォルトの[`DocumentRoot`][]の場所を設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/var/www/html` +- **FreeBSD**: `/usr/local/www/apache22/data` +- **Gentoo**: `/var/www/localhost/htdocs` +- **Red Hat**: `/var/www/html` + +##### `error_documents` + +Apacheサーバの[カスタムエラードキュメント][]を有効にするかどうかを決定します。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `group` + +リクエストに応答するために生成されるApacheプロセスを所有するグループIDを設定します。 + +デフォルトでは、Puppetはこのグループを`apache`クラスの下のリソースとして管理するよう試み、[`apache::params`][]クラスにより検出されたオペレーティングシステムに基づいてグループを決定します。このグループリソースを作成せずに、別のPuppetモジュールで作成されたグループを使用するには、[`manage_group`][]パラメータの値を`false`に設定します。 + +> **注意**: このパラメータを修正すると、Apacheが子プロセスを生成してリソースにアクセスする際に使用するグループIDのみが変更されます。親サーバプロセスを所有するユーザは変更されません。 + +##### `httpd_dir` + +Apacheサーバの基本設定ディレクトリを設定します。これは、特別に再パッケージされたApacheサーバビルドにおいて、デフォルトのディストリビューションパッケージと組み合わせると意図せぬ結果が生じる可能性がある場合に役立ちます。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd` + +##### `http_protocol_options` + +HTTPプロトコルチェックの厳密さを指定します。 + +有効なオプション: 以下の値の選択肢のシーケンス: `Strict`または`Unsafe`、`RegisteredMethods`または`LenientMethods`、`Allow0.9`または`Require1.0`。 + +デフォルト '`Strict LenientMethods Allow0.9`'。 + +##### `keepalive` + +[`KeepAlive`][]ディレクティブによってHTTPの持続的接続を有効にするかどうかを決定します。 'On'に設定する場合は、[`keepalive_timeout`][]および[`max_keepalive_requests`][]パラメータを使って関連オプションを設定してください。 + +値: 'Off', 'On'。 + +デフォルト値: 'Off'。 + +##### `keepalive_timeout` + +[`KeepAliveTimeout`]ディレクティブによって、HTTPの持続的接続でApacheサーバが後続のリクエストを行うまでの待機時間を設定します。このパラメータが意味を持つのは、[`keepalive` parameter][]を有効にしている場合のみです。 + +デフォルト値: '15'。 + +##### `max_keepalive_requests` + +[`keepalive` parameter][]が有効の場合に、1回の接続で許可されるリクエストの数を制限します。 + +デフォルト値: '100'。 + +##### `lib_path` + +[Apacheモジュール][Apacheモジュール]ファイルの保存場所を指定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**および**Gentoo**: `/usr/lib/apache2/modules` +- **FreeBSD**: `/usr/local/libexec/apache24` +- **Red Hat**: `modules` + +> **注意**: このパラメータは、特別な理由がない限り手動で設定しないでください。 + +##### `log_level` + +エラーログの詳細レベルを変更します。値: 'alert'、'crit'、'debug'、'emerg'、'error'、'info'、'notice'、'warn'。 + +デフォルト値: 'warn'。 + +##### `log_formats` + +追加の[`LogFormat`][]ディレクティブを定義します。値: [ハッシュ][]、例: + +``` puppet +$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } +``` + +Puppetの作成する`httpd.conf`には、以下のような複数の`LogFormats`が事前定義されています。 + +``` httpd +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded +``` + +定義した`log_formats`パラメータに上記のいずれかが含まれる場合は、**ユーザの**定義により上書きされます。 + +##### `logroot` + +バーチャルホストのApacheログファイルのディレクトリを変更します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/var/log/apache2` +- **FreeBSD**: `/var/log/apache22` +- **Gentoo**: `/var/log/apache2` +- **Red Hat**: `/var/log/httpd` + +##### `logroot_mode` + +デフォルトの[`logroot`][]ディレクトリをオーバーライドします。 + +> **注意**: 影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与_しないで_ください。詳細については、[Apacheドキュメント][ログセキュリティ]を参照してください。 + +デフォルト値: `undef`。 + +##### `manage_group` + +`false`の場合、Puppetではグループリソースは作成されません。 + +別のPuppetモジュールで作成されたグループをApacheの実行に使用する場合は、この値を`false`に設定してください。このパラメータを設定せずに過去に作成されたグループを使用しようとすると、重複リソースエラーが生じます。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `supplementary_groups` + +ユーザの所属するグループのリスト。主要グループに加えて設定する場合に使用します。 + +デフォルト値: 追加グループなし。 + +注意: このオプションは、`manage_user`がtrueに設定されている場合のみ有効です。 + +##### `manage_user` + +`false`の場合、Puppetではユーザリソースが作成されません。 + +このパラメータは、別のPuppetモジュールで作成されたユーザをApache実行に使用する場合などに使用します。このパラメータを設定せずに過去に作成されたユーザを使用しようとすると、重複リソースエラーが生じます。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `mod_dir` + +Puppetが[Apacheモジュール][]の設定ファイルを置く場所を設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2/mods-available` +- **FreeBSD**: `/usr/local/etc/apache22/Modules` +- **Gentoo**: `/etc/apache2/modules.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `mod_packages` + +デフォルトのモジュールパッケージ名をユーザがオーバーライドすることを許可します。 + +```puppet +include apache::params +class { 'apache': + mod_packages => merge($::apache::params::mod_packages, { + 'auth_kerb' => 'httpd24-mod_auth_kerb', + }) +} +``` + +ハッシュ。デフォルト値: `$apache::params::mod_packages`。 + +##### `mpm_module` + +HTTPDプロセスに関してロードおよび設定する[マルチプロセッシングモジュール][] (MPM)を決定します。値: 'event'、'itk'、'peruser'、'prefork'、'worker'、`false`。 + +カスタムパラメータを用いて以下のクラスを明示的に宣言するためには、このパラメータを`false`に設定する必要があります。 + +- [`apache::mod::event`][] +- [`apache::mod::itk`][] +- [`apache::mod::peruser`][] +- [`apache::mod::prefork`][] +- [`apache::mod::worker`][] + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: 'worker' +- **FreeBSD、Gentoo、Red Hat**: 'prefork' + +##### `package_ensure` + +`package`リソースの[`ensure`][]属性を制御します。値: 'absent'、'installed' (またはそれに相当する'present')、またはバージョン文字列。 + +デフォルト値: 'installed'。 + +##### `pidfile` + +pidファイルのカスタムロケーションの設定を許可します。カスタムビルトのApache rpmを使用する場合に役立ちます。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian:** '\${APACHE_PID_FILE}' +- **FreeBSD:** '/var/run/httpd.pid' +- **Red Hat:** 'run/httpd.pid' + +##### `ports_file` + +Apacheポート設定を含むファイルのパスを設定します。 + +デフォルト値: '{$conf_dir}/ports.conf'。 + +##### `purge_configs` + +他のすべてのApache設定およびバーチャルホストを削除します。 + +このパラメータを`false`に設定すると、一時的な対策として、既存の設定や管理されていない設定をApacheモジュールと共存させることができます。この場合、設定をこのモジュール内のリソースに移すことを推奨します。バーチャルホストの設定については、[`purge_vhost_dir`][]を参照してください。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `purge_vhost_dir` + +[`vhost_dir`][]パラメータの値が[`confd_dir`][]パラメータの値と異なる場合は、このパラメータにより、Puppetにより管理されて_いない_`vhost_dir`内の設定を削除するかどうかが決定されます。 + +`purge_vhost_dir`を`false`に設定すると、一時的な対策として、`vhost_dir`内の既存の設定や管理されていない設定をapacheモジュールと共存させることができます。 + +ブーリアン。 + +デフォルト値: [`purge_configs`][]と同じ。 + +##### `rewrite_lock` + +リライトロックのカスタムロケーションの設定を可能にします。これは、バーチャルホストの[`rewrites`][]パラメータでタイプprgのRewriteMapを使用している場合のベストプラクティスとされています。このパラメータは、Apacheバージョン2.2以前のみに適用され、それよりも新しいバージョンでは無視されます。 + +デフォルト値: `undef`。 + +##### `sendfile` + +[`EnableSendfile`][]ディレクティブで静的ファイルをサーブする際に、ApacheがLinuxカーネルの`sendfile`サポートを使用するようにします。値: 'On'、'Off'。 + +デフォルト値: 'On'。 + +##### `serveradmin` + +Apacheの[`ServerAdmin`][]ディレクティブでApacheサーバ管理者の連絡先情報を設定します。 + +デフォルト値: 'root@localhost'。 + +##### `servername` + +Apacheの[`ServerName`][]ディレクティブでApacheサーバ名を設定します。 + +`false`に設定すると、ServerNameは設定されません。 + +デフォルト値: [Facter][]により報告された'fqdn' fact。 + +##### `server_root` + +Apacheの[`ServerRoot`][]ディレクティブでApacheサーバのルートを設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local` +- **Gentoo**: `/var/www` +- **Red Hat**: `/etc/httpd` + +##### `server_signature` + +Apacheの[`ServerSignature`][]ディレクティブで、エラードキュメントや一部の[Apacheモジュール][]のアウトプットなどの、サーバ生成ドキュメントの下部に表示される末尾のフッタの行を設定します。値: 'Off'、'On'。 + +デフォルト値: 'On'。 + +##### `server_tokens` + +Apacheの[`ServerTokens`][]ディレクティブで、Apacheからブラウザに送信される、Apacheやオペレーティングシステムに関する情報の量を制御します。 + +デフォルト値: 'OS'。 + +##### `service_enable` + +システムの起動時にPuppetがApache HTTPDサービスを有効にするかどうかを決定します。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `service_ensure` + +サービスが稼働していることをPuppetが確認するかどうかを決定します。値: `true` (または'running')、`false` (または'stopped')。 + +値を`false`または'stopped'にすると、'httpd'サービスリソースの`ensure`パラメータが`false`に設定されます。この設定は、Pacemakerなどの別のアプリケーションでサービスを管理する場合に役立ちます。 + +デフォルト値: 'running'。 + +##### `service_name` + +Apacheサービスの名前を設定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **DebianおよびGentoo**: 'apache2' +- **FreeBSD**: 'apache22' +- **Red Hat**: 'httpd' + +##### `service_manage` + +PuppetでHTTPDサービスの状態を管理するかどうかを決定します。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `service_restart` + +HTTPDサービスの再起動にあたり、Puppetが特定のコマンドを使用するかどうかを決定します。 + +値: Apacheサービスを再起動するためのコマンド。デフォルト設定では、 [デフォルトのPuppet挙動][サービス属性リスタート]が使われます。 + +デフォルト値: `undef`。 + +##### `ssl_ca` + +SSL証明書認証局を指定します。 [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)。 + +これはバーチャルホストレベルでオーバーライドすることが可能です。 + +デフォルト値: `undef`。 + + +##### `timeout` + +Apacheの[`TimeOut`][]ディレクティブを設定します。このディレクティブは、一部のイベントに関してリクエスト履行を止めるまでの Apacheの待機秒数を定義します。 + +デフォルト値: 120。 + +##### `trace_enable` + +[`TraceEnable`][]ディレクティブで、Apacheが`TRACE`リクエスト([RFC 2616][]ごと)をどのように処理するかを制御します。 + +値: 'Off', 'On'。 + +デフォルト値: 'On'。 + +##### `use_systemd` + +systemdモジュールをCentos 7サーバにインストールするかどうかを制御します。これは、カスタムビルトのRPMを使用している場合は特に役立ちます。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `file_mode` + +設定ファイルの許可モードを設定します。 + +値: 文字列、記号表記法または数字表記法での許可モード。 + +デフォルト値: '0644'。 + +##### `root_directory_options` + +httpd.confの/ディレクトリで指定するオプションの配列。 + +デフォルト値: 'FollowSymLinks'。 + +##### `root_directory_secured` + +httpd.confの/ディレクトリについて、デフォルトのアクセスポリシーを設定します。`false`にすると、特定のアクセスポリシーがないすべてのリソースへのアクセスが許可されます。 `true`にするとデフォルトですべてのリソースへのアクセスが拒否されます。`true`の場合、リソースへのアクセスを許可するには、具体的なルールを使用する必要があります([`directories`](#parameter-directories-for-apachevhost)パラメータを用いたディレクトリブロックなどで)。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `vhost_dir` + +バーチャルホストの設定ファイルの保存場所を変更します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: `/etc/apache2/sites-available` +- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` +- **Gentoo**: `/etc/apache2/vhosts.d` +- **Red Hat**: `/etc/httpd/conf.d` + +##### `vhost_include_pattern` + +`vhost_dir`に含まれるファイルのパターンを定義します。 + +`[^.#]\*.conf[^~]`などの値に設定すると、このディレクトリで偶発的に作成されたファイル(バージョン管理システムやエディタのバックアップにより作成されたファイルなど)がサーバ設定に*含まれなく*なります。 + +デフォルト: '*'、また、このモジュールの過去のバージョンのBC。 + +一部のオペレーティングシステムでは、`*.conf`の値が使用されます。デフォルトでは、このモジュールは`.conf`で終わる設定ファイルを作成します。 + +##### `user` + +Apacheがリクエストの応答に使用するユーザを変更します。Apacheの親プロセスは引き続きルートとして稼働しますが、子プロセスはこのパラメータで定義されたユーザとしてリソースにアクセスします。Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータを`false`に設定します。 + +デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 + +- **Debian**: 'www-data' +- **FreeBSD**: 'www' +- **Gentoo**および**Red Hat**: 'apache' + +Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータをfalseに設定します。 + +##### `apache_name` + +インストールするApacheパッケージの名前。Red Hatのソフトウェアコレクションのパッケージなど、標準的ではないApacheパッケージを使用している場合は、デフォルト設定をオーバーライドする必要があるかもしれません。 + +デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 + +- **Debian**: 'apache2' +- **FreeBSD**: 'apache24' +- **Gentoo**: 'www-servers/apache' +- **Red Hat**: 'httpd' + +##### `error_log` + +メインサーバインスタンスのエラーログファイルの名前。`/`、`|`、または`syslog`で始まる文字列の場合、フルパスが設定されます。それ以外の場合は、ファイル名の先頭に`$logroot`がつきます。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: 'error.log' +- **FreeBSD**: 'httpd-error.log' +- **Gentoo**: 'error.log' +- **Red Hat**: 'error_log' +- **Suse**: 'error.log' + +##### `scriptalias` + +グローバルスクリプトエイリアスに使用するディレクトリ。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: '/usr/lib/cgi-bin' +- **FreeBSD**: '/usr/local/www/apache24/cgi-bin' +- **Gentoo**: 'var/www/localhost/cgi-bin' +- **Red Hat**: '/var/www/cgi-bin' +- **Suse**: '/usr/lib/cgi-bin' + +##### `access_log_file` + +メインサーバインスタンスのアクセスログファイルの名前。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- **Debian**: 'error.log' +- **FreeBSD**: 'httpd-access.log' +- **Gentoo**: 'access.log' +- **Red Hat**: 'access_log' +- **Suse**: 'access.log' + +#### クラス: `apache::dev` + +Apache開発ライブラリをインストールします。 + +デフォルト値: オペレーティングシステムによって異なります。使用するオペレーティングシステムに基づく、[`apache::params`][]クラスの[`dev_packages`][]パラメータ。 + +- **Debian**: Ubuntu 13.10およびDebian 8では'libaprutil1-dev'、'libapr1-dev'、'apache2-dev'。その他のバージョンでは'apache2-prefork-dev'。 +- **FreeBSD**: `undef`; FreeBSDでは、`apache::dev`を宣言する前に`apache::package`または`apache`クラスを宣言する必要があります。 +- **Gentoo**: `undef` +- **Red Hat**: 'httpd-devel' + +#### クラス: `apache::vhosts` + +[`apache::vhost`][]定義タイプを作成します。 + +**パラメータ**: + +* `vhosts`: [`apache::vhost`][]定義タイプのパラメータを指定します。 + + 値: [ハッシュ][]、キーは名前を表し、値は[`apache::vhost`][]定義タイプのパラメータの[ハッシュ][]を表します。 + + デフォルト値: '{}'。 + + > **注意**: すべてのバーチャルホストのパラメータのリストや[バーチャルホストの設定]については、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 + + 例えば、[名前ベースのバーチャルホスト][名前ベースのバーチャルホスト]のcustom_vhost_1を作成するには、`vhosts`パラメータを'{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }'に設定し、このクラスを宣言します。 + +``` puppet +class { 'apache::vhosts': + vhosts => { + 'custom_vhost_1' => { + 'docroot' => '/var/www/custom_vhost_1', + 'port' => '81', + }, + }, +} +``` + +#### クラス: `apache::mod::` + +指定した[Apacheモジュール][]を有効にします。Apacheモジュールを有効にして設定するには、このクラスを宣言します。 + +例えば、アイコンなしで[`mod_alias`][]をインストールして有効にするには、`icons_options`パラメータをNone'に設定して[`apache::mod::alias`][]クラスを宣言します。 + +``` puppet +class { 'apache::mod::alias': + icons_options => 'None', +} +``` + +以下のApacheモジュールにはサポートするクラスがあり、その多くは、パラメータ化された設定が可能です。[`apache::mod`][]定義タイプを使えば、他のApacheモジュールをインストールできます。 + +* `actions` +* `alias` ([`apache::mod::alias`][]参照) +* `auth_basic` +* `auth_cas`\* ([`apache::mod::auth_cas`][]参照) +* `auth_mellon`\* ([`apache::mod::auth_mellon`][]参照) +* `auth_kerb` +* `authn_core` +* `authn_dbd`\* ([`apache::mod::authn_dbd`][]参照) +* `authn_file` +* `authnz_ldap`\* ([`apache::mod::authnz_ldap`][]参照) +* `authnz_pam` +* `authz_default` +* `authz_user` +* `autoindex` +* `cache` +* `cgi` +* `cgid` +* `cluster` ([`apache::mod::cluster`][]参照) +* `dav` +* `dav_fs` +* `dav_svn`\* +* `dbd` +* `deflate\` +* `dev` +* `dir`\* +* `disk_cache` ([`apache::mod::disk_cache`][]参照) +* `dumpio` ([`apache::mod::dumpio`][]参照) +* `env` +* `event` ([`apache::mod::event`][]参照) +* `expires` +* `ext_filter` ([`apache::mod::ext_filter`][]参照) +* `fastcgi` +* `fcgid` +* `filter` +* `geoip` ([`apache::mod::geoip`][]参照) +* `headers` +* `include` +* `info`\* +* `intercept_form_submit` +* `itk` +* `jk` ([`apache::mod::jk`]参照) +* `ldap` ([`apache::mod::ldap`][]参照) +* `lookup_identity` +* `mime` +* `mime_magic`\* +* `negotiation` +* `nss`\* ([`apache::mod::nss`][]参照) +* `pagespeed` ([`apache::mod::pagespeed`][]参照) +* `passenger`\* ([`apache::mod::passenger`][]参照) +* `perl` +* `peruser` +* `php` ([`mpm_module`][]を`prefork`に設定する必要があります) +* `prefork`\* +* `proxy`\* ([`apache::mod::proxy`][]参照) +* `proxy_ajp` +* `proxy_balancer`\* ([`apache::mod::proxy_balancer`][]参照) +* `proxy_balancer` +* `proxy_html` ([`apache::mod::proxy_html`][]参照) +* `proxy_http` +* `python` +* `reqtimeout` +* `remoteip`\* +* `rewrite` +* `rpaf`\* +* `setenvif` +* `security` +* `shib`\* ([`apache::mod::shib`]参照) +* `speling` +* `ssl`\* ([`apache::mod::ssl`][]参照) +* `status`\* ([`apache::mod::status`][]参照) +* `suphp` +* `userdir`\* ([`apache::mod::userdir`][]参照) +* `version` +* `vhost_alias` +* `worker`\* +* `wsgi` ([`apache::mod::wsgi`][]参照) +* `xsendfile` + +モジュールに付いている*のマークは、設定やモジュールを設定するためのパラメータが含まれるテンプレートがあることを示しています。ほとんどのApacheモジュールクラスパラメータにはデフォルト値があり、設定は必要ありません。テンプレートのあるモジュールについては、Puppetでモジュールとともにテンプレートファイルがインストールされます。これらのテンプレートファイルは、モジュールが機能するために必要です。 + +##### クラス: `apache::mod::alias` + +[`mod_alias`][]をインストールして管理します。 + +**パラメータ**: + +* `icons_options`: Apache [`Options`]ディレクティブにより、アイコンディレクトリのディレクトリリスティングを無効にします。 + + デフォルト値: 'Indexes MultiViews'。 + +* `icons_path`: `/icons/`エイリアスのローカルパスを設定します。 + + デフォルト値: オペレーティングシステムによって異なります。 + + * **Debian**: `/usr/share/apache2/icons` + * **FreeBSD**: `/usr/local/www/apache24/icons` + * **Gentoo**: `/var/www/icons` + * *Red Hat**: `/var/www/icons`、ただし、Apache 2.4は`/usr/share/httpd/icons` + +#### クラス: `apache::mod::disk_cache` + +Apache 2.2に[`mod_disk_cache`][]、またはApache 2.4に[`mod_cache_disk`][]をインストールして設定します。 + +デフォルト値: Apacheバージョンとオペレーティングシステムによって異なります。 + +- **Debian**: `/var/cache/apache2/mod_cache_disk` +- **FreeBSD**: `/var/cache/mod_cache_disk` +- **Red Hat、Apache 2.4**: `/var/cache/httpd/proxy` +- **Red Hat、Apache 2.2**: `/var/cache/mod_proxy` + +キャッシュルートを指定するには、パスを文字列として`cache_root`パラメータに渡します。 + +``` puppet +class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', +} +``` + +##### クラス: `apache::mod::diskio` + +[`mod_diskio`][]をインストールして設定します。 + +```puppet +class{'apache': + default_mods => `false`, + log_level => 'dumpio:trace7', +} +class{'apache::mod::diskio': + disk_io_input => 'On', + disk_io_output => 'Off', +} +``` + +**パラメータ**: + +* `dump_io_input`: すべての入力データをエラーログにダンプします。 + + 値: 'On'、'Off'。 + + デフォルト値: 'Off'。 + +* `dump_io_output`: すべての出力データをエラーログにダンプします。 + + 値: 'On'、'Off'。 + + デフォルト値: 'Off'。 + +##### クラス: `apache::mod::event` + +[`mod_mpm_event`][]をインストールして管理します。同じサーバ上に、`apache::mod::event`と一緒に[`apache::mod::itk`][]、[`apache::mod::peruser`][]、[`apache::mod::prefork`][]、[`apache::mod::worker`][]を含めることはできません。 + +**パラメータ**: + +* `listenbacklog`: モジュールの[`ListenBackLog`][]ディレクティブでペンディング接続キューの最大長を設定します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '511'。 + +* `maxrequestworkers` (_Apache 2.3.12以前_: `maxclients`): モジュールの[`MaxRequestWorkers`][]ディレクティブで、Apacheが同時に処理できる接続の最大数を設定します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '150'。 + +* `maxconnectionsperchild` (_Apache 2.3.8以前_: `maxrequestsperchild`): モジュールの[`MaxConnectionsPerChild`][]ディレクティブで、子サーバが稼働中に処理する接続の数を制限します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '0'。 + +* `maxsparethreads` and `minsparethreads`: [`MaxSpareThreads`][]および[`MinSpareThreads`][]ディレクティブで、待機スレッドの最大数と最小数を設定します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: それぞれ'75'および'25'。 + +* `serverlimit`: [`ServerLimit`][]ディレクティブで、プロセスの設定数を制限します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '25'。 + +* `startservers`: モジュールの[`StartServers`][]ディレクティブで、起動時に作成される子サーバプロセスの数を設定します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '2'。 + +* `threadlimit`: モジュールの[`ThreadLimit`][]ディレクティブで、イベントスレッドの数を制限します。`false`に設定すると、このパラメータが削除されます。 + + デフォルト値: '64'。 + +* `threadsperchild`: [`ThreadsPerChild`][]ディレクティブで、各子サーバにより作成されるスレッドの数を設定します。 + + デフォルト値: '25'。`false`に設定すると、このパラメータが削除されます。 + +##### クラス: `apache::mod::auth_cas` + +[`mod_auth_cas`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 + +`cas_login_url`および`cas_validate_url`パラメータは必須です。その他のいくつかのパラメータのデフォルト値は`undef`です。 + +> **注意**: auth_casモジュールは、EPELにより提供される依存関係パッケージがなければ、RH/CentOSで使用できません。 [https://github.com/Jasig/mod_auth_cas]()を参照してください。 + +**パラメータ**: + +- `cas_attribute_prefix`: ヘッダを追加します。SAMLバリデーションが有効になっている場合には、このヘッダの値が属性値になります。 + + デフォルト値: CAS_。 + +- `cas_attribute_delimiter`:`cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字。 + + デフォルト値: ,。 + +- `cas_authoritative`: オプションの認証ディレクティブを承認してバインドするかどうかを決定します。 + + デフォルト値: `undef`。 + +- `cas_certificate_path`: `cas_login_url`および`cas_validate_url`のサーバについて、証明書認証局のX509証明書へのパスを設定します。 + + デフォルト値: `undef`。 + +- `cas_cache_clean_interval`: キャッシュクリーニング時間の最小秒数を設定します。 + + デフォルト値: `undef`。 + +- `cas_cookie_domain`: `Set-Cookie` HTTPヘッダの`Domain=`パラメータの値を設定します。 + + デフォルト値: `undef`。 + +- `cas_cookie_entropy`: セッション識別子を作成する際に使用するバイト数を設定します。 + + デフォルト値: `undef`。 + +- `cas_cookie_http_only`: `mod_auth_cas`がクッキーを発行する際のオプションの`HttpOnly`フラグを設定します。 + + デフォルト値: `undef`。 + +- `cas_cookie_path`: casクッキーセッションデータの保存場所。Webサーバユーザによる書き込みを可能にする必要があります。 + + デフォルト値: OSによって異なります。 + +- `cas_cookie_path_mode`: `cas_cookie_path`のモード。 + + デフォルト値: '0750'。 + +- `cas_debug`: モジュールのデバッギングモードを有効にするかどうかを決定します。 + + デフォルト値: 'Off'。 + +- `cas_idle_timeout`: 待機タイムアウトの制限を秒数で設定します。 + + デフォルト値: `undef`。 + +- `cas_login_url`: **必須**。ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 + +- `cas_proxy_validate_url`: プロキシバリデーションを実施する際に使用するURL。 + + デフォルト値: `undef`。 + +- `cas_root_proxied_as`: このApacheサーバへのアクセスがプロキシされた場合に、エンドユーザに表示されるURLを設定します。 + + デフォルト値: `undef`。 + +- `cas_scrub_request_headers`: mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 + +- `cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 + + デフォルト値: 'Off'。 + +- `cas_timeout`: `mod_auth_cas`セッションのアクティブ状態を維持する時間(秒数)を制限します。 + + デフォルト値: `undef`。 + +- `cas_validate_depth`: チェーンされた証明書バリデーションの深さを制限します。 + + デフォルト値: `undef`。 + +- `cas_validate_saml`: SAMLに関するCASサーバからの解析応答。 + + デフォルト値: 'Off'。 + +- `cas_validate_server`: CASサーバの証明書をバリデーションするかどうか(1.1 - RedHat 7では廃止予定)。 + + デフォルト値: `undef`。 + +- `cas_validate_url`: **必須**。HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 + +- `cas_version`: 従うべきCASプロトコルバージョン。値: '1'、'2'。 + + デフォルト値: '2'。 + +- `suppress_warning`: RedHat上にいることを示す警告を表示しないようにします(`mod_auth_cas`パッケージは、現在はepel-testingレポジトリで使用できます)。 + + デフォルト値: `false`。 + +##### クラス: `apache::mod::auth_mellon` + +[`mod_auth_mellon`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 + +``` puppet +class{ 'apache::mod::auth_mellon': + mellon_cache_size => 101, +} +``` + +**パラメータ**:　 + +* `mellon_cache_entry_size`: 1回のセッションの最大サイズ。 + + デフォルト値: `undef`。 + +* `mellon_cache_size`: mellonキャッシュのサイズ、単位はメガバイト。 + + デフォルト値: 100。 + +* `mellon_lock_file`: ロックファイルの場所。 + + デフォルト値: '`/run/mod_auth_mellon/lock`'。 + +* `mellon_post_directory`: ポストリクエストが保存される場所のフルパス。 + + デフォルト値: '`/var/cache/apache2/mod_auth_mellon/`'。 + +* `mellon_post_ttl`: ポストリクエストの維持時間。 + + デフォルト値: `undef`。 + +* `mellon_post_size`: ポストリクエストの最大サイズ。 + + デフォルト値: `undef`。 + +* `mellon_post_count`: ポストリクエストの最大数。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::authn_dbd` + +`mod_authn_dbd`をインストールし、`authn_dbd.conf.erb`テンプレートを使用して設定を生成します。オプションで、AuthnProviderAliasを作成します。 + +``` puppet +class { 'apache::mod::authn_dbd': + $authn_dbd_params => + 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth', + $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s', + $authn_dbd_alias => 'db_auth', +} +``` + +**パラメータ**:　 + +* `authn_dbd_alias`: AuthnProviderAlias'の名前。 + +* `authn_dbd_dbdriver`: 使用するデータベースドライブを指定します。 + + デフォルト値: 'mysql'。 + +* `authn_dbd_exptime`: DBDExptimeに相当します。 + + デフォルト値: 300。 + +* `authn_dbd_keep`: DBDKeepに相当します。 + + デフォルト値: 8。 + +* `authn_dbd_max`: DBDMaxに相当します。 + + デフォルト値: 20。 + +* `authn_dbd_min`: DBDMinに相当します。 + + デフォルト値: 4。 + +* `authn_dbd_params`: **必須**。接続文字列に関して、DBDParamsに相当します。 + +* `authn_dbd_query`: 認証に関してユーザとパスワードを問い合わせるかどうか。 + +##### クラス: `apache::mod::authnz_ldap` + +`mod_authnz_ldap`をインストールし、`authnz_ldap.conf.erb`テンプレートを使用して設定を生成します。 + +**パラメータ**:　 + +* `package_name`: パッケージの名前。 + + デフォルト値: `undef`。 + +* `verify_server_cert`: サーバの証明書を確認するかどうか。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::cluster` + +**注意**: `mod_cluster`に関して提供されている公式なパッケージはありません。そのため、Apacheモジュールの外部から使用できるようにする必要があります。バイナリはhttp://mod-cluster.jboss.org/にあります。 + +``` puppet +class { '::apache::mod::cluster': + ip => '172.17.0.1', + allowed_network => '172.17.0.', + balancer_name => 'mycluster', + version => '1.3.1' +} +``` + +**パラメータ**:　 + +* `port`: mod_clusterのリッスンポート。 + + デフォルト値: '6666'。 + +* `server_advertise`: サーバをアドバタイズするかどうか。 + + デフォルト値: `true`。 + +* `advertise_frequency`: アドバタイズメッセージ間のインターバルを秒数[.ミリ秒]で設定します。 + + デフォルト値: 10。 + +* `manager_allowed_network`: ネットワークにmod_cluster_managerへのアクセスを許可するかどうか。 + + デフォルト値: '127.0.0.1'。 + +* `keep_alive_timeout`: Apacheがリクエストを待機する長さを秒数で指定します。 + + デフォルト値: 60。 + +* `max_keep_alive_requests`: 維持されるリクエストの最大数。 + + デフォルト値: 0。 + +* `enable_mcpm_receive`: MCPMを有効にするかどうか。 + + デフォルト値: `true`。 + +* `ip`: リッスンするIPアドレスを指定します。 + +* `allowed_network`: バランスドメンバーネットワーク。 + +* `version`: `mod_cluster`バージョンを指定します。httpd 2.4ではバージョン1.3.0以上が必要です。 + +##### クラス: `apache::mod::deflate` + +[`mod_deflate`][]をインストールして設定します。 + +**パラメータ**:　 + +* `types`: デフレートする[MIMEタイプ][MIME `content*type`]の[配列][]。 + + デフォルト値: [ 'text/html text/plain text/xml'、'text/css'、'application/x*javascript application/javascript application/ecmascript'、'application/rss+xml'、'application/json' ]。 + +* `notes`: [ハッシュ][]、キーはタイプを表し、値はノート名を表します。 + + デフォルト値: { 'Input' => 'instream'、'Output' => 'outstream'、'Ratio' => 'ratio' }。 + +##### クラス: `apache::mod::expires` + +[`mod_expires`][]をインストールし、`expires.conf.erb`を使用して設定を生成します。 + +**パラメータ**:　 + +* `expires_active`: ドキュメント領域に関して`Expires`ヘッダの生成を有効にします。 + + ブーリアン。 + + デフォルト値: `true`。 + +* `expires_default`: [`ExpiresByType`][]構文または[インターバル構文][]を用いた有効期限計算のためのデフォルトアルゴリズムを指定します。 + + デフォルト値: `undef`。 + +* `expires_by_type`: [MIME `content*type`][]とその有効時間のセットを記述します。 + + 値: [ハッシュ][ハッシュ]の[配列][]、各ハッシュのキーは有効なMIME `content*type` ('text/json'など)、値は以下の有効な [インターバル構文][]。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::ext_filter` + +[`mod_ext_filter`][]をインストールして設定します。 + +``` puppet +class { 'apache::mod::ext_filter': + ext_filter_define => { + 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', + 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', + }, +} +``` + +**パラメータ**:　 + +* `ext_filter_define`: フィルタ名とそのパラメータのハッシュ。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::fcgid` + +[`mod_fcgid`][]をインストールして設定します。 + +このクラスでは、使用可能なすべてのオプションを個別にパラメータ化するのではなく、`options` [ハッシュ][]を使って`mod_fcgid`を設定します。例: + +``` puppet +class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, +} +``` + +すべてのオプションのリストについては、[公式`mod_fcgid`ドキュメント][`mod_fcgid`]を参照してください。 + +`apache::mod::fcgid`を含める場合は、ディレクトリごと、バーチャルホストごとに[`FcgidWrapper`][]を設定できます。最初にモジュールをロードする必要があります。`apache::vhost`で`fcgiwrapper`パラメータを設定している場合、Puppetは自動的にはモジュールを有効化しません。 + +``` puppet +include apache::mod::fcgid + +apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, +} +``` + +##### クラス: `apache::mod::geoip` + +[`mod_geoip`][]をインストールして管理します。 + +**パラメータ**:　 + +* `db_file`: GeoIPデータベースファイルのパスを設定します。 + + 値: パス、または複数のGeoIPデータベースファイルの[配列][]パス。 + + デフォルト値: `/usr/share/GeoIP/GeoIP.dat`。 + +* `enable`: [`mod_geoip`][]を全体で有効にするかどうかを決定します。 + + ブーリアン。 + + デフォルト値: `false`。　 + +* `flag`: GeoIPフラグを設定します。 + + 値: 'CheckCache'、'IndexCache'、'MemoryCache'、'Standard'。 + + デフォルト値: 'Standard'。 + +* `output`: 使用するアウトプット変数を定義します。 + + 値: 'All'、'Env'、'Request'、'Notes'。 + + デフォルト値: 'All'。 + +* `enable_utf8`: アウトプットをISO*8859*1 (ラテン*1)からUTF*8に変更します。 + + ブーリアン。 + + デフォルト値: `undef`。 + +* `scan_proxy_headers`: [GeoIPScanProxyHeaders][]オプションを有効にします。 + + ブーリアン。 + + デフォルト値: `undef`。 + +* `scan_proxy_header_field`: クライアントのIPアドレスの決定に使用するヘッダの[`mod_geoip`][]を指定します。 + + デフォルト値: `undef`。 + +* `use_last_xforwarededfor_ip` (sic): IPアドレスのカンマ区切りリストで見つかったクライアントのIPの最初または最後のIPアドレスを使うかどうかを決定します。 + + ブーリアン。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::info` + +サーバ設定の全体的な概要を提供する[`mod_info`][]をインストールして管理します。 + +**パラメータ**:　 + +* `allow_from`: IPv4またはIPv6アドレスのホワイトリスト、または`/server*info`にアクセスできる範囲。 + + 値: IPv4アドレス、IPv6アドレス、または範囲の1つまたは複数のオクテット、またはいずれかの配列。 + + デフォルト値: ['127.0.0.1','::1']。 + +* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。 + + デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。 + + +* `restrict_access`: アクセス制限を有効にするかどうかを決定します。`false`の場合、`allow_from`ホワイトリストは無視され、すべてのIPアドレスが `/server*info`にアクセスできるようになります。 + + ブーリアン。 + + デフォルト値: `true`。 + +##### クラス: `apache::mod::jk` + +`mod_jk`をインストールして管理します。これは、Apache httpdリダイレクションと古いバージョンのTomCatおよびJBossを結ぶコネクタです。 + +**注意**: mod\_jkに関して提供されている公式のパッケージはありません。そのため、apacheモジュールの制御以外の手段で使用できるようにする必要があります。バイナリは[Apache Tomcatコネクタダウンロードページ](https://tomcat.apache.org/download-connectors.cgi)にあります。 + +``` puppet +class { '::apache::mod::jk': + workers_file = 'conf/workers.properties', + mount_file = 'conf/uriworkermap.properties', + shm_file = 'run/jk.shm', + shm_size = '50M', + $workers_file_content = { + + }, +} +``` + +**`apache::mod::jk`**内のパラメータ: + +`mod_jk`パラメータを理解するための情報源としては、[公式ドキュメント](https://tomcat.apache.org/connectors-doc/reference/apache.html)が最適です。ただし、\*file_contentはこれに含まれません。 + +**workers\_file\_content** + +各ディレクティブにはフォーマット`worker..=`があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは各ワーカーのプロパティと値を指定します。 +また、2つのグローバルディレクティブ 'worker.list'および'worker.mantain'もあります。 +例えば、ワーカーファイルは以下のようになります。 + +``` +worker.list = status +worker.list = some_name,other_name + +worker.mantain = 60 + +# Optional comment +worker.some_name.type=ajp13 +worker.some_name.socket_keepalive=true + +# I just like comments +worker.other_name.type=ajp12 (why would you?) +worker.other_name.socket_keepalive=false +``` + +以下のようにパラメータ化する必要があります。 + +``` +$workers_file_content = { + worker_lists => ['status', 'some_name,other_name'], + worker_mantain => '60', + some_name => { + comment => 'Optional comment', + type => 'ajp13', + socket_keepalive => 'true', + }, + other_name => { + comment => 'I just like comments', + type => 'ajp12', + socket_keepalive => 'false', + }, +} +``` + +**mount\_file\_content** + +各ディレクティブにはフォーマット` = `があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは次の2つのアイテムを含みます: uri_list - ワーカーにマップするURIを用いた配列 - およびコメント - ワーカーに関するコメントを記したオプションの文字列。 +例えば、マウントファイルは以下のようになります。 + +``` +# Worker 1 +/context_1/ = worker_1 +/context_1/* = worker_1 + +# Worker 2 +/ = worker_2 +/context_2/ = worker_2 +/context_2/* = worker_2 +``` + +以下のようにパラメータ化する必要があります。　 + +``` +$mount_file_content = { + worker_1 => { + uri_list => ['/context_1/', '/context_1/*'], + comment => 'Worker 1', + }, + worker_2 => { + uri_list => ['/context_2/', '/context_2/*'], + comment => 'Worker 2', + }, +}, +``` + +##### クラス: `apache::mod::passenger` + +[`mod_passenger`][]をインストールして管理します。Red Hatベースのシステムの場合は、[passengerドキュメント](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux)に記載された最小要件を満たしていることを確認してください。 + +**パラメータ**:　 + +* `passenger_high_performance`: [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance)を設定します。 + + 値: 'On'、'Off'。　 + + デフォルト値: `undef`。 + +* `passenger_pool_idle_time`: [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime)を設定します。 + + デフォルト値: `undef`。 + +* `passenger_max_pool_size`: [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize)を設定します。 + + デフォルト値: `undef`。 + +* `passenger_max_request_queue_size`: [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize)を設定します。 + + デフォルト値: `undef`。 + +* `passenger_max_requests`: [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests)を設定します。 + + デフォルト値: `undef`。 + +* `passenger_data_buffer_dir`: [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir)を設定します。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::ldap` + +[`mod_ldap`][]をインストールして設定し、[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert)ディレクティブの修正を可能にします。 + +``` puppet +class { 'apache::mod::ldap': + ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', + ldap_trusted_global_cert_type => 'CA_DER', + ldap_shared_cache_size => '500000', + ldap_cache_entries => '1024', + ldap_cache_ttl => '600', + ldap_opcache_entries => '1024', + ldap_opcache_ttl => '600', +} +``` + +**パラメータ**　 + +* `apache_version`: インストールされたApacheバージョンを指定します。 + + デフォルト値: `undef`。 + +* `ldap_trusted_global_cert_file`: LDAPサーバ上でSSLまたはTLS接続を確立する際に使用する、信頼できるCA証明書のパスとファイル名を指定します。 + +* `ldap_trusted_global_cert_type`:グローバルな信頼できる証明書フォーマットを指定します。 + + デフォルト値: 'CA_BASE64'。 + +* `ldap_shared_cache_size`: 共有されたメモリのキャッシュのサイズをバイトで指定します。 + +* `ldap_cache_entries`: 一次LDAPキャッシュのエントリの最大数を指定します。 + +* `ldap_cache_ttl`: キャッシュされたアイテムが有効に保たれる時間を秒数で指定します。 + +* `ldap_opcache_entries`: LDAP比較演算のキャッシュに用いるエントリ数を指定します。 + +* `ldap_opcache_ttl`: 演算キャッシュのエントリが有効に保たれる時間を秒数で指定します。 + +* `package_name`: カスタムパッケージ名を指定します。 + + デフォルト値: `undef`。 + +##### クラス: `apache::mod::negotiation` + +[`mod_negotiation`][]をインストールして設定します。 + +**パラメータ**:　 + +* `force_language_priority`: `ForceLanguagePriority`オプションを設定します。 + + 値: 文字列。 + + デフォルト値: `Prefer Fallback`。 + +* `language_priority`: モジュールの`LanguagePriority`オプションを設定するための言語の[配列][]。 + + デフォルト値: [ 'en'、'ca'、'cs'、'da'、'de'、'el'、'eo'、'es'、'et'、'fr'、'he'、'hr'、'it'、'ja'、'ko'、'ltz'、'nl'、'nn'、'no'、'pl'、'pt'、'pt*BR'、'ru'、'sv'、'zh*CN'、'zh*TW' ]。 + +##### クラス: `apache::mod::nss` + +NSS暗号化ライブラリを使用するApacheのSSLプロバイダ。 + +**パラメータ:** + +- `transfer_log`: access.logのパス。 +- `error_log`: error.logのパス。 +- `passwd_file`: NSSPassPhraseDialogディレクティブに使用するファイルのパス。 +- `port`: SSLポート。デフォルト値8443。 + +##### クラス: `apache::mod::pagespeed` + +[`mod_pagespeed`][]をインストールして管理します。