diff --git a/.fixtures.yml b/.fixtures.yml index d1b2b8147f..1360d3a735 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,6 @@ fixtures: repositories: stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git" - firewall: "git://github.com/puppetlabs/puppetlabs-firewall.git" + concat: "git://github.com/ripienaar/puppet-concat.git" symlinks: apache: "#{source_dir}" diff --git a/.gitignore b/.gitignore index 45b6d17d3e..e41102bd82 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ .pkg Gemfile.lock +vendor +spec/fixtures +.rspec_system +.bundle diff --git a/.nodeset.yml b/.nodeset.yml new file mode 100644 index 0000000000..767f9cd2f6 --- /dev/null +++ b/.nodeset.yml @@ -0,0 +1,31 @@ +--- +default_set: 'centos-64-x64' +sets: + 'centos-59-x64': + nodes: + "main.foo.vm": + prefab: 'centos-59-x64' + 'centos-64-x64': + nodes: + "main.foo.vm": + prefab: 'centos-64-x64' + 'fedora-18-x64': + nodes: + "main.foo.vm": + prefab: 'fedora-18-x64' + 'debian-607-x64': + nodes: + "main.foo.vm": + prefab: 'debian-607-x64' + 'debian-70rc1-x64': + nodes: + "main.foo.vm": + prefab: 'debian-70rc1-x64' + 'ubuntu-server-10044-x64': + nodes: + "main.foo.vm": + prefab: 'ubuntu-server-10044-x64' + 'ubuntu-server-12042-x64': + nodes: + "main.foo.vm": + prefab: 'ubuntu-server-12042-x64' diff --git a/.travis.yml b/.travis.yml index 8f713e06b8..0a7fe77ad7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,26 +1,40 @@ +--- +branches: + only: + - master language: ruby bundler_args: --without development script: "bundle exec rake spec SPEC_OPTS='--format documentation'" +after_success: + - git clone -q git://github.com/puppetlabs/ghpublisher.git .forge-releng + - .forge-releng/publish rvm: - 1.8.7 - 1.9.3 - - ruby-head + - 2.0.0 env: - - PUPPET_GEM_VERSION="~> 2.6.0" - - PUPPET_GEM_VERSION="~> 2.7.0" - - PUPPET_GEM_VERSION="~> 3.0.0" - - PUPPET_GEM_VERSION="~> 3.1.0" + matrix: + - PUPPET_GEM_VERSION="~> 2.7.0" + - PUPPET_GEM_VERSION="~> 3.0.0" + - PUPPET_GEM_VERSION="~> 3.1.0" + - PUPPET_GEM_VERSION="~> 3.2.0" + global: + - PUBLISHER_LOGIN=puppetlabs + - secure: |- + MO4pB4bqBQJjm2yFHf3Mgho+y0Qv4GmMxTMhzI02tGy1V0HMtruZbR7EBN0i + n2CiR7V9V0mNR7/ymzDMF9yVBcgqyXMsp/C6u992Dd0U63ZwFpbRWkxuAeEY + ioupWBkiczjVEo+sxn+gVOnx28pcH/X8kDWbr6wFOMIjO03K66Y= matrix: - allow_failures: - - rvm: ruby-head exclude: - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: ruby-head + - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 2.7.0" - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 2.6.0" - - rvm: ruby-head - env: PUPPET_GEM_VERSION="~> 2.6.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.0.0" + - rvm: 2.0.0 + env: PUPPET_GEM_VERSION="~> 3.1.0" + - rvm: 1.8.7 + env: PUPPET_GEM_VERSION="~> 3.2.0" notifications: email: false diff --git a/CHANGELOG b/CHANGELOG index 1a2fa1a749..5b2b0bd25f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,13 @@ +2013-07-09 Release 0.7.0 +Changes: +- Essentially rewrite the module -- too many to list +- `apache::vhost` has many abilities -- see README.md for details +- `apache::mod::*` classes provide httpd mod-loading capabilities +- `apache` base class is much more configurable + +Bugfixes: +- Many. And many more to come + 2013-03-2 Release 0.6.0 - update travis tests (add more supported versions) - add access log_parameter diff --git a/Gemfile b/Gemfile index 8e5e04d744..14d532985e 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,10 @@ -source :rubygems +source 'https://rubygems.org' group :development, :test do + gem 'rake', :require => false gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-system-puppet', :require => false + gem 'puppet-lint', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/Modulefile b/Modulefile index 300706fb4a..75545bbcc7 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-apache' -version '0.6.0' +version '0.7.0' source 'git://github.com/puppetlabs/puppetlabs-apache.git' author 'puppetlabs' license 'Apache 2.0' @@ -8,5 +8,5 @@ description 'Module for Apache configuration' project_page 'https://github.com/puppetlabs/puppetlabs-apache' ## Add dependencies, if any: -dependency 'puppetlabs/firewall', '>= 0.0.4' dependency 'puppetlabs/stdlib', '>= 2.2.1' +dependency 'ripienaar/concat', '>= 0.2.0' diff --git a/README.md b/README.md index 9e8b5e5e8c..4bd149b12a 100644 --- a/README.md +++ b/README.md @@ -1,67 +1,858 @@ -Puppetlabs module for Apache -============================ +#apache -Apache is widely-used web server and this module will allow to configure -various modules and setup virtual hosts with minimal effort. +####Table of Contents -Basic usage ------------ +1. [Overview - What is the Apache module?](#overview) +2. [Module Description - What does the module do?](#module-description) +3. [Setup - The basics of getting started with Apache](#setup) + * [Beginning with Apache - Installation](#beginning-with-apache) + * [Configure a Virtual Host - Basic options for getting started](#configure-a-virtual-host) +4. [Usage - The classes, defined types, and their parameters available for configuration](#usage) + * [Classes and Defined Types](#classes-and-defined-types) + * [Class: apache](#class-apache) + * [Classes: apache::mod::*](#classes-apachemodname) + * [Defined Type: apache::vhost](#defined-type-apachevhost) + * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) +5. [Implementation - An under-the-hood peek at what the module is doing](#implementation) + * [Classes and Defined Types](#classes-and-defined-types) + * [Templates](#templates) +6. [Limitations - OS compatibility, etc.](#limitations) +7. [Development - Guide for contributing to the module](#development) +8. [Release Notes - Notes on the most recent updates to the module](#release-notes) -To install Apache +##Overview - class {'apache': } +The Apache module allows you to set up virtual hosts and manage web services with minimal effort. -To install the Apache PHP module +##Module Description - class {'apache::mod::php': } +Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules. -Configure a virtual host ------------------------- +##Setup -You can easily configure many parameters of a virtual host. A minimal -example is: +**What Apache affects:** - apache::vhost { 'www.example.com': - priority => '10', - vhost_name => '192.0.2.1', - port => '80', +* configuration files and directories (created and written to) + * **NOTE**: Configurations that are *not* managed by Puppet will be purged. +* package/service/configuration files for Apache +* Apache modules +* virtual hosts +* listened-to ports + +###Beginning with Apache + +To install Apache with the default parameters + + class { 'apache': } + +The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters + + class { 'apache': + default_mods => false, + … + } + +###Configure a virtual host + +Declaring the `apache` class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. + + class { 'apache': } + +To configure a very basic, name-based virtual host + + apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', + } + +*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else. + +A slightly more complicated example, which moves the docroot owner/group + + apache::vhost { 'second.example.com': + port => '80', + docroot => '/var/www/second', + docroot_owner => 'third', + docroot_group => 'third', + } + +To set up a virtual host with SSL and default SSL certificates + + apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, + } + +To set up a virtual host with SSL and specific SSL certificates + + apache::vhost { 'fourth.example.com': + port => '443', + docroot => '/var/www/fourth', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', } -A slightly more complicated example, which moves the docroot and -logfile to an alternate location, might be: +To set up a virtual host with wildcard alias for subdomain mapped to same named directory +`http://examle.com.loc => /var/www/example.com` + + apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot' => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], + } + +To see a list of all virtual host parameters, [please go here](#defined-type-apachevhost). To see an extensive list of virtual host examples [please look here](#virtual-host-examples). + +##Usage + +###Classes and Defined Types + +This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures. + +It is possible to temporarily disable full Puppet management by setting the `purge_configs` parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. + +####Class: `apache` + +The Apache module's primary class, `apache`, guides the basic setup of Apache on your system. + +You may establish a default vhost in this class, the `vhost` class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. + +**Parameters within `apache`:** + +#####`default_mods` + +Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration. + +#####`default_vhost` + +Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). + +#####`default_ssl_vhost` + +Sets up a default SSL virtual host. Defaults to 'false'. + + apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } + +SSL vhosts only respond to HTTPS queries. + +#####`default_ssl_cert` + +The default SSL certification, which is automatically set based on your operating system (`/etc/pki/tls/certs/localhost.crt` for RedHat, `/etc/ssl/certs/ssl-cert-snakeoil.pem` for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_key` + +The default SSL key, which is automatically set based on your operating system (`/etc/pki/tls/private/localhost.key` for RedHat, `/etc/ssl/private/ssl-cert-snakeoil.key` for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_chain` + +The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_ca` + +The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_crl_path` + +The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_crl` + +The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. + +#####`service_enable` + +Determines whether the 'httpd' service is enabled when the machine is booted, meaning Puppet will check the service status to start/stop it. Defaults to 'true', meaning the service is enabled/running. + +#####`serveradmin` + +Sets the server administrator. Defaults to 'root@localhost'. + +#####`sendfile` + +Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'false'. + +#####`error_documents` + +Enables custom error documents. Defaults to 'false'. + +#####`confd_dir` + +Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS. + +#####`vhost_dir` + +Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS. + +#####`mod_dir` + +Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS. + +#####`mpm_module` + +Configures which mpm module is loaded and configured for the httpd process by the `apache::mod::prefork` and `apache::mod::worker` classes. Must be set to `false` to explicitly declare `apache::mod::worker` or `apache::mod::prefork` classes with parameters. Valid values are `worker`, `prefork`, or the boolean `false`. Defaults to `prefork` on RedHat and `worker` on Debian. + +#####`conf_template` + +Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'. + +####Class: `apache::default_mods` + +Installs default Apache modules based on what OS you are running + + class { 'apache::default_mods': } + +####Defined Type: `apache::mod` + +Used to enable arbitrary Apache httpd modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type will also install the required packages to enable the module, if any. + + apache::mod { 'rewrite': } + apache::mod { 'ldap': } + +####Classes: `apache::mod::[name]` + +There are many `apache::mod::[name]` classes within this module that can be declared using `include`: + +* `alias` +* `auth_basic` +* `auth_kerb` +* `autoindex` +* `cache` +* `cgi` +* `cgid` +* `dav` +* `dav_fs` +* `deflate` +* `dir`* +* `disk_cache` +* `fcgid` +* `info` +* `ldap` +* `mime` +* `mime_magic` +* `mpm_event` +* `negotiation` +* `passenger`* +* `perl` +* `php` (requires [`mpm_module`](#mpm_module) set to `prefork`) +* `prefork`* +* `proxy`* +* `proxy_html` +* `proxy_http` +* `python` +* `reqtimeout` +* `setenvif` +* `ssl`* (see [apache::mod::ssl](#class-apachemodssl) below) +* `status` +* `userdir`* +* `worker`* +* `wsgi` +* `xsendfile` - apache::vhost { 'www.example.com': - priority => '10', - vhost_name => '192.0.2.1', - port => '80', - docroot => '/home/www.example.com/docroot/', - logroot => '/srv/www.example.com/logroot/', - serveradmin => 'webmaster@example.com', - serveraliases => ['example.com',], +Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention. + +The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files. + +####Class: `apache::mod::ssl` + +Installs Apache SSL capabilities and utilizes `ssl.conf.erb` template + + class { 'apache::mod::ssl': } + +To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. + +####Defined Type: `apache::vhost` + +The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters. + +The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base `apache` class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). + +If you have a series of specific configurations and do not want a base `apache` class default vhost, make sure to set the base class default host to 'false'. + + class { 'apache': + default_vhost => false, } -Dependencies ------------- +**Parameters within `apache::vhost`:** + +The default values for each parameter will vary based on operating system and type of virtual host. + +#####`access_log` + +Specifies whether `*_access.log` directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'. + +#####`access_log_file` + +Points to the `*_access.log` file. Defaults to 'undef'. + +#####`access_log_pipe` + +Specifies a pipe to send access log messages to. Defaults to 'undef'. + +#####`access_log_format` + +Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'. + +#####`add_listen` + +Determines whether the vhost creates a listen statement. The default value is 'true'. + +Setting `add_listen` to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. + +#####`aliases` + +Passes a list of hashes to the vhost to create `Alias` statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). Each hash is expected to be of the form: + +```ruby +aliases => [ { alias => '/alias', path => '/path/to/directory' } ], +``` + +For `Alias` to work, each will need a corresponding `` or `` block. + +**Note:** If `apache::mod::passenger` is loaded and `PassengerHighPerformance true` is set, then `Alias` may have issues honouring the `PassengerEnabled off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. + +#####`block` + +Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the [Development](#development) section. + +#####`custom_fragment` + +Pass a string of custom configuration directives to be placed at the end of the vhost configuration. + +#####`default_vhost` + +Sets a given `apache::vhost` as the default to serve requests that do not match any other `apache::vhost` definitions. The default value is 'false'. + +#####`directories` + +Passes a list of hashes to the vhost to create `...