これは、Webページをリライトして冗長性と帯域を軽減するためのGoogleモジュールです。 + +このapacheモジュールには`mod-pagespeed-stable`が必要ですが、Puppetはパッケージを自動的にインストールするために必要なソフトウェアを管理**しません**。パッケージがインストールされていないか、お使いのパッケージマネージャで使用できない場合にこのクラスを宣言すると、Puppet実行は失敗します。 + +> **注意:** お使いのシステムが最新のGoogle Pagespeed要件を満たしていることを確認してください。 + +**パラメータ**:　 + +以下のパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_pagespeed`]を参照してください。 + +* `inherit_vhost_config`: デフォルト値: 'on'。 +* `filter_xhtml`: デフォルト値: `false`。 +* `cache_path`: デフォルト値: '/var/cache/mod_pagespeed/'。 +* `log_dir`: デフォルト値: '/var/log/pagespeed'。 +* `memcache_servers`: デフォルト値: []。 +* `rewrite_level`: デフォルト値: 'CoreFilters'。 +* `disable_filters`: デフォルト値: []。 +* `enable_filters`: デフォルト値: []。 +* `forbid_filters`: デフォルト値: []。 +* `rewrite_deadline_per_flush_ms`: デフォルト値: 10。 +* `additional_domains`: デフォルト値: `undef`。 +* `file_cache_size_kb`: デフォルト値: 102400。 +* `file_cache_clean_interval_ms`: デフォルト値: 3600000。 +* `lru_cache_per_process`: デフォルト値: 1024。 +* `lru_cache_byte_limit`: デフォルト値: 16384。 +* `css_flatten_max_bytes`: デフォルト値: 2048。 +* `css_inline_max_bytes`: デフォルト値: 2048。 +* `css_image_inline_max_bytes`: デフォルト値: 2048。 +* `image_inline_max_bytes`: デフォルト値: 2048。 +* `js_inline_max_bytes`: デフォルト値: 2048。 +* `css_outline_min_bytes`: デフォルト値: 3000。 +* `js_outline_min_bytes`: デフォルト値: 3000。 +* `inode_limit`: デフォルト値: 500000。 +* `image_max_rewrites_at_once`: デフォルト値: 8。 +* `num_rewrite_threads`: デフォルト値: 4。 +* `num_expensive_rewrite_threads`: デフォルト値: 4。 +* `collect_statistics`: デフォルト値: 'on'。 +* `statistics_logging`: デフォルト値: 'on'。 +* `allow_view_stats`: デフォルト値: []。 +* `allow_pagespeed_console`: デフォルト値: []。 +* `allow_pagespeed_message`: デフォルト値: []。 +* `message_buffer_size`: デフォルト値: 100000。 +* `additional_configuration`: ディレクティブ値ペアのハッシュ、またはpagespeed設定の最後に挿入する行の配列。デフォルト値: '{ }'。 + +##### クラス: `apache::mod::passenger`　 + +`mod_passenger`をインストールして設定します。 + +>**注意**: passengerモジュールは、EPELにより提供される依存関係パッケージと`mod_passengers`カスタムリポジトリがなければ、RH/CentOSでは使用できません。前述の`manage_repo`パラメータと[https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()を参照してください。 + +**パラメータ**: [TODO: パラメータがリスト化されていなかったため(`manage_repo`は除く)、マニフェストから引き出しました。これらのパラメータの機能と可能な値、または(前述のmod_pagespeedによる)パラメータマッピングに関する外部ドキュメントを示すリンクを知る必要があります。] + +* `passenger_conf_file`: `$::apache::params::passenger_conf_file` +* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` +* `passenger_high_performance`: デフォルト値: `undef` +* `passenger_pool_idle_time`: デフォルト値: `undef` +* `passenger_max_request_queue_size`: デフォルト値: `undef` +* `passenger_max_requests`: デフォルト値: `undef` +* `passenger_spawn_method`: デフォルト値: `undef` +* `passenger_stat_throttle_rate`: デフォルト値: `undef` +* `rack_autodetect`: デフォルト値: `undef` +* `rails_autodetect`: デフォルト値: `undef` +* `passenger_root` : `$::apache::params::passenger_root` +* `passenger_ruby` : `$::apache::params::passenger_ruby` +* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby` +* `passenger_max_pool_size`: デフォルト値: `undef` +* `passenger_min_instances`: デフォルト値: `undef` +* `passenger_max_instances_per_app`: デフォルト値: `undef` +* `passenger_use_global_queue`: デフォルト値: `undef` +* `passenger_app_env`: デフォルト値: `undef` +* `passenger_log_file`: デフォルト値: `undef` +* `passenger_log_level`: デフォルト値: `undef` +* `passenger_data_buffer_dir`: デフォルト値: `undef` +* `manage_repo`: phusionpassenger.comリポジトリを管理するかどうか。デフォルト値: `true` +* `mod_package`: デフォルト値: `undef` +* `mod_package_ensure`: デフォルト値: `undef` +* `mod_lib`: デフォルト値: `undef` +* `mod_lib_path`: デフォルト値: `undef` +* `mod_id`: デフォルト値: `undef` +* `mod_path`: デフォルト値: `undef` + +##### クラス: `apache::mod::proxy` + +I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使用して設定を生成します。 + +**`apache::mod::proxy`内のパラメータ**: + +. + +- `allow_from`: デフォルト値: `undef` +- `apache_version`: デフォルト値: `undef` +- `package_name`: デフォルト値: `undef` +- `proxy_requests`: デフォルト値: 'Off' +- `proxy_via`: デフォルト値: 'On' + +##### クラス: `apache::mod::proxy_balancer` + +ロードバランシングを提供する[`mod_proxy_balancer`][]をインストールして管理します。 + +**パラメータ**:　 + +* `manager`: バランサマネージャのサポートを有効にするかどうかを決定します。 + + デフォルト値: `false`。 + +* `manager_path`: バランサマネージャのサーバロケーション。 + + デフォルト値: '/balancer*manager'。 + +* `allow_from`: `/balancer*manager`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 + + デフォルト値: ['127.0.0.1','::1']。　 + +* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。　 + + デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。Apache 2.4以上では、`mod_slotmem_shm`がロードされます。 + +##### クラス: `apache::mod::php` + +[`mod_php`][]をインストールして設定します。 + +**パラメータ**:　 + +以下のパラメータのデフォルト値は、オペレーティングシステムによって異なります。このクラスのパラメータのほとんどは、`mod_php`ディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_php`]を参照してください。 + +* `package_name`: `mod_php`をインストールするパッケージの名前。 +* `path`: `mod_php`共有オブジェクト(`.so`)ファイルのパスを定義します。 +* `source`: デフォルト設定のパスを定義します。値には`puppet:///`パスが含まれます。 +* `template`: Puppetが設定ファイルの生成に使用する`php.conf`テンプレートのパスを定義します。 +* `content`: `php.conf`に任意のコンテンツを追加します。 + +##### クラス: `apache::mod::proxy_html` + +**注意**: `mod_proxy_html`に関して提供されている公式なパッケージはありません。そのため、apacheモジュールの外部から使用できるようにする必要があります。 + +##### クラス: `apache::mod::reqtimeout` + +[`mod_reqtimeout`][]をインストールして設定します。 + +**パラメータ**　 + +* `timeouts`: [`RequestReadTimeout`][]オプションを設定します。 + + 値: 文字列または[配列][]。 + + デフォルト値: ['header=20-40,MinRate=500', 'body=20,MinRate=500']。 + +##### クラス: `apache::mod::rewrite` + +Apacheモジュール`mod_rewrite`をインストールして有効にします。 + +##### クラス: `apache::mod::shib` + +[Shibboleth](http://shibboleth.net/) Apacheモジュール`mod_shib`をインストールします。このモジュールは、Shibboleth認証プロバイダおよびShibboleth FederationsによるSAML2シングルサインオン(SSO)認証を有効にするものです。このクラスを定義すると、`apache::vhost`インスタンス内でShibboleth固有のパラメータが有効になります。 + +このクラスでインストールおよび設定されるのは、Shibboleth SSO認証をコンシュームするWebアプリケーションのApacheコンポーネントのみです。PuppetでShibboleth設定を手動で管理することも、[Shibboleth Puppetモジュール](https://github.com/aethylred/puppet-shibboleth)を使用することもできます。 + +**注意**: shibbolethモジュールは、Shibbolethのリポジトリにより提供される依存関係パッケージがなければ、RH/CentOSでは使用できません。[http://wiki.aaf.edu.au/tech-info/sp-install-guide]()を参照してください。 + +##### クラス: `apache::mod::ssl` + +[Apache SSL機能][`mod_ssl`]をインストールし、`ssl.conf.erb`テンプレートを使用して設定を生成します。ほとんどのオペレーティングシステムでは、この`ssl.conf`はモジュール設定ディレクトリに置かれています。Red Hatベースのオペレーティングシステムでは、このファイルは`/etc/httpd/conf.d`にあります。これは、RPMが設定を保存するのと同じロケーションです。 + +バーチャルホストでSSLを使用するには、`::apache`の[`default_ssl_vhost`][]パラメータを`true`に設定する**か**、[`apache::vhost`][]の[`ssl`][]パラメータを`true`に設定する必要があります。 + +- `ssl_cipher`: デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' +- `ssl_compression`: デフォルト値: false +- `ssl_cryptodevice`: デフォルト値: 'builtin' +- `ssl_honorcipherorder`: デフォルト値: true +- `ssl_openssl_conf_cmd`: デフォルト値: undef +- `ssl_options`: デフォルト値: [ 'StdEnvVars' ] +- `ssl_pass_phrase_dialog`: デフォルト値: 'builtin' +- `ssl_protocol`: デフォルト値: [ 'all', '-SSLv2', '-SSLv3' ] +- `ssl_proxy_protocol`: デフォルト値: [] +- `ssl_random_seed_bytes`: 有効なオプション: 文字列、デフォルト値: '512' +- `ssl_sessioncache`: 有効なオプション: 文字列。デフォルト値: '300' +- `ssl_sessioncachetimeout`: 有効なオプション: 文字列。デフォルト値: '300' +- `ssl_mutex`: デフォルト値: OSによって異なります。有効なオプション: [mod_ssl][mod_ssl]ドキュメントを参照 + - RedHat/FreeBSD/Suse/Gentoo: 'default' + - Debian/Ubuntu + Apache >= 2.4: 'default' + - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' +**パラメータ: + +* `ssl_cipher` + + デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' + +* `ssl_compression` + + デフォルト値: `false` + +* `ssl_cryptodevice` + + デフォルト値: 'builtin' + +* `ssl_honorcipherorder` + + デフォルト値: `true` + +* `ssl_openssl_conf_cmd` + + デフォルト値: `undef` + +* `ssl_options` + + デフォルト値: [ 'StdEnvVars' ] + +* `ssl_pass_phrase_dialog` + + デフォルト値: 'builtin'　 + +* `ssl_protocol` + + デフォルト値: [ 'all', '*SSLv2', '*SSLv3' ] + +* `ssl_random_seed_bytes` + + 値: 文字列。 + + デフォルト値: '512' + +* `ssl_sessioncachetimeout` + + 値: 文字列。 + + デフォルト値: '300' + +* `ssl_mutex`: + + 値: [mod_ssl][mod_ssl]ドキュメントを参照。 + + デフォルト値: OSによって異なります: + + * RedHat/FreeBSD/Suse/Gentoo: 'default'. + * Debian/Ubuntu + Apache >= 2.4: 'default'. + * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. + * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. + + +##### クラス: `apache::mod::status` + +[`mod_status`][]をインストールし、`status.conf.erb`テンプレートを使用して設定を生成します。 + +**パラメータ**:　 + +* `allow_from`: `/server-status`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 + + デフォルト値: ['127.0.0.1','::1']。 +* `extended_status`: [`ExtendedStatus`][]ディレクティブをつうじて、各リクエストに関する拡張ステータス情報を追跡するかどうかを決定します。 + + 値: 'Off'、'On'。 + + デフォルト値: 'On'。 + +* `status_path`: ステータスページのサーバロケーション。 + + デフォルト値: '/server-status'。 + +##### クラス: `apache::mod::userdir` + +`http://example.com/~user/`構文を用いて、ユーザ指定のディレクトリにアクセスできるようにします。すべてのパラメータは、[公式のApacheドキュメント](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html)で見られます。 + +**パラメータ**:　 + +* `overrides`: ディレクティブタイプの[配列][]。 + + デフォルト値: '[ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]'。 + +##### クラス: `apache::mod::version` + +多くのオペレーティングシステムおよびApache構成上で[`mod_version`][]をインストールします。 + +Apache 2.4を使用するDebianおよびUbuntuが`apache::mod::version`で分類された場合は、`mod_version`がビルトインされているためロードできない旨の警告をPuppetが表示します。 + +##### クラス: `apache::mod::security` + +Trustwaveの[`mod_security`][]をインストールして設定します。これはすべてのバーチャルホストでデフォルトで有効化され、実行されます。 + +**パラメータ**:　 + +* `activated_rules`: `modsec_crs_path`のルールの[配列][]またはsymlinkを使用してアクティベートする絶対値。 +* `allowed_methods`: 許可されるHTTPメソッドのスペース*区切りリスト。 + + デフォルト値: 'GET HEAD POST OPTIONS'。 + +* `content_types`: 1つまたは複数の許可される[MIMEタイプ][MIME `content*type`]のリスト。 + + デフォルト値: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'。 + +* `crs_package`: CRSルールをインストールするパッケージの名前。 + + デフォルト値: [`apache::params`][]内の`modsec_crs_package`。 + +* `manage_security_crs`: security_crs.confルールファイルを管理します。 + + デフォルト値: `true`。 + +* `modsec_dir`: Puppetがmodsec設定およびアクティベートされたルールリンクをインストールする場所のパスを定義します。 + + デフォルト値: 'On'、[`apache::params`][]の`modsec_dir`により設定。 +${modsec\_dir}/activated\_rules。 + +* `modsec_secruleengine`: modsecルールエンジンを設定します。値: 'On'、'Off'、'DetectionOnly'。 + + デフォルト値: [`apache::params`][]の`modsec_secruleengine`。 + +* `restricted_extensions`: 禁止されるファイル拡張子のスペース*区切りリスト。 + + デフォルト値: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'。 + +* `restricted_headers`: 禁止されるヘッダのスラッシュおよびスペースで区切ったリスト。 + + デフォルト値: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'。 + +* `secdefaultaction`: OWASP ModSecurityコアルールセットに関して、動作モード、自己完結('deny')、コラボレーティブ検出('pass')を設定します。 + + デフォルト値: 'deny'。"log,auditlog,deny,status:406,tag:'SLA 24/7'"などの完全な値を設定することもできます。 + +* `secpcrematchlimit`: PCREライブラリのマッチ限度数を設定します。 + + デフォルト値: 1500。 + +* `secpcrematchlimitrecursion`: PCREライブラリのマッチ再帰制限数を設定します。 + + デフォルト値: 1500。　 + +* `logroot`: オーディットおよびデバッグログの場所を設定します。 + + デフォルト値はApacheのログディレクトリ(Redhat: `/var/log/httpd`、Debian: `/var/log/apache2`)。 + +* `audit_log_releavant_status`: オーディットロギングの目的に関して、考慮すべき応答ステータスコードを設定します。 + + デフォルト値: '^(?:5|4(?!04))'。 + +* `audit_log_parts`: [オーディットログ][]に入れるべきセクションを設定します。 + + デフォルト値: 'ABIJDEFHZ'。 + +* `anomaly_score_blocking`: OWASP ModSecurityコアルールセットのコラボレーティブ検出ブロッキングをアクティベートまたはディアクティベートします。 + + デフォルト値: 'off'。 + +* `inbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、インバウンドブロッキングルールのスコアリング閾値レベルを設定します。 + + デフォルト値: 5。 + +* `outbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、アウトバウンドブロッキングルールのスコアリング閾値レベルを設定します。 + + デフォルト値: 4。　 + +* `critical_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、重要なセキュリティレベルのスコアリングポイントを設定します。 + + デフォルト値: 5。　 + +* `error_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、エラー深刻度レベルのスコアリングポイントを設定します。 + + デフォルト値: 4。　 + +* `warning_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、警告深刻度レベルのスコアリングポイントを設定します。 + + デフォルト値: 3。 + +* `notice_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、通知深刻度レベルのスコアリングポイントを設定します。 + +デフォルト値: 2。 + +* `secrequestmaxnumargs`: リクエストの引数の最大数を設定します。 + + デフォルト値: 255。 + +* `secrequestbodylimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。 + + デフォルト値: '13107200'。 + +* `secrequestbodynofileslimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。リクエスト内でトランスポートされたファイルのサイズは除外されます。 + + デフォルト値: '131072'。 + +* `secrequestbodyinmemorylimit`: ModSecurityがメモリに保存する最大リクエストボディサイズを設定します。 + + デフォルト値: '131072'。 + +##### クラス: `apache::mod::wsgi` + +[`mod_wsgi`][]を使用したPythonサポートを有効にします。 + +**パラメータ**:　 + +* `mod_path`: `mod_wsgi`共有オブジェクト(`.so`)ファイルのパスを定義します。 + + デフォルト値: `undef`。　 + + * `mod_path`パラメータに`/`が含まれていない場合、Puppetではオペレーティングシステムのデフォルトのモジュールパスの先頭にこれを付加します。含まれている場合は、そのとおりに扱われます。 + +* `package_name`: `mod_wsgi`をインストールするパッケージの名前。 + + デフォルト値: `undef`。　 + +* `wsgi_python_home`: '/path/to/venv'などの[`WSGIPythonHome`][]ディレクティブを定義します。 + + 値: パスを指定する文字列。 + + デフォルト値: `undef`。 + +* `wsgi_python_path`: '/path/to/venv/site*packages'などの[`WSGIPythonPath`][]ディレクティブを定義します。 + + 値: パスを指定する文字列。　 + + デフォルト値: `undef`。 + +* `wsgi_restrict_embedded`: 'On'などの[`WSGIRestrictEmbedded`][]ディレクティブを定義します。 + +値: On|Off|undef。 + +デフォルト値: undef。 + +* `wsgi_socket_prefix`: "\${APACHE\_RUN\_DIR}WSGI"などの[`WSGISocketPrefix`][]ディレクティブを定義します。 + + デフォルト値: [`apache::params`][]の`wsgi_socket_prefix`。 + +このクラスのパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_wsgi`]を参照してください。 + +### プライベートクラス + +#### クラス: `apache::confd::no_accf` + +FreeBSDの Apache 2.4で必要とされる`no-accf.conf`設定ファイルを`conf.d`内に作成します。 + +#### クラス: `apache::default_confd_files` + +FreeBSDに`conf.d`を含めます。 + +#### クラス: `apache::default_mods` + +デフォルト設定の実行に必要なApacheモジュールをインストールします。詳細については、`apache`クラスの[`default_mods`][]パラメータを参照してください。 + +#### クラス: `apache::package` + +基本のApacheパッケージをインストールして設定します。 + +#### クラス: `apache::params` + +各種のオペレーティングシステムのApacheパラメータを管理します。 + +#### クラス: `apache::service` + +Apacheデーモンを管理します。 + +#### クラス: `apache::version` + +オペレーティングシステムに基づき、Apacheバージョンの自動検出を試みます。 + +### パブリック定義タイプ　 + +#### 定義タイプ: `apache::balancer` + +[`mod_proxy`][]を用いて、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)を作成します。各ロードバランシンググループには、1つ以上のバランサメンバーが必要です。これは、 [`apache::balancermember`][]定義タイプによりPuppet内で宣言することができます。 + +各Apacheロードバランシンググループにつき、1つの`apache::balancer`定義タイプを宣言します。すべてのバランサメンバーについて`apache::balancermember`定義タイプをエクスポートし、[エクスポートリソース][]を用いて単一のApacheロードバランササーバで収集することもできます。 + +**パラメータ**:　 + +##### `name` + +バランサクラスタのタイトルと、その設定を含む`conf.d`の名前を設定します。 + +##### `proxy_set` + +キー‐値ペアを[`ProxySet`][]行として設定します。値: [ハッシュ][]。 + +デフォルト値: '{}'。 + +##### `collect_exported` + +[エクスポートリソース][]を使用するかどうかを決定します。 + +すべてのバックエンドサーバを静的に宣言する場合は、このパラメータを`false`に設定し、宣言済みの既存のバランサメンバーリソースに依存するようにします。また、[配列][]引数とともに`apache::balancermember`を使用します。 + +中央ノードで収集したエクスポートリソースを使用してバックエンドサーバを動的に宣言するには、このパラメータを`true`に設定し、バランサメンバーノードによりエクスポートされたバランサメンバーリソースを収集します。 + +エクスポートリソースを使用しない場合は、1回のPuppet実行ですべてのバランサメンバーが設定されます。エクスポートリソースを使用する場合は、まずバランシングしたノードについてPuppetを実行し、次にバランサで実行する必要があります。 + +ブーリアン。 + +デフォルト値: `true`。　 + +#### 定義タイプ: `apache::balancermember` + +[`mod_proxy_balancer`][]のメンバーを定義します。これにより、ロードバランサの`apache.cfg`内でリッスンするサービス設定ブロック内のバランサメンバーが設定されます。 + +**パラメータ**:　 + +##### `balancer_cluster` + +**必須**。 + +Apacheサービスのインスタンス名を設定します。宣言された[`apache::balancer`][]リソースの名前と一致する必要があります。 + +##### `url` + +バランサメンバーサーバとの連絡に使用するURLを指定します。 + +デフォルト値: 'http://${::fqdn}/'。 + +##### `options` + +URL後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 + +デフォルト値: 空配列。 + +#### 定義タイプ: `apache::custom_config` + +Apacheサーバの`conf.d`ディレクトリにカスタム設定ファイルを追加します。このファイルが無効で、この定義タイプの[`verify_config`][]パラメータの値が`true`になっている場合は、Puppet実行時にエラーが生じます。 + +**パラメータ**:　 + +##### `ensure` + +設定ファイルが存在するべきかどうかを指定します。 + +値: 'absent'、'present'。 + +デフォルト値: 'present'。　 + +##### `confdir`　 + +Puppetが設定ファイルを置くディレクトリを設定します。 + +デフォルト値: [`$::apache::confd_dir`][`confd_dir`]の値。 + +##### `content` + +設定ファイルのコンテンツを設定します。`content`および[`source`][]パラメータは、相互排他的な関係にあります。 + +デフォルト値: `undef`。 + +##### `filename` + +Puppetが設定を保存する`confdir`下のファイル名を設定します。 + +デフォルト値: `priority`パラメータから生成したファイル名およびリソース名。 + +##### `priority` + +Apacheでは設定ファイルがアルファベット順に処理されるため、ファイル名の先頭にこのパラメータの数値を付加することで、設定ファイルの優先順位を設定します。 + +設定ファイル名の優先順位の接頭値を無視するには、このパラメータを`false`に設定します。 + +デフォルト値: '25'。　 + +##### `source` + +設定ファイルのソースを指し示します。[`content`][]および`source`パラメータは、相互排他的な関係にあります。 + +デフォルト値: `undef`。　 + +##### `verify_command` + +Puppetが設定ファイルの確認に用いるコマンドを指定します。完全修飾コマンドを使用してください。 + +このパラメータは、[`verify_config`][]パラメータの値が`true`になっている場合にのみ使用されます。`verify_command`が失敗すると、Puppet実行により設定ファイルが削除されてエラーが生じますが、Apacheサービスには通知されません。 + +デフォルト値: '/usr/sbin/apachectl -t'。 + +##### `verify_config` + +Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 + +ブーリアン。 + +デフォルト値: `true`。　 + +#### 定義タイプ: `apache::fastcgi::server` + +特定のファイルタイプを処理する1つまたは複数の外部FastCGIサーバを定義します。この定義タイプは、[`mod_fastcgi`][FastCGI]とともに使用します。 + +**パラメータ**　 + +##### `host` + +FastCGIのホスト名またはIPアドレスおよびTCPポート番号(1-65535)を決定します。 + +デフォルト値: '127.0.0.1:9000'。 + +##### `timeout` + +リクエストが中止され、エラーLogLevelにイベントが記録されるまでに、[FastCGI][]アプリケーションが非アクティブの状態で待機する秒数を設定します。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信は完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 + +デフォルト値: 15。 + +##### `flush` + +アプリケーションから受信したデータを、強制的に[`mod_fastcgi`][FastCGI]がクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 + +デフォルト値: `false`。　 + +##### `faux_path` + +Apacheには、このファイル名を決定するURIを処理する[FastCGI][]があります。このパラメータで設定されたパスは、ローカルのファイルシステムに存在する必要はありません。 + +デフォルト値: "/var/www/${name}.fcgi"。 + +##### `alias` + +FastCGIサーバとアクションを内部でリンクします。このエイリアスは一意である必要があります。 + +デフォルト値: "/${name}.fcgi"。 + +##### `file_type` + +FastCGIサーバにより処理するファイルの[MIME `content-type`][]を設定します。 + +デフォルト値: 'application/x-httpd-php'。 + +#### 定義タイプ: `apache::listen` + +Apacheサーバまたはバーチャルホストのリッスンするアドレスとポートを定義する、Apache設定ディレクトリの`ports.conf`に、[`Listen`][]ディレクティブを追加します。[`apache::vhost`][]クラスはこの定義タイプを使用します。タイトルは ``、`:`、または`:`の形式をとります。 + +#### 定義タイプ: `apache::mod` + +対応する[`apache::mod::`][]クラスを持たないApacheモジュール用のパッケージをインストールし、Apacheサーバの`module`および`enable`ディレクトリ内で、モジュールのデフォルト設定ファイルを確認または配置します。デフォルトのロケーションは、オペレーティングシステムによって異なります。 + +**パラメータ**:　 + +##### `package` + +**必須**。　 + +PuppetがApacheモジュールのインストールに使用するパッケージの名前。 + +デフォルト値: `undef`。　 + +##### `package_ensure` + +Apacheモジュールをインストールの必要性をPuppetが確認するかどうかを決定します。 + +値: 'absent'、'present'。　 + +デフォルト値: 'present'。　 + +##### `lib` + +モジュールの共有オブジェクト名を定義します。特別な理由がない限り、手動で設定しないでください。 + +デフォルト値: `mod_$name.so`。 + +##### `lib_path` + +モジュールのライブラリのパスを指定します。特別な理由がない限り、手動で設定しないでください。[`path`][]パラメータは、この値をオーバーライドします。 + +デフォルト値: `apache`クラスの[`lib_path`][]パラメータ。 + + +##### `loadfile_name` + +モジュールの[`LoadFile`][]ディレクティブのファイル名を設定します。Apacheの処理はアルファベット順に行われるため、ファイル名によってモジュールのロード順序も設定できます。 + +値: `\*.load`の形式のファイル名。 + +デフォルト値: '$name.load'のように、リソース名の後に'load'をつけた値。 + +##### `loadfiles` + +[`LoadFile`][]ディレクティブの配列を指定します。 + +デフォルト値: `undef`。　 + +##### `path` + +モジュールのパスを指定します。特別な理由がない限り、このパラメータは手動で設定しないでください。 + +デフォルト値: [`lib_path`][]/[`lib`][]。 + +#### 定義タイプ: `apache::namevirtualhost` + +[名前ベースのバーチャルホスト][]を有効にし、Apache HTTPD設定ディレクトリの `ports.conf`ファイルに関連するすべてのディレクティブを追加します。タイトルは、'\*'、'\*:\'、'\_default\_:\、'\'、または'\:\'の形式をとることができます。 + +#### 定義タイプ: `apache::vhost` + +apacheモジュールでは、バーチャルホストのセットアップと設定に関して、かなりの柔軟性が認められています。この柔軟性の一部は、定義リソースタイプの`vhost`によるものです。これを使えば、さまざまなパラメータを用いて、Apacheを何度も検証することができます。 + +`apache::vhost`定義タイプを使えば、デフォルトの範囲外の要件を持つバーチャルホストについて、特別な設定をすることができます。基本の`::apache`クラス内でデフォルトのバーチャルホストを設定することも、カスタマイズしたバーチャルホストをデフォルトとして設定することもできます。カスタマイズしたバーチャルホストの[`priority`][]の数値は基本のクラスよりも小さくなるため、Apacheはカスタマイズしたバーチャルホストを先に処理します。 + +`apache::vhost`定義タイプでは、`concat::fragment`を使用して設定ファイルを構築します。定義タイプがもともとサポートしていない設定の要素についてカスタムフラグメントを挿入するには、カスタムフラグメントをひとつずつ追加します。 + +`apache::vhost`定義タイプでは、カスタムフラグメントの`order`パラメータについては10の倍数が使用されるため、10の倍数ではない`order`が機能します。 + +**パラメータ**:　 + +##### `access_log` + +`*_access.log`ディレクティブ(`*_file`,`*_pipe`または`*_syslog`)を設定するかどうかを決定します。 + +ブーリアン。 + +デフォルト値: `true`。　 + +##### `access_log_env_var` + +特定の環境変数を持つリクエストのみをロギングするように指定します。 + +デフォルト値: `undef`。　 + +##### `access_log_file` + +[`logroot`][]に置く`*_access.log`のファイル名を設定します。バーチャルホスト---例えばexample.comなど---を与えると、[SSL暗号化][SSL暗号化]バーチャルホストの場合はデフォルト値が'example.com_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com_access.log'になります。 + +デフォルト値: `false`。　 + +##### `access_log_format` + +アクセスログに、[`LogFormat`][]のニックネームかカスタムフォーマットの文字列のいずれを使うかを指定します。 + +デフォルト値: 'combined'。 + +##### `access_log_pipe` + +Apacheがアクセスログメッセージを送信するパイプを指定します。 + +デフォルト値: `undef`。　 + +##### `access_log_syslog` + +すべてのアクセスログメッセージをsyslogに送ります。 + +デフォルト値: `undef`。　 + +##### `add_default_charset` + +[`AddDefaultCharset`][]ディレクティブのデフォルトのメディア文字セット値を設定します。これは`text/plain`および`text/html`応答に追加されます。 + +デフォルト値: `undef`。　 + +##### `add_listen` + +バーチャルホストが[`Listen`][]ステートメントを作成するかどうかを決定します。 + +`add_listen`を`false`に設定すると、バーチャルホストは`Listen`ステートメントを作成しません。これは、`ip`パラメータを渡されていないバーチャルホストと渡されているバーチャルホストを組み合わせる場合に重要となります。 + +ブーリアン。 + +デフォルト値: `true`。　 + +##### `use_optional_includes` + +Apache 2.4以降の`additional_includes`について、Apacheが[`Include`][]の代わりに[`IncludeOptional`][]ディレクティブを使うかどうかを指定します。 + +ブーリアン。 + +デフォルト値: `false`。　 + +##### `additional_includes` + +追加の静的なバーチャルホスト固有のApache設定ファイルのパスを指定します。このパラメータを使えば、このモジュールでサポートされていない固有のカスタム設定を実装することができます。 + +値: パスを指定する文字列また文字列の[配列][]。 + +デフォルト値: 空配列。　 + +##### `aliases` + +[ハッシュ][ハッシュ]のリストをバーチャルホストに渡し、[`mod_alias`][]ドキュメントに従って[`Alias`][]、[`AliasMatch`][]、[`ScriptAlias`][]、または[`ScriptAliasMatch`][]ディレクティブを作成します。 + +例: + +``` puppet +aliases => [ + { aliasmatch => '^/image/(.*)\.jpg$', + path => '/files/jpg.images/$1.jpg', + }, + { alias => '/image', + path => '/ftp/pub/image', + }, + { scriptaliasmatch => '^/cgi-bin(.*)', + path => '/usr/local/share/cgi-bin$1', + }, + { scriptalias => '/nagios/cgi-bin/', + path => '/usr/lib/nagios/cgi-bin/', + }, + { alias => '/nagios', + path => '/usr/share/nagios/html', + }, +], +``` + +`alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`キーを機能させるには、``、``などの、それぞれに対応するコンテキストが必要です。Puppetは`aliases`パラメータで指定された順序でディレクティブを作成します。[`mod_alias`][]ドキュメントにもあるように、シャドーイングを避けるため、まず具体性の高い`alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`パラメータを追加してから、全般的なパラメータを追加してください。 + +> **注意**: `scriptaliases`パラメータの代わりに`aliases`パラメータを使用すれば、各種のエイリアスディレクティブの順序を正確に制御できます。`scriptaliases`パラメータを使って`ScriptAliases`を定義すると、すべての*`Alias`ディレクティブの後に*すべての*`ScriptAlias`ディレクティブが*処理されます。これは`Alias`ディレクティブによる`ScriptAlias`ディレクティブのシャドーイングにつながり、多くの場合、問題が生じます。例えば、Nagiosに関する問題が生じる可能性があります。 + +I[`apache::mod::passenger`][]がロードされ、`PassengerHighPerformance`が`true`になっている場合、`Alias`ディレクティブが`PassengerEnabled => off`ステートメントを履行できない可能性があります。詳細については、[この記事](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)を参照してください。 + +##### `allow_encoded_slashes` + +バーチャルホストの[`AllowEncodedSlashes`][]宣言を設定し、サーバのデフォルトをオーバーライドします。これにより、`\`および`/`文字を含むURLに対するバーチャルホストの応答が変更されます。値: 'nodecode'、'off'、'on'。デフォルト設定では、サーバ設定からこの宣言が省かれ、Apacheのデフォルト設定'Off'が選択されます。 + +デフォルト値: `undef`。　 + +##### `block` + +Apacheがアクセスをブロックする対象のリストを指定します。有効なオプション: 'scm'、これにより、`.svn`、`.git`、`.bzr`ディレクティブへのWebアクセスがブロックされます。 + +デフォルト値: 空[配列][]。 + +##### `cas_attribute_prefix` + +SAMLバリデーションが有効になっている場合に、このヘッダの値を属性値としてヘッダを追加します。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 + +##### `cas_attribute_delimiter` + +`cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字を設定します。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 + +##### `cas_login_url` + +ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。　 + +##### `cas_scrub_request_headers` + +mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。　 + +##### `cas_sso_enabled` + +`cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。　 + +##### `cas_validate_saml` + +SAMLに関するCASサーバからの解析応答。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。　 + +##### `cas_validate_url` + +HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 + +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 + +##### `custom_fragment` + +カスタム設定ディレクティブの文字列を渡し、バーチャルホスト設定の最後に配置します。 + +デフォルト値: `undef`。　 + +##### `default_vhost` + +任意の`apache::vhost`定義タイプを、他の`apache::vhost`定義タイプと一致しないリクエストをサーブするためのデフォルトとして設定します。 + +デフォルト値: `false`。　 + +##### `directories` + +[`directories`](#parameter-directories-for-apachevhost)セクションを参照してください。 + +##### `directoryindex` + +ディレクトリ名の最後で'/'を指定することで、クライアントがディレクトリのインデックスをリクエストした際に探すべきリソースのリストを設定します。詳細については、[`DirectoryIndex`][]ディレクティブドキュメントを参照してください。 + +デフォルト値: `undef`。　 + +##### `docroot` + +**必須**。　 + +[`DocumentRoot`][]ロケーションを設定します。Apacheはここからファイルをサーブします。 + +`docroot`と[`manage_docroot`][]がともに`false`に設定されている場合、[`DocumentRoot`][]は設定されず、それに付随する``ブロックは作成されません。 + +値: ディレクトリパスを指定する文字列。 + +##### `docroot_group` + +[`docroot`][]ディレクトリへのグループアクセスを設定します。 + +値: システムグループを指定する文字列。 + +デフォルト値: 'root'。 + +##### `docroot_owner` + +[`docroot`][]ディレクトリへの個々のユーザのアクセスを設定します。 + +値: ユーザアカウントを指定する文字列。 + +デフォルト値: 'root'。　 + +##### `docroot_mode` + +[`docroot`][]ディレクトリへのアクセス許可を数字表記法で設定します。 + +値: 文字列。　 + +デフォルト値: `undef`。　 + +##### `manage_docroot` + +Puppetが[`docroot`][]ディレクトリを管理するかどうかを決定します。 + +ブーリアン。 + +デフォルト値: `true`。　 + +##### `error_log` + +`*_error.log`ディレクティブを設定するかどうかを指定します。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `error_log_file` + +バーチャルホストのエラーログについて、`*_error.log`ファイルを優先します。このパラメータが定義されていない場合、Puppetはまず[`error_log_pipe`][]で、次に[`error_log_syslog`][]で値を確認します。 + +これらのパラメータをいずれも設定しない場合は、例えばバーチャルホストが`example.com`なら、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを'$logroot/example.com_error.log'とします。 + +デフォルト値: `undef`。 + +##### `error_log_pipe` + +エラーログメッセージを送るパイプを指定します。 + +[`error_log_file`][]パラメータに値がある場合は、このパラメータに効力は生じません。このパラメータにも`error_log_file`にも値がない場合、Puppetは[`error_log_syslog`][]をチェックします。 + +デフォルト値: `undef`。 + +##### `error_log_syslog` + +すべてのエラーログメッセージをsyslogに送るかどうかを決定します。 + +[`error_log_file`][]パラメータまたは[`error_log_pipe`][]パラメータのいずれかに値がある場合、このパラメータの効力は生じません。これらのパラメータのいずれにも値がない場合は、例えばバーチャルホスト`example.com`では、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを '$logroot/example.com_error.log'とします。 + +ブーリアン。 + +デフォルト値: `undef`。 + +##### `error_documents` + +このバーチャルホストの[エラードキュメント](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定のオーバーライドに使用できるハッシュのリスト。 + +例: + +``` puppet +apache::vhost { 'sample.example.net': + error_documents => [ + { 'error_code' => '503', 'document' => '/service-unavail' }, + { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, + ], +} +``` + +デフォルト値: '[]'。 + +##### `ensure` + +バーチャルホストが存在するかどうかを指定します。 + +値: 'absent'、'present'。　 + +デフォルト値: 'present'。 + +##### `fallbackresource` + +[FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)ディレクティブを設定します。このディレクティブは、ファイルシステム内のどこにもマッピングされていないURLに対してどのようなアクションをとるか指定します。指定されていない場合は'HTTP 404 (Not Found)'が返されます。値は'/'で始めるか、'disabled'とする必要があります。 + +デフォルト値: `undef`。 + +#####`fastcgi_idle_timeout` + +fastcgiを使用する場合に、このオプションにより、サーバ応答のタイムアウトを設定します。 + +デフォルト値: `undef`。 + +##### `file_e_tag` + +[`FileETag`][]宣言のサーバデフォルトを設定します。これにより、静的ファイルの応答ヘッダフィールドが変更されます。 + +値: 'INode'、'MTime'、'Size'、'All'、'None'。 + +デフォルト値: `undef`、この場合、Apacheのデフォルト設定'MTime Size'が使用されます。 + +##### `filters` + +[フィルタ](https://httpd.apache.org/docs/current/mod/mod_filter.html)により、アウトプットコンテンツフィルタのスマートな文脈依存設定が有効になります。 + +``` puppet +apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], +} +``` + +##### `force_type` + +[`ForceType`][]ディレクティブを設定します。このディレクティブは、[MIME `content-type`][]がこのパラメータの値に一致するすべてのマッチングファイルをApacheに強制的にサーブさせます。 + +#### `add_charset` + +ディレクトリおよびファイル拡張子ごとに、Apacheにカスタムコンテンツ文字セットを設定させます。 + +##### `headers` + +レスポンスヘッダを置換、結合、または削除するための行を追加します。詳細については、[Apacheのmod_headersドキュメント](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)を参照してください。 + +値: 文字列または文字列の配列。 + +デフォルト値: `undef`。 + +##### `ip` + +バーチャルホストがリッスンするIPアドレスを設定します。デフォルトでは、Apacheのデフォルト挙動が使用され、すべてのIPをリッスンします。 + +値: 文字列または文字列の配列。　 + +デフォルト値: `undef`。 + +##### `ip_based` + +[IPベースの](https://httpd.apache.org/docs/current/vhosts/ip-based.html)バーチャルホストを有効にします。このパラメータにより、NameVirtualHostディレクティブの作成が禁止されます。これは、このディレクティブが名前ベースのバーチャルホストにリクエストを送る際に使用されるためです。 + +デフォルト値: `false`。 + +##### `itk` + +ハッシュで[ITK](http://mpm-itk.sesse.net/)を設定します。 + +通常は、以下のように使用します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} +``` + +値: ハッシュ。キーを含めることもできます。 + +* ユーザ + グループ +* `assignuseridexpr` +* `assigngroupidexpr` +* `maxclientvhost` +* `nice` +* `limituidrange` (Linux 3.5.0以降) +* `limitgidrange` (Linux 3.5.0以降) + +通常は、以下のように使用します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + itk => { + user => 'someuser', + group => 'somegroup', + }, +} +```　 + +デフォルト値: `undef`。 + +##### `jk_mounts` + +'JkMount'および'JkUnMount'ディレクティブによりバーチャルホストを設定し、TomcatとApacheの間をマッピングするURLのパスを処理します。 + +このパラメータは、ハッシュの配列にする必要があります。各ハッシュには、'worker'と、'mount'または'unmount'キーのいずれかが含まれている必要があります。 + +通常は、以下のように使用します。　 + +``` puppet +apache::vhost { 'sample.example.net': + jk_mounts => [ + { mount => '/*', worker => 'tcnode1', }, + { unmount => '/*.jpg', worker => 'tcnode1', }, + ], +} +``` +デフォルト値: `undef`。 + +##### `keepalive` + +バーチャルホストで[`KeepAlive`][]ディレクティブによるHTTPの持続的接続を有効にするかどうかを決定します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 + +バーチャルホストの関連オプションを設定するには、`keepalive_timeout`および`max_keepalive_requests`パラメータを使用します。 + +値: 'Off', 'On'。 + +デフォルト値: `undef`。　 + +##### `keepalive_timeout` + +バーチャルホストの[`KeepAliveTimeout`]ディレクティブを設定します。これにより、HTTPの持続的接続で後続のリクエストを実行するまでの待機時間が決まります。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 + +このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。 + +デフォルト値: `undef`。　 + +##### `max_keepalive_requests` + +接続1回につき許可されるバーチャルホストへのリクエスト数を制限します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 + +このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。　 + +デフォルト値: `undef`。　 + +##### `auth_kerb` + +バーチャルホストの[`mod_auth_kerb`][]パラメータを有効にします。 + +通常は、以下のように使用します。　 + +``` puppet +apache::vhost { 'sample.example.net': + auth_kerb => `true`, + krb_method_negotiate => 'on', + krb_auth_realms => ['EXAMPLE.ORG'], + krb_local_user_mapping => 'on', + directories => { + path => '/var/www/html', + auth_name => 'Kerberos Login', + auth_type => 'Kerberos', + auth_require => 'valid-user', + }, +} +``` + +関連するパラメータは、`mod_auth_kerb`ディレクティブの名前に従います。 + +- `krb_method_negotiate`: Negotiateメソッドを使用するかどうかを決定します。デフォルト値: 'on'。 +- `krb_method_k5passwd`: Kerberos v5に関してパスワードベースの認証を使用するかどうかを決定します。デフォルト値: 'on'。 +- `krb_authoritative`: 'off'に設定すると、認証コントロールを別のモジュールに渡すことができます。デフォルト値: 'on'。 +- `krb_auth_realms`: 認証に使用するKerberos領域の配列を指定します。デフォルト値: '[]'。 +- `krb_5keytab`: Kerberos v5キータブファイルのロケーションを指定します。デフォルト値: `undef`。 +- `krb_local_user_mapping`: 今後の使用のために、ユーザ名から@REALMを取り除きます。デフォルト値: `undef`。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `krb_verify_kdc` + +このオプションを使えば、ローカルなキータブに対する認証チケットを無効にし、KDCスプーフィング攻撃を防ぐことができます。 + +デフォルト値: 'on'。 + +##### `krb_servicename` + +Apacheが認証に使用するサービス名を指定します。この名前に対応するキーをキータブに保存する必要があります。 + +デフォルト値: 'HTTP'。 + +##### `krb_save_credentials` + +このオプションにより、認証情報の保存機能が有効になります。 + +デフォルト値: 'off'。 + +##### `logroot` + +バーチャルホストのログファイルの保存場所を指定します。 + +デフォルト値: '/var/log//'。 + +##### `$logroot_ensure` + +バーチャルホストのlogrootディレクトリを削除するかどうかを決定します。 + +値: 'directory'、'absent'。 + +デフォルト値: 'directory'。 + +##### `logroot_mode` + +logrootディレクトリで設定されたモードをオーバーライドします。影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与*しないで*ください。詳細については、[Apacheのログセキュリティドキュメント](https://httpd.apache.org/docs/2.4/logs.html#security)を参照してください。 + +デフォルト値: `undef`。 + +##### `logroot_owner` + +logrootディレクトリへの個々のユーザのアクセスを設定します。 + +デフォルト値：`undef`。 + +##### `logroot_group` + +[`logroot`][]ディレクトリへのグループアクセスを設定します。 + +デフォルト値：`undef`。 + +##### `log_level` + +エラーログの詳細レベルを指定します。 + +値: 'emerg'、'alert'、'crit'、'error'、'warn'、'notice'、'info'、'debug'。 + +デフォルト値: グローバルサーバ設定については'warn'。バーチャルホストごとにオーバーライドできます。 + +###### `modsec_body_limit` + +バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズをバイト数で設定します。 + +値: 整数。 + +デフォルト値: `undef`。 + +###### `modsec_disable_vhost` + +バーチャルホストで[`mod_security`][]を無効にします。[`apache::mod::security`][]が含まれている場合にのみ有効です。 + +ブーリアン。 + +デフォルト値: `undef`。 + +###### `modsec_disable_ids` + +バーチャルホストから`mod_security` IDを削除します。 + +値: バーチャルホストから削除する`mod_security` IDの配列。ハッシュも使用できます。この場合、特定のロケーションからのIDの削除が可能です。 + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, +} +``` + +デフォルト値: `undef`。 + +###### `modsec_disable_ips` + +[`mod_security`][]ルールマッチングから除外するIPアドレスの配列を指定します。 + +デフォルト値: `undef`。 + +###### `modsec_disable_msgs` + +バーチャルホストから削除するmod_security Msgの配列。ハッシュも使用できます。この場合、特定のロケーションからのMsgの削除が可能です。 + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_msgs => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_msgs => { '/location1' => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ] }, +} +``` + +デフォルト値: `undef`。 + +###### `modsec_disable_tags` + + バーチャルホストから削除するmod_securityタグの配列。ハッシュも使用できます。この場合、特定のロケーションからのタグの削除が可能です。 + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ], +} +``` + +``` puppet +apache::vhost { 'sample.example.net': + modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, +} +``` + +デフォルト値: `undef`。 + +##### `modsec_audit*` + +* `modsec_audit_log` +* `modsec_audit_log_file` +* `modsec_audit_log_pipe` + +この3つのパラメータは、いずれも`mod_security`オーディットログの送信方法を決定します([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog))。 + +* `modsec_audit_log_file`が設定されている場合は、[`logroot`][]と比較されます。 + + デフォルト値: `undef`。 + +* `modsec_audit_log_pipe`を設定する場合は、パイプで始める必要があります。例えば、'|/path/to/mlogc /path/to/mlogc.conf'のようになります。 + + デフォルト値: `undef`。 + +* `modsec_audit_log`が`true`になっている場合、バーチャルホスト---example.comなど---を与えると、[SSL暗号化][SSL encryption]バーチャルホストの場合はデフォルト値が'example.com\_security\_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com\_security.log'になります。 + + デフォルト値: `false`。 + +上述のパラメータがいずれも設定されていない場合、グローバルオーディットログが使用されます(''/var/log/httpd/modsec\_audit.log''; Debianおよびデリバティブ: ''/var/log/apache2/modsec\_audit.log''; その他: )。 + +##### `no_proxy_uris` + +プロキシを使用しないURLを指定します。このパラメータは、[`proxy_dest`](#proxy_dest)と組み合わせて使用することはできません。 + +デフォルト値: []。 + +##### `no_proxy_uris_match` + +このディレクティブは[`no_proxy_uris`][]と同じですが、正規表現をとります。 + +デフォルト値: []。　 + +##### `proxy_preserve_host` + +[ProxyPreserveHostディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost)を設定します。 + +このパラメータを`true`に設定すると、受信リクエストの`Host:`行が有効になり、ホスト名ではなくホストにプロキシされます。`false`に設定すると、このディレクティブが'Off'になります。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `proxy_add_headers` + +[ProxyAddHeadersディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders)を設定します。 + +このパラメータは、プロキシ関連のHTTPヘッダ(X-Forwarded-For、X-Forwarded-Host、X-Forwarded-Server)をバックエンドサーバに送信するかどうかを制御します。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `proxy_error_override` + +[ProxyErrorOverrideディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride)を設定します。このディレクティブは、プロキシされたコンテンツに関するエラーページをApacheによりオーバーライドすべきかどうかを制御します。 + +ブーリアン。 + +デフォルト値: `false`。 + +##### `options` + +指定されたバーチャルホストの[`Options`][]を設定します。例: + +``` puppet +apache::vhost { 'site.name.fdqn': + … + options => ['Indexes','FollowSymLinks','MultiViews'], +} +``` + +> **注意**: [`apache::vhost`][]の[`directories`][]パラメータを使うと、'Options'、'Override'、'DirectoryIndex'は`directories`内のパラメータであるため、無視されます。 + +デフォルト値: ['Indexes','FollowSymLinks','MultiViews']。 + +##### `override` + +指定されたバーチャルホストのオーバーライドを設定します。[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)引数の配列を使用できます。 + +デフォルト値: '[none]'。 + +##### `passenger_app_root` + +[PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot)を設定します。これは、DocumentRootと異なる場合のPassengerアプリケーションルートのロケーションです。 + +値: パスを指定する文字列。 + +デフォルト値: `undef`。 + +##### `passenger_app_env` + +[PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv)を設定します。これは、Passengerアプリケーションに関する環境です。指定されていない場合は、グローバル設定の'production'がデフォルトになります。 + +値: 環境名を指定する文字列。 + +デフォルト値: `undef`。 + +##### `passenger_log_file` + +デフォルトでは、PassengerログメッセージはApacheグローバルエラーログに書き込まれます。[PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile)を使えば、そのメッセージを別のファイルに書き込むように設定することができます。このオプションは、Passenger 5.0.5以降でのみ使用できます。 + +値: パスを指定する文字列。 + +デフォルト値: `undef`。 + +##### `passenger_log_level` + +このオプションを使えば、ログファイルに書き込む情報の量を指定できます。設定されていない場合は、[PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel)は設定ファイルに表示されず、デフォルト値が使用されます。 + +デフォルト値: 3.0.0以前のPassengerバージョン: '0'; 5.0.0以降: '3'。 + +##### `passenger_ruby` + +[PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するRubyインタープリタです。 + +デフォルト値: `undef`。 + +##### `passenger_min_instances` + +[PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances)を設定します。これは、実行するアプリケーションプロセスの最小数です。 + +##### `passenger_max_requests` + +[PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas +sengermaxrequests)を設定します。これは、アプリケーションプロセスが処理するリクエストの最大数です。 + +##### `passenger_max_instances_per_app` + +[PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp)を設定します。これは、単一のアプリケーションに関して同時に存在できるアプリケーションプロセスの最大数です。 + +デフォルト値: `undef`。 + +##### `passenger_start_timeout` + +[PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout)を設定します。これは、アプリケーション起動のタイムアウトです。 + +##### `passenger_pre_start` + +[PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart)を設定します。これは、プレ起動が必要とされる場合のアプリケーションのURLです。 + +##### `passenger_user` + +[PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser)を設定します。これは、サンドボックスアプリケーションの実行ユーザです。 + +##### `passenger_high_performance` + +[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance)パラメータを設定します。 + +値: `true`、`false`。 + +デフォルト値: `undef`。 + +##### `passenger_nodejs` + +[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するNodeJSインタープリタです。 + +##### `passenger_sticky_sessions` + +[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions)パラメータを設定します。 + +ブーリアン。 + +デフォルト値: `undef`。 + +##### `passenger_startup_file` + +[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)パスを設定します。このパスは、アプリケーションルートに関連しています。 + +##### `php_flags & values` + +バーチャルホストごとの設定[`php_value`または`php_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 + +デフォルト値: '{}'。 + +##### `php_admin_flags & values` + +バーチャルホストごとの設定[`php_admin_value`または`php_admin_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 + +デフォルト値: '{}'。 + +##### `port` + +ホストを設定するポートを設定します。モジュールのデフォルトでは、ホストがリッスンするのは、非SSLバーチャルホストではポート80、SSLバーチャルホストではポート443です。ホストはこのパラメータで設定されたポートのみをリッスンします。 + +##### `priority` + +Apache HTTPD VirtualHost設定ファイルに関連するロード順序を設定します。 + +優先順位に一致するものがない場合は、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。同様に、高い優先順位を渡すと、他に一致する名前がなければ、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。 + +> **注意:** このパラメータを使用する必要はありません。ただし、使用する場合は、`apache::vhost`の`default_vhost`パラメータの優先順位は'15'になる点に留意してください。 + +ファイル名の優先順位の接頭値を無視するには、優先順位として`false`を渡します。 + +デフォルト値: '25'。 + +##### `proxy_dest` + +[ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の宛先アドレスを指定します。 + +デフォルト値: `undef`。 + +##### `proxy_pass` + +[ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の`path => URI`値の配列を指定します。オプションで、配列としてパラメータを追加できます。 + +デフォルト値: `undef`。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + proxy_pass => [ + { 'path' => '/a', 'url' => 'http://backend-a/' }, + { 'path' => '/b', 'url' => 'http://backend-b/' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, + { 'path' => '/l', 'url' => 'http://backend-xy', + 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, + { 'path' => '/f', 'url' => 'http://backend-f/', + 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, + { 'path' => '/g', 'url' => 'http://backend-g/', + 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, + { 'path' => '/h', 'url' => 'http://backend-h/h', + 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, + ], +} +``` + +* `reverse_urls`。*オプション。*この設定は、`mod_proxy_balancer`とともに使用する場合に役立ちます。値: 配列または文字列。 +* `reverse_cookies`。*オプション。*`ProxyPassReverseCookiePath`および`ProxyPassReverseCookieDomain`を設定します。 +* `params`。*オプション。*接続設定などのProxyPassキー-値パラメータを許可します。 +* `setenv`。*オプション。*プロキシディレクティブの[環境変数](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings)を設定します。値: 配列。 + +##### `proxy_dest_match` + +このディレクティブは[`proxy_dest`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 + +##### `proxy_dest_reverse_match` + +[`proxy_dest_match`][]が指定されている場合に、ProxyPassReverseを渡せるようにします。詳細については、[ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)を参照してください。 + +##### `proxy_pass_match` + +このディレクティブは[`proxy_pass`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 + +##### `rack_base_uris` + +rack設定のリソース識別子を設定します。指定されたファイルパスは、_rack.erbテンプレート内の[Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri)のrackアプリケーションルートとしてリストされます。 + +デフォルト値: `undef`。 + +#####`passenger_base_uris` + +任意のURIをPhusion Passengerのサーブするアプリケーションとして指定するのに使用します。指定されたファイルパスは、_passenger_base_uris.erbテンプレート内の[Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI)のpassengerアプリケーションルートとしてリストされます。 + +デフォルト値: `undef`。 + +##### `redirect_dest` + +リダイレクト先のアドレスを指定します。 + +デフォルト値: `undef`。 + +##### `redirect_source` + +`redirect_dest`で指定された宛先にリダイレクトするソースURIを指定します。リダイレクトするアイテムが複数提供されている場合は、ソースと宛先の長さを一致させる必要があります。また、アイテムは順序に依存します。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], +} +``` + +##### `redirect_status` + +リダイレクトに追加するステータスを指定します。 + +デフォルト値: `undef`。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], +} +``` + +##### `redirectmatch_*` + +* `redirectmatch_regexp` +* `redirectmatch_status` +* `redirectmatch_dest` + +任意の正規表現について呼び出すサーバステータスとユーザの転送先を決定します。配列として入力します。 + +デフォルト値: `undef`。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + redirectmatch_status => ['404','404'], + redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], +} +``` + +##### `request_headers` + +他のリクエストヘッダの追加、リクエストヘッダの削除など、収集した[リクエストヘッダ](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)をさまざまな形で修正します。 + +デフォルト値: `undef`。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', + ], +} +``` + +##### `rewrites` + +URLリライトルールを作成します。ハッシュの配列が求められます。 + +値: 'comment'、'rewrite_base'、'rewrite_cond'、'rewrite_rule'、'rewrite_map'のいずれかのハッシュキー。 + +デフォルト値: `undef`。 + +誰かがindex.htmlにアクセスした場合、welcome.htmlを表示するように指定できます。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] +} +``` + +このパラメータにより条件をリライトし、`true`の場合に関連ルールを実行させることが可能です。例えば、ビジターがIEを使っている場合のみURLをリライトするには、以下のように設定します。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'redirect IE', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} +``` + +複数の条件を適用することもできます。たとえば、ブラウザがLynxかMozilla(バージョン1または2)の場合にのみ、index.htmlをwelcome.htmlにリライトする場合は、以下のようになります。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + ], +} +``` + +複数のリライトと条件を設定することも可能です。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + { + comment => 'Lynx or Mozilla v1/2', + rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], + rewrite_rule => ['^index\.html$ welcome.html'], + }, + { + comment => 'Internet Explorer', + rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], + rewrite_rule => ['^index\.html$ /index.IE.html [L]'], + }, + { + rewrite_base => /apps/, + rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], + }, + { comment => 'Rewrite to lower case', + rewrite_cond => ['%{REQUEST_URI} [A-Z]'], + rewrite_map => ['lc int:tolower'], + rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], + }, + ], +} +``` + +リライトのルールおよび条件については、[`mod_rewrite`ドキュメント][`mod_rewrite`]を参照してください。 + +##### `rewrite_inherit` + +バーチャルホストが全体のリライトルールを継承するかどうかを決定します。 + +デフォルト値: `false`。 + +リライトルールは、全体(`$conf_file`または`$confd_dir`で)またはバーチャルホストの`.conf`ファイル内で指定することができます。デフォルトでは、バーチャルホストは全体の設定を継承しません。継承を有効にするには、`rewrites`パラメータを指定し、`rewrite_inherit`パラメータを`true`に設定します。 + +``` puppet +apache::vhost { 'site.name.fdqn': + … + rewrites => [ + , + ], + rewrite_inherit => `true`, +} +``` + +> **注意**: この設定を有効にするには、`rewrites`パラメータが**必須**です。 + +バーチャルホストに以下のディレクティブが含まれている場合は、Apacheが全体の`Rewrite`ルールを有効にします。 + +``` ApacheConf +RewriteEngine On +RewriteOptions Inherit +``` + +[公式`mod_rewrite`ドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)のセクション"Rewriting in Virtual Hosts"を参照してください。 + +##### `scriptalias` + +'/usr/scripts'などの、パス'/cgi-bin'のエイリアスとするCGIスクリプトのディレクトリを定義します。 + +デフォルト値: `undef`。 + +##### `scriptaliases` + +> **注意**: このパラメータは廃止予定であり、`aliases`パラメータに置き換えられます。 + +ハッシュの配列をバーチャルホストに渡し、[`mod_alias`ドキュメント][`mod_alias`]に従ってScriptAliasまたはScriptAliasMatchステートメントのいずれかを作成します。 + +``` puppet +scriptaliases => [ + { + alias => '/myscript', + path => '/usr/share/myscript', + }, + { + aliasmatch => '^/foo(.*)', + path => '/usr/share/fooscripts$1', + }, + { + aliasmatch => '^/bar/(.*)', + path => '/usr/share/bar/wrapper.sh/$1', + }, + { + alias => '/neatscript', + path => '/usr/share/neatscript', + }, +] +``` + +ScriptAliasおよびScriptAliasMatchディレクティブは、指定した順に作成されます。 [AliasおよびAliasMatch](#aliases)ディレクティブと同様、シャドーイングを避けるため、まず具体的なエイリアスを指定してから、全般的なものを指定してください。 + +##### `serveradmin` + +エラーページの表示時にApacheが表示するEメールアドレスを指定します。 + +デフォルト値: `undef`。 + +##### `serveraliases` + +サイトの[ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)を設定します。 + +デフォルト値: '[]'。 + +##### `servername` + +バーチャルホストに接続するホスト名に対応するサーバ名を設定します。 + +デフォルト値: リソースのタイトル。 + +##### `setenv` + +HTTPDにより使用し、バーチャルホストの環境変数を設定します。 + +デフォルト値: '[]'。 + +例: + +``` puppet +apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], +} +``` + +##### `setenvif` + +HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します。 + +デフォルト値: '[]'。 + +##### `setenvifnocase` + +HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します(大文字小文字を区別しないマッチング)。 + +デフォルト値: '[]'。 + +##### `suphp_*` + +* `suphp_addhandler` +* `suphp_configpath` +* `suphp_engine` + +[suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)によりバーチャルホストを設定します。 + +* `suphp_addhandler`。デフォルト値: RedHatおよびFreeBSDでは'php5-script'、DebianおよびGentooでは'x-httpd-php'。 +* `suphp_configpath`。デフォルト値: RedHatおよびFreeBSDでは`undef`、DebianおよびGentooでは'/etc/php5/apache2'。 +* `suphp_engine`。値: 'on'または'off'。デフォルト値: 'off'。 + +suPHPによるバーチャルホスト設定の例: + +``` puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => { path => '/home/appuser/myphpapp', + 'suphp' => { user => 'myappuser', group => 'myappgroup' }, + } +} +``` + +##### `vhost_name` + +名前ベースのバーチャルホストを有効にします。バーチャルホストにIPではなくポートが割り当てられている場合は、バーチャルホスト名は'vhost_name:port'になります。バーチャルホストにIPもポートも割り当てられていない場合は、バーチャルホスト名はリソースのタイトルに設定されます。 + +デフォルト値: '*'。 + +##### `virtual_docroot` + +同じ名前を持つディレクトリにマッピングされたワイルドカードエイリアスサブドメインにより、バーチャルホストを設定します。例えば、'http://example.com' would map to '/var/www/example.com'のようになります。 + +デフォルト値: `false`。 + +``` puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +``` + +##### `wsgi*` + +* `wsgi_daemon_process` +* `wsgi_daemon_process_options` +* `wsgi_process_group` +* `wsgi_script_aliases` +* `wsgi_pass_authorization` + +[WSGI](https://github.com/GrahamDumpleton/mod_wsgi)によりバーチャルホストを設定します。 + +* `wsgi_daemon_process`: WSGIデーモンの名前を設定するハッシュ。[特定のキー](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html)を使用できます。デフォルト値: `undef`。 +* `wsgi_daemon_process_options`。_オプション。_ デフォルト値: `undef`。 +* `wsgi_process_group`: バーチャルホストが実行されるグループIDを設定します。デフォルト値: `undef`。 +* `wsgi_script_aliases`: ファイルシステム.wsgiパスへのWebパスのハッシュにする必要があります。デフォルト値: `undef`。 +* `wsgi_script_aliases_match`: ファイルシステム.wsgiパスへのWebパスの正規表現のハッシュにする必要があります。デフォルト値: `undef`。 +* `wsgi_pass_authorization`: 'On'に設定すると、Apacheの代わりにWSGIアプリケーションを使って認証を処理します。詳細については、[mod_wsgi's WSGIPassAuthorizationドキュメント] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html)を参照してください。デフォルト値: `undef`、これにより、Apacheのデフォルト値である'Off'が使われます。 +* `wsgi_chunked_request`: チャンク形式のリクエストのサポートを有効にします。デフォルト値: `undef`。 + +WSGIによるバーチャルホスト設定の例: + +``` puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => + { processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', +} +``` + +#### `apache::vhost`のパラメータ`directories` + +`apache::vhost`クラスの`directories`パラメータは、バーチャルホストにハッシュの配列を渡し、[Directory](https://httpd.apache.org/docs/current/mod/core.html#directory)、[File](https://httpd.apache.org/docs/current/mod/core.html#files)、[Location](https://httpd.apache.org/docs/current/mod/core.html#location)ディレクティブブロックを作成します。これらのブロックは、'< Directory /path/to/directory>...< /Directory>'の形式をとります。 + +`path`キーは、ディレクトリ、ファイル、ロケーションブロックのパスを設定します。この値は、'directory'、'files'、または'location'プロバイダのパスか、'directorymatch'、'filesmatch'、または 'locationmatch'プロバイダの正規表現でなければなりません。`directories`に渡される各ハッシュには、キーのひとつとして`path`が含まれていなければ**なりません**。 + +`provider`キーはオプションです。設定されていない場合、このキーのデフォルトは'directory'になります。値: 'directory'、'files'、'proxy'、'location'、'directorymatch'、'filesmatch'、'proxymatch'、'locationmatch'。`provider`を'directorymatch'に設定すると、 Apache設定ファイルでキーワード'DirectoryMatch'が使用されます。 + +`directories`の使用例: + +``` puppet +apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all', + }, + ], +} +``` + +> **注意:** 少なくとも1つのディレクトリが`docroot`パラメータとマッチする必要があります。ディレクトリの宣言を開始すると、`apache::vhost`は必要なすべてのディレクトリブロックが宣言されるものと見なします。定義されない場合、`docroot`パラメータにマッチする1つのデフォルトディレクトリブロックが作成されます。 + +`directory`、`files`、または`location`ハッシュ内に、使用可能なハンドラを配置し、キーとして表す必要があります。以下のようになります。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ { path => '/path/to/directory', handler => value } ], +} +``` + +これらのハッシュで設定していないハンドラは、Puppet内で'undefined'と見なされ、バーチャルホストに追加されず、モジュールではデフォルト値が使われます。サポートされているハンドラは、次のとおりです。 + +##### `addhandlers` + +[AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler)ディレクティブを設定します。これは、ファイル名の拡張子を指定されたハンドラにマッピングするものです。ハッシュのリストを使用し、`extensions`はハンドラによりマッピングされた拡張子を記述するために使用されます。`{ handler => 'handler-name', extensions => ['extension'] }`の形式をとります。 + +例: + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], + }, + ], +} +``` + +##### `allow` + +[Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow)ディレクティブを設定します。これは、ホスト名またはIPに基づく認証をグループ化するものです。**廃止予定:**このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, + ], +} +``` + +##### `allow_override` + +[.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)ファイルで許可されるディレクティブのタイプを設定します。配列を使用できます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, + ], +} +``` + +##### `auth_basic_authoritative` + +[AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative)の値を設定します。これにより、下位のApacheモジュールに権限と認証を渡すかどうかが決定されます。 + +##### `auth_basic_fake` + +[AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake)の値を設定します。これにより、任意のディレクティブブロックに関する認証情報が静的に設定されます。 + +##### `auth_basic_provider` + +[AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider)の値を設定します。これにより、任意のロケーションの認証プロバイダが設定されます。 + +##### `auth_digest_algorithm` + +[AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm)の値を設定します。これにより、チャレンジおよびレスポンスハッシュの計算に用いるアルゴリズムを選択します。 + +###### `auth_digest_domain` + +[AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain)の値を設定します。これにより、ダイジェスト認証に関して、同じ保護スペースで1つまたは複数のURIを指定できます。 + +##### `auth_digest_nonce_lifetime` + +[AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime)の値を設定します。これにより、サーバのノンスが有効になる長さを制御します。 + +##### `auth_digest_provider` + +[AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider)の値を設定します。これにより、任意のロケーションに関する認証プロバイダを設定します。 + +##### `auth_digest_qop` + +[AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop)の値を設定します。これにより、ダイジェスト認証で用いる保護品質を決定します。 + +##### `auth_digest_shmem_size` + +[AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize)の値を設定します。これにより、クライアントの追跡に関して、サーバに割り当てられる共通メモリの量を定義します。 + +##### `auth_group_file` + +[AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile)の値を設定します。これにより、認証に関して、ユーザグループのリストを含むテキストファイルの名前を設定します。 + +##### `auth_name` + +[AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname)の値を設定します。これにより、認証領域の名前を設定します。 + +##### `auth_require` + +アクセスを許可するのに必要なエンティティ名を設定します。詳細については、[Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives)を参照してください。 + +##### `auth_type` + +[AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype)の値を設定します。これにより、ユーザ認証のタイプをガイドします。 + +##### `auth_user_file` + +[AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile)の値を設定します。これにより、認証に関するユーザ/パスワードを含むテキストファイルの名前を設定します。 + +##### `auth_merging` + +[AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging)の値を設定します。これにより、認証ロジックを組み合わせるかどうかを決定します。 + +##### `auth_ldap_url` + +[AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合のLDAPサーバのURLを決定します。 + +##### `auth_ldap_bind_dn` + +[AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、エントリの検索時にLDAPサーバにバインドするオプションのDNを使用できるようになります。 + +##### `auth_ldap_bind_password` + +[AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、バインドDNとともに用いるオプションのバインドパスワードを使用できるようになります。 + +##### `auth_ldap_group_attribute` + +[AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute)の値の配列。ldapグループ内のユーザメンバーの確認に使用するLDAP属性を指定します。 + +デフォルト値: "member"および "uniquemember"。 + +##### `auth_ldap_group_attribute_is_dn` + +[AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn)の値を設定し、ldapグループのメンバーにDNかシンプルなユーザ名のどちらを使用するかを指定します。onに設定すると、グループメンバーシップの確認時に、クライアントユーザ名の識別名が使用されます。そうでない場合は、ユーザ名が使われます。有効な値は"on"か"off"です。 + +##### `custom_fragment` + +カスタム設定ディレクティブの文字列を渡し、ディレクトリ設定の最後に配置します。 + +``` puppet +apache::vhost { 'monitor': + … + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' + + SetHandler balancer-manager + Order allow,deny + Allow from all + + + SetHandler server-status + Order allow,deny + Allow from all + +ProxyStatus On', + }, + ] +} +``` + +##### `dav` + +[Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav)の値を設定します。これにより、WebDAV HTTPメソッドを有効にするかどうかを決定します。値としては、'On'、'Off'、またはプロバイダの名前を使用できます。'On'に設定すると、`mod_dav_fs`モジュールにより実装されているデフォルトのファイルシステムプロバイダが有効になります。 + +##### `dav_depth_infinity` + +[DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity)の値を設定します。これは、`Depth: Infinity`ヘッダを持つ`PROPFIND`リクエストの処理を有効にするのに使用されます。 + +##### `dav_min_timeout` + +[DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout)の値を設定します。DAVリソースでサーバがロック状態を維持する時間(秒数)を指定します。 + +##### `deny` + +[Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny)ディレクティブを設定し、サーバへのアクセスを否定するホストを指定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, + ], +} +``` + +##### `error_documents` + +ディレクトリの[ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定をオーバーライドするハッシュの配列。 + +``` puppet +apache::vhost { 'sample.example.net': + directories => [ + { path => '/srv/www', + error_documents => [ + { 'error_code' => '503', + 'document' => '/service-unavail', + }, + ], + }, + ], +} +``` + +##### `ext_filter_options` + +[ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html)ディレクティブを設定します。 +このディレクティブを使用する前に、`class { 'apache::mod::ext_filter': }`を宣言する必要があります。 + +``` puppet +apache::vhost { 'filter.example.org': + docroot => '/var/www/filter', + directories => [ + { path => '/var/www/filter', + ext_filter_options => 'LogStderr Onfail=abort', + }, + ], +} +``` + +##### `geoip_enable` + +[GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration)ディレクティブを設定します。 +このディレクティブを使用する前に、`class {'apache::mod::geoip': }`を宣言する必要があります。 + +``` puppet +apache::vhost { 'first.example.com': + docroot => '/var/www/first', + directories => [ + { path => '/var/www/first', + geoip_enable => `true`, + }, + ], +} +``` + +##### `headers` + +[Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)ディレクティブの行を追加します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => { + path => '/path/to/directory', + headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + }, +} +``` + +##### `index_options` + +[ディレクトリインデキシング](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions)の設定を可能にします。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + }, + ], +} +``` + +##### `index_order_default` + +ディレクトリインデックスの[デフォルトの順序付け](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault)を設定します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + index_order_default => ['Descending', 'Date'], + }, + ], +} +``` + +###### `index_style_sheet` + +[IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet)を設定します。これにより、ディレクトリインデックスにCSSスタイルシートが追加されます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], +} +``` + +##### `limit` + +ディレクトリブロック内に[Limit](https://httpd.apache.org/docs/current/mod/core.html#limit)ブロックを作成します。`require`ディレクティブを含めることもできます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/docroot', + directories => [ + { path => '/', + provider => 'location', + limit => [ + { methods => 'GET HEAD', + require => ['valid-user'] + }, + ], + }, + ], +} +``` + +##### `limit_except` + +ディレクトリブロック内に[LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept)ブロックを作成します。`require`ディレクティブを含めることもできます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/docroot', + directories => [ + { path => '/', + provider => 'location', + limit_except => [ + { methods => 'GET HEAD', + require => ['valid-user'] + }, + ], + }, + ], +} +``` + +##### `mellon_enable` + +[MellonEnable][`mod_auth_mellon`]ディレクトリを設定し、 [`mod_auth_mellon`][]を有効にします。[`apache::mod::auth_mellon`][]を使って`mod_auth_mellon`をインストールできます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/', + provider => 'directory', + mellon_enable => 'info', + mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key', + mellon_endpoint_path => '/mellon', + mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, + mellon_user => 'ADFS_LOGIN', + }, + { path => '/protected', + provider => 'location', + mellon_enable => 'auth', + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], + }, + ] +} +``` + +関連するパラメータは、`mod_auth_mellon`ディレクティブの名前に従います。 + +- `mellon_cond`: アクセスを許可するために満たす必要のあるmellon条件の配列をとり、配列内の各アイテムについて [MellonCond][`mod_auth_mellon`]ディレクティブを作成します。 +- `mellon_endpoint_path`: [MellonEndpointPath][`mod_auth_mellon`]を設定し、mellonエンドポイントパスを設定します。 +- `mellon_sp_metadata_file`: SPメタデータファイルの[MellonSPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 +- `mellon_idp_metadata_file`: IDPメタデータファイルの[MellonIDPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 +- `mellon_saml_rsponse_dump`: [MellonSamlResponseDump][`mod_auth_mellon`]ディレクティブを設定し、SAMLのデバッグを有効にします。 +- `mellon_set_env_no_prefix`:環境変数にマッピングする属性名のハッシュに関する [MellonSetEnvNoPrefix][`mod_auth_mellon`]ディレクティブを +設定します。 +- `mellon_sp_private_key_file`: サービスプロバイダのプライベートキー保存場所に関する[MellonSPPrivateKeyFile][`mod_auth_mellon`]ディレクティブを設定します。 +- `mellon_sp_cert_file`: サービスプロバイダの公開キー保存場所に関する[MellonSPCertFile][`mod_auth_mellon`]ディレクティブを設定します。 +- `mellon_user`: ユーザ名に関して使用する[MellonUser][`mod_auth_mellon`]属性を設定します。 + +##### `options` + +任意のディレクトリブロックに関する[オプション](https://httpd.apache.org/docs/current/mod/core.html#options)をリスト化します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + }, + ], +} +``` + +##### `order` + +[Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order)に従い、AllowおよびDenyステートメントの処理順序を設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', + }, + ], +} +``` + +##### `passenger_enabled` + +[PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)ディレクティブの値を'on'または'off'に設定します。`apache::mod::passenger`を含める必要があります。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + passenger_enabled => 'on', + }, + ], +} +``` + +> **注意:** PassengerEnabledディレクティブをPassengerHighPerformanceディレクティブとともに使用すると、[問題](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)が生じます。 + +##### `php_value`および`php_flag` + +`php_value`はディレクトリの値を設定し、`php_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 + +##### `php_admin_value`および`php_admin_flag` + +`php_admin_value`はディレクトリの値を設定し、`php_admin_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 + + +##### `require` + + +[Apache Authzドキュメント](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require)に従い、`Require`ディレクティブを設定します。`require`が設定されていない場合、`Require all granted`がデフォルトになります。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'ip 10.17.42.23', + } + ], +} +``` + +より複雑な要件設定が必要な場合、apache >= 2.4では[RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall)、[RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone)または[RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany)ディレクティブを使用できます。'any'、'none'、'all'のみをサポートする(その他の値は無視されます)'enforce'キーを使うと、以下のように設定できます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => { + enforce => 'any', + requires => [ + 'ip 1.2.3.4', + 'not host host.example.com', + 'user xyz', + ], + }, + }, + ], +} +``` + +`require`を`unmanaged`に設定すると、何も設定されません。これは、カスタムフラグメントで扱われる複雑な認証/権限要件に役立ちます。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + require => 'unmanaged', + } + ], +} +``` + + + +##### `satisfy` + +[Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy)に従い、`Satisfy`ディレクティブを設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', + } + ], +} +``` + +##### `sethandler` + +[Apache Coreドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler)に従い、`SetHandler`ディレクティブを設定します。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', + } + ], +} +``` + +##### `set_output_filter` + +[Apache Coreドキュメント](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter)に従い、`SetOutputFilter`ディレクティブを設定します。 + +``` puppet +apache::vhost{ 'filter.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + set_output_filter => puppetdb-strip-resource-params, + }, + ], +} +``` + +##### `rewrites` + +バーチャルホストディレクトリ内でURL [`rewrites`](#rewrites)ルールを作成します。ハッシュの配列が求められます。ハッシュキーは'comment'、'rewrite_base'、'rewrite_cond'または'rewrite_rule'のいずれかにすることができます。 + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], +} +``` + +> **注意**: ディレクトリにリライトを含める場合は、`apache::mod::rewrite`も含めてください。また、バーチャルホストのディレクトリのリライト設定ではなく、`apache::vhost`の`rewrites`パラメータを用いたリライトの設定を考慮してください。 + +##### `shib_request_settings` + +アプリケーションリクエストに関して、有効なコンテンツ設定の設定または変更を可能にします。このコマンドは、次の2つのパラメータをとります: コンテンツ設定の名前、およびそれについて設定する値。有効な設定については、Shibboleth [コンテンツ設定ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings)を参照してください。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_request_settings => { 'requiresession' => 'On' }, + shib_use_headers => 'On', + }, + ], +} +``` + +##### `shib_use_headers` + +'On'に設定すると、アプリケーションに属性を公開するリクエストヘッダの使用がオンになります。このキーの値は'On'または'Off'です。デフォルト値は'Off'です。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 + +##### `ssl_options` + +[SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)の文字列またはリスト。これにより、SSLエンジンのランタイムオプションが設定されます。このハンドラは、バーチャルホストの親ブロック内のSSLOptionsセットよりも優先されます。 + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + ssl_options => '+ExportCertData', + }, + { path => '/path/to/different/dir', + ssl_options => [ '-StdEnvVars', '+ExportCertData'], + }, + ], +} +``` + +##### `suphp` + +[suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG)設定に関する'user'および'group'キーを含むハッシュ。バーチャルホスト宣言で`suphp_engine => on`とともに使用する必要があり、`directories`内でのみ渡すことができます。 + +``` puppet +apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + suphp => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +``` +##### `additional_includes` + +バーチャルホストディレクトリ内にある追加の静的な固有のApache設定ファイルのパスを指定します。値: 文字列パスの配列。 + +``` puppet +apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/different/dir', + additional_includes => [ '/custom/path/includes', '/custom/path/another_includes', ], + }, + ], +} +``` + +#### `apache::vhost`のSSLパラメータ + +`::vhost`のすべてのSSLパラメータは、基本の`apache`クラスで設定された値がデフォルトになります。以下のパラメータを使えば、特定のバーチャルホストに関する個別のSSL設定を調整できます。 + +##### `ssl` + +バーチャルホストのSSLを有効にします。SSLバーチャルホストはHTTPSクエリにのみ応答します。値: ブーリアン。 + +デフォルト値: `false`。 + +##### `ssl_ca` + +SSL証明書認証局を指定します。 + +デフォルト値: `undef`。 + +##### `ssl_cert` + +SSL証明書を指定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +* RedHat: '/etc/pki/tls/certs/localhost.crt' +* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' +* FreeBSD: '/usr/local/etc/apache22/server.crt' +* Gentoo: '/etc/ssl/apache2/server.crt' + +##### `ssl_protocol` + +[SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol)を指定します。許可されるプロトコルの配列またはスペースで区切った文字列が求められます。 + +デフォルト値: 'all'、'-SSLv2'、'-SSLv3'。 + +##### `ssl_cipher` + +[SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite)を指定します。 + +デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5'。 + +##### `ssl_honorcipherorder` + +[SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder)を指定し、クライアントの優先順ではなくサーバの優先順をApacheに使用させます。値: + +値: ブーリアン、'on'、'off'。 + +デフォルト値: `true`。 + +##### `ssl_certs_dir` + +SSL証明書ディレクトリのロケーションを指定します。 + +デフォルト値: オペレーティングシステムによって異なります。 + +- Debian: '/etc/ssl/certs' +- Red Hat: '/etc/pki/tls/certs' +- FreeBSD: `undef` +- Gentoo: '/etc/ssl/apache2' + +##### `ssl_chain` + +SSLチェーンを指定します。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 + +デフォルト値: `undef`。 + +##### `ssl_crl` + +使用する証明書失効リストを指定します。(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。) + +デフォルト値: `undef`。 + +##### `ssl_crl_path` + +証明書失効リストの保存場所を指定します。(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。) + +デフォルト値: `undef`。 + +##### `ssl_crl_check` + +[SSLCARevocationCheckディレクティブ](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)により、証明書失効チェックレベルを設定します。このデフォルト値は設定しなくても機能しますが、本稼働環境でCRLを使用する際に指定する必要があります。Apache 2.4以上にのみ適用されます。それ以前のバージョンでは、この値は無視されます。 + +デフォルト値: `undef`。 + +##### `ssl_key` + +SSLキーを指定します。 + +デフォルト値はオペレーティングシステムによって異なります。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 + +* RedHat: '/etc/pki/tls/private/localhost.key' +* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' +* FreeBSD: '/usr/local/etc/apache22/server.key' +* Gentoo: '/etc/ssl/apache2/server.key' + +##### `ssl_verify_client` + +[SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)ディレクティブを設定します。これにより、クライアント認証に関する証明書確認レベルが設定されます。 + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_client => 'optional', +} +``` + +値: 'none'、'optional'、'require'、'optional_no_ca'。 + +デフォルト値: `undef`。 + + +##### `ssl_verify_depth` + +[SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)ディレクティブを設定します。これにより、クライアント認証確認におけるCA証明書の最大深さが指定されます。 + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_verify_depth => 1, +} +``` + +デフォルト値: `undef`。 + +##### `ssl_proxy_protocol` + +[SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)ディレクティブを設定します。これにより、プロキシに関するサーバ環境を確立する際に`mod_ssl`が使用すべきSSLプロトコルフレーバーを制御します。提示されたプロトコルのうちの1つのみを使用しているサーバに接続します。 + +デフォルト値: `undef`。 + +##### `ssl_proxy_verify` + +[SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)ディレクティブを設定します。これにより、リクエストをリモートSSLサーバに転送するようにプロキシが設定されている場合のリモートサーバの証明書確認を設定します。 + +デフォルト値: `undef`。 + +##### `ssl_proxy_verify_depth` + +[SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)ディレクティブを設定します。これにより、リモートサーバに有効な証明書がないと判断するにあたり、mod_sslが行う確認の深さを設定します。 + +深さ0では、自己署名リモートサーバ証明書のみが許可されます。デフォルトの深さ 1では、リモートサーバ証明書を自己署名にすることも、サーバが直接知っているCAにより署名することもできます。 + +デフォルト値: `undef`。 + +##### `ssl_proxy_ca_cert` + +[SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)ディレクティブを設定します。これにより、やりとりするリモートサーバに関する認証局(CA)の証明書を集められるオールインワンファイルを指定します。これはリモートサーバ認証に用いられます。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 + +デフォルト値: `undef`。 + +##### `ssl_proxy_machine_cert` + +[SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)ディレクティブを設定します。これにより、このサーバがリモートサーバの認証に用いる証明書とキーを保存するオールインワンファイルを指定します。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', +} +``` + +デフォルト値: `undef`。 + +##### `ssl_proxy_check_peer_cn` + +[SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを指定します。 + +値: 'on'、'off'。 + +デフォルト値: `undef`。 + +##### `ssl_proxy_check_peer_name` + +[SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを決定します。 + +値: 'on'、'off'。　 + +デフォルト値: `undef`。 + +##### `ssl_proxy_check_peer_expire` + +[SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)ディレクティブを設定します。これにより、リモートサーバの証明書の有効期限をチェックするかどうかを指定します。 + +値: 'on'、'off'。　 + +デフォルト値: `undef`。 + +##### `ssl_options` + +[SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)ディレクティブを設定します。これにより、各種のSSLエンジンのランタイムオプションを設定します。これは任意のバーチャルホスト全体の設定で、文字列にすることも配列にすることもできます。 + +文字列: + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => '+ExportCertData', +} +``` + +配列: + +``` puppet +apache::vhost { 'sample.example.net': + … + ssl_options => [ '+StrictRequire', '+ExportCertData' ], +} +``` + +デフォルト値: `undef`。 + +##### `ssl_openssl_conf_cmd` + +[SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)ディレクティブを設定します。これにより、OpenSSLパラメータを直接設定できます。 + +デフォルト値: `undef`。 + +##### `ssl_proxyengine` + +[SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine)を使用するかどうかを指定します。 + +ブーリアン。 + +デフォルト値: `true`。 + +##### `ssl_stapling` + +[SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling)を使用するかどうかを指定します。デフォルトでは、全体で設定されているものを使用します。 + +このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。 + +ブーリアンまたは`undef`。 + +デフォルト値: `undef`。 + +##### `ssl_stapling_timeout` + +[SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout)ディレクティブの設定に使用できます。 + +このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。　 + +デフォルト値: なし。 + +##### `ssl_stapling_return_errors` + +[SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors)ディレクティブの設定に使用できます。 + +このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。　 + +デフォルト値: なし。　 + +#### 定義タイプ: FastCGIサーバ + +このタイプは、mod\_fastcgiとともに使用します。特定のファイルタイプを扱う1つまたは複数の外部FastCGIサーバを定義することができます。 + +** 注意 ** Ubuntu 10.04+では、マルチバースリポジトリを手動で有効にする必要があります。 + +例: + +``` puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => `false`, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php', + pass_header => '' +} +``` + +その後、バーチャルホスト内で、上で指定したfastcgiサーバで扱う特定のファイルタイプを設定することができます。 + +``` puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +``` + +##### `host` + +FastCGIサーバのホスト名またはIPアドレスおよびTCPポート番号(1-65535)。 + +unixソケットを渡すこともできます。 + +``` puppet +apache::fastcgi::server { 'php': + host => '/var/run/fcgi.sock', +} +``` + +##### `timeout` + +リクエストが中止され、(エラーLogLevel)にイベントが記録されるまでに、FastCGIアプリケーションが非アクティブの状態で待機する秒数。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して、時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信が完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 + +##### `flush` + +アプリケーションから受信したデータを、強制的にクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 + +##### `faux_path` + +ローカルファイルシステムに存在する必要はありません。Apacheがこのファイル名に解読するURIは、この外部FastCGIアプリケーションにより処理されます。 + +##### `alias` + +一意のエイリアス。アクションとFastCGIサーバをリンクさせるために内部で用いられます。 + +##### `file_type` + +FastCGIサーバにより処理するファイルのMIMEタイプ。 + +##### `pass_header` + +リクエスト環境で渡されるHTTPリクエストヘッダの名前。このオプションにより、通常はCGI環境で利用できないヘッダコンテンツ(認証など)が利用できるようになります。 + +#### 定義タイプ: `apache::vhost::custom` + +`apache::vhost::custom`定義タイプは、 `apache::custom_config`定義タイプのシンラッパーで、Apacheにおいてバーチャルホストディレクトリに固有のデフォルト設定の一部をオーバーライドします。 + +**`apache::vhost::custom`内のパラメータ**: + +##### `content` + +設定ファイルのコンテンツを設定します。 + +##### `ensure` + +バーチャルホストファイルが存在するかどうかを指定します。 + +値: 'absent'、'present'。 + +デフォルト値: 'present'。 + +##### `priority` + +Apache HTTPD VirtualHost設定ファイルに関する相対的なロード順序を設定します。 + +デフォルト値: '25'。 + +##### `verify_config` + +Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 + +ブーリアン。 + +デフォルト値: `true`。 + +### プライベート定義タイプ + +#### 定義タイプ: `apache::peruser::multiplexer` + +この定義タイプは、Apacheモジュールにクラスがあるかどうかを確認します。クラスがある場合は、そのクラスを含めます。ない場合は、モジュール名を[`apache::mod`][]定義タイプに渡します。 + +#### 定義タイプ: `apache::peruser::multiplexer`　 + +FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。 + +#### 定義タイプ: `apache::peruser::processor` + +FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。　 + +#### 定義タイプ: `apache::security::file_link` + +[`apache::mod::security`][]の`activated_rules`をディスク上のそれぞれのCRSルールにリンクします。 + +### テンプレート + +Apacheモジュールは、[`apache::vhost`][]および[`apache::mod`][]定義タイプを有効にするにあたり、テンプレートに大きく依存しています。このテンプレートは、オペレーティングシステムに固有の[Facter][] factsをベースに構築されています。明示的にコールアウトされない限り、ほとんどのテンプレートは設定には使われません。 + +### 関数 +#### apache_pw_hash +Apacheが読みこむhtpasswdファイルに適したフォーマットでパスワードをハッシュします。 + +現在はSHAハッシュを使用しています。これは、このフォーマットは安全ではないとされているものの、ほとんどのプラットフォームでサポートされているもっとも安全なフォーマットであるためです。 + +## 制約事項 + +### 全般 + +このモジュールは、以下に関して、[オープンソースPuppet][]および[Puppet Enterprise][]の両方でCIテストが実施されています。 + +- CentOS 5および6 +- Ubuntu 12.04および14.04 +- Debian 7 +- RHEL 5、6、7 + +このモジュールでは、FreeBSD、Gentoo、Amazon Linuxなどの、他のディストリビューションおよびオペレーティングシステムで使用できる機能も提供されていますが、そうしたシステムについては公式なテストは実施されておらず、新たに不具合が生じる可能性があります。 + +### FreeBSD + +FreeBSDでこのモジュールを使用するには、apache24-2.4.12 (www/apache24)以降を使用する_必要があります_。 + +### Gentoo + +Gentooでは、このモジュールは[`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooに関しては、一部の機能や設定が適用または有効化されますが、このモジュールに[対応するオペレーティングシステム][]ではありません。 + +### RHEL/CentOS +[`apache::mod::auth_cas`][]、[`apache::mod::passenger`][]、[`apache::mod::proxy_html`][]、[`apache::mod::shib`][]クラスは、追加のリポジトリから依存関係パッケージが提供されていなければ、RH/CentOSでは機能しません。 + +関連するリポジトリとパッケージについては、以下の各ドキュメントを参照してください。 + +#### RHEL/CentOS 5 + +[`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 + +#### RHEL/CentOS 6 + +[`apache::mod::passenger`][]クラスは、EL6リポジトリに適合するパッケージがないため、インストールされません。 + +#### RHEL/CentOS 7 + +[`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、EL7リポジトリに適合するパッケージがないため、テストされていません。また、[`apache::vhost`][]定義タイプの[`rack_base_uris`][]パラメータも、同様の理由でテストされていません。 + +### SELinuxおよびカスタムパス + +[SELinux][]が[適用モード][]になっていて、`logroot`、`mod_dir`、`vhost_dir`、`docroot`に関してカスタムパスを使用したい場合は、ファイルのコンテキストを各自で管理する必要があります。 + +これにはPuppetを使用できます。 + +``` puppet +exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], +} + +package { 'policycoreutils-python': + ensure => installed, +} + +exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Class['Apache::Service'], + require => Class['apache'], +} + +class { 'apache': } + +host { 'test.server': + ip => '127.0.0.1', +} + +file { '/custom/path': + ensure => directory, +} + +file { '/custom/path/include': + ensure => present, + content => '#additional_includes', +} + +apache::vhost { 'test.server': + docroot => '/custom/path', + additional_includes => '/custom/path/include', +} +``` + +`chcon`ではなく、`semanage fcontext`を用いてコンテキストを設定する必要があります。これは、Puppetの`file`リソースでは、リソースにより指定されていない場合、その値のコンテキストがリセットされるためです。 + +### Ubuntu 10.04 + +[`apache::vhost::WSGIImportScript`][]パラメータにより、Apacheの古いバージョンではサポートされていないバーチャルホスト内のステートメントが作成され、不具合が生じます。これは今後のリファクタリングで修正される予定です。 + +### Ubuntu 16.04 +[`apache::mod::suphp`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 + +## 開発 + +### 貢献 + +[Puppet Forge][]上の[Puppet][]モジュールはオープンプロジェクトであり、その価値を維持するにはコミュニティからの貢献が欠かせません。Puppetが提供する膨大な数のプラットフォームや、無数のハードウェア、ソフトウェア、デプロイ設定に弊社がアクセスすることは不可能です。 + +できるだけ変更に簡単に貢献していただき、お使いの環境でモジュールが動作するようにしたいと考えています。モジュールの品質の維持と改善のため、Puppetは貢献者に守っていただくガイドラインを設けています。 + +詳細については、[モジュールコントリビューションガイド][]を参照してください。 + +### テスト + +このプロジェクトには、機能検証のための[rspec-puppet][]および[beaker-rspec][]に関するテストが含まれています。このツールの詳しい使い方については、それぞれのドキュメントを参照してください。 + +#### テストのクイックスタート: Ruby > 1.8.7 + +``` +gem install bundler +bundle install +bundle exec rake spec +bundle exec rspec spec/acceptance +RS_DEBUG=yes bundle exec rspec spec/acceptance +``` + +#### テストのクイックスタート: Ruby = 1.8.7 + +``` +gem install bundler +bundle install --without system_tests +bundle exec rake spec +``` From 04e489989408e20966552214ec2e547cb3fdd6df Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Wed, 13 Sep 2017 23:04:27 +1000 Subject: [PATCH 1245/2267] Updating translations for readmes/README_ja_JP.md From 497a318489432bbe8aa73c0e45164728f3777f78 Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Wed, 13 Sep 2017 23:06:58 +1000 Subject: [PATCH 1246/2267] Updating translations for readmes/README_ja_JP.md --- readmes/README_ja_JP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index fdb38df172..6b14af7341 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -2391,7 +2391,7 @@ NSS暗号化ライブラリを使用するApacheのSSLプロバイダ。 >**注意**: passengerモジュールは、EPELにより提供される依存関係パッケージと`mod_passengers`カスタムリポジトリがなければ、RH/CentOSでは使用できません。前述の`manage_repo`パラメータと[https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()を参照してください。 -**パラメータ**: [TODO: パラメータがリスト化されていなかったため(`manage_repo`は除く)、マニフェストから引き出しました。これらのパラメータの機能と可能な値、または(前述のmod_pagespeedによる)パラメータマッピングに関する外部ドキュメントを示すリンクを知る必要があります。] +**パラメータ**:__``<> * `passenger_conf_file`: `$::apache::params::passenger_conf_file` * `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` From 2dcba163935eee9013af9241fed4d877b1dfd393 Mon Sep 17 00:00:00 2001 From: Eric Putnam Date: Wed, 13 Sep 2017 10:55:14 -0700 Subject: [PATCH 1247/2267] readme link fix [skip ci] --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d75eb1fd8d..b191e53c45 100755 --- a/README.md +++ b/README.md @@ -5030,7 +5030,7 @@ Default: `undef`. ##### `ssl_crl_check` -Sets the certificate revocation check level via the [SSLCARevocationCheck directive] for ssl client authentication (https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck). The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) for ssl client authentication. The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. Default: `undef`. From 2b5a8b487c992b83a7316a3e4bd18566d69a9a95 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Thu, 14 Sep 2017 11:04:05 +0100 Subject: [PATCH 1248/2267] (maint) - Removing Debian 6 Support Removing Debian 6 from metadata. According to https://docs.puppet.com/pe/latest/sys_req_os.html Debian 6 is no longer supported. --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index 88a87b6ea1..237edfdd57 100644 --- a/metadata.json +++ b/metadata.json @@ -47,7 +47,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "6", "7", "8" ] From c837e1c264ae4bb654e8809f614edd0f7c0975d7 Mon Sep 17 00:00:00 2001 From: Hailee Kenney Date: Mon, 18 Sep 2017 14:55:08 -0700 Subject: [PATCH 1249/2267] (maint) modulesync 892c4cf --- CONTRIBUTING.md | 222 +++++++++++++++++++++++++++----------------- locales/config.yaml | 1 + 2 files changed, 139 insertions(+), 84 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 990edba7e7..1a9fb3a5cd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,63 +1,75 @@ -Checklist (and a short version for the impatient) -================================================= +# Contributing to Puppet modules - * Commits: +So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing +that very thing while setting expectations around code quality as well as a few tips for making the +process as easy as possible. - - Make commits of logical units. +### Table of Contents - - Check for unnecessary whitespace with "git diff --check" before - committing. +1. [Getting Started](#getting-started) +1. [Commit Checklist](#commit-checklist) +1. [Submission](#submission) +1. [More about commits](#more-about-commits) +1. [Testing](#testing) + - [Running Tests](#running-tests) + - [Writing Tests](#writing-tests) +1. [Get Help](#get-help) - - Commit using Unix line endings (check the settings around "crlf" in - git-config(1)). +## Getting Started - - Do not check in commented out code or unneeded files. +- Fork the module repository on GitHub and clone to your workspace - - The first line of the commit message should be a short - description (50 characters is the soft limit, excluding ticket - number(s)), and should skip the full stop. +- Make your changes! - - Associate the issue in the message. The first line should include - the issue number in the form "(#XXXX) Rest of message". +## Commit Checklist - - The body should provide a meaningful commit message, which: +### The Basics - - uses the imperative, present tense: "change", not "changed" or - "changes". +- [x] my commit is a single logical unit of work - - includes motivation for the change, and contrasts its - implementation with the previous behavior. +- [x] I have checked for unnecessary whitespace with "git diff --check" - - Make sure that you have tests for the bug you are fixing, or - feature you are adding. +- [x] my commit does not include commented out code or unneeded files - - Make sure the test suites passes after your commit: - `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below +### The Content - - When introducing a new feature, make sure it is properly - documented in the README.md +- [x] my commit includes tests for the bug I fixed or feature I added - * Submission: +- [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality + +- [x] my code passes existing test suites - * Pre-requisites: +### The Commit Message - - Make sure you have a [GitHub account](https://github.com/join) +- [x] the first line of my commit message includes: - - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. + - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" + + - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - * Preferred method: +- [x] the body of my commit message: - - Fork the repository on GitHub. + - [x] is meaningful - - Push your changes to a topic branch in your fork of the - repository. (the format ticket/1234-short_description_of_change is - usually preferred for this project). + - [x] uses the imperative, present tense: "change", not "changed" or "changes" - - Submit a pull request to the repository in the puppetlabs - organization. + - [x] includes motivation for the change, and contrasts its implementation with the previous behavior -The long version -================ +## Submission + +### Pre-requisites + +- Make sure you have a [GitHub account](https://github.com/join) + +- [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. + +### Push and PR + +- Push your changes to your fork + +- [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization + +## More about commits 1. Make separate commits for logically separate changes. @@ -104,37 +116,32 @@ The long version GitHub has some pretty good [general documentation](http://help.github.com/) on using their site. They also have documentation on - [creating pull requests](http://help.github.com/send-pull-requests/). + [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). In general, after pushing your topic branch up to your repository on GitHub, you can switch to the branch in the GitHub UI and click "Pull Request" towards the top of the page in order to open a pull request. + 3. Update the related JIRA issue. - 3. Update the related GitHub issue. - - If there is a GitHub issue associated with the change you + If there is a JIRA issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you may wish to make. -Testing -======= +# Testing -Getting Started ---------------- +## Getting Started -Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby -package manager such as [bundler](http://bundler.io/) what Ruby packages, +Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, or Gems, are required to build, develop, and test this software. -Please make sure you have [bundler installed](http://bundler.io/#getting-started) -on your system, then use it to install all dependencies needed for this project, -by running +Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to +install all dependencies needed for this project in the project root by running ```shell -% bundle install +% bundle install --path .bundle/gems Fetching gem metadata from https://rubygems.org/........ Fetching gem metadata from https://rubygems.org/.. Using rake (10.1.0) @@ -148,7 +155,7 @@ Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. ``` -NOTE some systems may require you to run this command with sudo. +NOTE: some systems may require you to run this command with sudo. If you already have those gems installed, make sure they are up-to-date: @@ -156,26 +163,27 @@ If you already have those gems installed, make sure they are up-to-date: % bundle update ``` -With all dependencies in place and up-to-date we can now run the tests: +## Running Tests + +With all dependencies in place and up-to-date, run the tests: + +### Unit Tests ```shell % bundle exec rake spec ``` -This will execute all the [rspec tests](http://rspec-puppet.com/) tests -under [spec/defines](./spec/defines), [spec/classes](./spec/classes), -and so on. rspec tests may have the same kind of dependencies as the -module they are testing. While the module defines in its [Modulefile](./Modulefile), +This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. +rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), rspec tests define them in [.fixtures.yml](./fixtures.yml). -Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) -tests. These tests spin up a virtual machine under -[VirtualBox](https://www.virtualbox.org/)) with, controlling it with -[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test -scenarios. In order to run these, you will need both of those tools -installed on your system. +### Acceptance Tests + +Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test +scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. -You can run them by issuing the following command +Run the tests by issuing the following command ```shell % bundle exec rake spec_clean @@ -183,35 +191,81 @@ You can run them by issuing the following command ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), -install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). -Writing Tests -------------- +## Writing Tests + +### Unit Tests -XXX getting started writing tests. +When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a +catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] +but here's a tiny sample: -If you have commit access to the repository -=========================================== +Sample manifest: -Even if you have commit access to the repository, you will still need to -go through the process above, and have someone else review and merge -in your changes. The rule is that all changes must be reviewed by a -developer on the project (that did not write the code) to ensure that -all changes go through a code review process. +```puppet +file { "a test file": + ensure => present, + path => "/etc/sample", +} +``` + +Sample test: -Having someone other than the author of the topic branch recorded as -performing the merge is the record that they performed the code -review. +```ruby +it 'does a thing' do + expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) +end +``` +### Acceptance Tests + +Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it +twice to check for idempotency or errors, then run expectations. + +```ruby +it 'does an end-to-end thing' do + pp = <<-EOF + file { 'a test file': + ensure => present, + path => "/etc/sample", + content => "test string", + } + + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + +end + +describe file("/etc/sample") do + it { is_expected.to contain "test string" } +end -Additional Resources -==================== +``` -* [Getting additional help](http://puppet.com/community/get-help) +# If you have commit access to the repository -* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) +Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge +in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that +all changes go through a code review process.** -* [General GitHub documentation](http://help.github.com/) +The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. +# Get Help + +### On the web +* [Puppet help messageboard](http://puppet.com/community/get-help) +* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) +* [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) + +### On chat +* Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli +* IRC (freenode) #puppet-dev, #voxpupuli + + +[rspec-puppet]: http://rspec-puppet.com/ +[rspec-puppet_docs]: http://rspec-puppet.com/documentation/ +[beaker]: https://github.com/puppetlabs/beaker +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec diff --git a/locales/config.yaml b/locales/config.yaml index 0ec10ba977..c837de7d08 100644 --- a/locales/config.yaml +++ b/locales/config.yaml @@ -22,4 +22,5 @@ gettext: # Patterns for +Dir.glob+ used to find all files that might contain # translatable content, relative to the project root directory source_files: + - './lib/**/*.rb' From 2b8cb376586aebf2d9014ba96b945520ad5bfaa9 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Wed, 27 Sep 2017 10:49:43 +0100 Subject: [PATCH 1250/2267] Updated docs for passenger_spawn_method --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 8af33ddcfd..d02c6b1f98 100755 --- a/README.md +++ b/README.md @@ -3782,6 +3782,10 @@ Default: '[none]'. Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. +Valid options: `smart` or `direct`. + +Default: `undef`. + ##### `passenger_app_root` Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. From eea8ecf63ee5ee56d9dc0af2664f834b7a79deb7 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 8 Sep 2017 12:38:35 +0200 Subject: [PATCH 1251/2267] Include mod_wsgi when using wsgi options This copies the if statement around the wsgi concat fragment so mod_wsgi is loaded if any option is used. --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8d2edde44a..8d423bb7da 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -225,7 +225,7 @@ include ::apache::mod::vhost_alias } - if $wsgi_daemon_process { + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { include ::apache::mod::wsgi } From 057f49dbf4ab318e7312af588b34ff7c490ec4d4 Mon Sep 17 00:00:00 2001 From: Will Meek Date: Wed, 27 Sep 2017 14:51:59 +0100 Subject: [PATCH 1252/2267] Add unit tests to test Apache wsgi logic changes. This commit will add unit tests to test the logic around code changes which include the Apache wsgi module if a number of options are set. --- spec/defines/vhost_spec.rb | 90 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 85dc72e37b..c1d1417925 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -992,6 +992,96 @@ it { is_expected.to_not contain_concat__fragment('rspec.example.com-limits') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end + context 'wsgi_application_group should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_application_group' => '%{GLOBAL}', + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end + context 'wsgi_daemon_process should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process' => 'wsgi', + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end + context 'wsgi_import_script on its own should not set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script' => '/var/www/demo.wsgi', + } + end + it { is_expected.not_to contain_class("apache::mod::wsgi") } + end + context 'wsgi_import_script_options on its own should not set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}' + }, + } + end + it { is_expected.not_to contain_class("apache::mod::wsgi") } + end + context 'wsgi_import_script and wsgi_import_script_options should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}' + }, + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end + context 'wsgi_process_group should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process' => 'wsgi', + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end + context 'wsgi_script_aliases with non-empty aliases should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi' + }, + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end + context 'wsgi_script_aliases with empty aliases should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_aliases' => { }, + } + end + it { is_expected.not_to contain_class("apache::mod::wsgi") } + end + context 'wsgi_pass_authorization should set apache::mod::wsgi' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_pass_authorization' => 'On', + } + end + it { is_expected.to contain_class("apache::mod::wsgi") } + end context 'when not setting nor managing the docroot' do let :params do { From 6c1ed75df6988dee291041c1bc4251f0f9525be9 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 27 Sep 2017 13:58:44 +0100 Subject: [PATCH 1253/2267] MODULES-5649 Do not install mod_fastcgi on el7 --- manifests/mod/fastcgi.pp | 4 +++- manifests/params.pp | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index 543a322336..399d93aa7c 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -1,6 +1,8 @@ class apache::mod::fastcgi { include ::apache - + if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) { + fail('mod_fastcgi is no longer supported on el7 and above.') + } # Debian specifies it's fastcgi lib path, but RedHat uses the default value # with no config file $fastcgi_lib_path = $::apache::params::fastcgi_lib_path diff --git a/manifests/params.pp b/manifests/params.pp index 666fd224f3..bca827d44e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -106,7 +106,11 @@ default => 'mod_authz_ldap', }, 'authnz_pam' => 'mod_authnz_pam', - 'fastcgi' => 'mod_fastcgi', + 'fastcgi' => $::apache::version::distrelease ? { + '5' => 'mod_fastcgi', + '6' => 'mod_fastcgi', + default => undef, + }, 'fcgid' => 'mod_fcgid', 'geoip' => 'mod_geoip', 'intercept_form_submit' => 'mod_intercept_form_submit', From 39f95b858e048c66cb8b920ff84fca46bf3d63e5 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Wed, 27 Sep 2017 10:27:20 +0100 Subject: [PATCH 1254/2267] 2.2.0 - Release Prep --- CHANGELOG.md | 15 +++++++++++++++ metadata.json | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7efa9b8753..100cfee6e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,20 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## Supported Release [2.2.0] +### Summary +This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost. + +#### Added +- `PassengerSpawnMethod` added to `vhost`. + +#### Changed +- Improve version match fact for `apache_version` +- Update to prefork.conf params for Apache 2.4 +- Updates to `CONTRIBUTING.md` +- Do not install mod_fastcgi on el7 +- Include mod_wsgi when using wsgi options + ## Supported Release [2.1.0] ### Summary This is a feature release including a security patch (CVE-2017-2299) @@ -899,6 +913,7 @@ worker/prefork * f672e46 a2mod fix * 8a56ee9 add pthon support to apache +[2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0 [2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 [2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 [1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1 diff --git a/metadata.json b/metadata.json index a4410508ba..2d7606852f 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "2.1.0", + "version": "2.2.0", "author": "puppet", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From 