` directive blocks as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#directory). Each hash should be of the form of: + +```ruby +directory => [ { path => '/path/to/directory', => } ], +``` + +*Note:* At least one directory should match `docroot` parameter, once you start declaring directories `apache::vhost` assumes that all required `` blocks will be declared. + +*Note:* If not defined a single default `` block will be created that matches the `docroot` parameter. + +The directives will be embedded within the `Directory` directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives: + +######`addhandlers` + +Sets `AddHandler` directives as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler). Accepts a list of hashes of the form `{ handler => 'handler-name', extensions => ['extension']}`. Note that `extensions` is a list of extenstions being handled by the handler. +An example: + +```ruby +directory => [ { path => '/path/to/directory', + addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ] +} ] +``` + +######`allow` + +Sets an `Allow` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow). An example: + +```ruby +directory => [ { path => '/path/to/directory', allow => 'from example.org' } ], +``` + +######`allow_override` + +Sets the usage of `.htaccess` files as per the [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride). Should accept in the form of a list or a string. An example: + +```ruby +directory => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ], +``` + +######`deny` + +Sets an `Deny` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny). An example: + +```ruby +directory => [ { path => '/path/to/directory', deny => 'from example.org' } ], +``` + +######`options` + +Lists the options for the given `` block + +```ruby + directory => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }] +``` + +######`order` +Sets the order of processing `Allow` and `Deny` statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). An example: + +```ruby +directory => [ { path => '/path/to/directory', order => 'Allow, Deny' } ], +``` + +######`passenger_enabled` + +Sets the value for the `PassengerEnabled` directory to `on` or `off` as per the [Passenger documentation](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled). + +```ruby +directory => [ { path => '/path/to/directory', passenger_enabled => 'off' } ], +``` + +**Note:** This directive requires `apache::mod::passenger` to be active, Apache may not start with an unrecognised directive without it. + +**Note:** Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the `PassengerEnabled` directive with the `PassengerHighPerformance` directive. + +#####`docroot` + +Provides the DocumentRoot directive, identifying the directory Apache serves files from. + +#####`docroot_group` + +Sets group access to the docroot directory. Defaults to 'root'. + +#####`docroot_owner` + +Sets individual user access to the docroot directory. Defaults to 'root'. + +#####`error_log` + +Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. + +#####`error_log_file` + +Points to the `*_error.log` file. Defaults to 'undef'. + +#####`error_log_pipe` + +Specifies a pipe to send error log messages to. Defaults to 'undef'. + +#####`ensure` + +Specifies if the vhost file is present or absent. + +#####`ip` + +The IP address the vhost listens on. Defaults to 'undef'. + +#####`ip_based` + +Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. + +#####`logroot` + +Specifies the location of the virtual host's logfiles. Defaults to `/var/log//`. + +#####`no_proxy_uris` + +Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with `proxy_dest`. + +#####`options` + +Lists the options for the given virtual host + + apache::vhost { 'site.name.fdqn': + … + options => ['Indexes','FollowSymLinks','MultiViews'], + } + +#####`override` + +Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments. + +#####`port` + +Sets the port the host is configured on. + +#####`priority` + +Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'. + +If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match. + +*Note*: You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. + +#####`proxy_dest` + +Specifies the destination address of a proxypass configuration. Defaults to 'undef'. + +#####`proxy_pass` + +Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'. + +Example: +$proxy_pass = [ + { 'path' => '/a', 'url' => 'http://backend-a/' }, + { 'path' => '/b', 'url' => 'http://backend-b/' }, + { 'path' => '/c', 'url' => 'http://backend-a/c' }, +] + +apache::vhost { 'site.name.fdqn': + … + proxy_pass => $proxy_pass, +} + +#####`rack_base_uris` + +Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the `_rack.erb` template. Defaults to 'undef'. + +#####`redirect_dest` + +Specifies the address to redirect to. Defaults to 'undef'. + +#####`redirect_source` + +Specifies the source items? that will redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. + + apache::vhost { 'site.name.fdqn': + … + redirect_source => ['/images','/downloads'], + redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], + } + +#####`redirect_status` + +Specifies the status to append to the redirect. Defaults to 'undef'. + + apache::vhost { 'site.name.fdqn': + … + redirect_status => ['temp','permanent'], + } + +#####`request_headers` + +Specifies additional request headers. + + apache::vhost { 'site.name.fdqn': + … + request_headers => [ + 'append MirrorID "mirror 12"', + 'unset MirrorID', + ], + } + +#####`rewrite_base` + +Limits the `rewrite_rule` to the specified base URL. Defaults to 'undef'. + + apache::vhost { 'site.name.fdqn': + … + rewrite_rule => '^index\.html$ welcome.html', + rewrite_base => '/blog/', + } + +The above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/. + +#####`rewrite_cond` + +Rewrites a URL via `rewrite_rule` based on the truth of specified conditions. For example + + apache::vhost { 'site.name.fdqn': + … + rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE', + } + +will rewrite URLs only if the visitor is using IE. Defaults to 'undef'. + +*Note*: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple `rewrite_cond` and `rewrite_rules` per vhost, so that different conditions get different rewrites. + +#####`rewrite_rule` + +Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html. + + apache::vhost { 'site.name.fdqn': + … + rewrite_rule => '^index\.html$ welcome.html', + } + +#####`scriptalias` + +Defines a directory of CGI scripts to be aliased to the path '/cgi-bin' + +#####`serveradmin` + +Specifies the email address Apache will display when it renders one of its error pages. + +#####`serveraliases` + +Sets the server aliases of the site. + +#####`servername` + +Sets the primary name of the virtual host. + +#####`setenv` + +Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. + +#####`setenvif` + +Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. + +#####`ssl` + +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. + +#####`ssl_ca` + +Specifies the certificate authority. + +#####`ssl_cert` + +Specifies the SSL certification. + +#####`ssl_certs_dir` + +Specifies the location of the SSL certification directory. Defaults to `/etc/ssl/certs`. + +#####`ssl_chain` + +Specifies the SSL chain. + +#####`ssl_crl` + +Specifies the certificate revocation list to use. + +#####`ssl_crl_path` + +Specifies the location of the certificate revocation list. + +#####`ssl_key` + +Specifies the SSL key. + +#####`vhost_name` + +This parameter is for use with name-based virtual hosting. Defaults to '*'. + +###Virtual Host Examples + +The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. + +Configure a vhost with a server administrator + + apache::vhost { 'third.example.com': + port => '80', + docroot => '/var/www/third', + serveradmin => 'admin@example.com', + } + +- - - + +Set up a vhost with aliased servers + + apache::vhost { 'sixth.example.com': + serveraliases => [ + 'sixth.example.org', + 'sixth.example.net', + ], + port => '80', + docroot => '/var/www/fifth', + } + +- - - + +Configure a vhost with a cgi-bin + + apache::vhost { 'eleventh.example.com': + port => '80', + docroot => '/var/www/eleventh', + scriptalias => '/usr/lib/cgi-bin', + } + +- - - + +Set up a vhost with a rack configuration + + apache::vhost { 'fifteenth.example.com': + port => '80', + docroot => '/var/www/fifteenth', + rack_base_uris => ['/rackapp1', '/rackapp2'], + } +- - - + +Set up a mix of SSL and non-SSL vhosts at the same domain + + #The non-ssl vhost + apache::vhost { 'first.example.com non-ssl': + servername => 'first.example.com', + port => '80', + docroot => '/var/www/first', + } + + #The SSL vhost at the same domain + apache::vhost { 'first.example.com ssl': + servername => 'first.example.com', + port => '443', + docroot => '/var/www/first', + ssl => true, + } + +- - - + +Configure a vhost to redirect non-SSL connections to SSL + + apache::vhost { 'sixteenth.example.com non-ssl': + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + redirect_status => 'permanent' + redirect_dest => 'https://sixteenth.example.com/' + } + apache::vhost { 'sixteenth.example.com ssl': + servername => 'sixteenth.example.com', + port => '443', + docroot => '/var/www/sixteenth', + ssl => true, + } + +- - - + +Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. + + apache::listen { '80': } + apache::listen { '81': } + +Then we will set up the IP-based vhosts + + apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, + } + apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, + } + +- - - + +Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL + + apache::vhost { 'The first IP-based vhost, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', + } + apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, + } + +Then, we will add two name-based vhosts listening on 10.0.0.20 + + apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', + } + apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', + } + +If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts. + + apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, + } + apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, + } + +##Implementation + +###Classes and Defined Types + +####Class: `apache::dev` + +Installs Apache development libraries + + class { 'apache::dev': } + +####Defined Type: `apache::listen` + +Controls which ports Apache binds to for listening based on the title: + + apache::listen { '80': } + apache::listen { '443': } + +Declaring this defined type will add all `Listen` directives to the `ports.conf` file in the Apache httpd configuration directory. `apache::listen` titles should always take the form of: ``, `:`, or `[]:` + +Apache httpd requires that `Listen` directives must be added for every port. The `apache::vhost` defined type will automatically add `Listen` directives unless the `apache::vhost` is passed `add_listen => false`. + +####Defined Type: `apache::namevirtualhost` + +Enables named-based hosting of a virtual host + + class { 'apache::namevirtualhost`: } + +Declaring this defined type will add all `NameVirtualHost` directives to the `ports.conf` file in the Apache https configuration directory. `apache::namevirtualhost` titles should always take the form of: `*`, `*:`, `_default_:`, ``, or `:`. + +####Defined Type: `apache::balancermember` + +Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources. + +On every app server you can export a balancermember