530ed87474eaca01a81c3e78e0b94e436ace089d Mon Sep 17 00:00:00 2001 From: Emmanuel Gelati Date: Fri, 29 Sep 2017 16:17:49 +0200 Subject: [PATCH 1255/2267] Added listenbacklog to prefork module --- manifests/mod/prefork.pp | 1 + templates/mod/prefork.conf.erb | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 989de6e5b0..63e3a294f5 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -8,6 +8,7 @@ $maxrequestsperchild = '4000', $maxconnectionsperchild = undef, $apache_version = undef, + $listenbacklog = '511' ) { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) diff --git a/templates/mod/prefork.conf.erb b/templates/mod/prefork.conf.erb index ab4a871c6e..01f0b84f87 100644 --- a/templates/mod/prefork.conf.erb +++ b/templates/mod/prefork.conf.erb @@ -13,4 +13,5 @@ <%- elsif @maxrequestsperchild -%> MaxRequestsPerChild <%= @maxrequestsperchild %> <%- end -%> + ListenBacklog <%= @listenbacklog %> From 26be410012af3614cd7eb0a0ccf43618f147b8aa Mon Sep 17 00:00:00 2001 From: Felix Dominguez Date: Fri, 29 Sep 2017 10:13:49 -0500 Subject: [PATCH 1256/2267] MODULES-5426 : Minor changes to the readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index d4d606200e..a38e9716c6 100755 --- a/README.md +++ b/README.md @@ -2242,8 +2242,7 @@ $mount_file_content = { Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). -The current set of server configurations settings were taking directly from the [Passenger Reference](https://www.phusionpassenger.com/library/config/apache/reference/). Deprecation warning and removal failure messages can be enabled by setting the `passenger_installed_version` to -the version number installed on the server. +The current set of server configurations settings were taken directly from the [Passenger Reference](https://www.phusionpassenger.com/library/config/apache/reference/). To enable deprecation warnings and removal failure messages, set the `passenger_installed_version` to the version number installed on the server. **Parameters**: From 447870be97270c9b55c6516fd4885c86ddc161ae Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 5 Oct 2017 14:29:16 +0300 Subject: [PATCH 1257/2267] Added specific RSpec::Expectations::ExpectationNotMetError execeptions to supress test warnings. --- spec/defines/vhost_spec.rb | 44 +++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index c1d1417925..4dea0c75bc 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1197,7 +1197,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad suphp_engine' do let :params do @@ -1207,7 +1207,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad ip_based' do let :params do @@ -1217,7 +1217,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad access_log' do let :params do @@ -1227,7 +1227,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad error_log' do let :params do @@ -1237,7 +1237,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad_ssl' do let :params do @@ -1247,7 +1247,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad default_vhost' do let :params do @@ -1257,7 +1257,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad ssl_proxyengine' do let :params do @@ -1267,7 +1267,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad rewrites' do let :params do @@ -1277,7 +1277,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad rewrites 2' do let :params do @@ -1287,7 +1287,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'empty rewrites' do let :params do @@ -1307,7 +1307,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad wsgi_script_alias' do let :params do @@ -1317,7 +1317,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad wsgi_daemon_process_options' do let :params do @@ -1327,7 +1327,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad wsgi_import_script_alias' do let :params do @@ -1337,7 +1337,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad itk' do let :params do @@ -1347,7 +1347,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad logroot_ensure' do let :params do @@ -1357,7 +1357,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad log_level' do let :params do @@ -1367,7 +1367,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'access_log_file and access_log_pipe' do let :params do @@ -1378,7 +1378,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'error_log_file and error_log_pipe' do let :params do @@ -1389,7 +1389,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad fallbackresource' do let :params do @@ -1399,7 +1399,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad custom_fragment' do let :params do @@ -1409,7 +1409,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'bad access_logs' do let :params do @@ -1419,7 +1419,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error } + it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } end context 'default of require all granted' do let :params do From 4480250bfe643fd8d47827d376b462b510e6146c Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 5 Oct 2017 15:22:37 +0300 Subject: [PATCH 1258/2267] Change to each test to use Puppet::Error --- spec/defines/vhost_spec.rb | 44 +++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 4dea0c75bc..9a1427b999 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1197,7 +1197,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad suphp_engine' do let :params do @@ -1207,7 +1207,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad ip_based' do let :params do @@ -1217,7 +1217,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad access_log' do let :params do @@ -1227,7 +1227,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad error_log' do let :params do @@ -1237,7 +1237,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad_ssl' do let :params do @@ -1247,7 +1247,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad default_vhost' do let :params do @@ -1257,7 +1257,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad ssl_proxyengine' do let :params do @@ -1267,7 +1267,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad rewrites' do let :params do @@ -1277,7 +1277,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad rewrites 2' do let :params do @@ -1287,7 +1287,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'empty rewrites' do let :params do @@ -1307,7 +1307,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad wsgi_script_alias' do let :params do @@ -1317,7 +1317,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad wsgi_daemon_process_options' do let :params do @@ -1327,7 +1327,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad wsgi_import_script_alias' do let :params do @@ -1337,7 +1337,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad itk' do let :params do @@ -1347,7 +1347,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad logroot_ensure' do let :params do @@ -1357,7 +1357,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad log_level' do let :params do @@ -1367,7 +1367,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'access_log_file and access_log_pipe' do let :params do @@ -1378,7 +1378,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'error_log_file and error_log_pipe' do let :params do @@ -1389,7 +1389,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad fallbackresource' do let :params do @@ -1399,7 +1399,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad custom_fragment' do let :params do @@ -1409,7 +1409,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'bad access_logs' do let :params do @@ -1419,7 +1419,7 @@ } end let :facts do default_facts end - it { expect { is_expected.to compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError) } + it { is_expected.to raise_error(Puppet::Error) } end context 'default of require all granted' do let :params do From 89c5adec7ae70dea37d1a3a3b03fb873de1264db Mon Sep 17 00:00:00 2001 From: Tames McTigue Date: Thu, 5 Oct 2017 17:18:42 +0300 Subject: [PATCH 1259/2267] Adding ldap_trusted_mode parameter to mod_ldap module --- README.md | 3 +++ manifests/mod/ldap.pp | 1 + spec/classes/mod/ldap_spec.rb | 2 ++ templates/mod/ldap.conf.erb | 3 +++ 4 files changed, 9 insertions(+) diff --git a/README.md b/README.md index d02c6b1f98..7f255c63c5 100755 --- a/README.md +++ b/README.md @@ -2337,6 +2337,7 @@ Installs and configures [`mod_ldap`][], and allows you to modify the class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', + ldap_trusted_mode => 'TLS', ldap_shared_cache_size => '500000', ldap_cache_entries => '1024', ldap_cache_ttl => '600', @@ -2357,6 +2358,8 @@ class { 'apache::mod::ldap': Default: 'CA_BASE64'. +* `ldap_trusted_mode`: Specifies the SSL/TLS mode to be used when connecting to an LDAP server. + * `ldap_shared_cache_size`: Specifies the size, in bytes, of the shared memory cache. * `ldap_cache_entries`: Specifies the maximum number of entries in the primary LDAP cache. diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index 3e51592227..e80114dde4 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -8,6 +8,7 @@ $ldap_cache_ttl = undef, $ldap_opcache_entries = undef, $ldap_opcache_ttl = undef, + $ldap_trusted_mode = undef, ){ include ::apache diff --git a/spec/classes/mod/ldap_spec.rb b/spec/classes/mod/ldap_spec.rb index 73c51adf28..0f49f0b02d 100644 --- a/spec/classes/mod/ldap_spec.rb +++ b/spec/classes/mod/ldap_spec.rb @@ -34,6 +34,7 @@ let(:params) {{ :ldap_trusted_global_cert_file => 'ca.pem', :ldap_trusted_global_cert_type => 'CA_DER', + :ldap_trusted_mode => 'TLS', :ldap_shared_cache_size => '500000', :ldap_cache_entries => '1024', :ldap_cache_ttl => '600', @@ -41,6 +42,7 @@ :ldap_opcache_ttl => '600' }} it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedMode TLS$/) } it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) } it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheEntries 1024$/) } it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheTTL 600$/) } diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb index 5ac0c1c546..d0a11b6957 100644 --- a/templates/mod/ldap.conf.erb +++ b/templates/mod/ldap.conf.erb @@ -12,6 +12,9 @@ <% if @ldap_trusted_global_cert_file -%> LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %> <% end -%> +<% if @ldap_trusted_mode -%> +LDAPTrustedMode <%= @ldap_trusted_mode %> +<% end -%> <%- if @ldap_shared_cache_size -%> LDAPSharedCacheSize <%= @ldap_shared_cache_size %> <%- end -%> From a12a1a0794bf0321365ce51e798628e1f511ef92 Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Fri, 6 Oct 2017 04:51:55 +1100 Subject: [PATCH 1260/2267] Updating translations for readmes/README_ja_JP.md --- readmes/README_ja_JP.md | 283 +++++++++++++++++++++++----------------- 1 file changed, 165 insertions(+), 118 deletions(-) diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 6b14af7341..c8293c684d 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -29,7 +29,6 @@ [開発]: #development [貢献]: #contributing -[テスト]: #testing [`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset [`add_listen`]: #add_listen @@ -90,6 +89,7 @@ [コモンゲートウェイインターフェース]: https://httpd.apache.org/docs/current/howto/cgi.html [`confd_dir`]: #confd_dir [`content`]: #content +[CONTRIBUTING.md]: CONTRIBUTING.md [カスタムエラードキュメント]: https://httpd.apache.org/docs/current/custom-error.html [`custom_fragment`]: #custom_fragment @@ -1369,7 +1369,7 @@ HTTPDサービスの再起動にあたり、Puppetが特定のコマンドを使 ##### `ssl_ca` -SSL証明書認証局を指定します。 [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)。 +SSL証明書認証局を指定します。[SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)を使用してSSLクライアント認証で使用する証明書を確認します。これはバーチャルホストレベルでオーバーライドすることが可能です。 @@ -1437,7 +1437,7 @@ httpd.confの/ディレクトリについて、デフォルトのアクセスポ `[^.#]\*.conf[^~]`などの値に設定すると、このディレクトリで偶発的に作成されたファイル(バージョン管理システムやエディタのバックアップにより作成されたファイルなど)がサーバ設定に*含まれなく*なります。 -デフォルト: '*'、また、このモジュールの過去のバージョンのBC。 +デフォルト値: '*'。一部のオペレーティングシステムでは、`*.conf`の値が使用されます。デフォルトでは、このモジュールは`.conf`で終わる設定ファイルを作成します。 @@ -1595,6 +1595,7 @@ class { 'apache::mod::alias': * `jk` ([`apache::mod::jk`]参照) * `ldap` ([`apache::mod::ldap`][]参照) * `lookup_identity` +* `macro` ([`apache:mod:macro`][]参照) * `mime` * `mime_magic`\* * `negotiation` @@ -1636,7 +1637,7 @@ class { 'apache::mod::alias': [`mod_alias`][]をインストールして管理します。 -**パラメータ**: +**パラメータ**:　 * `icons_options`: Apache [`Options`]ディレクティブにより、アイコンディレクトリのディレクトリリスティングを無効にします。 @@ -1685,17 +1686,17 @@ class{'apache::mod::diskio': } ``` -**パラメータ**: +**パラメータ**:　 * `dump_io_input`: すべての入力データをエラーログにダンプします。 - 値: 'On'、'Off'。 + 値: 'On'、'Off'。　デフォルト値: 'Off'。 * `dump_io_output`: すべての出力データをエラーログにダンプします。 - 値: 'On'、'Off'。 + 値: 'On'、'Off'。　デフォルト値: 'Off'。 @@ -1703,7 +1704,7 @@ class{'apache::mod::diskio': [`mod_mpm_event`][]をインストールして管理します。同じサーバ上に、`apache::mod::event`と一緒に[`apache::mod::itk`][]、[`apache::mod::peruser`][]、[`apache::mod::prefork`][]、[`apache::mod::worker`][]を含めることはできません。 -**パラメータ**: +**パラメータ**:　 * `listenbacklog`: モジュールの[`ListenBackLog`][]ディレクティブでペンディング接続キューの最大長を設定します。`false`に設定すると、このパラメータが削除されます。 @@ -1745,7 +1746,7 @@ class{'apache::mod::diskio': > **注意**: auth_casモジュールは、EPELにより提供される依存関係パッケージがなければ、RH/CentOSで使用できません。 [https://github.com/Jasig/mod_auth_cas]()を参照してください。 -**パラメータ**: +**パラメータ**:　 - `cas_attribute_prefix`: ヘッダを追加します。SAMLバリデーションが有効になっている場合には、このヘッダの値が属性値になります。 @@ -1912,7 +1913,7 @@ class { 'apache::mod::authn_dbd': * `authn_dbd_min`: DBDMinに相当します。 - デフォルト値: 4。 + デフォルト値: 4。　 * `authn_dbd_params`: **必須**。接続文字列に関して、DBDParamsに相当します。 @@ -2086,7 +2087,7 @@ apache::vhost { 'example.org': ブーリアン。 - デフォルト値: `false`。　 + デフォルト値: `false`。 * `flag`: GeoIPフラグを設定します。 @@ -2132,9 +2133,9 @@ apache::vhost { 'example.org': 値: IPv4アドレス、IPv6アドレス、または範囲の1つまたは複数のオクテット、またはいずれかの配列。 - デフォルト値: ['127.0.0.1','::1']。 + デフォルト値: ['127.0.0.1','::1']。　 -* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。 +* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。　デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。 @@ -2153,6 +2154,7 @@ apache::vhost { 'example.org': ``` puppet class { '::apache::mod::jk': + ip = '192.168.2.15', workers_file = 'conf/workers.properties', mount_file = 'conf/uriworkermap.properties', shm_file = 'run/jk.shm', @@ -2165,7 +2167,31 @@ class { '::apache::mod::jk': **`apache::mod::jk`**内のパラメータ: -`mod_jk`パラメータを理解するための情報源としては、[公式ドキュメント](https://tomcat.apache.org/connectors-doc/reference/apache.html)が最適です。ただし、\*file_contentはこれに含まれません。 +`mod_jk`パラメータを理解するための情報源としては、[公式ドキュメント](https://tomcat.apache.org/connectors-doc/reference/apache.html)が最適です。ただし、次はこれに含まれません: + +**add_listen** + +パラメータ`ip`および `port`に従って`Listen`ディレクティブを定義して(下記参照)、ApacheがIP/portの組合せをリッスンし`mod_jk`にリダイレクトするようにします。 +`Listen *:`または`Listen `のように、別の`Listen`ディレクティブが`mod_jk`バインディングで必要なものと競合するときに役立ちます。 + +タイプ: ブール値 +デフォルト: true + +**ip** + +`mod_jk`にバインディングするIP。 +バインディングアドレスがプライマリのネットワークインターフェースIPではないときに役立ちます。 + +タイプ: 文字列 +デフォルト: `$facts['ipaddress']` + +**port** + +`mod_jk`にバインディングするポート。 +リバースプロキシまたはキャッシュのような、別のものがポート80でリクエストを受信して、異なるポートのApacheに転送する必要があるときに役立ちます。 + +タイプ: 文字列(数値) +デフォルト: '80' **workers\_file\_content** @@ -2188,7 +2214,7 @@ worker.other_name.type=ajp12 (why would you?) worker.other_name.socket_keepalive=false ``` -以下のようにパラメータ化する必要があります。 +以下のようにパラメータ化する必要があります。　 ``` $workers_file_content = { @@ -2238,7 +2264,39 @@ $mount_file_content = { }, ``` -##### クラス: `apache::mod::passenger` +**shm\_file and log\_file** + +これらのファイルがどのように定義されているかによって、クラスはそれらの最終パスを別々に作成します。 +- 相対パス: `logroot`で提供されたパスを追加します (下記参照) +- 絶対パスまたはパイプ: 提供されたパスをそのまま使用します + +例 (RHEL 6): + +``` +shm_file => 'shm_file' +# Ends up in +$shm_path = '/var/log/httpd/shm_file' +``` +``` +shm_file => '/run/shm_file' +# Ends up in +$shm_path = '/run/shm_file' +``` +``` +shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' +# Ends up in +$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' +``` + +> デフォルトのlogrootは十分健全です。このため、絶対パスを指定することは推奨しません。 + +**logroot** + +`shm_file`および`log_file`のベースディレクトリは`logroot`パラメータで決定されます。指定されない場合、デフォルトは`apache::params::logroot`です。 + +> デフォルトのlogrootは十分健全です。このため、上書きすることは推奨しません。 + +##### クラス: `apache::mod::passenger`　 [`mod_passenger`][]をインストールして管理します。Red Hatベースのシステムの場合は、[passengerドキュメント](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux)に記載された最小要件を満たしていることを確認してください。 @@ -2320,7 +2378,7 @@ class { 'apache::mod::ldap': * `force_language_priority`: `ForceLanguagePriority`オプションを設定します。 - 値: 文字列。 + 値: 文字列。　デフォルト値: `Prefer Fallback`。 @@ -2391,7 +2449,7 @@ NSS暗号化ライブラリを使用するApacheのSSLプロバイダ。 >**注意**: passengerモジュールは、EPELにより提供される依存関係パッケージと`mod_passengers`カスタムリポジトリがなければ、RH/CentOSでは使用できません。前述の`manage_repo`パラメータと[https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()を参照してください。 -**パラメータ**:__``<> +**パラメータ**:　 * `passenger_conf_file`: `$::apache::params::passenger_conf_file` * `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` @@ -2428,8 +2486,6 @@ I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使 **`apache::mod::proxy`内のパラメータ**: -. - - `allow_from`: デフォルト値: `undef` - `apache_version`: デフォルト値: `undef` - `package_name`: デフォルト値: `undef` @@ -2530,19 +2586,19 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `ssl_compression` - デフォルト値: `false` + デフォルト値: `false`。 * `ssl_cryptodevice` - デフォルト値: 'builtin' + デフォルト値: 'builtin'　 * `ssl_honorcipherorder` - デフォルト値: `true` + デフォルト値: `true`。 * `ssl_openssl_conf_cmd` - デフォルト値: `undef` + デフォルト値: `undef`。 * `ssl_options` @@ -2558,13 +2614,13 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `ssl_random_seed_bytes` - 値: 文字列。 + 値: 文字列。　デフォルト値: '512' * `ssl_sessioncachetimeout` - 値: 文字列。 + 値: 文字列。　デフォルト値: '300' @@ -2588,7 +2644,7 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `allow_from`: `/server-status`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 - デフォルト値: ['127.0.0.1','::1']。 + デフォルト値: ['127.0.0.1','::1']。　 * `extended_status`: [`ExtendedStatus`][]ディレクティブをつうじて、各リクエストに関する拡張ステータス情報を追跡するかどうかを決定します。値: 'Off'、'On'。 @@ -2661,7 +2717,7 @@ ${modsec\_dir}/activated\_rules。 * `secpcrematchlimit`: PCREライブラリのマッチ限度数を設定します。 - デフォルト値: 1500。 + デフォルト値: 1500。　 * `secpcrematchlimitrecursion`: PCREライブラリのマッチ再帰制限数を設定します。 @@ -2685,7 +2741,7 @@ ${modsec\_dir}/activated\_rules。 * `inbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、インバウンドブロッキングルールのスコアリング閾値レベルを設定します。 - デフォルト値: 5。 + デフォルト値: 5。　 * `outbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、アウトバウンドブロッキングルールのスコアリング閾値レベルを設定します。 @@ -2731,17 +2787,17 @@ ${modsec\_dir}/activated\_rules。 * `mod_path`: `mod_wsgi`共有オブジェクト(`.so`)ファイルのパスを定義します。 - デフォルト値: `undef`。　 + デフォルト値: `undef`。 * `mod_path`パラメータに`/`が含まれていない場合、Puppetではオペレーティングシステムのデフォルトのモジュールパスの先頭にこれを付加します。含まれている場合は、そのとおりに扱われます。 * `package_name`: `mod_wsgi`をインストールするパッケージの名前。 - デフォルト値: `undef`。　 + デフォルト値: `undef`。 * `wsgi_python_home`: '/path/to/venv'などの[`WSGIPythonHome`][]ディレクティブを定義します。 - 値: パスを指定する文字列。 + 値: パスを指定する文字列。　デフォルト値: `undef`。 @@ -2825,7 +2881,7 @@ Apacheデーモンを管理します。ブーリアン。 -デフォルト値: `true`。　 +デフォルト値: `true`。 #### 定義タイプ: `apache::balancermember` @@ -2835,7 +2891,7 @@ Apacheデーモンを管理します。 ##### `balancer_cluster` -**必須**。 +**必須**。　 Apacheサービスのインスタンス名を設定します。宣言された[`apache::balancer`][]リソースの名前と一致する必要があります。 @@ -2849,7 +2905,7 @@ Apacheサービスのインスタンス名を設定します。宣言された[` URL後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 -デフォルト値: 空配列。 +デフォルト値: 空配列。　 #### 定義タイプ: `apache::custom_config` @@ -2861,7 +2917,7 @@ Apacheサーバの`conf.d`ディレクトリにカスタム設定ファイルを設定ファイルが存在するべきかどうかを指定します。 -値: 'absent'、'present'。 +値: 'absent'、'present'。　デフォルト値: 'present'。　 @@ -2875,7 +2931,7 @@ Puppetが設定ファイルを置くディレクトリを設定します。設定ファイルのコンテンツを設定します。`content`および[`source`][]パラメータは、相互排他的な関係にあります。 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `filename` @@ -2889,11 +2945,11 @@ Apacheでは設定ファイルがアルファベット順に処理されるた設定ファイル名の優先順位の接頭値を無視するには、このパラメータを`false`に設定します。 -デフォルト値: '25'。　 +デフォルト値: '25'。 ##### `source` -設定ファイルのソースを指し示します。[`content`][]および`source`パラメータは、相互排他的な関係にあります。 +設定ファイルのソースを指します。[`content`][]および`source`パラメータは互いに排他的です。デフォルト値: `undef`。　 @@ -2911,7 +2967,7 @@ Apacheサービスに通知する前に設定ファイルのバリデーショブーリアン。 -デフォルト値: `true`。　 +デフォルト値: `true`。 #### 定義タイプ: `apache::fastcgi::server` @@ -2935,7 +2991,7 @@ FastCGIのホスト名またはIPアドレスおよびTCPポート番号(1-65535 アプリケーションから受信したデータを、強制的に[`mod_fastcgi`][FastCGI]がクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 -デフォルト値: `false`。　 +デフォルト値: `false`。 ##### `faux_path` @@ -2971,7 +3027,7 @@ Apacheサーバまたはバーチャルホストのリッスンするアドレ PuppetがApacheモジュールのインストールに使用するパッケージの名前。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `package_ensure` @@ -3006,7 +3062,7 @@ Apacheモジュールをインストールの必要性をPuppetが確認する [`LoadFile`][]ディレクティブの配列を指定します。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `path` @@ -3028,6 +3084,15 @@ apacheモジュールでは、バーチャルホストのセットアップと `apache::vhost`定義タイプでは、カスタムフラグメントの`order`パラメータについては10の倍数が使用されるため、10の倍数ではない`order`が機能します。 +> **Note:** `apache::vhost`を作成するとき、`default`または`default-ssl`を指定することはできません。これはこの属性を持つvhostsが常にモジュールによって管理されるためです。これは`Apache::Vhost['default']`または`Apache::Vhost['default-ssl]`リソースを上書きできないことを意味します。オプションの回避策として、`my default`などの別の名前のvhostを作成して、`default`および`default_ssl`が`false`に設定されていることを確認します。 + +``` +class { 'apache': + default_vhost => false + default_ssl_vhost => false, +} +``` + **パラメータ**:　 ##### `access_log` @@ -3042,13 +3107,13 @@ apacheモジュールでは、バーチャルホストのセットアップと特定の環境変数を持つリクエストのみをロギングするように指定します。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `access_log_file` [`logroot`][]に置く`*_access.log`のファイル名を設定します。バーチャルホスト---例えばexample.comなど---を与えると、[SSL暗号化][SSL暗号化]バーチャルホストの場合はデフォルト値が'example.com_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com_access.log'になります。 -デフォルト値: `false`。　 +デフォルト値: `false`。 ##### `access_log_format` @@ -3060,19 +3125,19 @@ apacheモジュールでは、バーチャルホストのセットアップと Apacheがアクセスログメッセージを送信するパイプを指定します。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `access_log_syslog` すべてのアクセスログメッセージをsyslogに送ります。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `add_default_charset` [`AddDefaultCharset`][]ディレクティブのデフォルトのメディア文字セット値を設定します。これは`text/plain`および`text/html`応答に追加されます。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `add_listen` @@ -3082,7 +3147,7 @@ Apacheがアクセスログメッセージを送信するパイプを指定しブーリアン。 -デフォルト値: `true`。　 +デフォルト値: `true`。 ##### `use_optional_includes` @@ -3090,7 +3155,7 @@ Apache 2.4以降の`additional_includes`について、Apacheが[`Include`][]のブーリアン。 -デフォルト値: `false`。　 +デフォルト値: `false`。 ##### `additional_includes` @@ -3104,7 +3169,7 @@ Apache 2.4以降の`additional_includes`について、Apacheが[`Include`][]の [ハッシュ][ハッシュ]のリストをバーチャルホストに渡し、[`mod_alias`][]ドキュメントに従って[`Alias`][]、[`AliasMatch`][]、[`ScriptAlias`][]、または[`ScriptAliasMatch`][]ディレクティブを作成します。 -例: +例:　 ``` puppet aliases => [ @@ -3154,7 +3219,7 @@ SAMLバリデーションが有効になっている場合に、このヘッダ `cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字を設定します。 -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 +デフォルト値: [`apache::mod::auth_cas`][]により設定された値。　 ##### `cas_login_url` @@ -3190,13 +3255,13 @@ HTTPクエリ文字列でクライアントの提示するチケットをバリカスタム設定ディレクティブの文字列を渡し、バーチャルホスト設定の最後に配置します。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `default_vhost` 任意の`apache::vhost`定義タイプを、他の`apache::vhost`定義タイプと一致しないリクエストをサーブするためのデフォルトとして設定します。 -デフォルト値: `false`。　 +デフォルト値: `false`。 ##### `directories` @@ -3206,7 +3271,7 @@ HTTPクエリ文字列でクライアントの提示するチケットをバリディレクトリ名の最後で'/'を指定することで、クライアントがディレクトリのインデックスをリクエストした際に探すべきリソースのリストを設定します。詳細については、[`DirectoryIndex`][]ディレクティブドキュメントを参照してください。 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `docroot` @@ -3224,7 +3289,7 @@ HTTPクエリ文字列でクライアントの提示するチケットをバリ値: システムグループを指定する文字列。 -デフォルト値: 'root'。 +デフォルト値: 'root'。　 ##### `docroot_owner` @@ -3240,7 +3305,7 @@ HTTPクエリ文字列でクライアントの提示するチケットをバリ値: 文字列。　 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `manage_docroot` @@ -3248,7 +3313,7 @@ Puppetが[`docroot`][]ディレクトリを管理するかどうかを決定しブーリアン。 -デフォルト値: `true`。　 +デフォルト値: `true`。 ##### `error_log` @@ -3288,7 +3353,7 @@ Puppetが[`docroot`][]ディレクトリを管理するかどうかを決定しこのバーチャルホストの[エラードキュメント](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定のオーバーライドに使用できるハッシュのリスト。 -例: +例:　 ``` puppet apache::vhost { 'sample.example.net': @@ -3307,7 +3372,7 @@ apache::vhost { 'sample.example.net': 値: 'absent'、'present'。　 -デフォルト値: 'present'。 +デフォルト値: 'present'。　 ##### `fallbackresource` @@ -3356,7 +3421,7 @@ apache::vhost { "$::fqdn": レスポンスヘッダを置換、結合、または削除するための行を追加します。詳細については、[Apacheのmod_headersドキュメント](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)を参照してください。 -値: 文字列または文字列の配列。 +値: 文字列または文字列の配列。　デフォルト値: `undef`。 @@ -3388,7 +3453,7 @@ apache::vhost { 'sample.example.net': group => 'somegroup', }, } -``` +```　値: ハッシュ。キーを含めることもできます。 @@ -3400,7 +3465,7 @@ apache::vhost { 'sample.example.net': * `limituidrange` (Linux 3.5.0以降) * `limitgidrange` (Linux 3.5.0以降) -通常は、以下のように使用します。 +通常は、以下のように使用します。　 ``` puppet apache::vhost { 'sample.example.net': @@ -3438,7 +3503,7 @@ apache::vhost { 'sample.example.net': バーチャルホストの関連オプションを設定するには、`keepalive_timeout`および`max_keepalive_requests`パラメータを使用します。 -値: 'Off', 'On'。 +値: 'Off'、'On'。デフォルト値: `undef`。　 @@ -3446,7 +3511,7 @@ apache::vhost { 'sample.example.net': バーチャルホストの[`KeepAliveTimeout`]ディレクティブを設定します。これにより、HTTPの持続的接続で後続のリクエストを実行するまでの待機時間が決まります。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 -このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。 +このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。　デフォルト値: `undef`。　 @@ -3456,7 +3521,7 @@ apache::vhost { 'sample.example.net': このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。　 -デフォルト値: `undef`。　 +デフォルト値: `undef`。 ##### `auth_kerb` @@ -3654,7 +3719,7 @@ apache::vhost { 'sample.example.net': プロキシを使用しないURLを指定します。このパラメータは、[`proxy_dest`](#proxy_dest)と組み合わせて使用することはできません。 -デフォルト値: []。 +デフォルト値: []。　 ##### `no_proxy_uris_match` @@ -3711,11 +3776,19 @@ apache::vhost { 'site.name.fdqn': デフォルト値: '[none]'。 +##### `passenger_spawn_method` + +[PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod)を設定します。Passengerが引き起こしたアプリケーションに直接か、preforkのcopy-on-writeメカニズムを使用します。 + +有効なオプション: `smart`または`direct`。 + +デフォルト値: `undef`。 + ##### `passenger_app_root` [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot)を設定します。これは、DocumentRootと異なる場合のPassengerアプリケーションルートのロケーションです。 -値: パスを指定する文字列。 +値: パスを指定する文字列。　デフォルト値: `undef`。 @@ -3731,7 +3804,7 @@ apache::vhost { 'site.name.fdqn': デフォルトでは、PassengerログメッセージはApacheグローバルエラーログに書き込まれます。[PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile)を使えば、そのメッセージを別のファイルに書き込むように設定することができます。このオプションは、Passenger 5.0.5以降でのみ使用できます。 -値: パスを指定する文字列。 +値: パスを指定する文字列。　デフォルト値: `undef`。 @@ -4901,7 +4974,7 @@ apache::vhost { 'sample.example.net': ##### `ssl_ca` -SSL証明書認証局を指定します。 +使用するSSL認証局を指定して、認証に使用するクライアントの証明書を検証します。これを使用するには、`ssl_verify_client`も設定する必要があります。デフォルト値: `undef`。 @@ -4938,14 +5011,9 @@ SSL証明書を指定します。 ##### `ssl_certs_dir` -SSL証明書ディレクトリのロケーションを指定します。 - -デフォルト値: オペレーティングシステムによって異なります。 +SSL認証ディレクトリの場所を指定してクライアントの証明書を検証します。`ssl_verify_client`も設定されていない限り使用されません(下記参照)。 -- Debian: '/etc/ssl/certs' -- Red Hat: '/etc/pki/tls/certs' -- FreeBSD: `undef` -- Gentoo: '/etc/ssl/apache2' +デフォルト: undef ##### `ssl_chain` @@ -4961,13 +5029,13 @@ SSLチェーンを指定します。このデフォルト値は設定しなく ##### `ssl_crl_path` -証明書失効リストの保存場所を指定します。(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。) +証明書失効リストの保存場所を指定して、クライアント認証の証明書を検証します(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります)。デフォルト値: `undef`。 ##### `ssl_crl_check` -[SSLCARevocationCheckディレクティブ](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)により、証明書失効チェックレベルを設定します。このデフォルト値は設定しなくても機能しますが、本稼働環境でCRLを使用する際に指定する必要があります。Apache 2.4以上にのみ適用されます。それ以前のバージョンでは、この値は無視されます。 +[SSLCARevocationCheckディレクティブ](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)により、SSLクライアント認証の証明書失効チェックレベルを設定します。このデフォルト値は設定しなくても機能しますが、本稼働環境でCRLを使用する際に指定する必要があります。Apache 2.4以上にのみ適用され、それ以前のバージョンではこの値は無視されます。デフォルト値: `undef`。 @@ -5000,11 +5068,12 @@ apache::vhost { 'sample.example.net': ##### `ssl_verify_depth` -[SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)ディレクティブを設定します。これにより、クライアント認証確認におけるCA証明書の最大深さが指定されます。 +[SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)ディレクティブを設定します。これにより、クライアント認証確認におけるCA証明書の最大深さが指定されます。これを有効にするには、`ssl_verify_client`を設定する必要があります。 ``` puppet apache::vhost { 'sample.example.net': … + ssl_verify_client => 'require', ssl_verify_depth => 1, } ``` @@ -5029,13 +5098,13 @@ apache::vhost { 'sample.example.net': 深さ0では、自己署名リモートサーバ証明書のみが許可されます。デフォルトの深さ 1では、リモートサーバ証明書を自己署名にすることも、サーバが直接知っているCAにより署名することもできます。 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxy_ca_cert` [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)ディレクティブを設定します。これにより、やりとりするリモートサーバに関する認証局(CA)の証明書を集められるオールインワンファイルを指定します。これはリモートサーバ認証に用いられます。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxy_machine_cert` @@ -5048,15 +5117,15 @@ apache::vhost { 'sample.example.net': } ``` -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxy_check_peer_cn` [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを指定します。 -値: 'on'、'off'。 +値: 'on'、'off'。　 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxy_check_peer_name` @@ -5064,7 +5133,7 @@ apache::vhost { 'sample.example.net': 値: 'on'、'off'。　 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxy_check_peer_expire` @@ -5072,7 +5141,7 @@ apache::vhost { 'sample.example.net': 値: 'on'、'off'。　 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_options` @@ -5102,7 +5171,7 @@ apache::vhost { 'sample.example.net': [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)ディレクティブを設定します。これにより、OpenSSLパラメータを直接設定できます。 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_proxyengine` @@ -5116,11 +5185,11 @@ apache::vhost { 'sample.example.net': [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling)を使用するかどうかを指定します。デフォルトでは、全体で設定されているものを使用します。 -このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。 +このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。　ブーリアンまたは`undef`。 -デフォルト値: `undef`。 +デフォルト値: `undef`。　 ##### `ssl_stapling_timeout` @@ -5128,7 +5197,7 @@ apache::vhost { 'sample.example.net': このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。　 -デフォルト値: なし。 +デフォルト値: なし。　 ##### `ssl_stapling_return_errors` @@ -5218,9 +5287,9 @@ FastCGIサーバにより処理するファイルのMIMEタイプ。バーチャルホストファイルが存在するかどうかを指定します。 -値: 'absent'、'present'。 +値: 'absent'、'present'。　 -デフォルト値: 'present'。 +デフォルト値: 'present'。　 ##### `priority` @@ -5238,13 +5307,13 @@ Apacheサービスに通知する前に設定ファイルのバリデーショ ### プライベート定義タイプ -#### 定義タイプ: `apache::peruser::multiplexer` +#### 定義タイプ: `apache::peruser::multiplexer`　この定義タイプは、Apacheモジュールにクラスがあるかどうかを確認します。クラスがある場合は、そのクラスを含めます。ない場合は、モジュール名を[`apache::mod`][]定義タイプに渡します。 #### 定義タイプ: `apache::peruser::multiplexer`　 -FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。 +FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。　 #### 定義タイプ: `apache::peruser::processor` @@ -5364,26 +5433,4 @@ apache::vhost { 'test.server': できるだけ変更に簡単に貢献していただき、お使いの環境でモジュールが動作するようにしたいと考えています。モジュールの品質の維持と改善のため、Puppetは貢献者に守っていただくガイドラインを設けています。 -詳細については、[モジュールコントリビューションガイド][]を参照してください。 - -### テスト - -このプロジェクトには、機能検証のための[rspec-puppet][]および[beaker-rspec][]に関するテストが含まれています。このツールの詳しい使い方については、それぞれのドキュメントを参照してください。 - -#### テストのクイックスタート: Ruby > 1.8.7 - -``` -gem install bundler -bundle install -bundle exec rake spec -bundle exec rspec spec/acceptance -RS_DEBUG=yes bundle exec rspec spec/acceptance -``` - -#### テストのクイックスタート: Ruby = 1.8.7 - -``` -gem install bundler -bundle install --without system_tests -bundle exec rake spec -``` +詳細については、[モジュールコントリビューションガイド][]および[CONTRIBUTING.md][]を参照してください。 From e085ab413bf6de16c9f155da27f6623840f4bbaa Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 4 Oct 2017 14:06:27 +0100 Subject: [PATCH 1261/2267] FM-6469 new feature --- README.md | 7 +++++ spec/acceptance/init_task_spec.rb | 20 ++++++++++++++ spec/spec_helper_acceptance.rb | 46 +++++++++++++++++++++++++++++++ tasks/init.json | 12 ++++++++ tasks/init.rb | 23 ++++++++++++++++ 5 files changed, 108 insertions(+) create mode 100644 spec/acceptance/init_task_spec.rb create mode 100644 tasks/init.json create mode 100755 tasks/init.rb diff --git a/README.md b/README.md index d02c6b1f98..0272e31c6c 100755 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ [Public defined types]: #public-defined-types [Private defined types]: #private-defined-types [Templates]: #templates +[Tasks]: #tasks [Limitations]: #limitations @@ -287,6 +288,7 @@ - [Public defined types][] - [Private defined types][] - [Templates][] + - [Tasks][] 5. [Limitations - OS compatibility, etc.][Limitations] 6. [Development - Guide for contributing to the module][Development] - [Contributing to the apache module][Contributing] @@ -814,6 +816,7 @@ Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balanc - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor) - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link) - [**Templates**](#templates) +- [**Tasks**](#tasks) ### Public Classes @@ -5330,6 +5333,10 @@ Links the `activated_rules` from [`apache::mod::security`][] to the respective C The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. +### Tasks + +The Apache module has an example task that allows a user to reload the Apache config without restarting the service. Please refer to to the PE documentation or Bolt documentation on how to execute a task. + ### Functions #### apache_pw_hash Hashes a password in a format suitable for htpasswd files read by apache. diff --git a/spec/acceptance/init_task_spec.rb b/spec/acceptance/init_task_spec.rb new file mode 100644 index 0000000000..923188cb14 --- /dev/null +++ b/spec/acceptance/init_task_spec.rb @@ -0,0 +1,20 @@ +# run a test task +require 'spec_helper_acceptance' + +describe 'apache tasks', if: pe_install? && puppet_version =~ %r{(5\.\d\.\d)} do + describe 'reload' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::listen { '9090':} + EOS + + apply_manifest(pp, :catch_failures => true) + + it 'execute reload' do + result = run_task(task_name: 'apache', params: 'action=reload') + expect_multiple_regexes(result: result, regexes: [%r{reload successful}, %r{Job completed. 1/1 nodes succeeded}]) + end + end +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index c652104c25..39e47a849f 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -3,10 +3,55 @@ require 'beaker/puppet_install_helper' require 'beaker/module_install_helper' +def install_bolt_on(hosts) + on(hosts, "/opt/puppetlabs/puppet/bin/gem install --source http://rubygems.delivery.puppetlabs.net bolt -v '> 0.0.1'", acceptable_exit_codes: [0, 1]).stdout +end + +def pe_install? + ENV['PUPPET_INSTALL_TYPE'] =~ %r{pe}i +end + +def puppet_version + (on default, puppet('--version')).output.chomp +end + run_puppet_install_helper +install_bolt_on(hosts) unless pe_install? install_module_on(hosts) install_module_dependencies_on(hosts) +DEFAULT_PASSWORD = if default[:hypervisor] == 'vagrant' + 'vagrant' + elsif default[:hypervisor] == 'vcloud' + 'Qu@lity!' + end + +def run_puppet_access_login(user:, password: '~!@#$%^*-/ aZ', lifetime: '5y') + on(master, puppet('access', 'login', '--username', user, '--lifetime', lifetime), stdin: password) +end + +def run_task(task_name:, params: nil, password: DEFAULT_PASSWORD) + if pe_install? + run_puppet_task(task_name: task_name, params: params) + else + run_bolt_task(task_name: task_name, params: params, password: password) + end +end + +def run_bolt_task(task_name:, params: nil, password: DEFAULT_PASSWORD) + on(master, "/opt/puppetlabs/puppet/bin/bolt task run #{task_name} --modules /etc/puppetlabs/code/modules/service --nodes localhost --password #{password} #{params}", acceptable_exit_codes: [0, 1]).stdout # rubocop:disable Metrics/LineLength +end + +def run_puppet_task(task_name:, params: nil) + on(master, puppet('task', 'run', task_name, '--nodes', fact_on(master, 'fqdn'), params.to_s), acceptable_exit_codes: [0, 1]).stdout +end + +def expect_multiple_regexes(result:, regexes:) + regexes.each do |regex| + expect(result).to match(regex) + end +end + RSpec.configure do |c| c.filter_run :focus => true c.run_all_when_everything_filtered = true @@ -26,6 +71,7 @@ # Configure all nodes in nodeset c.before :suite do + run_puppet_access_login(user: 'admin') if pe_install? # net-tools required for netstat utility being used by be_listening if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' pp = <<-EOS diff --git a/tasks/init.json b/tasks/init.json new file mode 100644 index 0000000000..4030a621db --- /dev/null +++ b/tasks/init.json @@ -0,0 +1,12 @@ +{ + "summary": "Allows you to perform apache functions", + "description": "Allows you to perform apache functions", + "supports_noop": false, + "input_method": "stdin", + "parameters": { + "action": { + "description": "Action to perform ", + "type": "Enum[reload]" + } + } +} diff --git a/tasks/init.rb b/tasks/init.rb new file mode 100755 index 0000000000..a6a474d080 --- /dev/null +++ b/tasks/init.rb @@ -0,0 +1,23 @@ +#!/opt/puppetlabs/puppet/bin/ruby +require 'json' +require 'open3' +require 'puppet' + +def service(action) + cmd_string = "service apache2 #{action}" + stdout, stderr, status = Open3.capture3(cmd_string) + raise Puppet::Error, stderr if status != 0 + { status: "#{action} successful" } +end + +params = JSON.parse(STDIN.read) +action = params['action'] + +begin + result = service(action) + puts result.to_json + exit 0 +rescue Puppet::Error => e + puts({ status: 'failure', error: e.message }.to_json) + exit 1 +end From 626d7e4058c8604393bb6dbe202365c52984af01 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 6 Oct 2017 16:20:16 -0700 Subject: [PATCH 1262/2267] Add pe/bolt docs links, remove word 'example' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0272e31c6c..fdbf933ddc 100755 --- a/README.md +++ b/README.md @@ -5335,7 +5335,7 @@ The Apache module relies heavily on templates to enable the [`apache::vhost`][] ### Tasks -The Apache module has an example task that allows a user to reload the Apache config without restarting the service. Please refer to to the PE documentation or Bolt documentation on how to execute a task. +The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. ### Functions #### apache_pw_hash From f660d5450c4846461213540a944103c524e056e4 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 6 Oct 2017 16:55:52 -0700 Subject: [PATCH 1263/2267] Move apply_manifest into rspec 'it' --- spec/acceptance/init_task_spec.rb | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/spec/acceptance/init_task_spec.rb b/spec/acceptance/init_task_spec.rb index 923188cb14..78bdaa05e6 100644 --- a/spec/acceptance/init_task_spec.rb +++ b/spec/acceptance/init_task_spec.rb @@ -3,16 +3,16 @@ describe 'apache tasks', if: pe_install? && puppet_version =~ %r{(5\.\d\.\d)} do describe 'reload' do - pp = <<-EOS - class { 'apache': - default_vhost => false, - } - apache::listen { '9090':} - EOS + it 'execute reload' do + pp = <<-EOS + class { 'apache': + default_vhost => false, + } + apache::listen { '9090':} + EOS - apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_failures => true) - it 'execute reload' do result = run_task(task_name: 'apache', params: 'action=reload') expect_multiple_regexes(result: result, regexes: [%r{reload successful}, %r{Job completed. 1/1 nodes succeeded}]) end From 5f4d5689fa831bcb32e00772f6c0fddab088b80e Mon Sep 17 00:00:00 2001 From: TP Honey Date: Mon, 9 Oct 2017 12:18:29 +0100 Subject: [PATCH 1264/2267] Update init.json --- tasks/init.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tasks/init.json b/tasks/init.json index 4030a621db..0d0ceaeb40 100644 --- a/tasks/init.json +++ b/tasks/init.json @@ -1,7 +1,5 @@ { - "summary": "Allows you to perform apache functions", - "description": "Allows you to perform apache functions", - "supports_noop": false, + "description": "Allows you to perform apache service functions", "input_method": "stdin", "parameters": { "action": { From 6102db86bd38f608db2776ca159013566714ee83 Mon Sep 17 00:00:00 2001 From: tphoney Date: Tue, 10 Oct 2017 11:50:56 +0100 Subject: [PATCH 1265/2267] Release prep --- CHANGELOG.md | 7 +++++++ metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 100cfee6e0..46ee4e92fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## Supported Release [2.3.0] +### Summary +This is a feature release. It includes a task that will reload the apache service. + +#### Added +- Add a task that allows the reloading of the Apache service. + ## Supported Release [2.2.0] ### Summary This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost. diff --git a/metadata.json b/metadata.json index 2d7606852f..0f9f5e8275 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "2.2.0", + "version": "2.3.0", "author": "puppet", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From e1034ecae2554d2bc459ee06387c605204618458 Mon Sep 17 00:00:00 2001 From: Paul Barton Date: Wed, 2 Aug 2017 14:08:04 -0500 Subject: [PATCH 1266/2267] Support for UseCanonicalName On | on | Off | off | DNS | dns apache and apache::vhost support for UseCanonicalName. This directive controls how Apache uses self-referential URLs. --- README.md | 10 ++++++++++ manifests/init.pp | 2 ++ manifests/vhost.pp | 11 +++++++++++ spec/classes/apache_spec.rb | 8 ++++++++ spec/defines/vhost_spec.rb | 1 + templates/httpd.conf.erb | 3 +++ templates/vhost/_use_canonical_name.erb | 4 ++++ 7 files changed, 39 insertions(+) create mode 100644 templates/vhost/_use_canonical_name.erb diff --git a/README.md b/README.md index c73053143f..a521e98b8b 100755 --- a/README.md +++ b/README.md @@ -261,6 +261,8 @@ [template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable +[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname + [`verify_config`]: #verify_config [`vhost`]: #defined-type-apachevhost [`vhost_dir`]: #vhost_dir @@ -1390,6 +1392,14 @@ Values: 'Off', 'On'. Default: 'On'. +##### `use_canonical_name` + +Controls Apache's [`UseCanonicalName`][] directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. + +Values: 'On', 'on', 'Off', 'off', 'DNS', 'dns'. + +Default: `undef`. + ##### `use_systemd` Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. diff --git a/manifests/init.pp b/manifests/init.pp index 39dc593334..c05df90123 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -80,6 +80,8 @@ $trace_enable = 'On', Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, $file_e_tag = undef, + Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] + $use_canonical_name = undef, $package_ensure = 'installed', Boolean $use_optional_includes = $::apache::params::use_optional_includes, $use_systemd = $::apache::params::use_systemd, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8d423bb7da..5d9a535c01 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -175,6 +175,7 @@ $cas_login_url = undef, $cas_validate_url = undef, $cas_validate_saml = undef, + Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef, ) { # The base class must be included first because it is used by parameter defaults @@ -1067,6 +1068,16 @@ } } + # Template uses: + # - $use_canonical_name + if $use_canonical_name { + concat::fragment { "${name}-use_canonical_name": + target => "${priority_real}${filename}.conf", + order => 360, + content => template('apache/vhost/_use_canonical_name.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 355f9f108d..025b99b46b 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -118,6 +118,14 @@ it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^FileETag None$} } end + context "when specifying canonical name behaviour" do + let :params do + { :use_canonical_name => 'dns' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^UseCanonicalName dns$} } + end + context "when specifying default character set" do let :params do { :default_charset => 'none' } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index c1d1417925..097eb970d4 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -392,6 +392,7 @@ 'use_optional_includes' => true, 'suexec_user_group' => 'root root', 'allow_encoded_slashes' => 'nodecode', + 'use_canonical_name' => 'dns', 'passenger_spawn_method' => 'direct', 'passenger_app_root' => '/usr/share/myapp', 'passenger_app_env' => 'test', diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index ddb40b57e2..d3dd2c30bb 100755 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -68,6 +68,9 @@ AllowEncodedSlashes <%= @allow_encoded_slashes %> <%- if @file_e_tag -%> FileETag <%= @file_e_tag %> <%- end -%> +<%- if @use_canonical_name -%> +UseCanonicalName <%= @use_canonical_name %> +<%- end -%> #Listen 80 diff --git a/templates/vhost/_use_canonical_name.erb b/templates/vhost/_use_canonical_name.erb new file mode 100644 index 0000000000..4f2e3ee224 --- /dev/null +++ b/templates/vhost/_use_canonical_name.erb @@ -0,0 +1,4 @@ +<%- if @use_canonical_name -%> + + UseCanonicalName <%= @use_canonical_name %> +<%- end -%> From 27806dc8eff708920f589cf92221f446867689c6 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Wed, 11 Oct 2017 14:47:10 +0100 Subject: [PATCH 1267/2267] Update link to Release in CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46ee4e92fd..c7fb17fc90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -920,6 +920,7 @@ worker/prefork * f672e46 a2mod fix * 8a56ee9 add pthon support to apache +[2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0 [2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0 [2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 [2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 From 9343f20018f00558767a2a6358729b48d7e3bb29 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Wed, 11 Oct 2017 18:58:51 +0200 Subject: [PATCH 1268/2267] Fix markdown syntax --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 96977880ef..a1cdb9eb96 100755 --- a/README.md +++ b/README.md @@ -3454,7 +3454,7 @@ Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.ht Default: `undef`. -#####`fastcgi_idle_timeout` +##### `fastcgi_idle_timeout` If using fastcgi, this option sets the timeout for the server to respond. @@ -4031,7 +4031,7 @@ Specifies the resource identifiers for a rack configuration. The file paths spec Default: `undef`. -#####`passenger_base_uris` +##### `passenger_base_uris` Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. From 9a61477dbd72e7139a6599bf51462ef876b31745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 17 Oct 2017 10:33:34 +0200 Subject: [PATCH 1269/2267] (doc) Do not quote arrays The README mixed quoted arrays and non-quoted arrays. Consistently use non-quoted arrays which prevalents. --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a1cdb9eb96..4e6a65ae4d 100755 --- a/README.md +++ b/README.md @@ -2736,7 +2736,7 @@ Allows user-specific directories to be accessed using the `http://example.com/~u * `overrides`: An [array][] of directive-types. - Default: '[ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]'. + Default: [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]. ##### Class: `apache::mod::version` @@ -3438,7 +3438,7 @@ apache::vhost { 'sample.example.net': } ``` -Default: '[]'. +Default: []. ##### `ensure` @@ -3623,7 +3623,7 @@ Related parameters follow the names of `mod_auth_kerb` directives: - `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. - `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. - `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. -- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: '[]'. +- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: []. - `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`. - `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`. @@ -3848,7 +3848,7 @@ Default: ['Indexes','FollowSymLinks','MultiViews'], Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. -Default: '[none]'. +Default: ['None']. ##### `passenger_spawn_method` @@ -4255,7 +4255,7 @@ Default: `undef`. Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. -Default: '[]'. +Default: []. ##### `servername` @@ -4267,7 +4267,7 @@ Default: the title of the resource. Used by HTTPD to set environment variables for virtual hosts. -Default: '[]'. +Default: []. Example: @@ -4281,13 +4281,13 @@ apache::vhost { 'setenv.example.com': Used by HTTPD to conditionally set environment variables for virtual hosts. -Default: '[]'. +Default: []. ##### `setenvifnocase` Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). -Default: '[]'. +Default: []. ##### `suphp_*` From 803140700d36fb6845aa81cf2bec8dd8697b3081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 17 Oct 2017 10:38:21 +0200 Subject: [PATCH 1270/2267] (doc) Do not use space in angle brackets The README mixed use of spaces in angle brackets. Consistently remove these spaces since it's prevalent. --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 4e6a65ae4d..0a208af5da 100755 --- a/README.md +++ b/README.md @@ -1993,7 +1993,7 @@ Installs and configures [`mod_deflate`][]. * `types`: An [array][] of [MIME types][MIME `content*type`] to be deflated. - Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json' ]. + Default: ['text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']. * `notes`: A [Hash][] where the key represents the type and the value represents the note name. @@ -2457,7 +2457,7 @@ Installs and configures [`mod_negotiation`][]. * `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. - Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW' ] + Default: ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW'] ##### Class: `apache::mod::nss` @@ -2640,9 +2640,9 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] - `ssl_cryptodevice`: Default: 'builtin'. - `ssl_honorcipherorder`: Default: true. - `ssl_openssl_conf_cmd`: Default: undef. -- `ssl_options`: Default: [ 'StdEnvVars' ] +- `ssl_options`: Default: ['StdEnvVars'] - `ssl_pass_phrase_dialog`: Default: 'builtin'. -- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. +- `ssl_protocol`: Default: ['all', '-SSLv2', '-SSLv3']. - `ssl_proxy_protocol`: Default: []. - `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. - `ssl_sessioncache`: Valid options: A string. Default: '300'. @@ -2675,7 +2675,7 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] * `ssl_options` - Default: [ 'StdEnvVars' ] + Default: ['StdEnvVars'] * `ssl_pass_phrase_dialog` @@ -2683,7 +2683,7 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] * `ssl_protocol` - Default: [ 'all', '*SSLv2', '*SSLv3' ]. + Default: ['all', '*SSLv2', '*SSLv3']. * `ssl_random_seed_bytes` @@ -2736,7 +2736,7 @@ Allows user-specific directories to be accessed using the `http://example.com/~u * `overrides`: An [array][] of directive-types. - Default: [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]. + Default: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']. ##### Class: `apache::mod::version` @@ -3737,13 +3737,13 @@ Array of mod_security Msgs to remove from the virtual host. Also takes a hash al ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_msgs => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ], + modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], } ``` ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_msgs => { '/location1' => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ] }, + modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, } ``` @@ -3755,13 +3755,13 @@ Array of mod_security Tags to remove from the virtual host. Also takes a hash al ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ], + modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], } ``` ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, + modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, } ``` @@ -4952,12 +4952,12 @@ apache::vhost { 'secure.example.net': rewrites => [ { comment => 'Permalink Rewrites', rewrite_base => '/' }, - { rewrite_rule => [ '^index\.php$ - [L]' ] + { rewrite_rule => ['^index\.php$ - [L]'] }, - { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', + { rewrite_cond => ['%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', ], - rewrite_rule => [ '. /index.php [L]' ], + rewrite_rule => ['. /index.php [L]'], } ], }, @@ -4999,7 +4999,7 @@ apache::vhost { 'secure.example.net': ssl_options => '+ExportCertData', }, { path => '/path/to/different/dir', - ssl_options => [ '-StdEnvVars', '+ExportCertData'], + ssl_options => ['-StdEnvVars', '+ExportCertData'], }, ], } @@ -5031,7 +5031,7 @@ apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', - additional_includes => [ '/custom/path/includes', '/custom/path/another_includes', ], + additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], }, ], } @@ -5236,7 +5236,7 @@ An array: ``` puppet apache::vhost { 'sample.example.net': … - ssl_options => [ '+StrictRequire', '+ExportCertData' ], + ssl_options => ['+StrictRequire', '+ExportCertData'], } ``` From 38010145918bf439c58aa3f1988fbfe820bebbdc Mon Sep 17 00:00:00 2001 From: Johnson Earls Date: Sun, 22 Oct 2017 17:43:47 +0000 Subject: [PATCH 1271/2267] Reduce Travis test parallelism Set the maximum parallel test processors to 16, to reduce the load on the Travis servers and prevent tests from being killed. --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 0c6f904c32..fcb1693670 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,10 @@ script: "bundle exec rake release_checks" #Inserting below due to the following issue: https://github.com/travis-ci/travis-ci/issues/3531#issuecomment-88311203 before_install: - gem update bundler +# Reduce load on Travis servers to prevent tests from being killed +env: + global: + - PARALLEL_TEST_PROCESSORS=16 matrix: fast_finish: true include: From 9589f82a6dd237f8819bba1f302140e8d84c422c Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Wed, 25 Oct 2017 16:22:12 +1300 Subject: [PATCH 1272/2267] added option to include CacheIgnoreHeaders for disk_cache module --- manifests/mod/disk_cache.pp | 3 ++- templates/mod/disk_cache.conf.erb | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 7cd72701e4..25f864b75d 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,5 +1,6 @@ class apache::mod::disk_cache ( - $cache_root = undef, + $cache_root = undef, + $cache_ignore_headers = undef, ) { include ::apache if $cache_root { diff --git a/templates/mod/disk_cache.conf.erb b/templates/mod/disk_cache.conf.erb index b1b460e522..f0721628e3 100644 --- a/templates/mod/disk_cache.conf.erb +++ b/templates/mod/disk_cache.conf.erb @@ -2,3 +2,6 @@ CacheEnable disk / CacheRoot "<%= @_cache_root %>" CacheDirLevels 2 CacheDirLength 1 +<% if scope['cache_ignore_headers'] != :undef -%> +CacheIgnoreHeaders <%= @cache_ignore_headers %> +<% end -%> \ No newline at end of file From d8dcbefaa4cb804b79874ffab451062d2c9e12ac Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Fri, 27 Oct 2017 09:21:48 +1300 Subject: [PATCH 1273/2267] removed possible new line at the end of file --- templates/mod/disk_cache.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/disk_cache.conf.erb b/templates/mod/disk_cache.conf.erb index f0721628e3..57295ef513 100644 --- a/templates/mod/disk_cache.conf.erb +++ b/templates/mod/disk_cache.conf.erb @@ -3,5 +3,5 @@ CacheRoot "<%= @_cache_root %>" CacheDirLevels 2 CacheDirLength 1 <% if scope['cache_ignore_headers'] != :undef -%> -CacheIgnoreHeaders <%= @cache_ignore_headers %> +CacheIgnoreHeaders <%= @cache_ignore_headers -%> <% end -%> \ No newline at end of file From 808b2f12544e679c51fceb73bcdae8d0036ce4fd Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Mon, 30 Oct 2017 11:24:39 +1300 Subject: [PATCH 1274/2267] modified variable lookup. --- templates/mod/disk_cache.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/disk_cache.conf.erb b/templates/mod/disk_cache.conf.erb index 57295ef513..44d4fd2bca 100644 --- a/templates/mod/disk_cache.conf.erb +++ b/templates/mod/disk_cache.conf.erb @@ -2,6 +2,6 @@ CacheEnable disk / CacheRoot "<%= @_cache_root %>" CacheDirLevels 2 CacheDirLength 1 -<% if scope['cache_ignore_headers'] != :undef -%> +<% if @cache_ignore_headers -%> CacheIgnoreHeaders <%= @cache_ignore_headers -%> <% end -%> \ No newline at end of file From b612885cc97055076624846db97630841bd88f36 Mon Sep 17 00:00:00 2001 From: Chris Warren Date: Wed, 1 Nov 2017 08:19:20 -0400 Subject: [PATCH 1275/2267] Add ability to specify MellonSessionLength/mellon_session_length --- README.md | 7 ++++--- templates/vhost/_directories.erb | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a1cdb9eb96..30a8baaf73 100755 --- a/README.md +++ b/README.md @@ -2198,8 +2198,8 @@ Default: '80' **workers\_file\_content** -Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. -Plus, there are two global directives, 'worker.list' and 'worker.mantain' +Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. +Plus, there are two global directives, 'worker.list' and 'worker.mantain' For example, the workers file below: ``` @@ -2238,7 +2238,7 @@ $workers_file_content = { **mount\_file\_content** -Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. +Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. For example, the mount file below: ``` @@ -4786,6 +4786,7 @@ to environment variables. - `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider. - `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider. - `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username. +- `mellon_session_length`: Sets the [MellonSessionLength][`mod_auth_mellon`] attribute. ##### `options` diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e4a7d7791b..ed80b36bb3 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -327,6 +327,9 @@ MellonCond <%= cond %> <%- end -%> <%- end -%> + <%- if directory['mellon_session_length'] -%> + MellonSessionLength "<%= directory['mellon_session_length'] %>" + <%- end -%> <%- end -%> <%- if directory['request_headers'] and ! directory['request_headers'].empty? -%> ## Request Header rules From 7d43453293a54b0479efd753b3b6950d48d5890e Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Tue, 14 Nov 2017 11:33:12 -0500 Subject: [PATCH 1276/2267] Fix case of setting apache::mpm_module to false and declaring the mpm class yourself b/c you need to set params. --- manifests/mod/cgi.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 272f0ccd05..e4a80239af 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,9 +1,14 @@ class apache::mod::cgi { + include ::apache case $::osfamily { 'FreeBSD': {} default: { - if $::apache::mpm_module =~ /^(itk|peruser|prefork)$/ { - Class["::apache::mod::${::apache::mpm_module}"] -> Class['::apache::mod::cgi'] + if defined(Class['::apache::mod::itk']) { + Class['::apache::mod::itk'] -> Class['::apache::mod::cgi'] + } elsif defined(Class['::apache::mod::peruser']) { + Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi'] + } else { + Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] } } } From 0d3a193f79db2238e31418c65beafe36d0b31161 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Thu, 16 Nov 2017 16:01:23 +0000 Subject: [PATCH 1277/2267] (FM-6583) - Update test --- spec/acceptance/custom_config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index c8e254e858..e3668c0165 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -15,7 +15,7 @@ class { 'apache': } end describe file("#{$confd_dir}/25-acceptance_test.conf") do - it { is_expected.not_to be_file } + it { expect(file).not_to exist } end end From 91010808425dbad02ab0140f406ce5d82d65bec3 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Fri, 17 Nov 2017 10:49:25 +0000 Subject: [PATCH 1278/2267] Update modules to modulepath --- spec/spec_helper_acceptance.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 39e47a849f..1fb5ab24f7 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -39,7 +39,7 @@ def run_task(task_name:, params: nil, password: DEFAULT_PASSWORD) end def run_bolt_task(task_name:, params: nil, password: DEFAULT_PASSWORD) - on(master, "/opt/puppetlabs/puppet/bin/bolt task run #{task_name} --modules /etc/puppetlabs/code/modules/service --nodes localhost --password #{password} #{params}", acceptable_exit_codes: [0, 1]).stdout # rubocop:disable Metrics/LineLength + on(master, "/opt/puppetlabs/puppet/bin/bolt task run #{task_name} --modulepath /etc/puppetlabs/code/modules/service --nodes localhost --password #{password} #{params}", acceptable_exit_codes: [0, 1]).stdout # rubocop:disable Metrics/LineLength end def run_puppet_task(task_name:, params: nil) From 3aeeb79439086e8c8140e82a00ea06e659309595 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Fri, 17 Nov 2017 12:15:44 +0000 Subject: [PATCH 1279/2267] Module sync 1d81b6a --- .travis.yml | 6 +----- spec/spec_helper.rb | 5 +++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index fcb1693670..38d226395a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,10 +7,6 @@ script: "bundle exec rake release_checks" #Inserting below due to the following issue: https://github.com/travis-ci/travis-ci/issues/3531#issuecomment-88311203 before_install: - gem update bundler -# Reduce load on Travis servers to prevent tests from being killed -env: - global: - - PARALLEL_TEST_PROCESSORS=16 matrix: fast_finish: true include: @@ -26,7 +22,7 @@ matrix: script: bundle exec rake beaker services: docker sudo: required - - rvm: 2.4.0 + - rvm: 2.4.1 bundler_args: --without system_tests env: PUPPET_GEM_VERSION="~> 5.0" - rvm: 2.1.9 diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 22d5d689f4..01912b60c4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,8 +1,9 @@ -#This file is generated by ModuleSync, do not edit. +# This file is generated by ModuleSync, do not edit. require 'puppetlabs_spec_helper/module_spec_helper' # put local configuration and setup into spec_helper_local begin require 'spec_helper_local' -rescue LoadError +rescue LoadError => loaderror + puts "Could not require spec_helper_local: #{loaderror.message}" end From 8e7dd0dc7f5d0ef4c69655a735dd4b3526e92419 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=BCssel=2C=20Sascha?= Date: Fri, 17 Nov 2017 15:00:10 +0100 Subject: [PATCH 1280/2267] [MODULES-5644] Package name is libapache2-mpm-itk for Debian 9 --- manifests/mpm.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 119fedf577..2c4dd13335 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -83,7 +83,7 @@ } } - if $mpm == 'itk' and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' { + if $mpm == 'itk' and ( ( $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) { $packagename = 'libapache2-mpm-itk' } else { $packagename = "apache2-mpm-${mpm}" From 3ff209a98283f57e0bfd20b85be02b7a84ae8454 Mon Sep 17 00:00:00 2001 From: TP Honey Date: Mon, 20 Nov 2017 18:06:22 +0000 Subject: [PATCH 1281/2267] Remove whitespace at the end of a line. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0a208af5da..3d218d88d9 100755 --- a/README.md +++ b/README.md @@ -2198,8 +2198,8 @@ Default: '80' **workers\_file\_content** -Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. -Plus, there are two global directives, 'worker.list' and 'worker.mantain' +Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. +Plus, there are two global directives, 'worker.list' and 'worker.mantain' For example, the workers file below: ``` @@ -2238,7 +2238,7 @@ $workers_file_content = { **mount\_file\_content** -Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. +Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: uri_list - an array with URIs to be mapped to the worker - and comment - an optional string with a comment for the worker. For example, the mount file below: ``` From 5f0f28e080694a7368c85ab98d260109d649fab2 Mon Sep 17 00:00:00 2001 From: tphoney Date: Mon, 20 Nov 2017 17:46:59 +0000 Subject: [PATCH 1282/2267] MODULES-6070 Improvements for tasks and testing --- Gemfile | 1 + spec/acceptance/init_task_spec.rb | 4 +-- spec/spec_helper_acceptance.rb | 45 +------------------------------ tasks/init.json | 4 +++ tasks/init.rb | 19 ++++++++++--- 5 files changed, 24 insertions(+), 49 deletions(-) diff --git a/Gemfile b/Gemfile index a9f0161c79..8bd07c79b0 100644 --- a/Gemfile +++ b/Gemfile @@ -51,6 +51,7 @@ group :system_tests do gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') gem "puppet-blacksmith", '~> 3.4', :require => false + gem "beaker-task_helper" end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) diff --git a/spec/acceptance/init_task_spec.rb b/spec/acceptance/init_task_spec.rb index 78bdaa05e6..ef87c948bf 100644 --- a/spec/acceptance/init_task_spec.rb +++ b/spec/acceptance/init_task_spec.rb @@ -1,7 +1,7 @@ # run a test task require 'spec_helper_acceptance' -describe 'apache tasks', if: pe_install? && puppet_version =~ %r{(5\.\d\.\d)} do +describe 'apache tasks', if: puppet_version =~ %r{(5\.\d\.\d)} && fact('operatingsystem') != 'SLES' do describe 'reload' do it 'execute reload' do pp = <<-EOS @@ -14,7 +14,7 @@ class { 'apache': apply_manifest(pp, :catch_failures => true) result = run_task(task_name: 'apache', params: 'action=reload') - expect_multiple_regexes(result: result, regexes: [%r{reload successful}, %r{Job completed. 1/1 nodes succeeded}]) + expect_multiple_regexes(result: result, regexes: [%r{reload successful}, %r{Job completed. 1/1 nodes succeeded|Ran on 1 node}]) end end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 1fb5ab24f7..eca266ce03 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -2,56 +2,13 @@ require 'beaker-rspec/helpers/serverspec' require 'beaker/puppet_install_helper' require 'beaker/module_install_helper' - -def install_bolt_on(hosts) - on(hosts, "/opt/puppetlabs/puppet/bin/gem install --source http://rubygems.delivery.puppetlabs.net bolt -v '> 0.0.1'", acceptable_exit_codes: [0, 1]).stdout -end - -def pe_install? - ENV['PUPPET_INSTALL_TYPE'] =~ %r{pe}i -end - -def puppet_version - (on default, puppet('--version')).output.chomp -end +require 'beaker/task_helper' run_puppet_install_helper install_bolt_on(hosts) unless pe_install? install_module_on(hosts) install_module_dependencies_on(hosts) -DEFAULT_PASSWORD = if default[:hypervisor] == 'vagrant' - 'vagrant' - elsif default[:hypervisor] == 'vcloud' - 'Qu@lity!' - end - -def run_puppet_access_login(user:, password: '~!@#$%^*-/ aZ', lifetime: '5y') - on(master, puppet('access', 'login', '--username', user, '--lifetime', lifetime), stdin: password) -end - -def run_task(task_name:, params: nil, password: DEFAULT_PASSWORD) - if pe_install? - run_puppet_task(task_name: task_name, params: params) - else - run_bolt_task(task_name: task_name, params: params, password: password) - end -end - -def run_bolt_task(task_name:, params: nil, password: DEFAULT_PASSWORD) - on(master, "/opt/puppetlabs/puppet/bin/bolt task run #{task_name} --modulepath /etc/puppetlabs/code/modules/service --nodes localhost --password #{password} #{params}", acceptable_exit_codes: [0, 1]).stdout # rubocop:disable Metrics/LineLength -end - -def run_puppet_task(task_name:, params: nil) - on(master, puppet('task', 'run', task_name, '--nodes', fact_on(master, 'fqdn'), params.to_s), acceptable_exit_codes: [0, 1]).stdout -end - -def expect_multiple_regexes(result:, regexes:) - regexes.each do |regex| - expect(result).to match(regex) - end -end - RSpec.configure do |c| c.filter_run :focus => true c.run_all_when_everything_filtered = true diff --git a/tasks/init.json b/tasks/init.json index 0d0ceaeb40..3822ed643c 100644 --- a/tasks/init.json +++ b/tasks/init.json @@ -5,6 +5,10 @@ "action": { "description": "Action to perform ", "type": "Enum[reload]" + }, + "service_name": { + "description": "The name of the apache service ", + "type": "Optional[String[1]]" } } } diff --git a/tasks/init.rb b/tasks/init.rb index a6a474d080..38ecd463be 100755 --- a/tasks/init.rb +++ b/tasks/init.rb @@ -3,8 +3,20 @@ require 'open3' require 'puppet' -def service(action) - cmd_string = "service apache2 #{action}" +def service(action, service_name) + if service_name.nil? + cmd_string = "facter -p osfamily" + stdout, stderr, status = Open3.capture3(cmd_string) + osfamily = stdout.strip + if osfamily == 'RedHat' + service_name = 'httpd' + elsif osfamily == 'FreeBSD' + service_name = 'apache24' + else + service_name = 'apache2' + end + end + cmd_string = "service #{service_name} #{action}" stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, stderr if status != 0 { status: "#{action} successful" } @@ -12,9 +24,10 @@ def service(action) params = JSON.parse(STDIN.read) action = params['action'] +service_name = params['service_name'] begin - result = service(action) + result = service(action, service_name) puts result.to_json exit 0 rescue Puppet::Error => e From 90ef4ceb007b8a40eeb33e63ef7a0b0220b96ba3 Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Thu, 23 Nov 2017 09:20:36 +0000 Subject: [PATCH 1283/2267] Dont run task tests on LTS Tasks only work on builds with a puppet agent version of 5 or greater. Adding logic to skip the task setup. --- spec/spec_helper_acceptance.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index eca266ce03..d59c7f8ab8 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -28,7 +28,7 @@ # Configure all nodes in nodeset c.before :suite do - run_puppet_access_login(user: 'admin') if pe_install? + run_puppet_access_login(user: 'admin') if pe_install? && puppet_version =~ %r{(5\.\d\.\d)} # net-tools required for netstat utility being used by be_listening if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' pp = <<-EOS From 5bcdedfee60cbd134509ac23852a476cdfd1aba7 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Sat, 25 Nov 2017 22:36:43 +0900 Subject: [PATCH 1284/2267] fix typo: false is boolean --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d218d88d9..c2f0f80d48 100755 --- a/README.md +++ b/README.md @@ -1680,7 +1680,7 @@ Installs and configures [`mod_diskio`][]. ```puppet class{'apache': - default_mods => `false`, + default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::diskio': From cd5aaed85f6452eb38625daaaff7f5e94e5c4fb0 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Sat, 25 Nov 2017 22:37:03 +0900 Subject: [PATCH 1285/2267] fix typo: add missing asterisk --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2f0f80d48..6fbcaa8f77 100755 --- a/README.md +++ b/README.md @@ -1653,7 +1653,7 @@ Installs and manages [`mod_alias`][]. * **Debian**: `/usr/share/apache2/icons` * **FreeBSD**: `/usr/local/www/apache24/icons` * **Gentoo**: `/var/www/icons` - * *Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` + * **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` #### Class: `apache::mod::disk_cache` From ff0ae2feba36f8b31411cbe0ee98f9a41a626271 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Sat, 25 Nov 2017 22:56:28 +0900 Subject: [PATCH 1286/2267] Set default keepalive to off in RedHat and Amazon According to README, $keepalive is off by default but only RedHat and Amazon are set to on. --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index bca827d44e..b3759e334c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -151,7 +151,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'On' + $keepalive = 'Off' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = undef From 2900d78aac83fee409ea98d4862b017007ada2b6 Mon Sep 17 00:00:00 2001 From: Johnson Earls Date: Sat, 25 Nov 2017 20:59:55 +0000 Subject: [PATCH 1287/2267] Actually create CASScrubRequestHeaders setting in _auth_cas.erb Fix `templates/vhost/_auth_cas.erb` to create the proper `CASScrubRequestHeaders` setting when passed `@cas_scrub_request_headers`, rather than (re-)creating `CASAttributeDelimiter`. --- templates/vhost/_auth_cas.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_auth_cas.erb b/templates/vhost/_auth_cas.erb index 2f4787b73a..39912a80ce 100644 --- a/templates/vhost/_auth_cas.erb +++ b/templates/vhost/_auth_cas.erb @@ -60,6 +60,6 @@ CASAttributeDelimiter <%= @cas_attribute_delimiter %> <%- end -%> <%- if @cas_scrub_request_headers -%> - CASAttributeDelimiter On + CASScrubRequestHeaders On <%- end -%> <%- end -%> From fe67b8e80f3591e6bf0db083d306f06671ae3789 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Mon, 27 Nov 2017 15:16:30 +0900 Subject: [PATCH 1288/2267] Revert "Set default keepalive to off in RedHat and Amazon" This reverts commit ff0ae2feba36f8b31411cbe0ee98f9a41a626271. --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index b3759e334c..bca827d44e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -151,7 +151,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = undef From ffd92826ddcf5d19d8eee9978012cfb259d98eff Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Mon, 27 Nov 2017 15:28:43 +0900 Subject: [PATCH 1289/2267] Set default keepalive to on in all distros default params of $keepalive in Redhat and Amazon was set to "On" in d90bfbd, but the other distros was not. --- README.md | 2 +- manifests/params.pp | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3d218d88d9..5f9d732b15 100755 --- a/README.md +++ b/README.md @@ -1095,7 +1095,7 @@ Determines whether to enable persistent HTTP connections with the [`KeepAlive`][ Values: 'Off', 'On'. -Default: 'Off'. +Default: 'On'. ##### `keepalive_timeout` diff --git a/manifests/params.pp b/manifests/params.pp index bca827d44e..750144fe6c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -302,7 +302,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' @@ -427,7 +427,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = undef # TODO: revisit @@ -494,7 +494,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = undef # TODO: revisit @@ -560,7 +560,7 @@ } $conf_template = 'apache/httpd.conf.erb' $http_protocol_options = undef - $keepalive = 'Off' + $keepalive = 'On' $keepalive_timeout = 15 $max_keepalive_requests = 100 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' From 200a14e68d6ee3bbb3d2a3e09e8e33b351a5c633 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Thu, 30 Nov 2017 19:00:54 +0900 Subject: [PATCH 1290/2267] Support mod_data ref: https://httpd.apache.org/docs/2.4/mod/mod_data.html --- README.md | 2 ++ manifests/mod/data.pp | 7 +++++++ spec/classes/mod/data_spec.rb | 31 +++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 manifests/mod/data.pp create mode 100644 spec/classes/mod/data_spec.rb diff --git a/README.md b/README.md index 6fbcaa8f77..e5e099e67f 100755 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ [`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster +[`apache::mod::data]: #class-apachemoddata [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::dumpio`]: #class-apachemoddumpio [`apache::mod::event`]: #class-apachemodevent @@ -1573,6 +1574,7 @@ The following Apache modules have supported classes, many of which allow for par * `cgi` * `cgid` * `cluster` (see [`apache::mod::cluster`][]) +* `data` * `dav` * `dav_fs` * `dav_svn`\* diff --git a/manifests/mod/data.pp b/manifests/mod/data.pp new file mode 100644 index 0000000000..d35554a6d2 --- /dev/null +++ b/manifests/mod/data.pp @@ -0,0 +1,7 @@ +class apache::mod::data { + $_apache_version = pick($apache_version, $apache::apache_version) + if versioncmp($_apache_version, '2.3') < 0 { + fail('mod_data is only available in Apache 2.3 and later') + } + ::apache::mod { 'data': } +} diff --git a/spec/classes/mod/data_spec.rb b/spec/classes/mod/data_spec.rb new file mode 100644 index 0000000000..9e2ffe44e6 --- /dev/null +++ b/spec/classes/mod/data_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +describe 'apache::mod::data', :type => :class do + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8', + :concat_basedir => '/dne', + :lsbdistcodename => 'jessie', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let :params do + { :apache_version => '2.4' } + end + it { is_expected.to contain_apache__mod('data') } + + describe "with Apache version < 2.3" do + let :params do + { :apache_version => '2.2' } + end + it 'should fail' do + expect { catalogue }.to raise_error(Puppet::Error, /mod_data is only available in Apache 2.3 and later/) + end + end + end +end From c2ce016c37fd1540355eec90320ea7f204dbe249 Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Sun, 3 Dec 2017 23:39:36 +0900 Subject: [PATCH 1291/2267] Define $apache_version param --- manifests/mod/data.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/manifests/mod/data.pp b/manifests/mod/data.pp index d35554a6d2..00807e948a 100644 --- a/manifests/mod/data.pp +++ b/manifests/mod/data.pp @@ -1,4 +1,7 @@ -class apache::mod::data { +class apache::mod::data ( + $apache_version = undef, +) { + include ::apache $_apache_version = pick($apache_version, $apache::apache_version) if versioncmp($_apache_version, '2.3') < 0 { fail('mod_data is only available in Apache 2.3 and later') From 2d1b218e4c4471336f76666554d1d76f941b95f5 Mon Sep 17 00:00:00 2001 From: Johnson Earls Date: Mon, 27 Nov 2017 05:10:10 +0000 Subject: [PATCH 1292/2267] Reduce Travis test parallelism, take 2 Set the environment variable PARALLEL_TEST_PROCESSOR in the global `env` section to avoid overloading the Travis testing containers and killing the tests. Also add this to `.sync.yml` so it will be permanent (unlike my previous attempt at this). --- .sync.yml | 4 ++++ .travis.yml | 3 +++ 2 files changed, 7 insertions(+) diff --git a/.sync.yml b/.sync.yml index 3a20deb37b..dcbd6f0d53 100644 --- a/.sync.yml +++ b/.sync.yml @@ -6,3 +6,7 @@ Rakefile: - 'disable_only_variable_string' spec/spec_helper.rb: allow_deprecations: true +.travis.yml: + env: + global: + - "PARALLEL_TEST_PROCESSORS=16 # reduce test parallelism to prevent overloading containers" diff --git a/.travis.yml b/.travis.yml index 38d226395a..d1846a6712 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,9 @@ script: "bundle exec rake release_checks" #Inserting below due to the following issue: https://github.com/travis-ci/travis-ci/issues/3531#issuecomment-88311203 before_install: - gem update bundler +env: + global: + - PARALLEL_TEST_PROCESSORS=16 # reduce test parallelism to prevent overloading containers matrix: fast_finish: true include: From b9719ba6218f039cf29c6fe46a5a05de3e1d5aca Mon Sep 17 00:00:00 2001 From: OKUMURA Takahiro Date: Thu, 7 Dec 2017 19:13:20 +0900 Subject: [PATCH 1293/2267] Remove unused variable $_logs_dest --- manifests/vhost.pp | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8d423bb7da..3d69a422dd 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -287,20 +287,6 @@ $cas_enabled = defined(Apache::Mod['auth_cas']) if $access_log and !$access_logs { - if $access_log_file { - if $access_log_file =~ /^\// { - # Absolute path provided - don't prepend $logroot - $_logs_dest = $access_log_file - } else { - $_logs_dest = "${logroot}/${access_log_file}" - } - } elsif $access_log_pipe { - $_logs_dest = $access_log_pipe - } elsif $access_log_syslog { - $_logs_dest = $access_log_syslog - } else { - $_logs_dest = undef - } $_access_logs = [{ 'file' => $access_log_file, 'pipe' => $access_log_pipe, From 783729a5f2e348a4728f3ce29f0b58c7e0a425dd Mon Sep 17 00:00:00 2001 From: nkern0 Date: Thu, 7 Dec 2017 14:47:33 +0000 Subject: [PATCH 1294/2267] #puppethack Confined to Linux only Was causing an error on Facter using AIX 6.1 https://puppetlabs.zendesk.com/agent/tickets/28413 --- lib/facter/apache_version.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/facter/apache_version.rb b/lib/facter/apache_version.rb index 4bd7337f4d..852e5f0440 100644 --- a/lib/facter/apache_version.rb +++ b/lib/facter/apache_version.rb @@ -1,4 +1,5 @@ Facter.add(:apache_version) do + confine :kernel => 'Linux' setcode do if Facter::Util::Resolution.which('apachectl') apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') From 8e94eee53281aedeea821c6ad989d1a07a81e129 Mon Sep 17 00:00:00 2001 From: Robert Giles Date: Thu, 7 Dec 2017 11:07:26 -0600 Subject: [PATCH 1295/2267] Adjust php_values section to make a little more sense, and also provide example usage. --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6fbcaa8f77..7204839036 100755 --- a/README.md +++ b/README.md @@ -3945,12 +3945,17 @@ Default: `undef`. Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. -##### `php_flags & values` +##### `php_values & php_flags` Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Default: '{}'. +Within a vhost declaration: +``` puppet + php_values => [ 'include_path ".:/usr/local/example-app/include"' ], +``` + ##### `php_admin_flags & values` Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. From a52f43b49e3da813a632c4571a00664f9b53ab22 Mon Sep 17 00:00:00 2001 From: Okumura Takahiro Date: Mon, 11 Dec 2017 20:58:02 +0900 Subject: [PATCH 1296/2267] Fix typos of README.md (#1732) * Fix defaults of language_priority * Fix typos of apache::mod::proxy_balancer class in README.md. * Fix typos of asterisks to hyphens. --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index ecd5631925..b6be873034 100755 --- a/README.md +++ b/README.md @@ -1991,9 +1991,9 @@ Installs and configures [`mod_deflate`][]. **Parameters**: -* `types`: An [array][] of [MIME types][MIME `content*type`] to be deflated. +* `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. - Default: ['text/html text/plain text/xml', 'text/css', 'application/x*javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']. + Default: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']. * `notes`: A [Hash][] where the key represents the type and the value represents the note name. @@ -2015,9 +2015,9 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Default: `undef`. -* `expires_by_type`: Describes a set of [MIME `content*type`][] and their expiration times. +* `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. - Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content*type` (i.e. 'text/json') and its value following valid [interval syntax][]. + Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: `undef`. @@ -2457,7 +2457,7 @@ Installs and configures [`mod_negotiation`][]. * `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. - Default: ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt*BR', 'ru', 'sv', 'zh*CN', 'zh*TW'] + Default: ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW'] ##### Class: `apache::mod::nss` @@ -2577,9 +2577,9 @@ Installs and manages [`mod_proxy_balancer`][], which provides load balancing. * `manager_path`: The server location of the balancer manager. - Default: '/balancer*manager'. + Default: '/balancer-manager'. -* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer*manager`. +* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer-manager`. Default: ['127.0.0.1','::1']. @@ -2751,13 +2751,13 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b **Parameters**: * `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks. -* `allowed_methods`: A space*separated list of allowed HTTP methods. +* `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. -* `content_types`: A list of one or more allowed [MIME types][MIME `content*type`]. +* `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. - Default: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'. + Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'. * `crs_package`: Names the package that installs CRS rules. @@ -2776,13 +2776,13 @@ ${modsec\_dir}/activated\_rules. Default: `modsec_secruleengine` in [`apache::params`][]. -* `restricted_extensions`: A space*separated list of prohibited file extensions. +* `restricted_extensions`: A space-sparated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. * `restricted_headers`: A list of restricted headers separated by slashes and spaces. - Default: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'. + Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. * `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') or Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. @@ -2874,7 +2874,7 @@ Enables Python support via [`mod_wsgi`][]. Default: `undef`. -* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site*packages'. +* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Values: A string specifying a path. From fb6e4111f77d3794dd84377d6255f642019a30a9 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 10 Dec 2017 11:12:41 +0000 Subject: [PATCH 1297/2267] MODULES-6297: allow SSLProxyCipherSuite for vhosts --- manifests/vhost.pp | 1 + spec/defines/vhost_spec.rb | 3 +++ templates/vhost/_sslproxy.erb | 3 +++ 3 files changed, 7 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 8d423bb7da..326c05c597 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -32,6 +32,7 @@ Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, $ssl_proxy_machine_cert = undef, + $ssl_proxy_cipher_suite = undef, $ssl_proxy_protocol = undef, $ssl_options = undef, $ssl_openssl_conf_cmd = undef, diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9a1427b999..ad3a9b95f6 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -159,6 +159,7 @@ 'ssl_proxy_check_peer_name' => 'on', 'ssl_proxy_check_peer_expire' => 'on', 'ssl_proxyengine' => true, + 'ssl_proxy_cipher_suite' => 'HIGH', 'ssl_proxy_protocol' => 'TLSv1.2', 'priority' => '30', @@ -595,6 +596,8 @@ :content => /^\s+SSLProxyCheckPeerName\s+on$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyCheckPeerExpire\s+on$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( + :content => /^\s+SSLProxyCipherSuite\s+HIGH$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( :content => /^\s+SSLProxyProtocol\s+TLSv1.2$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } diff --git a/templates/vhost/_sslproxy.erb b/templates/vhost/_sslproxy.erb index 6cb9216d40..2db394ab0e 100644 --- a/templates/vhost/_sslproxy.erb +++ b/templates/vhost/_sslproxy.erb @@ -23,6 +23,9 @@ <%- if @ssl_proxy_machine_cert -%> SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" <%- end -%> + <%- if @ssl_proxy_cipher_suite -%> + SSLProxyCipherSuite <%= @ssl_proxy_cipher_suite %> + <%- end -%> <%- if @ssl_proxy_protocol -%> SSLProxyProtocol <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %> <%- end -%> From d6e59c40ec61be47873e3a60ea00fea8da725e4b Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 13 Dec 2017 10:48:47 +0000 Subject: [PATCH 1298/2267] (maint) - modulesync 384f4c1 --- .gitignore | 31 ++- .rubocop.yml | 586 +++++++--------------------------------------- .rubocop_todo.yml | 0 Gemfile | 13 +- 4 files changed, 113 insertions(+), 517 deletions(-) create mode 100644 .rubocop_todo.yml diff --git a/.gitignore b/.gitignore index f6e8b46c29..e5e6f9e8af 100644 --- a/.gitignore +++ b/.gitignore @@ -1,24 +1,23 @@ -#This file is generated by ModuleSync, do not edit. -pkg/ -Gemfile.lock -Gemfile.local -vendor/ -spec/fixtures/manifests/ -spec/fixtures/modules/ -log/ -junit/ -.vagrant/ +#This file is generated by ModuleSync, do not edit.Z +*.iml +.*.sw[op] +.DS_Store .bundle/ -coverage/ -log/ .idea/ .metadata -*.iml -.*.sw[op] +.vagrant/ .yardoc .yardwarns -.DS_Store +Gemfile.local +Gemfile.lock +bin/ +coverage/ +doc/ +junit/ +log/ +pkg/ +spec/fixtures/manifests/ +spec/fixtures/modules/ tmp/ vendor/ -doc/ diff --git a/.rubocop.yml b/.rubocop.yml index 5aadd1b64f..515ef6314c 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,508 +1,98 @@ -require: rubocop-rspec +--- +require: + - rubocop-rspec AllCops: - TargetRubyVersion: 1.9 + TargetRubyVersion: '2.1' Include: - - ./**/*.rb + - "./**/*.rb" Exclude: - - vendor/**/* - - .vendor/**/* - - pkg/**/* - - spec/fixtures/**/* -Lint/ConditionPosition: - Enabled: True - -Lint/ElseLayout: - Enabled: True - -Lint/UnreachableCode: - Enabled: True - -Lint/UselessComparison: - Enabled: True - -Lint/EnsureReturn: - Enabled: True - -Lint/HandleExceptions: - Enabled: True - -Lint/LiteralInCondition: - Enabled: True - -Lint/ShadowingOuterLocalVariable: - Enabled: True - -Lint/LiteralInInterpolation: - Enabled: True - -Style/HashSyntax: - Enabled: True - -Style/RedundantReturn: - Enabled: True - -Lint/AmbiguousOperator: - Enabled: True - -Lint/AssignmentInCondition: - Enabled: True - -Style/SpaceBeforeComment: - Enabled: True - -Style/AndOr: - Enabled: True - -Style/RedundantSelf: - Enabled: True - -# Method length is not necessarily an indicator of code quality -Metrics/MethodLength: - Enabled: False - -# Module length is not necessarily an indicator of code quality -Metrics/ModuleLength: - Enabled: False - -Style/WhileUntilModifier: - Enabled: True - -Lint/AmbiguousRegexpLiteral: - Enabled: True - -Lint/Eval: - Enabled: True - -Lint/BlockAlignment: - Enabled: True - -Lint/DefEndAlignment: - Enabled: True - -Lint/EndAlignment: - Enabled: True - -Lint/DeprecatedClassMethods: - Enabled: True - -Lint/Loop: - Enabled: True - -Lint/ParenthesesAsGroupedExpression: - Enabled: True - -Lint/RescueException: - Enabled: True - -Lint/StringConversionInInterpolation: - Enabled: True - -Lint/UnusedBlockArgument: - Enabled: True - -Lint/UnusedMethodArgument: - Enabled: True - -Lint/UselessAccessModifier: - Enabled: True - -Lint/UselessAssignment: - Enabled: True - -Lint/Void: - Enabled: True - -Style/AccessModifierIndentation: - Enabled: True - -Style/AccessorMethodName: - Enabled: True - -Style/Alias: - Enabled: True - -Style/AlignArray: - Enabled: True - -Style/AlignHash: - Enabled: True - -Style/AlignParameters: - Enabled: True - -Metrics/BlockNesting: - Enabled: True - -Style/AsciiComments: - Enabled: True - -Style/Attr: - Enabled: True - -Style/BracesAroundHashParameters: - Enabled: True - -Style/CaseEquality: - Enabled: True - -Style/CaseIndentation: - Enabled: True - -Style/CharacterLiteral: - Enabled: True - -Style/ClassAndModuleCamelCase: - Enabled: True - -Style/ClassAndModuleChildren: - Enabled: False - -Style/ClassCheck: - Enabled: True - -# Class length is not necessarily an indicator of code quality -Metrics/ClassLength: - Enabled: False - -Style/ClassMethods: - Enabled: True - -Style/ClassVars: - Enabled: True - -Style/WhenThen: - Enabled: True - -Style/WordArray: - Enabled: True - -Style/UnneededPercentQ: - Enabled: True - -Style/Tab: - Enabled: True - -Style/SpaceBeforeSemicolon: - Enabled: True - -Style/TrailingBlankLines: - Enabled: True - -Style/SpaceInsideBlockBraces: - Enabled: True - -Style/SpaceInsideBrackets: - Enabled: True - -Style/SpaceInsideHashLiteralBraces: - Enabled: True - -Style/SpaceInsideParens: - Enabled: True - -Style/LeadingCommentSpace: - Enabled: True - -Style/SpaceBeforeFirstArg: - Enabled: True - -Style/SpaceAfterColon: - Enabled: True - -Style/SpaceAfterComma: - Enabled: True - -Style/SpaceAfterMethodName: - Enabled: True - -Style/SpaceAfterNot: - Enabled: True - -Style/SpaceAfterSemicolon: - Enabled: True - -Style/SpaceAroundEqualsInParameterDefault: - Enabled: True - -Style/SpaceAroundOperators: - Enabled: True - -Style/SpaceBeforeBlockBraces: - Enabled: True - -Style/SpaceBeforeComma: - Enabled: True - -Style/CollectionMethods: - Enabled: True - -Style/CommentIndentation: - Enabled: True - -Style/ColonMethodCall: - Enabled: True - -Style/CommentAnnotation: - Enabled: True - -# 'Complexity' is very relative -Metrics/CyclomaticComplexity: - Enabled: False - -Style/ConstantName: - Enabled: True - -Style/Documentation: - Enabled: False - -Style/DefWithParentheses: - Enabled: True - -Style/PreferredHashMethods: - Enabled: True - -Style/DotPosition: - EnforcedStyle: trailing - -Style/DoubleNegation: - Enabled: True - -Style/EachWithObject: - Enabled: True - -Style/EmptyLineBetweenDefs: - Enabled: True - -Style/IndentArray: - Enabled: True - -Style/IndentHash: - Enabled: True - -Style/IndentationConsistency: - Enabled: True - -Style/IndentationWidth: - Enabled: True - -Style/EmptyLines: - Enabled: True - -Style/EmptyLinesAroundAccessModifier: - Enabled: True - -Style/EmptyLiteral: - Enabled: True - -# Configuration parameters: AllowURI, URISchemes. + - bin/* + - ".vendor/**/*" + - Gemfile + - Rakefile + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* +inherit_from: .rubocop_todo.yml Metrics/LineLength: - Enabled: False - -Style/MethodCallParentheses: - Enabled: True - -Style/MethodDefParentheses: - Enabled: True - -Style/LineEndConcatenation: - Enabled: True - -Style/TrailingWhitespace: - Enabled: True - -Style/StringLiterals: - Enabled: True - -Style/TrailingCommaInArguments: - Enabled: True - -Style/TrailingCommaInLiteral: - Enabled: True - -Style/GlobalVars: - Enabled: True - -Style/GuardClause: - Enabled: True - -Style/IfUnlessModifier: - Enabled: True - -Style/MultilineIfThen: - Enabled: True - -Style/NegatedIf: - Enabled: True - -Style/NegatedWhile: - Enabled: True - -Style/Next: - Enabled: True - -Style/SingleLineBlockParams: - Enabled: True - -Style/SingleLineMethods: - Enabled: True - -Style/SpecialGlobalVars: - Enabled: True - -Style/TrivialAccessors: - Enabled: True - -Style/UnlessElse: - Enabled: True - -Style/VariableInterpolation: - Enabled: True - -Style/VariableName: - Enabled: True - -Style/WhileUntilDo: - Enabled: True - -Style/EvenOdd: - Enabled: True - -Style/FileName: - Enabled: True - -Style/For: - Enabled: True - -Style/Lambda: - Enabled: True - -Style/MethodName: - Enabled: True - -Style/MultilineTernaryOperator: - Enabled: True - -Style/NestedTernaryOperator: - Enabled: True - -Style/NilComparison: - Enabled: True - + Description: People have wide screens, use them. + Max: 200 +RSpec/BeforeAfterAll: + Description: Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +Style/BlockDelimiters: + Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty Style/FormatString: - Enabled: True - -Style/MultilineBlockChain: - Enabled: True - -Style/Semicolon: - Enabled: True - -Style/SignalException: - Enabled: True - -Style/NonNilCheck: - Enabled: True - -Style/Not: - Enabled: True - -Style/NumericLiterals: - Enabled: True - -Style/OneLineConditional: - Enabled: True - -Style/OpMethod: - Enabled: True - -Style/ParenthesesAroundCondition: - Enabled: True - -Style/PercentLiteralDelimiters: - Enabled: True - -Style/PerlBackrefs: - Enabled: True - -Style/PredicateName: - Enabled: True - -Style/RedundantException: - Enabled: True - -Style/SelfAssignment: - Enabled: True - -Style/Proc: - Enabled: True - -Style/RaiseArgs: - Enabled: True - -Style/RedundantBegin: - Enabled: True - -Style/RescueModifier: - Enabled: True - -# based on https://github.com/voxpupuli/modulesync_config/issues/168 + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 EnforcedStyle: percent_r - Enabled: True - -Lint/UnderscorePrefixedVariableName: - Enabled: True - -Metrics/ParameterLists: - Enabled: False - -Lint/RequireParentheses: - Enabled: True - -Style/SpaceBeforeFirstArg: - Enabled: True - -Style/ModuleFunction: - Enabled: True - -Lint/Debugger: - Enabled: True - -Style/IfWithSemicolon: - Enabled: True - -Style/Encoding: - Enabled: True - -Style/BlockDelimiters: - Enabled: True - -Style/MultilineBlockLayout: - Enabled: True - -# 'Complexity' is very relative +Style/TernaryParentheses: + Description: Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInLiteral: + Description: Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true Metrics/AbcSize: - Enabled: False - -# 'Complexity' is very relative + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false Metrics/PerceivedComplexity: - Enabled: False - -Lint/UselessAssignment: - Enabled: True - -Style/ClosingParenthesisIndentation: - Enabled: False - -# RSpec - -# We don't use rspec in this way + Enabled: false RSpec/DescribeClass: - Enabled: False - -# Example length is not necessarily an indicator of code quality -RSpec/ExampleLength: - Enabled: False - -RSpec/NamedSubject: - Enabled: False + Enabled: false +RSpec/MessageExpectation: + Enabled: false +Style/AsciiComments: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/SymbolProc: + Enabled: false diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/Gemfile b/Gemfile index 8bd07c79b0..84b23f2b4e 100644 --- a/Gemfile +++ b/Gemfile @@ -28,10 +28,19 @@ def location_for(place_or_version, fake_version = nil) end # Used for gem conditionals -supports_windows = false ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}" +# The following gems are not included by default as they require DevKit on Windows. +# You should probably include them in a Gemfile.local or a ~/.gemfile +#gem 'pry' #this may already be included in the gemfile +#gem 'pry-stack_explorer', :require => false +#if RUBY_VERSION =~ /^2/ +# gem 'pry-byebug' +#else +# gem 'pry-debugger' +#end + group :development do gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] @@ -51,7 +60,6 @@ group :system_tests do gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') gem "puppet-blacksmith", '~> 3.4', :require => false - gem "beaker-task_helper" end gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) @@ -63,7 +71,6 @@ gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) if ENV['FACTER_GEM_VERSION'] gem 'hiera', *location_for(ENV['HIERA_GEM_VERSION']) if ENV['HIERA_GEM_VERSION'] - # Evaluate Gemfile.local if it exists if File.exists? "#{__FILE__}.local" eval(File.read("#{__FILE__}.local"), binding) From c274ae59d3b803cc126cf76b9622b129cf94f221 Mon Sep 17 00:00:00 2001 From: Chris Edester Date: Mon, 18 Dec 2017 10:41:24 -0500 Subject: [PATCH 1299/2267] Add doc for apache::mod::itk --- README.