like this: + + @@apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009" + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], + } + +And on the proxy itself you create the balancer cluster using the defined type apache::balancer: + + apache::balancer { 'puppet00': } + +###Templates + +The Apache module relies heavily on templates to enable the `vhost` and `apache::mod` defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration. + +##Limitations + +This has been tested on Ubuntu Precise, Debian Wheezy, and CentOS 5.8. + +##Development + +### Overview + +Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. -Some functionality is dependent on other modules: +We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -- [stdlib](https://github.com/puppetlabs/puppetlabs-stdlib) -- [firewall](https://github.com/puppetlabs/puppetlabs-firewall) +You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) -Notes ------ +### Running tests -Since Puppet cannot ensure that all parent directories exist you need to -manage these yourself. In the more advanced example above, you need to ensure -that `/home/www.example.com` and `/srv/www.example.com` directories exist. +This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [rspec-system](https://github.com/puppetlabs/rspec-system) to verify functionality. For in-depth information please see their respective documentation. -Contributors ------------- +Quickstart: - * A cast of hundreds, hopefully you too soon + gem install bundler + bundle install + bundle exec rake spec + bundle exec rake spec:system -Copyright and License ---------------------- +##Copyright and License Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc diff --git a/Rakefile b/Rakefile index cd3d379958..bb60173e57 100644 --- a/Rakefile +++ b/Rakefile @@ -1 +1,2 @@ require 'puppetlabs_spec_helper/rake_tasks' +require 'rspec-system/rake_task' diff --git a/lib/puppet/provider/a2mod.rb b/lib/puppet/provider/a2mod.rb new file mode 100644 index 0000000000..670aca3d03 --- /dev/null +++ b/lib/puppet/provider/a2mod.rb @@ -0,0 +1,34 @@ +class Puppet::Provider::A2mod < Puppet::Provider + def self.prefetch(mods) + instances.each do |prov| + if mod = mods[prov.name] + mod.provider = prov + end + end + end + + def flush + @property_hash.clear + end + + def properties + if @property_hash.empty? + @property_hash = query || {:ensure => :absent} + @property_hash[:ensure] = :absent if @property_hash.empty? + end + @property_hash.dup + end + + def query + self.class.instances.each do |mod| + if mod.name == self.name or mod.name.downcase == self.name + return mod.properties + end + end + nil + end + + def exists? + properties[:ensure] != :absent + end +end diff --git a/lib/puppet/provider/a2mod/a2mod.rb b/lib/puppet/provider/a2mod/a2mod.rb index 9f7ff0d5a6..c793767cc1 100644 --- a/lib/puppet/provider/a2mod/a2mod.rb +++ b/lib/puppet/provider/a2mod/a2mod.rb @@ -1,12 +1,30 @@ -Puppet::Type.type(:a2mod).provide(:a2mod) do +require 'puppet/provider/a2mod' + +Puppet::Type.type(:a2mod).provide(:a2mod, :parent => Puppet::Provider::A2mod) do desc "Manage Apache 2 modules on Debian and Ubuntu" optional_commands :encmd => "a2enmod" optional_commands :discmd => "a2dismod" + commands :apache2ctl => "apache2ctl" confine :osfamily => :debian defaultfor :operatingsystem => [:debian, :ubuntu] + def self.instances + modules = apache2ctl("-M").collect { |line| + m = line.match(/(\w+)_module \(shared\)$/) + m[1] if m + }.compact + + modules.map do |mod| + new( + :name => mod, + :ensure => :present, + :provider => :a2mod + ) + end + end + def create encmd resource[:name] end @@ -14,9 +32,4 @@ def create def destroy discmd resource[:name] end - - def exists? - mod= "/etc/apache2/mods-enabled/" + resource[:name] + ".load" - File.exists?(mod) - end end diff --git a/lib/puppet/provider/a2mod/redhat.rb b/lib/puppet/provider/a2mod/redhat.rb index a8bcf5e8a3..3e2bbc8c1e 100644 --- a/lib/puppet/provider/a2mod/redhat.rb +++ b/lib/puppet/provider/a2mod/redhat.rb @@ -1,6 +1,10 @@ -Puppet::Type.type(:a2mod).provide(:redhat) do +require 'puppet/provider/a2mod' + +Puppet::Type.type(:a2mod).provide(:redhat, :parent => Puppet::Provider::A2mod) do desc "Manage Apache 2 modules on RedHat family OSs" + commands :apachectl => "apachectl" + confine :osfamily => :redhat defaultfor :osfamily => :redhat @@ -30,18 +34,13 @@ def destroy File.delete(modfile) end - def exists? - File.exists?(modfile) and File.read(modfile).match(libfile) - end - def self.instances - modules = [] - Dir.glob("#{modpath}/*.load").each do |file| - m = file.match(/(\w+)\.load$/) - modules << m[1] if m - end + modules = apachectl("-M").collect { |line| + m = line.match(/(\w+)_module \(shared\)$/) + m[1] if m + }.compact - modules.map do |mod| + modules.map do |mod| new( :name => mod, :ensure => :present, diff --git a/manifests/balancer.pp b/manifests/balancer.pp new file mode 100644 index 0000000000..822e66b4d6 --- /dev/null +++ b/manifests/balancer.pp @@ -0,0 +1,68 @@ +# == Define Resource Type: apache::balancer +# +# This type will create an apache balancer cluster file inside the conf.d +# directory. Each balancer cluster needs one or more balancer members (that can +# be declared with the apache::balancermember defined resource type). Using +# storeconfigs, you can export the apache::balancermember resources on all +# balancer members, and then collect them on a single apache load balancer +# server. +# +# === Requirement/Dependencies: +# +# Currently requires the ripienaar/concat module on the Puppet Forge and uses +# storeconfigs on the Puppet Master to export/collect resources from all +# balancer members. +# +# === Parameters +# +# [*name*] +# The namevar of the defined resource type is the balancer clusters name. +# This name is also used in the name of the conf.d file +# +# [*collect_exported*] +# Boolean, default 'true'. True means 'collect exported @@balancermember +# resources' (for the case when every balancermember node exports itself), +# false means 'rely on the existing declared balancermember resources' (for the +# case when you know the full set of balancermembers in advance and use +# apache::balancermember with array arguments, which allows you to deploy +# everything in 1 run) +# +# +# === Examples +# +# Exporting the resource for a balancer member: +# +# apache::balancer { 'puppet00': } +# +define apache::balancer ( + $collect_exported = true, +) { + include concat::setup + + $target = "${::apache::params::confd_dir}/balancer_${name}.conf" + + concat { $target: + owner => '0', + group => '0', + mode => '0644', + notify => Service['httpd'], + } + + concat::fragment { '00-header': + target => $target, + order => '01', + content => "\n", + } + + if $collect_exported { + Apache::Balancermember <<| balancer_cluster == $name |>> + } + # else: the resources have been created and they introduced their + # concat fragments. We don't have to do anything about them. + + concat::fragment { '01-footer': + target => $target, + order => '20', + content => "\n", + } +} diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp new file mode 100644 index 0000000000..48931cf623 --- /dev/null +++ b/manifests/balancermember.pp @@ -0,0 +1,52 @@ +# == Define Resource Type: apache::balancermember +# +# This type will setup a balancer member inside a listening service +# configuration block in /etc/apache/apache.cfg on the load balancer. +# currently it only has the ability to specify the instance name, url and an +# array of options. More features can be added as needed. The best way to +# implement this is to export this resource for all apache balancer member +# servers, and then collect them on the main apache load balancer. +# +# === Requirement/Dependencies: +# +# Currently requires the ripienaar/concat module on the Puppet Forge and +# uses storeconfigs on the Puppet Master to export/collect resources +# from all balancer members. +# +# === Parameters +# +# [*name*] +# The title of the resource is arbitrary and only utilized in the concat +# fragment name. +# +# [*balancer_cluster*] +# The apache service's instance name (or, the title of the apache::balancer +# resource). This must match up with a declared apache::balancer resource. +# +# [*url*] +# The url used to contact the balancer member server. +# +# [*options*] +# An array of options to be specified after the url. +# +# === Examples +# +# Exporting the resource for a balancer member: +# +# @@apache::balancermember { 'apache': +# balancer_cluster => 'puppet00', +# url => "ajp://${::fqdn}:8009" +# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +# } +# +define apache::balancermember( + $balancer_cluster, + $url = "http://${::fqdn}/", + $options = [], +) { + + concat::fragment { "BalancerMember ${url}": + target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", + content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), + } +} diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp new file mode 100644 index 0000000000..d5e0de54c7 --- /dev/null +++ b/manifests/default_mods.pp @@ -0,0 +1,76 @@ +class apache::default_mods ( + $all = true, +) { + # These are modules required to run the default configuration. + # They are not configurable at this time, so we just include + # them to make sure it works. + case $::osfamily { + 'redhat': { + apache::mod { 'log_config': } + } + default: {} + } + apache::mod { 'authz_host': } + + # The rest of the modules only get loaded if we want all modules enabled + if $all { + case $::osfamily { + 'debian': { + include apache::mod::cgid # Debian uses mpm_worker + include apache::mod::reqtimeout + } + 'redhat': { + include apache::mod::cgi # RedHat uses mpm_prefork + include apache::mod::cache + include apache::mod::disk_cache + include apache::mod::info + include apache::mod::ldap + include apache::mod::mime_magic + include apache::mod::proxy + include apache::mod::proxy_http + include apache::mod::userdir + apache::mod { 'actions': } + apache::mod { 'auth_digest': } + apache::mod { 'authn_alias': } + apache::mod { 'authn_anon': } + apache::mod { 'authn_dbm': } + apache::mod { 'authn_default': } + apache::mod { 'authnz_ldap': } + apache::mod { 'authz_dbm': } + apache::mod { 'authz_owner': } + apache::mod { 'expires': } + apache::mod { 'ext_filter': } + apache::mod { 'include': } + apache::mod { 'logio': } + apache::mod { 'proxy_ajp': } + apache::mod { 'proxy_balancer': } + apache::mod { 'proxy_connect': } + apache::mod { 'proxy_ftp': } + apache::mod { 'rewrite': } + apache::mod { 'speling': } + apache::mod { 'substitute': } + apache::mod { 'suexec': } + apache::mod { 'usertrack': } + apache::mod { 'version': } + apache::mod { 'vhost_alias': } + } + default: {} + } + include apache::mod::alias + include apache::mod::autoindex + include apache::mod::dav + include apache::mod::dav_fs + include apache::mod::deflate + include apache::mod::dir + include apache::mod::mime + include apache::mod::negotiation + include apache::mod::setenvif + include apache::mod::status + apache::mod { 'auth_basic': } + apache::mod { 'authn_file': } + apache::mod { 'authz_default': } + apache::mod { 'authz_groupfile': } + apache::mod { 'authz_user': } + apache::mod { 'env': } + } +} diff --git a/manifests/dev.pp b/manifests/dev.pp index 851b032c05..ea86adae44 100644 --- a/manifests/dev.pp +++ b/manifests/dev.pp @@ -1,17 +1,8 @@ -# Class: apache::dev -# -# This class installs Apache development libraries -# -# Parameters: -# -# Actions: -# - Install Apache development libraries -# -# Requires: -# -# Sample Usage: -# class apache::dev { - warning('apache::dev is deprecated; please use apache::mod::dev') - include apache::mod::dev + include apache::params + $packages = $apache::params::dev_packages + package { $packages: + ensure => present, + require => Package['httpd'], + } } diff --git a/manifests/init.pp b/manifests/init.pp index 670068c5c0..e44877740d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,21 +13,61 @@ # Sample Usage: # class apache ( - $default_mods = true, - $service_enable = true, - $serveradmin = 'root@localhost', - $sendfile = false, - $purge_vdir = true -) { - include apache::params + $default_mods = true, + $default_vhost = true, + $default_ssl_vhost = false, + $default_ssl_cert = $apache::params::default_ssl_cert, + $default_ssl_key = $apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $service_enable = true, + $purge_configs = true, + $purge_vdir = false, + $serveradmin = 'root@localhost', + $sendfile = false, + $error_documents = false, + $confd_dir = $apache::params::confd_dir, + $vhost_dir = $apache::params::vhost_dir, + $mod_dir = $apache::params::mod_dir, + $mod_enable_dir = $apache::params::mod_enable_dir, + $mpm_module = $apache::params::mpm_module, + $conf_template = $apache::params::conf_template, + $user = $apache::params::user, + $group = $apache::params::group, +) inherits apache::params { package { 'httpd': ensure => installed, name => $apache::params::apache_name, } + validate_bool($default_mods) + validate_bool($default_vhost) # true/false is sufficient for both ensure and enable validate_bool($service_enable) + if $mpm_module { + validate_re($mpm_module, '(prefork|worker)') + } + + $httpd_dir = $apache::params::httpd_dir + $ports_file = $apache::params::ports_file + $logroot = $apache::params::logroot + + # declare the web server user and group + # Note: requiring the package means the package ought to create them and not puppet + group { $group: + ensure => present, + require => Package['httpd'] + } + + user { $user: + ensure => present, + gid => $group, + require => Package['httpd'], + before => Service['httpd'], + } service { 'httpd': ensure => $service_enable, @@ -36,38 +76,131 @@ subscribe => Package['httpd'], } - file { 'httpd_vdir': + # Deprecated backwards-compatibility + if $purge_vdir { + warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') + $purge_confd = $purge_vdir + } else { + $purge_confd = $purge_configs + } + + file { $apache::confd_dir: ensure => directory, - path => $apache::params::vdir, recurse => true, - purge => $purge_vdir, + purge => $purge_confd, notify => Service['httpd'], require => Package['httpd'], } - if $apache::params::conf_dir and $apache::params::conf_file { - # Template uses: - # - $apache::params::user - # - $apache::params::group - # - $apache::params::conf_dir - # - $serveradmin - file { "${apache::params::conf_dir}/${apache::params::conf_file}": - ensure => present, - content => template("apache/${apache::params::conf_file}.erb"), + if ! defined(File[$apache::mod_dir]) { + file { $apache::mod_dir: + ensure => directory, + recurse => true, + purge => $purge_configs, notify => Service['httpd'], require => Package['httpd'], } - if $default_mods == true { - include apache::mod::default + } + + if $apache::mod_enable_dir and ! defined(File[$apache::mod_enable_dir]) { + file { $apache::mod_enable_dir: + ensure => directory, + recurse => true, + purge => $purge_configs, + notify => Service['httpd'], + require => Package['httpd'], } } - if $apache::params::mod_dir { - file { $apache::params::mod_dir: + + if ! defined(File[$apache::vhost_dir]) { + file { $apache::vhost_dir: ensure => directory, + recurse => true, + purge => $purge_configs, + notify => Service['httpd'], + require => Package['httpd'], + } + } + + concat { $ports_file: + owner => 'root', + group => 'root', + mode => '0644', + notify => Service['httpd'], + } + concat::fragment { 'Apache ports header': + target => $ports_file, + content => template('apache/ports_header.erb') + } + + if $apache::params::conf_dir and $apache::params::conf_file { + case $::osfamily { + 'debian': { + $docroot = '/var/www' + $pidfile = '${APACHE_PID_FILE}' + $error_log = 'error.log' + $error_documents_path = '/usr/share/apache2/error' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } + 'redhat': { + $docroot = '/var/www/html' + $pidfile = 'run/httpd.pid' + $error_log = 'error_log' + $error_documents_path = '/var/www/error' + $scriptalias = '/var/www/cgi-bin' + $access_log_file = 'access_log' + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } + # Template uses: + # - $httpd_dir + # - $pidfile + # - $user + # - $group + # - $logroot + # - $error_log + # - $sendfile + # - $mod_dir + # - $ports_file + # - $confd_dir + # - $vhost_dir + # - $error_documents + # - $error_documents_path + file { "${apache::params::conf_dir}/${apache::params::conf_file}": + ensure => file, + content => template($conf_template), + notify => Service['httpd'], require => Package['httpd'], - } -> A2mod <| |> - resources { 'a2mod': - purge => true, + } + class { 'apache::default_mods': + all => $default_mods + } + if $mpm_module { + class { "apache::mod::${mpm_module}": } + } + if $default_vhost { + apache::vhost { 'default': + port => 80, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => $access_log_file, + priority => '15', + } + } + if $default_ssl_vhost { + apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + priority => '15', + } } } } diff --git a/manifests/listen.pp b/manifests/listen.pp new file mode 100644 index 0000000000..57982ba269 --- /dev/null +++ b/manifests/listen.pp @@ -0,0 +1,10 @@ +define apache::listen { + $listen_addr_port = $name + include apache::params + + # Template uses: $listen_addr_port + concat::fragment { "Listen ${listen_addr_port}": + target => $apache::params::ports_file, + content => template('apache/listen.erb'), + } +} diff --git a/manifests/mod.pp b/manifests/mod.pp index 7b9f090274..c9ea48e64b 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -1,41 +1,81 @@ define apache::mod ( - $package = undef + $package = undef, + $lib = undef ) { + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + $mod = $name - include apache::params #include apache #This creates duplicate resources in rspec-puppet + $lib_path = $apache::params::lib_path + $mod_dir = $apache::mod_dir + + # Determine if we have special lib + $mod_libs = $apache::params::mod_libs + $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack + if $lib { + $lib_REAL = $lib + } elsif $mod_lib { + $lib_REAL = $mod_lib + } else { + $lib_REAL = "mod_${mod}.so" + } + + # Determine if we have a package $mod_packages = $apache::params::mod_packages $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $package_REAL = $package - } elsif "$mod_package" { + } elsif "${mod_package}" { $package_REAL = $mod_package } - $mod_libs = $apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack - if "${mod_lib}" { - $lib = $mod_lib - } - - $mod_identifiers = $apache::params::mod_identifiers - $mod_identifier = $mod_identifiers[$mod] - if "${mod_identifier}" { - $identifier = $mod_identifier - } - if $package_REAL { + # $package_REAL may be an array package { $package_REAL: - ensure => present, - require => Package['httpd'], - before => A2mod[$mod], + ensure => present, + require => Package['httpd'], + before => File["${mod_dir}/${mod}.load"], } } - a2mod { $mod: - ensure => present, - lib => $lib, - identifier => $identifier, - require => Package['httpd'], - notify => Service['httpd'], + file { "${mod}.load": + ensure => file, + path => "${mod_dir}/${mod}.load", + owner => 'root', + group => 'root', + mode => '0644', + content => "LoadModule ${mod}_module ${lib_path}/${lib_REAL}\n", + require => Package['httpd'], + notify => Service['httpd'], + } + + if $::osfamily == 'Debian' { + $enable_dir = $apache::mod_enable_dir + file{ "${mod}.load symlink": + ensure => link, + path => "${enable_dir}/${mod}.load", + target => "${mod_dir}/${mod}.load", + owner => 'root', + group => 'root', + mode => '0644', + require => File["${mod}.load"], + notify => Service['httpd'], + } + # Each module may have a .conf file as well, which should be + # defined in the class apache::mod::module + # Some modules do not require this file. + if defined(File["${mod}.conf"]) { + file{ "${mod}.conf symlink": + ensure => link, + path => "${enable_dir}/${mod}.conf", + target => "${mod_dir}/${mod}.conf", + owner => 'root', + group => 'root', + mode => '0644', + require => File["${mod}.conf"], + notify => Service['httpd'], + } + } } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp new file mode 100644 index 0000000000..e82b696c65 --- /dev/null +++ b/manifests/mod/alias.pp @@ -0,0 +1,13 @@ +class apache::mod::alias { + $icons_path = $::osfamily ? { + 'debian' => '/usr/share/apache2/icons', + 'redhat' => '/var/www/icons', + } + apache::mod { 'alias': } + # Template uses $icons_path + file { 'alias.conf': + ensure => file, + path => "${apache::mod_dir}/alias.conf", + content => template('apache/mod/alias.conf.erb'), + } +} diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp index a35ff914c2..76c2de5b7b 100644 --- a/manifests/mod/auth_kerb.pp +++ b/manifests/mod/auth_kerb.pp @@ -1,14 +1,5 @@ class apache::mod::auth_kerb { - include apache - - package { 'mod_auth_kerb_package': - ensure => installed, - name => $apache::params::mod_auth_kerb_package, - require => Package['httpd']; - } - - a2mod { 'auth_kerb': ensure => present; } - + apache::mod { 'auth_kerb': } } diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp new file mode 100644 index 0000000000..7c5acb150f --- /dev/null +++ b/manifests/mod/autoindex.pp @@ -0,0 +1,9 @@ +class apache::mod::autoindex { + apache::mod { 'autoindex': } + # Template uses no variables + file { 'autoindex.conf': + ensure => file, + path => "${apache::mod_dir}/autoindex.conf", + content => template('apache/mod/autoindex.conf.erb'), + } +} diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp new file mode 100644 index 0000000000..1f0c33257b --- /dev/null +++ b/manifests/mod/cgid.pp @@ -0,0 +1,12 @@ +class apache::mod::cgid { + $cgisock_path = $::osfamily ? { + 'debian' => '${APACHE_RUN_DIR}/cgisock', + } + apache::mod { 'cgid': } + # Template uses $cgisock_path + file { 'cgid.conf': + ensure => file, + path => "${apache::mod_dir}/cgid.conf", + content => template('apache/mod/cgid.conf.erb'), + } +} diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index e9cabaa39a..96f829717d 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -1,4 +1,16 @@ class apache::mod::dav_fs { + $dav_lock = $::osfamily ? { + 'debian' => '${APACHE_LOCK_DIR}/DAVLock', + default => '/var/lib/dav/lockdb', + } + Class['apache::mod::dav'] -> Class['apache::mod::dav_fs'] apache::mod { 'dav_fs': } + + # Template uses: $dav_lock + file { 'dav_fs.conf': + ensure => file, + path => "${apache::mod_dir}/dav_fs.conf", + content => template('apache/mod/dav_fs.conf.erb'), + } } diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp new file mode 100644 index 0000000000..76e0d885ea --- /dev/null +++ b/manifests/mod/dav_svn.pp @@ -0,0 +1,4 @@ +class apache::mod::dav_svn { + include apache::mod::dav + apache::mod { 'dav_svn': } +} diff --git a/manifests/mod/default.pp b/manifests/mod/default.pp deleted file mode 100644 index c7a63ceecd..0000000000 --- a/manifests/mod/default.pp +++ /dev/null @@ -1,49 +0,0 @@ -class apache::mod::default { - apache::mod { 'actions': } - apache::mod { 'alias': } - apache::mod { 'auth_basic': } - apache::mod { 'auth_digest': } - apache::mod { 'authn_alias': } - apache::mod { 'authn_anon': } - apache::mod { 'authn_dbm': } - apache::mod { 'authn_default': } - apache::mod { 'authn_file': } - apache::mod { 'authnz_ldap': } - apache::mod { 'authz_dbm': } - apache::mod { 'authz_default': } - apache::mod { 'authz_groupfile': } - apache::mod { 'authz_host': } - apache::mod { 'authz_owner': } - apache::mod { 'authz_user': } - apache::mod { 'autoindex': } - include apache::mod::cache - include apache::mod::cgi - include apache::mod::dav - include apache::mod::dav_fs - apache::mod { 'deflate': } - apache::mod { 'dir': } - apache::mod { 'env': } - apache::mod { 'expires': } - apache::mod { 'ext_filter': } - apache::mod { 'headers': } - apache::mod { 'include': } - apache::mod { 'info': } - apache::mod { 'ldap': } - apache::mod { 'log_config': } - apache::mod { 'logio': } - apache::mod { 'mime': } - apache::mod { 'mime_magic': } - apache::mod { 'negotiation': } - include apache::mod::proxy - apache::mod { 'proxy_balancer': } - apache::mod { 'proxy_connect': } - apache::mod { 'proxy_ftp': } - apache::mod { 'rewrite': } - apache::mod { 'setenvif': } - apache::mod { 'speling': } - apache::mod { 'status': } - apache::mod { 'suexec': } - apache::mod { 'usertrack': } - apache::mod { 'version': } - apache::mod { 'vhost_alias': } -} diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp new file mode 100644 index 0000000000..800ecd6f0a --- /dev/null +++ b/manifests/mod/deflate.pp @@ -0,0 +1,9 @@ +class apache::mod::deflate { + apache::mod { 'deflate': } + # Template uses no variables + file { 'deflate.conf': + ensure => file, + path => "${apache::mod_dir}/deflate.conf", + content => template('apache/mod/deflate.conf.erb'), + } +} diff --git a/manifests/mod/dev.pp b/manifests/mod/dev.pp index 5397187cb5..b5d146fbe4 100644 --- a/manifests/mod/dev.pp +++ b/manifests/mod/dev.pp @@ -1,8 +1,5 @@ -class apache::mod::dev inherits apache::params { - # Development packages have no mod to load - $packages = $apache::params::mod_packages['dev'] - package { $packages: - ensure => present, - require => Package['httpd'], - } +class apache::mod::dev { + # Development packages are not apache modules + warning('apache::mod::dev is deprecated; please use apache::dev') + include apache::dev } diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp new file mode 100644 index 0000000000..250a4611f2 --- /dev/null +++ b/manifests/mod/dir.pp @@ -0,0 +1,18 @@ +# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration +# Parameters: +# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +class apache::mod::dir ( + $dir = 'public_html', + $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], +) { + validate_array($indexes) + apache::mod { 'dir': } + + # Template uses + # - $indexes + file { 'dir.conf': + ensure => file, + path => "${apache::mod_dir}/dir.conf", + content => template('apache/mod/dir.conf.erb'), + } +} diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index c93d0980f9..ca7e2ae172 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -1,13 +1,16 @@ -class apache::mod::disk_cache ( - $cache_root = '/var/cache/mod_proxy' -) { +class apache::mod::disk_cache { + $cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_disk_cache', + 'redhat' => '/var/cache/mod_proxy', + } Class['apache::mod::proxy'] -> Class['apache::mod::disk_cache'] Class['apache::mod::cache'] -> Class['apache::mod::disk_cache'] apache::mod { 