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/README.md b/README.md index c48635f0bd..511b75489f 100755 --- a/README.md +++ b/README.md @@ -2146,6 +2146,54 @@ Installs and manages [`mod_info`][], which provides a comprehensive overview of Default: `true`. +##### Class: `apache::mod::itk` + +Installs and manages [`mod_itk`][], which is an (MPM) that is loaded and configured for the HTTPD process. [official documentation](http://mpm-itk.sesse.net/) + +**Parameters**: + +* `startservers`: The number of child server processes created on startup. + + Values: Integer. + + Default: `8`. + +* `minspareservers`: The desired minimum number of idle child server processes. + + Values: Integer. + + Default: `5`. + +* `maxspareservers`: The desired maximum number of idle child server processes. + + Values: Integer. + + Default: `20`. + +* `serverlimit`: The maximum configured value for MaxRequestWorkers for the lifetime of the Apache httpd process. + + Values: Integer. + + Default: `256`. + +* `maxclients`: The limit on the number of simultaneous requests that will be served. + + Values: Integer. + + Default: `256`. + +* `maxrequestsperchild`: The limit on the number of connections that an individual child server process will handle. + + Values: Integer. + + Default: `4000`. + +* `enablecapabilities`: Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS. + + Values: Boolean. + + Default: `undef`. + ##### Class: `apache::mod::jk` Installs and manages `mod_jk`, a connector for Apache httpd redirection to old versions of TomCat and JBoss From 31cdb8e18129c67ef157ce5446072502fc7b224e Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Tue, 19 Dec 2017 08:26:37 +0100 Subject: [PATCH 1300/2267] manifest/init.pp: add limitreqfields default param --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index c05df90123..c81b004dc9 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -67,6 +67,7 @@ $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $::apache::params::max_keepalive_requests, $limitreqfieldsize = '8190', + $limitreqfields = '100', $logroot = $::apache::params::logroot, $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, From cace155f58f5f75a09a0f1c3fc72a06b2e56e902 Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Tue, 19 Dec 2017 08:30:55 +0100 Subject: [PATCH 1301/2267] templates/httpd.conf.erb: add limitreqfields param --- templates/httpd.conf.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 24c989f530..8e2a23f07f 100755 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -11,6 +11,7 @@ KeepAlive <%= @keepalive %> MaxKeepAliveRequests <%= @max_keepalive_requests %> KeepAliveTimeout <%= @keepalive_timeout %> LimitRequestFieldSize <%= @limitreqfieldsize %> +LimitRequestFields <%= @limitreqfields %> <%# Actually >= 2.4.24, but the minor version is not provided -%> <%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> HttpProtocolOptions <%= @http_protocol_options %> From 338136807b6f73a7a234e3a873d8285be81d3728 Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Wed, 20 Dec 2017 16:16:07 +0100 Subject: [PATCH 1302/2267] README.md: Add documentation for limitreqfieldsize parameter --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index fd420ab7a9..eda6d63bf2 100755 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ [`keepalive` parameter]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize +[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields [`lib`]: #lib [`lib_path`]: #lib_path @@ -1514,6 +1515,12 @@ Default: Depends on operating system: - **Red Hat**: 'access_log' - **Suse**: 'access.log' +##### `limitreqfields` + +The [limitreqfieldsize][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. + +Default: '100' + #### Class: `apache::dev` Installs Apache development libraries. From 6164b1d29e02d87f5c77eb9c5d3a55c01f0dc97a Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Wed, 20 Dec 2017 16:16:07 +0100 Subject: [PATCH 1303/2267] README.md: Add documentation for limitreqfields parameter --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index fd420ab7a9..eda6d63bf2 100755 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ [`keepalive` parameter]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize +[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields [`lib`]: #lib [`lib_path`]: #lib_path @@ -1514,6 +1515,12 @@ Default: Depends on operating system: - **Red Hat**: 'access_log' - **Suse**: 'access.log' +##### `limitreqfields` + +The [limitreqfieldsize][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. + +Default: '100' + #### Class: `apache::dev` Installs Apache development libraries. From 9a7d27e128fc4e8ef0a68f3cb28df99bbad2d0b8 Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Wed, 20 Dec 2017 16:25:55 +0100 Subject: [PATCH 1304/2267] README.md: correct limitreqfieldsize => limitreqfields --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eda6d63bf2..33f0010ae4 100755 --- a/README.md +++ b/README.md @@ -1517,7 +1517,7 @@ Default: Depends on operating system: ##### `limitreqfields` -The [limitreqfieldsize][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. +The [limitreqfields][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. Default: '100' From 0edd80481c257a28267920009cca24d0be1663fc Mon Sep 17 00:00:00 2001 From: Damien ELLUL Date: Wed, 20 Dec 2017 16:28:50 +0100 Subject: [PATCH 1305/2267] README.md: correct documentation link syntax for limitreqfields --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 33f0010ae4..2a610b6c28 100755 --- a/README.md +++ b/README.md @@ -1517,7 +1517,7 @@ Default: Depends on operating system: ##### `limitreqfields` -The [limitreqfields][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. +The [`limitreqfields`][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. Default: '100' From ea5348d7c6a634aac32421a5ecf8ead0ba26742e Mon Sep 17 00:00:00 2001 From: Cedric DEFORTIS Date: Tue, 5 Dec 2017 21:08:31 +0100 Subject: [PATCH 1306/2267] Closes MODULES-6224: rename apache mod ldap file I consider config file for apache mod ldap `file` resource to have an "out of scope" name `ldap.conf` which may collide with the client-side config file ldap.conf (i.e. located in `/etc/ldap.conf` or `/etc/openldap/ldap.conf`). My suggestion: renaming this file resource into `apache-mod-ldap.conf` in `manifests/mod/ldap.pp` and into the related `spec/classes/mod/ldap_spec.rb` file. --- manifests/mod/ldap.pp | 2 +- spec/classes/mod/ldap_spec.rb | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index e80114dde4..98dd4624d5 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -17,7 +17,7 @@ package => $package_name, } # Template uses $_apache_version - file { 'ldap.conf': + file { 'apache-mod-ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", mode => $::apache::file_mode, diff --git a/spec/classes/mod/ldap_spec.rb b/spec/classes/mod/ldap_spec.rb index 0f49f0b02d..08272783fe 100644 --- a/spec/classes/mod/ldap_spec.rb +++ b/spec/classes/mod/ldap_spec.rb @@ -22,12 +22,12 @@ it { is_expected.to contain_apache__mod('ldap') } context 'default ldap_trusted_global_cert_file' do - it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } end context 'ldap_trusted_global_cert_file param' do let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } end context 'set multiple ldap params' do @@ -41,13 +41,13 @@ :ldap_opcache_entries => '1024', :ldap_opcache_ttl => '600' }} - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedMode TLS$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheEntries 1024$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheTTL 600$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheEntries 1024$/) } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheTTL 600$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPTrustedMode TLS$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPCacheEntries 1024$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPCacheTTL 600$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPOpCacheEntries 1024$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPOpCacheTTL 600$/) } end end #Debian @@ -69,12 +69,12 @@ it { is_expected.to contain_apache__mod('ldap') } context 'default ldap_trusted_global_cert_file' do - it { is_expected.to contain_file('ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').without_content(/^LDAPTrustedGlobalCert/) } end context 'ldap_trusted_global_cert_file param' do let(:params) { { :ldap_trusted_global_cert_file => 'ca.pem' } } - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } end context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do @@ -82,7 +82,7 @@ :ldap_trusted_global_cert_file => 'ca.pem', :ldap_trusted_global_cert_type => 'CA_DER' }} - it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } end end # Redhat end From 662ff56b126aeaf0c192c1d9a0896c14b8978497 Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Thu, 21 Dec 2017 14:18:50 +1300 Subject: [PATCH 1307/2267] updated docs and added tests. --- README.md | 8 ++++++++ spec/classes/mod/disk_cache_spec.rb | 12 ++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a1cdb9eb96..12124a135e 100755 --- a/README.md +++ b/README.md @@ -1674,6 +1674,14 @@ class {'::apache::mod::disk_cache': } ``` +To specify cache ignore headers, pass a string to the `cache_ignore_headers` parameter. + +``` puppet +class {'::apache::mod::disk_cache': + cache_ignore_headers => 'Set-Cookie', +} +``` + ##### Class: `apache::mod::diskio` Installs and configures [`mod_diskio`][]. diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb index ebb5ef6a97..15ca0d935d 100644 --- a/spec/classes/mod/disk_cache_spec.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -26,7 +26,7 @@ it { should compile } it { should contain_class('apache::mod::disk_cache') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -40,7 +40,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end end @@ -66,7 +66,7 @@ }' end it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -77,7 +77,7 @@ }' end it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end end context "on a FreeBSD OS" do @@ -105,7 +105,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -119,7 +119,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } end end end From 449d90fbe4ad0f8ebab7825e17d42bcf5e12f11e Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Thu, 21 Dec 2017 15:18:10 +1300 Subject: [PATCH 1308/2267] set params for testing. --- spec/classes/mod/disk_cache_spec.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb index 15ca0d935d..29442c528f 100644 --- a/spec/classes/mod/disk_cache_spec.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -15,6 +15,13 @@ :is_pe => false, } end + + let(:params) { + { + :cache_ignore_headers => "Set-Cookie", + } + } + context "with Apache version < 2.4" do let :pre_condition do 'class{ "apache": @@ -57,6 +64,13 @@ :is_pe => false, } end + + let(:params) { + { + :cache_ignore_headers => "Set-Cookie", + } + } + context "with Apache version < 2.4" do let :pre_condition do 'class{ "apache": @@ -93,6 +107,13 @@ :is_pe => false, } end + + let(:params) { + { + :cache_ignore_headers => "Set-Cookie", + } + } + context "with Apache version < 2.4" do let :pre_condition do 'class{ "apache": From 840a0375f06f6892c19b4f21ebe8c65ea5ad6eaa Mon Sep 17 00:00:00 2001 From: Paul Tompsett Date: Thu, 21 Dec 2017 05:04:34 +0000 Subject: [PATCH 1309/2267] MODULES-6297: updated doco to include SSLProxyCipherSuite option for vhosts --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6fbcaa8f77..bfa09e3391 100755 --- a/README.md +++ b/README.md @@ -5175,6 +5175,12 @@ A depth of 0 means that only self-signed remote server certificates are accepted Default: `undef` +##### `ssl_proxy_cipher_suite` + +Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) directive, which controls cipher suites supported for ssl proxy traffic. + +Default: `undef` + ##### `ssl_proxy_ca_cert` Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. From 1d72b85158cdb69a478293be12669dd38cb00b03 Mon Sep 17 00:00:00 2001 From: Kent Lee <754650@la-c02tq1u2htd7.bnznag.nz.thenational.com> Date: Thu, 21 Dec 2017 21:50:37 +1300 Subject: [PATCH 1310/2267] removed quote for tests --- README.md | 2 +- spec/classes/mod/disk_cache_spec.rb | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 12124a135e..c1627312d9 100755 --- a/README.md +++ b/README.md @@ -1678,7 +1678,7 @@ To specify cache ignore headers, pass a string to the `cache_ignore_headers` par ``` puppet class {'::apache::mod::disk_cache': - cache_ignore_headers => 'Set-Cookie', + cache_ignore_headers => "Set-Cookie", } ``` diff --git a/spec/classes/mod/disk_cache_spec.rb b/spec/classes/mod/disk_cache_spec.rb index 29442c528f..d6e7bf29d8 100644 --- a/spec/classes/mod/disk_cache_spec.rb +++ b/spec/classes/mod/disk_cache_spec.rb @@ -33,7 +33,7 @@ it { should compile } it { should contain_class('apache::mod::disk_cache') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -47,7 +47,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end end @@ -80,7 +80,7 @@ }' end it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -91,7 +91,7 @@ }' end it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end end context "on a FreeBSD OS" do @@ -126,7 +126,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("disk_cache") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end context "with Apache version >= 2.4" do let :pre_condition do @@ -140,7 +140,7 @@ it { should contain_class('apache::mod::disk_cache') } it { should contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } it { is_expected.to contain_apache__mod("cache_disk") } - it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders \"Set-Cookie\"/) } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie/) } end end end From ee02e963ff92f8c804ec901b21876786718b8d19 Mon Sep 17 00:00:00 2001 From: Emerson Prado Date: Mon, 7 Aug 2017 16:14:08 -0300 Subject: [PATCH 1311/2267] Include auxilliary template for "Require" directives for mod::* Use "Allow" defaults for "Require" directives for mod::* Include auxilliary template for "Allow" directives for mod::* Use helper templates in mod/status.conf.erb / add "requires" parameter Conflicts: manifests/mod/status.pp Include defaults for "Allow" and "Require" directives in mod::status Conflicts: manifests/mod/status.pp Add comment for Puppet 4.2 in template mod/status.conf.erb Include in template mod/_require.erb parsing of "requires" as string Include in template mod/_require.erb parsing of "requires" as array Include in template mod/_require.erb parsing of "requires" as hash Include in template mod/_require.erb section "Require(Any|All|None)" Allows undef for parameter apache::mod::status::allow_from Add Require context for Apache >= 2.4 in mod::status spec Add missing parameter for Apache 2.4 contexts in mod::status spec test Add function for "Require" directive in mod::status spec test Iterate Require params in Apache 2.4 contexts in mod::status spec test Include empty and "unmanaged" requires param in mod::status spec test Include default case for requires param in mod::status spec test Remove class variable reference in mod::status spec test Change assignment to nil in mod::status spec test Change undef test in mod::status spec test Revert "Change undef test in mod::status spec test" This reverts commit 57ac710a5b5aa03b1915a582b6b952839a072958. Only change undef test in mod::status spec test Change quoting of control char in mod::status spec test Include in template mod/_require.erb parsing of "requires" as array Include in template mod/_require.erb parsing of "requires" as hash Include in template mod/_require.erb parsing of "requires" with enforce Use each for array parsing in mod::status spec test Correct hash references in mod::status spec test Remove "prints" from "each" iterations in mod::status spec test Split "each" one-liners in mod::status spec test Use symbols in hash keys in mod::status spec test Include "print" again in function returns in mod::status spec test Use map+join to parse arrays in mod::status spec test Correct indentations in helper template for apache 2.4 Include type validation for ...mod::status::requires Align parameter indentation in ...mod::status Document parameter "requires" in ...mod::status Correct parameter description in mod::status class Include in README parameter mod::status::requires Add code tags in parameter mod::status::requires description in README Include array/hash doc refs in mod::status::requires description in README --- README.md | 18 +++++ manifests/mod/status.pp | 28 ++++++- spec/classes/mod/status_spec.rb | 137 +++++++++++++++++++++++++++++++- templates/mod/_allow.erb | 7 ++ templates/mod/_require.erb | 44 ++++++++++ templates/mod/status.conf.erb | 10 ++- 6 files changed, 233 insertions(+), 11 deletions(-) create mode 100644 templates/mod/_allow.erb create mode 100644 templates/mod/_require.erb diff --git a/README.md b/README.md index 27a8a7ea23..741d711192 100755 --- a/README.md +++ b/README.md @@ -2791,6 +2791,24 @@ Installs [`mod_status`][] and uses the `status.conf.erb` template to generate it * `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. + +* `requires`: A string, an [array][] or a [hash][], of IPs and/or names that can/can't access `/server-status`, using Apache v. >= 2.4 `mod_authz_host` directives (`require ip`, `require host`, etc.). This parameter should follow one of the structures below: + + > Only used if Apache version >= 2.4 + + - `undef` - Uses `allow_from` and old directive syntax (`Allow from `). Issues deprecation warning. + - String + - `''` or `'unmanaged'` - No auth directives (access controlled elsewhere) + - `'ip '` - IPs/ranges allowed to access `/server-status` + - `'host '` - Names/domains allowed to access `/server-status` + - `'all [granted|denied]'` - Allow / block everyone + - Array - Each item should be a string from those described above. Results in one directive per array item. + - Hash with structure below (shown as key => value, where keys are strings): + - `'requires'` => Array as above - Same effect as the array + - `'enforce'` => String `'Any'`, `'All'` or `'None'` (optional) - Encloses all directives from `'requires'` key in a `` block + + Default: 'ip 127.0.0.1 ::1' + * `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Values: 'Off', 'On'. diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 54d0d88871..988e13b3cc 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -7,6 +7,20 @@ # - $allow_from is an array of hosts, ip addresses, partial network numbers # or networks in CIDR notation specifying what hosts can view the special # /server-status URL. Defaults to ['127.0.0.1', '::1']. +# > Creates Apache < 2.4 directive "Allow from" +# - $requires is either a: +# - String with: +# - '' or 'unmanaged' - Host auth control done elsewhere +# - 'ip ' - Allowed IPs/ranges +# - 'host ' - Allowed names/domains +# - 'all [granted|denied]' +# - Array of strings with ip or host as above +# - Hash with following keys: +# - 'requires' - Value => Array as above +# - 'enforce' - Value => String 'Any', 'All' or 'None' +# This encloses "Require" directives in "" block +# Optional - If unspecified, "Require" directives follow current flow +# > Creates Apache >= 2.4 directives "Require" # - $extended_status track and display extended status information. Valid # values are 'On' or 'Off'. Defaults to 'On'. # - $status_path is the path assigned to the Location directive which @@ -26,15 +40,21 @@ # } # class apache::mod::status ( - Array $allow_from = ['127.0.0.1','::1'], - Enum['On', 'Off', 'on', 'off'] $extended_status = 'On', - $apache_version = undef, - $status_path = '/server-status', + Optional[Array] $allow_from = undef, + Optional[Variant[String, Array, Hash]] $requires = undef, + Enum['On', 'Off', 'on', 'off'] $extended_status = 'On', + $apache_version = undef, + $status_path = '/server-status', ) inherits ::apache::params { include ::apache $_apache_version = pick($apache_version, $apache::apache_version) ::apache::mod { 'status': } + + # Defaults for "Allow from" or "Require" directives + $allow_defaults = ['127.0.0.1','::1'] + $requires_defaults = 'ip 127.0.0.1 ::1' + # Template uses $allow_from, $extended_status, $_apache_version, $status_path file { 'status.conf': ensure => file, diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 7bc7831fba..0a6305638b 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -1,6 +1,7 @@ require 'spec_helper' # Helper function for testing the contents of `status.conf` +# Apache < 2.4 def status_conf_spec(allow_from, extended_status, status_path) it do is_expected.to contain_file("status.conf").with_content( @@ -19,12 +20,51 @@ def status_conf_spec(allow_from, extended_status, status_path) ) end end +# Apache >= 2.4 +def require_directives(requires) + if requires == :undef + return " Require ip 127.0.0.1 ::1\n" + elsif requires.is_a?(String) + if ['','unmanaged'].include?requires.downcase + return '' + else + return " Require #{requires}\n" + end + elsif requires.is_a?(Array) + return requires.map { |req| " Require #{req}\n" }.join('') + elsif requires.is_a?(Hash) + unless requires.has_key?(:enforce) + return requires[:requires].map { |req| " Require #{req}\n" }.join('') + else + return \ + " \n" + \ + requires[:requires].map { |req| " Require #{req}\n" }.join('') + \ + " \n" + end + end +end +def status_conf_spec_require(requires, extended_status, status_path) + it do + is_expected.to contain_file("status.conf").with_content( + "\n"\ + " SetHandler server-status\n"\ + "#{require_directives(requires)}"\ + "\n"\ + "ExtendedStatus #{extended_status}\n"\ + "\n"\ + "\n"\ + " # Show Proxy LoadBalancer status in mod_status\n"\ + " ProxyStatus On\n"\ + "\n" + ) + end +end describe 'apache::mod::status', :type => :class do it_behaves_like "a mod class, without including apache" - + context "default configuration with parameters" do - context "on a Debian OS with default params" do + context "on a Debian 6 OS with default params" do let :facts do { :osfamily => 'Debian', @@ -55,7 +95,7 @@ def status_conf_spec(allow_from, extended_status, status_path) end - context "on a RedHat OS with default params" do + context "on a RedHat 6 OS with default params" do let :facts do { :osfamily => 'RedHat', @@ -77,6 +117,97 @@ def status_conf_spec(allow_from, extended_status, status_path) end + valid_requires = { + :undef => :undef, + :empty => '', + :unmanaged => 'unmanaged', + :string => 'ip 127.0.0.1 192.168', + :array => [ + 'ip 127.0.0.1', + 'ip ::1', + 'host localhost', + ], + :hash => { + :requires => [ + 'ip 10.1', + 'host somehost', + ], + }, + :enforce => { + :enforce => 'all', + :requires => [ + 'ip 127.0.0.1', + 'host localhost', + ], + }, + } + valid_requires.each do |req_key, req_value| + context "on a Debian 8 OS with default params and #{req_key} requires" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + let :params do + { + :requires => req_value, + } + end + + it { is_expected.to contain_apache__mod("status") } + + status_conf_spec_require(req_value, "On", "/server-status") + + it { is_expected.to contain_file("status.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/status.conf', + } ) } + + it { is_expected.to contain_file("status.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/status.conf', + } ) } + + end + + context "on a RedHat 7 OS with default params and #{req_key} requires" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + let :params do + { + :requires => req_value, + } + end + + it { is_expected.to contain_apache__mod("status") } + + status_conf_spec_require(req_value, "On", "/server-status") + + it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.modules.d/status.conf") } + + end + end + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do let :facts do { diff --git a/templates/mod/_allow.erb b/templates/mod/_allow.erb new file mode 100644 index 0000000000..0542e49a62 --- /dev/null +++ b/templates/mod/_allow.erb @@ -0,0 +1,7 @@ + Order deny,allow + Deny from all +<% if @allow_from != nil and ! @allow_from.empty? -%> + Allow from <%= Array(@allow_from).join(" ") %> +<% else -%> + Allow from <%= Array(@allow_defaults).join(" ") %> +<% end -%> diff --git a/templates/mod/_require.erb b/templates/mod/_require.erb new file mode 100644 index 0000000000..6a06d68da8 --- /dev/null +++ b/templates/mod/_require.erb @@ -0,0 +1,44 @@ +<% if @requires != nil -%> + <%- _requires = @requires -%> +<% elsif @allow_from != nil and ! @allow_from.empty? -%> + <%- scope.function_warning(["Class #{@title}: Using Allow"]) -%> + <%- scope.function_warning(["is deprecated in Apache #{@_apache_version}"]) -%> + <%- _requires = 'ip ' + Array(@allow_from).join(" ") -%> +<% else -%> + <%- _requires = @requires_defaults -%> +<% end -%> +<%-# -%> +<% if _requires.is_a?(String) -%> + <%- if ! ['', 'unmanaged'].include?_requires.downcase -%> + Require <%= _requires %> + <%- end -%> +<% elsif _requires.is_a?(Array) -%> + <%- _requires.each do |req| -%> + Require <%= req %> + <%- end -%> +<% elsif _requires.is_a?(Hash) -%> + <%- if _requires.has_key?('enforce') and ['all', 'none', 'any'].include?_requires['enforce'].downcase -%> + <%- enforce_str = "Require#{_requires['enforce'].capitalize}>\n" -%> + <%- enforce_open = " <#{enforce_str}" -%> + <%- enforce_close = " + <%- indentation = ' ' -%> + <%- else -%> + <%- if _requires.has_key?('enforce') -%> + <%- scope.function_warning(["Class #{@title}: Require can only"]) -%> + <%- scope.function_warning(["be overwritten with all, none or any."]) -%> + <%- end -%> + <%- enforce_open = '' -%> + <%- enforce_close = '' -%> + <%- indentation = '' -%> + <%- end -%> + <%- if _requires.has_key?('requires') and _requires['requires'].is_a?(Array) -%> +<%# %><%= enforce_open -%> + <%- _requires['requires'].each do |req| -%> +<%# %> <%= indentation -%>Require <%= req %> + <%- end -%> +<%# %><%= enforce_close -%> + <%- else -%> + <%- scope.function_warning(["Class #{@title}: Require hash must have"]) -%> + <%- scope.function_warning(["a key named \"requires\" with array value"]) -%> + <%- end -%> +<% end -%> diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index 6a6b3daa2d..28cc55b4f7 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,11 +1,13 @@ > SetHandler server-status + <%-# From Puppet 4.2 up, replace: -%> + <%-# "scope.function_template(["apache/mod/