'disk_cache': } # Template uses $cache_proxy - file { "${apache::params::vdir}/disk_cache.conf": - ensure => present, + file { 'disk_cache.conf': + ensure => file, + path => "${apache::mod_dir}/disk_cache.conf", content => template('apache/mod/disk_cache.conf.erb'), } } diff --git a/manifests/mod/headers.pp b/manifests/mod/headers.pp new file mode 100644 index 0000000000..5ff9887b15 --- /dev/null +++ b/manifests/mod/headers.pp @@ -0,0 +1,3 @@ +class apache::mod::headers { + apache::mod { 'headers': } +} \ No newline at end of file diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp new file mode 100644 index 0000000000..3f1cab5cc4 --- /dev/null +++ b/manifests/mod/info.pp @@ -0,0 +1,11 @@ +class apache::mod::info ( + $allow_from = ['127.0.0.1','::1'], +){ + apache::mod { 'info': } + # Template uses $allow_from + file { 'info.conf': + ensure => file, + path => "${apache::mod_dir}/info.conf", + content => template('apache/mod/info.conf.erb'), + } +} diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp new file mode 100644 index 0000000000..5c477db1c9 --- /dev/null +++ b/manifests/mod/ldap.pp @@ -0,0 +1,9 @@ +class apache::mod::ldap { + apache::mod { 'ldap': } + # Template uses no variables + file { 'ldap.conf': + ensure => file, + path => "${apache::mod_dir}/ldap.conf", + content => template('apache/mod/ldap.conf.erb'), + } +} diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp new file mode 100644 index 0000000000..6d7cd866eb --- /dev/null +++ b/manifests/mod/mime.pp @@ -0,0 +1,9 @@ +class apache::mod::mime { + apache::mod { 'mime': } + # Template uses no variables + file { 'mime.conf': + ensure => file, + path => "${apache::mod_dir}/mime.conf", + content => template('apache/mod/mime.conf.erb'), + } +} diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp new file mode 100644 index 0000000000..586a563acc --- /dev/null +++ b/manifests/mod/mime_magic.pp @@ -0,0 +1,9 @@ +class apache::mod::mime_magic { + apache::mod { 'mime_magic': } + # Template uses no variables + file { 'mime_magic.conf': + ensure => file, + path => "${apache::mod_dir}/mime_magic.conf", + content => template('apache/mod/mime_magic.conf.erb'), + } +} diff --git a/manifests/mod/mpm_event.pp b/manifests/mod/mpm_event.pp new file mode 100644 index 0000000000..b6682f5287 --- /dev/null +++ b/manifests/mod/mpm_event.pp @@ -0,0 +1,8 @@ +class apache::mod::mpm_event { + # Template uses no variables + file { 'mpm_event.conf': + ensure => file, + path => "${apache::mod_dir}/mpm_event.conf", + content => template('apache/mod/mpm_event.conf.erb'), + } +} diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp new file mode 100644 index 0000000000..93772419fb --- /dev/null +++ b/manifests/mod/negotiation.pp @@ -0,0 +1,9 @@ +class apache::mod::negotiation { + apache::mod { 'negotiation': } + # Template uses no variables + file { 'negotiation.conf': + ensure => file, + path => "${apache::mod_dir}/negotiation.conf", + content => template('apache/mod/negotiation.conf.erb'), + } +} diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index e179ca68a1..b4992bc87d 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -1,5 +1,13 @@ -class apache::mod::passenger { - include 'apache' - +class apache::mod::passenger ( + $passenger_root = $apache::params::passenger_root, + $passenger_ruby = $apache::params::passenger_ruby, + $passenger_max_pool_size = undef, +) { apache::mod { 'passenger': } + # Template uses: $passenger_root, $passenger_ruby, $passenger_max_pool_size + file { 'passenger.conf': + ensure => file, + path => "${apache::mod_dir}/passenger.conf", + content => template('apache/mod/passenger.conf.erb'), + } } diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index e0d9730eb2..d8156c4c34 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -1,8 +1,12 @@ class apache::mod::php { - include apache::params + if ! defined(Class['apache::mod::prefork']) { + fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') + } apache::mod { 'php5': } - file { "${apache::params::vdir}/php.conf": - ensure => present, + file { 'php.conf': + ensure => file, + path => "${apache::mod_dir}/php.conf", content => template('apache/mod/php.conf.erb'), + require => Class['apache::mod::prefork'], } } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp new file mode 100644 index 0000000000..c63fa49d28 --- /dev/null +++ b/manifests/mod/prefork.pp @@ -0,0 +1,54 @@ +class apache::mod::prefork ( + $startservers = '8', + $minspareservers = '5', + $maxspareservers = '20', + $serverlimit = '256', + $maxclients = '256', + $maxrequestsperchild = '4000', +) { + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::worker and apache::mod::prefork on the same node') + } + File { + owner => 'root', + group => 'root', + mode => '0644', + } + + # Template uses: + # - $startservers + # - $minspareservers + # - $maxspareservers + # - $serverlimit + # - $maxclients + # - $maxrequestsperchild + file { "${apache::mod_dir}/prefork.conf": + ensure => file, + content => template('apache/mod/prefork.conf.erb'), + } + + case $::osfamily { + 'redhat': { + file_line { '/etc/sysconfig/httpd prefork enable': + ensure => present, + path => '/etc/sysconfig/httpd', + line => '#HTTPD=/usr/sbin/httpd.prefork', + match => '#?HTTPD=', + require => Package['httpd'], + notify => Service['httpd'], + } + } + 'debian': { + file { "${apache::mod_enable_dir}/prefork.conf": + ensure => link, + target => "${apache::mod_dir}/prefork.conf", + } + package { 'apache2-mpm-prefork': + ensure => present, + } + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } +} diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 6a761288c4..e935379051 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -1,10 +1,12 @@ class apache::mod::proxy ( - $proxy_requests = "Off" + $proxy_requests = 'Off', + $allow_from = ['127.0.0.1','::1'], ) { apache::mod { 'proxy': } # Template uses $proxy_requests - file { "${apache::params::vdir}/proxy.conf": - ensure => present, + file { 'proxy.conf': + ensure => file, + path => "${apache::mod_dir}/proxy.conf", content => template('apache/mod/proxy.conf.erb'), } } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 67f9c544fa..e8da759c07 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -2,9 +2,21 @@ Class['apache::mod::proxy'] -> Class['apache::mod::proxy_html'] Class['apache::mod::proxy_http'] -> Class['apache::mod::proxy_html'] apache::mod { 'proxy_html': } - # proxy_html uses libxml2 so we need to load this .so - file { "${apache::params::mod_dir}/libxml2.load": - ensure => present, - content => "LoadFile /usr/lib/libxml2.so.2\n", + case $::osfamily { + 'RedHat': { + apache::mod { 'xml2enc': } + } + 'Debian': { + $proxy_html_loadfiles = $apache::params::distrelease ? { + '6' => '/usr/lib/libxml2.so.2', + default => "/usr/lib/${::hardwaremodel}-linux-gnu/libxml2.so.2", + } + } + } + # Template uses $icons_path + file { 'proxy_html.conf': + ensure => file, + path => "${apache::mod_dir}/proxy_html.conf", + content => template('apache/mod/proxy_html.conf.erb'), } } diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp index e3fbf739f7..8158b7e8ad 100644 --- a/manifests/mod/python.pp +++ b/manifests/mod/python.pp @@ -1,5 +1,4 @@ class apache::mod::python { - #include apache apache::mod { 'python': } } diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp new file mode 100644 index 0000000000..d1a947daf8 --- /dev/null +++ b/manifests/mod/reqtimeout.pp @@ -0,0 +1,9 @@ +class apache::mod::reqtimeout { + apache::mod { 'reqtimeout': } + # Template uses no variables + file { 'reqtimeout.conf': + ensure => file, + path => "${apache::mod_dir}/reqtimeout.conf", + content => template('apache/mod/reqtimeout.conf.erb'), + } +} diff --git a/manifests/mod/rewrite.pp b/manifests/mod/rewrite.pp new file mode 100644 index 0000000000..147faab998 --- /dev/null +++ b/manifests/mod/rewrite.pp @@ -0,0 +1,4 @@ +class apache::mod::rewrite { + include apache::params + apache::mod { 'rewrite': } +} diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp new file mode 100644 index 0000000000..ccf6733f11 --- /dev/null +++ b/manifests/mod/setenvif.pp @@ -0,0 +1,9 @@ +class apache::mod::setenvif { + apache::mod { 'setenvif': } + # Template uses no variables + file { 'setenvif.conf': + ensure => file, + path => "${apache::mod_dir}/setenvif.conf", + content => template('apache/mod/setenvif.conf.erb'), + } +} diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index ab32eceab8..e290d2521c 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,3 +1,20 @@ -class apache::mod::ssl { +class apache::mod::ssl ( + $ssl_compression = false, +) { + $session_cache = $::osfamily ? { + 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', + 'redhat' => '/var/cache/mod_ssl/scache(512000)', + } + $ssl_mutex = $::osfamily ? { + 'debian' => 'file:${APACHE_RUN_DIR}/ssl_mutex', + 'redhat' => 'default', + } apache::mod { 'ssl': } + + # Template uses $ssl_compression, $session_cache, $ssl_mutex + file { 'ssl.conf': + ensure => file, + path => "${apache::mod_dir}/ssl.conf", + content => template('apache/mod/ssl.conf.erb'), + } } diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp new file mode 100644 index 0000000000..e866096081 --- /dev/null +++ b/manifests/mod/status.pp @@ -0,0 +1,9 @@ +class apache::mod::status { + apache::mod { 'status': } + # Template uses no variables + file { 'status.conf': + ensure => file, + path => "${apache::mod_dir}/status.conf", + content => template('apache/mod/status.conf.erb'), + } +} diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index b55ed85954..968a9a034c 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -1,11 +1,14 @@ class apache::mod::userdir ( + $home = '/home', $dir = 'public_html', + $disable_root = true, ) { apache::mod { 'userdir': } - # Template uses $dir - file { "${apache::params::vdir}/userdir.conf": - ensure => present, + # Template uses $home, $dir, $disable_root + file { 'userdir.conf': + ensure => file, + path => "${apache::mod_dir}/userdir.conf", content => template('apache/mod/userdir.conf.erb'), } } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp new file mode 100644 index 0000000000..671be9d149 --- /dev/null +++ b/manifests/mod/worker.pp @@ -0,0 +1,55 @@ +class apache::mod::worker ( + $startservers = '2', + $maxclients = '150', + $minsparethreads = '25', + $maxsparethreads = '75', + $threadsperchild = '25', + $maxrequestsperchild = '0', + $serverlimit = '25', +) { + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::worker and apache::mod::prefork on the same node') + } + File { + owner => 'root', + group => 'root', + mode => '0644', + } + + # Template uses: + # - $startservers + # - $maxclients + # - $minsparethreads + # - $maxsparethreads + # - $threadsperchild + # - $maxrequestsperchild + # - $serverlimit + file { "${apache::mod_dir}/worker.conf": + ensure => file, + content => template('apache/mod/worker.conf.erb'), + } + + case $::osfamily { + 'redhat': { + file_line { '/etc/sysconfig/httpd worker enable': + ensure => present, + path => '/etc/sysconfig/httpd', + line => 'HTTPD=/usr/sbin/httpd.worker', + match => '#?HTTPD=', + notify => Service['httpd'], + } + } + 'debian': { + file { "${apache::mod_enable_dir}/worker.conf": + ensure => link, + target => "${apache::mod_dir}/worker.conf", + } + package { 'apache2-mpm-worker': + ensure => present, + } + } + default: { + fail("Unsupported osfamily ${::osfamily}") + } + } +} diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 28b15ca96a..0357e430fd 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -1,13 +1,4 @@ class apache::mod::wsgi { - include apache - - package { 'mod_wsgi_package': - ensure => installed, - name => $apache::params::mod_wsgi_package, - require => Package['httpd']; - } - - a2mod { 'wsgi': ensure => present; } - + apache::mod { 'wsgi': } } diff --git a/manifests/mod/xsendfile.pp b/manifests/mod/xsendfile.pp new file mode 100644 index 0000000000..571501a03b --- /dev/null +++ b/manifests/mod/xsendfile.pp @@ -0,0 +1,4 @@ +class apache::mod::xsendfile { + include apache::params + apache::mod { 'xsendfile': } +} diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp new file mode 100644 index 0000000000..edbbfe4cf2 --- /dev/null +++ b/manifests/namevirtualhost.pp @@ -0,0 +1,10 @@ +define apache::namevirtualhost { + $addr_port = $name + include apache::params + + # Template uses: $addr_port + concat::fragment { "NameVirtualHost ${addr_port}": + target => $apache::params::ports_file, + content => template('apache/namevirtualhost.erb'), + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 7e32e9d76d..a6cbfc0653 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,6 +10,7 @@ # - The $php_package is the name of the package that provided PHP # - The $ssl_package is the name of the Apache SSL package # - The $apache_dev is the name of the Apache development libraries package +# - The $conf_contents is the contents of the Apache configuration file # # Actions: # @@ -18,67 +19,80 @@ # Sample Usage: # class apache::params { + # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc. + $osr_array = split($::operatingsystemrelease,'[\/\.]') + $distrelease = $osr_array[0] + if ! $distrelease { + fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") + } - $ssl = true - $template = 'apache/vhost-default.conf.erb' - $priority = '25' - $servername = '' - $serveraliases = '' - $auth = false - $redirect_ssl = false - $ssl_path = '/etc/ssl' - $options = 'Indexes FollowSymLinks MultiViews' - $override = 'None' - $vhost_name = '*' - - if $::osfamily == 'redhat' or $::operatingsystem == 'amazon' { - $user = 'apache' - $group = 'apache' - $apache_name = 'httpd' - $php_package = 'php' - $mod_passenger_package = 'mod_passenger' - $mod_python_package = 'mod_python' - $mod_wsgi_package = 'mod_wsgi' - $mod_auth_kerb_package = 'mod_auth_kerb' - $ssl_package = 'mod_ssl' - $apache_dev = 'httpd-devel' - $httpd_dir = '/etc/httpd' - $conf_dir = "${httpd_dir}/conf" - $mod_dir = "${httpd_dir}/mod.d" - $vdir = "${httpd_dir}/conf.d" - $conf_file = 'httpd.conf' - $mod_packages = { - 'dev' => 'httpd-devel', + if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { + $user = 'apache' + $group = 'apache' + $apache_name = 'httpd' + $httpd_dir = '/etc/httpd' + $conf_dir = "${httpd_dir}/conf" + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/conf.d" + $vhost_dir = "${httpd_dir}/conf.d" + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/httpd' + $lib_path = 'modules' + $mpm_module = 'prefork' + $dev_packages = 'httpd-devel' + $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' + $default_ssl_key = '/etc/pki/tls/private/localhost.key' + $ssl_certs_dir = $distrelease ? { + '5' => '/etc/pki/tls/certs', + '6' => '/etc/ssl/certs', + } + $passenger_root = '/usr/share/rubygems/gems/passenger-3.0.17' + $passenger_ruby = '/usr/bin/ruby' + $mod_packages = { + 'auth_kerb' => 'mod_auth_kerb', 'fcgid' => 'mod_fcgid', 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', - 'php5' => 'php', + 'php5' => $distrelease ? { + '5' => 'php53', + '6' => 'php', + }, 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', + 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', - 'shibboleth' => 'shibboleth', + 'dav_svn' => 'mod_dav_svn', + 'xsendfile' => 'mod_xsendfile', } - $mod_libs = { + $mod_libs = { 'php5' => 'libphp5.so', } - $mod_identifiers = { - 'shibboleth' => 'mod_shib', - } - } elsif $::osfamily == 'debian' { - $user = 'www-data' - $group = 'www-data' - $apache_name = 'apache2' - $php_package = 'libapache2-mod-php5' - $mod_passenger_package = 'libapache2-mod-passenger' - $mod_python_package = 'libapache2-mod-python' - $mod_wsgi_package = 'libapache2-mod-wsgi' - $mod_auth_kerb_package = 'libapache2-mod-auth-kerb' - $apache_dev = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] - $vdir = '/etc/apache2/sites-enabled/' - $proxy_modules = ['proxy', 'proxy_http'] - $mod_packages = { - 'dev' => ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'], + $conf_template = 'apache/httpd.conf.erb' + } elsif $::osfamily == 'Debian' { + $user = 'www-data' + $group = 'www-data' + $apache_name = 'apache2' + $httpd_dir = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'apache2.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $lib_path = '/usr/lib/apache2/modules' + $mpm_module = 'worker' + $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $mod_packages = { + 'auth_kerb' => 'libapache2-mod-auth-kerb', 'fcgid' => 'libapache2-mod-fcgid', 'passenger' => 'libapache2-mod-passenger', 'perl' => 'libapache2-mod-perl2', @@ -86,10 +100,14 @@ 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', 'wsgi' => 'libapache2-mod-wsgi', + 'dav_svn' => 'libapache2-svn', + 'xsendfile' => 'libapache2-mod-xsendfile', + } + $mod_libs = { + 'php5' => 'libphp5.so', } - $mod_libs = {} - $mod_identifiers = {} + $conf_template = 'apache/httpd.conf.erb' } else { - fail("Class['apache::params']: Unsupported operatingsystem: $operatingsystem") + fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0bba85cefe..b0e8300409 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -4,24 +4,27 @@ # # Parameters: # - The $port to configure the host on -# - The $docroot provides the DocumentationRoot variable +# - The $docroot provides the DocumentRoot variable +# - The $virtual_docroot provides VirtualDocumentationRoot variable # - The $serveradmin will specify an email address for Apache that it will # display when it renders one of it's error pages -# - The $configure_firewall option is set to true or false to specify if -# a firewall should be configured. # - The $ssl option is set true or false to enable SSL for this Virtual Host -# - The $template option specifies whether to use the default template or -# override # - The $priority of the site # - The $servername is the primary name of the virtual host # - The $serveraliases of the site # - The $options for the given vhost -# - The $override for the given vhost (array of AllowOverride arguments) +# - The $override for the given vhost (list of AllowOverride arguments) # - The $vhost_name for name based virtualhosting, defaulting to * # - The $logroot specifies the location of the virtual hosts logfiles, default # to /var/log// # - The $access_log specifies if *_access.log directives should be configured. # - The $ensure specifies if vhost file is present or absent. +# - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader +# - $aliases is a list of Alias hashes for mod_alias as per http://httpd.apache.org/docs/current/mod/mod_alias.html +# each statement is a hash in the form of { alias => '/alias', path => '/real/path/to/directory' } +# - $directories is a lost of hashes for creating statements as per http://httpd.apache.org/docs/2.2/mod/core.html#directory +# each statement is a hash in the form of { path => '/path/to/directory', => } +# see README.md for list of supported directives. # # Actions: # - Install Apache Virtual Hosts @@ -30,94 +33,323 @@ # - The apache class # # Sample Usage: +# +# # Simple vhost definition: # apache::vhost { 'site.name.fqdn': -# priority => '20', # port => '80', # docroot => '/path/to/docroot', # } # +# # SSL vhost with non-SSL rewrite: +# apache::vhost { 'site.name.fqdn': +# port => '443', +# ssl => true, +# docroot => '/path/to/docroot', +# } +# apache::vhost { 'site.name.fqdn': +# port => '80', +# rewrite_cond => '%{HTTPS} off', +# rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', +# } +# apache::vhost { 'site.name.fqdn': +# port => '80', +# docroot => '/path/to/other_docroot', +# custom_fragment => template("${module_name}/my_fragment.erb"), +# } +# define apache::vhost( - $port, $docroot, + $virtual_docroot = false, + $port = undef, + $ip = undef, + $ip_based = false, + $add_listen = true, $docroot_owner = 'root', $docroot_group = 'root', $serveradmin = false, - $configure_firewall = true, - $ssl = $apache::params::ssl, - $template = $apache::params::template, - $priority = $apache::params::priority, - $servername = $apache::params::servername, - $serveraliases = $apache::params::serveraliases, - $auth = $apache::params::auth, - $redirect_ssl = $apache::params::redirect_ssl, - $options = $apache::params::options, - $override = $apache::params::override, - $apache_name = $apache::params::apache_name, - $vhost_name = $apache::params::vhost_name, - $logroot = "/var/log/$apache::params::apache_name", + $ssl = false, + $ssl_cert = $apache::default_ssl_cert, + $ssl_key = $apache::default_ssl_key, + $ssl_chain = $apache::default_ssl_chain, + $ssl_ca = $apache::default_ssl_ca, + $ssl_crl_path = $apache::default_ssl_crl_path, + $ssl_crl = $apache::default_ssl_crl, + $ssl_certs_dir = $apache::params::ssl_certs_dir, + $priority = undef, + $default_vhost = false, + $servername = undef, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $vhost_name = '*', + $logroot = "/var/log/${apache::params::apache_name}", $access_log = true, - $ensure = 'present' + $access_log_file = undef, + $access_log_pipe = undef, + $access_log_format = undef, + $aliases = undef, + $directories = undef, + $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $scriptalias = undef, + $proxy_dest = undef, + $proxy_pass = undef, + $no_proxy_uris = [], + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $rack_base_uris = undef, + $request_headers = undef, + $rewrite_rule = undef, + $rewrite_base = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $custom_fragment = undef ) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + $apache_name = $apache::params::apache_name validate_re($ensure, '^(present|absent)$', "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.") + validate_bool($ip_based) + validate_bool($access_log) + validate_bool($error_log) + validate_bool($ssl) + validate_bool($default_vhost) - include apache - - if $servername == '' { - $srvname = $name - } else { - $srvname = $servername + if $access_log_file and $access_log_pipe { + fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") } - if $ssl == true { - include apache::mod::ssl + if $error_log_file and $error_log_pipe { + fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") } - # Since the template will use auth, redirect to https requires mod_rewrite - if $redirect_ssl == true { - if $::osfamily == 'debian' { - A2mod <| title == 'rewrite' |> - } + if $ssl { + include apache::mod::ssl } # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources if ! defined(File[$docroot]) { file { $docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, + ensure => directory, + owner => $docroot_owner, + group => $docroot_group, + require => Package['httpd'], } } # Same as above, but for logroot if ! defined(File[$logroot]) { file { $logroot: - ensure => directory, + ensure => directory, + require => Package['httpd'], + } + } + + # Open listening ports if they are not already + if $servername { + $servername_real = $servername + } else { + $servername_real = $name + } + + # Define log file names + if $access_log_file { + $access_log_destination = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $access_log_destination = "\"${access_log_pipe}\"" + } else { + if $ssl { + $access_log_destination = "${logroot}/${servername_real}_access_ssl.log" + } else { + $access_log_destination = "${logroot}/${servername_real}_access.log" + } + } + + if $error_log_file { + $error_log_destination = "${logroot}/${error_log_file}" + } elsif $error_log_pipe { + $error_log_destination = "\"${error_log_pipe}\"" + } else { + if $ssl { + $error_log_destination = "${logroot}/${servername_real}_error_ssl.log" + } else { + $error_log_destination = "${logroot}/${servername_real}_error.log" + } + } + + # Set access log format + if $access_log_format { + $_access_log_format = "\"${access_log_format}\"" + } else { + $_access_log_format = 'combined' + } + + + if $ip { + if $port { + $listen_addr_port = "${ip}:${port}" + $nvh_addr_port = "${ip}:${port}" + } else { + $nvh_addr_port = $ip + if ! $servername and ! $ip_based { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") + } + } + } else { + if $port { + $listen_addr_port = $port + $nvh_addr_port = "${vhost_name}:${port}" + } else { + $nvh_addr_port = $name + if ! $servername { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") + } + } + } + if $add_listen { + if $ip and defined(Apache::Listen[$port]) { + fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") + } + if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port { + apache::listen { $listen_addr_port: } + } + } + if ! $ip_based { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) { + apache::namevirtualhost { $nvh_addr_port: } + } + } + + # Load mod_rewrite if needed and not yet loaded + if $rewrite_rule { + if ! defined(Apache::Mod['rewrite']) { + apache::mod { 'rewrite': } } } + # Load mod_alias if needed and not yet loaded + if $scriptalias or ($redirect_source and $redirect_dest) { + if ! defined(Class['apache::mod::alias']) { + include apache::mod::alias + } + } + + # Load mod_proxy if needed and not yet loaded + if ($proxy_dest or $proxy_pass) { + if ! defined(Class['apache::mod::proxy']) { + include apache::mod::proxy + } + } + + # Load mod_passenger if needed and not yet loaded + if $rack_base_uris { + if ! defined(Class['apache::mod::passenger']) { + include apache::mod::passenger + } + } + + # Configure the defaultness of a vhost + if $priority { + $priority_real = $priority + } elsif $default_vhost { + $priority_real = '10' + } else { + $priority_real = '25' + } + + # Check if mod_headers is required to process $request_headers + if $request_headers { + if ! defined(Class['apache::mod::headers']) { + include apache::mod::headers + } + } + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + + ## Create a default directory list if none defined + if $directories { + $_directories = $directories + } else { + $_directories = [ { + path => $docroot, + options => $options, + allow_override => $override, + order => 'allow,deny', + allow => 'from all', + } ] + } + # Template uses: - # - $vhost_name - # - $port - # - $srvname + # - $nvh_addr_port + # - $servername_real # - $serveradmin - # - $serveraliases # - $docroot + # - $virtual_docroot # - $options # - $override # - $logroot - # - $access_log # - $name - file { "${priority}-${name}.conf": + # - $aliases + # - $_directories + # - $access_log + # - $access_log_destination + # - $_access_log_format + # - $error_log + # - $error_log_destination + # - $custom_fragment + # block fragment: + # - $block + # proxy fragment: + # - $proxy_dest + # - $no_proxy_uris + # rack fragment: + # - $rack_base_uris + # redirect fragment: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # requestheader fragment: + # - $request_headers + # rewrite fragment: + # - $rewrite_rule + # - $rewrite_base + # - $rewrite_cond + # scriptalias fragment: + # - $scriptalias + # - $ssl + # serveralias fragment: + # - $serveraliases + # setenv fragment: + # - $setenv + # - $setenvif + # ssl fragment: + # - $ssl + # - $ssl_cert + # - $ssl_key + # - $ssl_chain + # - $ssl_certs_dir + # - $ssl_ca + # - $ssl_crl + # - $ssl_crl_path + file { "${priority_real}-${filename}.conf": ensure => $ensure, - path => "${apache::params::vdir}/${priority}-${name}.conf", - content => template($template), + path => "${apache::vhost_dir}/${priority_real}-${filename}.conf", + content => template('apache/vhost.conf.erb'), owner => 'root', group => 'root', - mode => '0755', + mode => '0644', require => [ Package['httpd'], File[$docroot], @@ -125,16 +357,5 @@ ], notify => Service['httpd'], } - - if $configure_firewall { - if ! defined(Firewall["0100-INPUT ACCEPT $port"]) { - @firewall { - "0100-INPUT ACCEPT $port": - action => 'accept', - dport => $port, - proto => 'tcp' - } - } - } } diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp deleted file mode 100644 index ec9714698e..0000000000 --- a/manifests/vhost/proxy.pp +++ /dev/null @@ -1,73 +0,0 @@ -# Define: apache::vhost::proxy -# -# Configures an apache vhost that will only proxy requests -# -# Parameters: -# * $port: -# The port on which the vhost will respond -# * $dest: -# URI that the requests will be proxied for -# - $priority -# - $template -- the template to use for the vhost -# - $access_log - specifies if *_access.log directives should be configured. -# - $vhost_name - the name to use for the vhost, defaults to '*' -# -# Actions: -# * Install Apache Virtual Host -# -# Requires: -# -# Sample Usage: -# -define apache::vhost::proxy ( - $port, - $dest, - $priority = '10', - $template = 'apache/vhost-proxy.conf.erb', - $servername = '', - $serveraliases = '', - $ssl = false, - $vhost_name = '*', - $access_log = true, - $no_proxy_uris = [] - ) { - - include apache - include apache::proxy - - $apache_name = $apache::params::apache_name - $ssl_path = $apache::params::ssl_path - if $servername == '' { - $srvname = $name - } else { - $srvname = $servername - } - - if $ssl == true { - include apache::mod::ssl - } - - # Template uses: - # - $vhost_name - # - $port - # - $ssl - # - $ssl_path - # - $srvname - # - $serveraliases - # - $no_proxy_uris - # - $dest - # - $apache::params::apache_name - # - $access_log - # - $name - file { "${priority}-${name}.conf": - path => "${apache::params::vdir}/${priority}-${name}.conf", - content => template($template), - owner => 'root', - group => 'root', - mode => '0755', - require => Package['httpd'], - notify => Service['httpd'], - } - - -} diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp deleted file mode 100644 index c581ab4cad..0000000000 --- a/manifests/vhost/redirect.pp +++ /dev/null @@ -1,57 +0,0 @@ -# Define: apache::vhost::redirect -# -# This class will create a vhost that does nothing more than redirect to a -# given location -# -# Parameters: -# $port: -# Which port to list on -# $dest: -# Where to redirect to -# - $vhost_name -# -# Actions: -# Installs apache and creates a vhost -# -# Requires: -# -# Sample Usage: -# -define apache::vhost::redirect ( - $port, - $dest, - $priority = '10', - $serveraliases = '', - $template = 'apache/vhost-redirect.conf.erb', - $servername = $apache::params::servername, - $vhost_name = '*' - ) { - - include apache - - if $servername == '' { - $srvname = $name - } else { - $srvname = $servername - } - - file { "${priority}-${name}.conf": - path => "${apache::params::vdir}/${priority}-${name}.conf", - content => template($template), - owner => 'root', - group => 'root', - mode => '0755', - require => Package['httpd'], - notify => Service['httpd'], - } - - if ! defined(Firewall["0100-INPUT ACCEPT $port"]) { - @firewall { - "0100-INPUT ACCEPT $port": - jump => 'ACCEPT', - dport => '$port', - proto => 'tcp' - } - } -} - diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 79c0005b35..331eda7067 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -1,19 +1,25 @@ require 'spec_helper' describe 'apache', :type => :class do - context "On a Debian OS" do + context "on a Debian OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end it { should include_class("apache::params") } it { should contain_package("httpd") } + it { should contain_user("www-data") } + it { should contain_group("www-data") } it { should contain_service("httpd").with( 'ensure' => 'true', 'enable' => 'true', 'subscribe' => 'Package[httpd]' ) } - it { should contain_file("httpd_vdir").with( + it { should contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -21,20 +27,104 @@ 'require' => 'Package[httpd]' ) } + it { should contain_file("/etc/apache2/mods-enabled").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Service[httpd]', + 'require' => 'Package[httpd]' + ) + } + it { should contain_file("/etc/apache2/mods-available").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Service[httpd]', + 'require' => 'Package[httpd]' + ) + } + it { should contain_concat("/etc/apache2/ports.conf").with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'notify' => 'Service[httpd]' + ) + } + # Assert that load files are placed and symlinked for these mods, but no conf file. + [ + 'auth_basic', + 'authn_file', + 'authz_default', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env' + ].each do |modname| + it { should contain_file("#{modname}.load").with( + 'path' => "/etc/apache2/mods-available/#{modname}.load", + 'ensure' => 'file' + ) } + it { should contain_file("#{modname}.load symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.load", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.load" + ) } + it { should_not contain_file("#{modname}.conf") } + it { should_not contain_file("#{modname}.conf symlink") } + end + + # Assert that both load files and conf files are placed and symlinked for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + 'status', + ].each do |modname| + it { should contain_file("#{modname}.load").with( + 'path' => "/etc/apache2/mods-available/#{modname}.load", + 'ensure' => 'file' + ) } + it { should contain_file("#{modname}.load symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.load", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.load" + ) } + it { should contain_file("#{modname}.conf").with( + 'path' => "/etc/apache2/mods-available/#{modname}.conf", + 'ensure' => 'file' + ) } + it { should contain_file("#{modname}.conf symlink").with( + 'path' => "/etc/apache2/mods-enabled/#{modname}.conf", + 'ensure' => 'link', + 'target' => "/etc/apache2/mods-available/#{modname}.conf" + ) } + end end - context "On a RedHat OS" do + context "on a RedHat 5 OS" do let :facts do - { :osfamily => 'RedHat' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '5', + :concat_basedir => '/dne', + } end it { should include_class("apache::params") } it { should contain_package("httpd") } + it { should contain_user("apache") } + it { should contain_group("apache") } it { should contain_service("httpd").with( 'ensure' => 'true', 'enable' => 'true', 'subscribe' => 'Package[httpd]' ) } - it { should contain_file("httpd_vdir").with( + it { should contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -42,5 +132,136 @@ 'require' => 'Package[httpd]' ) } + it { should contain_concat("/etc/httpd/conf/ports.conf").with( + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + 'notify' => 'Service[httpd]' + ) + } + describe "Alternate confd/mod/vhosts directory" do + let :params do + { + :vhost_dir => '/etc/httpd/site.d', + :confd_dir => '/etc/httpd/conf.d', + :mod_dir => '/etc/httpd/mod.d', + } + end + + ['mod.d','site.d','conf.d'].each do |dir| + it { should contain_file("/etc/httpd/#{dir}").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Service[httpd]', + 'require' => 'Package[httpd]' + ) } + end + + # Assert that load files are placed for these mods, but no conf file. + [ + 'auth_basic', + 'authn_file', + 'authz_default', + 'authz_groupfile', + 'authz_host', + 'authz_user', + 'dav', + 'env', + ].each do |modname| + it { should contain_file("#{modname}.load").with_path( + "/etc/httpd/mod.d/#{modname}.load" + ) } + it { should_not contain_file("#{modname}.conf").with_path( + "/etc/httpd/mod.d/#{modname}.conf" + ) } + end + + # Assert that both load files and conf files are placed for these mods + [ + 'alias', + 'autoindex', + 'dav_fs', + 'deflate', + 'dir', + 'mime', + 'negotiation', + 'setenvif', + 'status', + ].each do |modname| + it { should contain_file("#{modname}.load").with_path( + "/etc/httpd/mod.d/#{modname}.load" + ) } + it { should contain_file("#{modname}.conf").with_path( + "/etc/httpd/mod.d/#{modname}.conf" + ) } + end + + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/conf\.d/\*\.conf$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/site\.d/\*\.conf$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/mod\.d/\*\.conf$} } + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include /etc/httpd/mod\.d/\*\.load$} } + end + + describe "Alternate conf.d directory" do + let :params do + { :confd_dir => '/etc/httpd/special_conf.d' } + end + + it { should contain_file("/etc/httpd/special_conf.d").with( + 'ensure' => 'directory', + 'recurse' => 'true', + 'purge' => 'true', + 'notify' => 'Service[httpd]', + 'require' => 'Package[httpd]' + ) } + end + + describe "Alternate mpm_modules" do + context "when declaring mpm_module is false" do + let :params do + { :mpm_module => false } + end + it 'should not declare mpm modules' do + should_not contain_class('apache::mod::prefork') + should_not contain_class('apache::mod::worker') + end + end + context "when declaring mpm_module => prefork" do + let :params do + { :mpm_module => 'prefork' } + end + it { should contain_class('apache::mod::prefork') } + it { should_not contain_class('apache::mod::worker') } + end + context "when declaring mpm_module => worker" do + let :params do + { :mpm_module => 'worker' } + end + it { should contain_class('apache::mod::worker') } + it { should_not contain_class('apache::mod::prefork') } + end + context "when declaring mpm_module => breakme" do + let :params do + { :mpm_module => 'breakme' } + end + it { expect { should contain_class('apache::params') }.to raise_error Puppet::Error, /does not match/ } + end + end + + describe "different templates for httpd.conf" do + context "with default" do + let :params do + { :conf_template => 'apache/httpd.conf.erb' } + end + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } + end + context "with non-default" do + let :params do + { :conf_template => 'site_apache/fake.conf.erb' } + end + it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } + end + end end end diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index 703374c533..8bdf1200b8 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -1,24 +1,26 @@ require 'spec_helper' describe 'apache::dev', :type => :class do - context "On a Debian OS" do + context "on a Debian OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + } end - it { - should include_class("apache::params") - should contain_package("libaprutil1-dev") - should contain_package("libapr1-dev") - should contain_package("apache2-prefork-dev") - } + it { should include_class("apache::params") } + it { should contain_package("libaprutil1-dev") } + it { should contain_package("libapr1-dev") } + it { should contain_package("apache2-prefork-dev") } end - context "On a RedHat OS" do + context "on a RedHat OS" do let :facts do - { :osfamily => 'RedHat' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + } end - it { - should include_class("apache::params") - should contain_package("httpd-devel") - } + it { should include_class("apache::params") } + it { should contain_package("httpd-devel") } end end diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 3590ca4268..c4aa8a67f6 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -1,18 +1,29 @@ -require 'spec_helper' - describe 'apache::mod::auth_kerb', :type => :class do - context "On a Debian OS" do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod("auth_kerb") } + it { should contain_package("libapache2-mod-auth-kerb") } + end + context "on a RedHat OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end - it { should include_class("apache") } - it { should contain_package("mod_auth_kerb_package").with( - 'require' => 'Package[httpd]' - ) - } - it { should contain_a2mod("auth_kerb").with( - 'ensure' => 'present' - ) - } + it { should include_class("apache::params") } + it { should contain_apache__mod("auth_kerb") } + it { should contain_package("mod_auth_kerb") } end end diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb new file mode 100644 index 0000000000..4d293b37d7 --- /dev/null +++ b/spec/classes/mod/dav_svn_spec.rb @@ -0,0 +1,29 @@ +describe 'apache::mod::dav_svn', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('dav_svn') } + it { should contain_package("libapache2-svn") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('dav_svn') } + it { should contain_package("mod_dav_svn") } + end +end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb new file mode 100644 index 0000000000..4d88768531 --- /dev/null +++ b/spec/classes/mod/dev_spec.rb @@ -0,0 +1,27 @@ +describe 'apache::dev', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_package("libaprutil1-dev") } + it { should contain_package("libapr1-dev") } + it { should contain_package("apache2-prefork-dev") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should contain_package("httpd-devel") } + end +end diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb new file mode 100644 index 0000000000..ec94b2899f --- /dev/null +++ b/spec/classes/mod/dir_spec.rb @@ -0,0 +1,61 @@ +describe 'apache::mod::dir', :type => :class do + let :pre_condition do + 'class { "apache": + default_mods => false, + }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context "passing no parameters" do + it { should include_class("apache::params") } + it { should contain_apache__mod('dir') } + it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { should contain_file('dir.conf').with_content(/ index\.html /) } + it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { should contain_file('dir.conf').with_content(/ index\.cgi /) } + it { should contain_file('dir.conf').with_content(/ index\.pl /) } + it { should contain_file('dir.conf').with_content(/ index\.php /) } + it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { should contain_file('dir.conf').with_content(/ example\.txt /) } + it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context "passing no parameters" do + it { should include_class("apache::params") } + it { should contain_apache__mod('dir') } + it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { should contain_file('dir.conf').with_content(/ index\.html /) } + it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { should contain_file('dir.conf').with_content(/ index\.cgi /) } + it { should contain_file('dir.conf').with_content(/ index\.pl /) } + it { should contain_file('dir.conf').with_content(/ index\.php /) } + it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + end + context "passing indexes => ['example.txt','fearsome.aspx']" do + let :params do + {:indexes => ['example.txt','fearsome.aspx']} + end + it { should contain_file('dir.conf').with_content(/ example\.txt /) } + it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + end + end +end \ No newline at end of file diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb new file mode 100644 index 0000000000..be444c8496 --- /dev/null +++ b/spec/classes/mod/fcgid_spec.rb @@ -0,0 +1,29 @@ +describe 'apache::mod::fcgid', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fcgid') } + it { should contain_package("libapache2-mod-fcgid") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('fcgid') } + it { should contain_package("mod_fcgid") } + end +end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb new file mode 100644 index 0000000000..a057bf1dd8 --- /dev/null +++ b/spec/classes/mod/info_spec.rb @@ -0,0 +1,81 @@ +# This function is called inside the OS specific contexts +def general_info_specs + it { should contain_apache__mod("info") } + + it do + should contain_file("info.conf").with_content( + "\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 127.0.0.1 ::1\n"\ + "\n" + ) + end +end + +describe 'apache::mod::info', :type => :class do + let :pre_condition do + 'include apache' + end + + context "On a Debian OS with default params" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_info_specs() + + it { should contain_file("info.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/info.conf', + } ) } + it { should contain_file("info.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/info.conf', + } ) } + end + + context "on a RedHat OS with default params" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + + # Load the more generic tests for this context + general_info_specs() + + it { should contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } + end + + context "with $allow_from => ['10.10.10.10','11.11.11.11']" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :params do + { :allow_from => ['10.10.10.10','11.11.11.11'] } + end + it do + should contain_file("info.conf").with_content( + "\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 10.10.10.10 11.11.11.11\n"\ + "\n" + ) + end + end +end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb new file mode 100644 index 0000000000..c010f8dc1d --- /dev/null +++ b/spec/classes/mod/passenger_spec.rb @@ -0,0 +1,29 @@ +describe 'apache::mod::passenger', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('passenger') } + it { should contain_package("libapache2-mod-passenger") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('passenger') } + it { should contain_package("mod_passenger") } + end +end diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb new file mode 100644 index 0000000000..0f76abbd90 --- /dev/null +++ b/spec/classes/mod/perl_spec.rb @@ -0,0 +1,29 @@ +describe 'apache::mod::perl', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('perl') } + it { should contain_package("libapache2-mod-perl2") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('perl') } + it { should contain_package("mod_perl") } + end +end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb new file mode 100644 index 0000000000..6bcfc432d4 --- /dev/null +++ b/spec/classes/mod/php_spec.rb @@ -0,0 +1,61 @@ +describe 'apache::mod::php', :type => :class do + describe "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context "with mpm_module => prefork" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + it { should include_class("apache::params") } + it { should contain_apache__mod('php5') } + it { should contain_package("libapache2-mod-php5") } + it { should contain_file("php5.load").with( + :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" + ) } + end + context 'with mpm_module => worker' do + let :pre_condition do + 'class { "apache": mpm_module => worker, }' + end + it 'should raise an error' do + expect { subject.should contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + end + end + end + describe "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + context "with default params" do + let :pre_condition do + 'class { "apache": }' + end + it { should include_class("apache::params") } + it { should contain_apache__mod('php5') } + it { should contain_package("php") } + it { should contain_file("php5.load").with( + :content => "LoadModule php5_module modules/libphp5.so\n" + ) } + end + context "with mpm_module => prefork" do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + it { should include_class("apache::params") } + it { should contain_apache__mod('php5') } + it { should contain_package("php") } + it { should contain_file("php5.load").with( + :content => "LoadModule php5_module modules/libphp5.so\n" + ) } + end + end +end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb new file mode 100644 index 0000000000..fa34a20c84 --- /dev/null +++ b/spec/classes/mod/prefork_spec.rb @@ -0,0 +1,35 @@ +describe 'apache::mod::prefork', :type => :class do + let :pre_condition do + 'class { "apache": mpm_module => false, }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('prefork') } + it { should contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } + it { should contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } + it { should contain_package("apache2-mpm-prefork") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('prefork') } + it { should contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } + it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ + 'require' => 'Package[httpd]', + }) + } + end +end diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb new file mode 100644 index 0000000000..c257fe7461 --- /dev/null +++ b/spec/classes/mod/proxy_html_spec.rb @@ -0,0 +1,33 @@ +describe 'apache::mod::proxy_html', :type => :class do + let :pre_condition do + [ + 'include apache', + 'include apache::mod::proxy', + 'include apache::mod::proxy_http', + ] + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('proxy_html') } + it { should contain_package("libapache2-mod-proxy-html") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('proxy_html') } + it { should contain_package("mod_proxy_html") } + end +end diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 3981ddca72..09e8cc2f94 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -1,25 +1,29 @@ -require 'spec_helper' - describe 'apache::mod::python', :type => :class do - context "On a Debian OS" do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end it { should include_class("apache::params") } - it { should contain_package("libapache2-mod-python").with( - 'ensure' => 'present', - 'require' => 'Package[httpd]' - ) } - it { should contain_a2mod("python") } + it { should contain_apache__mod("python") } + it { should contain_package("libapache2-mod-python") } end - context "On a RedHat OS" do + context "on a RedHat OS" do let :facts do - { :osfamily => 'RedHat' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end it { should include_class("apache::params") } + it { should contain_apache__mod("python") } it { should contain_package("mod_python") } - it { should contain_a2mod("python").with( - 'ensure' => 'present' - ) } end end diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index e5947be795..9444d89b4a 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -1,22 +1,41 @@ -require 'spec_helper' - describe 'apache::mod::ssl', :type => :class do - describe 'when running on an unsupported OS' do - let(:facts) { {:operatingsystem => 'MagicUnicorn', :osfamily => 'Magic'} } + let :pre_condition do + 'include apache' + end + context 'on an unsupported OS' do + let :facts do + { + :osfamily => 'Magic', + :operatingsystemrelease => '0', + :concat_basedir => '/dne', + } + end it { expect { should raise_error(Puppet::Error, "Unsupported operatingsystem:") } } end - describe 'when running on redhat' do - let(:facts) { {:operatingsystem => 'redhat', :osfamily => 'redhat'} } + context 'on a RedHat OS' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end it { should include_class('apache::params') } + it { should contain_apache__mod('ssl') } it { should contain_package('mod_ssl') } - it { should contain_a2mod('ssl') } end - describe 'when running on debian' do - let(:facts) { {:operatingsystem => 'debian', :osfamily => 'debian'} } + context 'on a Debian OS' do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end it { should include_class('apache::params') } + it { should contain_apache__mod('ssl') } it { should_not contain_package('libapache2-mod-ssl') } - it { should contain_a2mod('ssl') } end end diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb new file mode 100644 index 0000000000..7d55432753 --- /dev/null +++ b/spec/classes/mod/worker_spec.rb @@ -0,0 +1,32 @@ +describe 'apache::mod::worker', :type => :class do + let :pre_condition do + 'class { "apache": mpm_module => false, }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('worker') } + it { should contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } + it { should contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } + it { should contain_package("apache2-mpm-worker") } + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should_not contain_apache__mod('worker') } + it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } + it { should contain_file_line("/etc/sysconfig/httpd worker enable") } + end +end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index f16bab90fd..ff658458ce 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -1,17 +1,29 @@ -require 'spec_helper' - describe 'apache::mod::wsgi', :type => :class do - context "On a Debian OS" do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + it { should include_class("apache::params") } + it { should contain_apache__mod('wsgi') } + it { should contain_package("libapache2-mod-wsgi") } + end + context "on a RedHat OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end - it { should include_class("apache") } - it { should contain_package("mod_wsgi_package").with( - 'require' => 'Package[httpd]' - ) } - it { should contain_a2mod("wsgi").with( - 'ensure' => 'present' - ) - } + it { should include_class("apache::params") } + it { should contain_apache__mod('wsgi') } + it { should contain_package("mod_wsgi") } end end diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index a403b70e37..39e16b6f31 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -3,7 +3,11 @@ describe 'apache::params', :type => :class do context "On a Debian OS" do let :facts do - { :osfamily => 'Debian' } + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end it { should contain_apache__params } diff --git a/spec/classes/php_spec.rb b/spec/classes/php_spec.rb deleted file mode 100644 index 1ee4da800d..0000000000 --- a/spec/classes/php_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -require 'spec_helper' - -describe 'apache::php', :type => :class do - context "On a Debian OS" do - let :facts do - { :osfamily => 'Debian' } - end - it { should include_class("apache::params") } - it { should contain_apache__mod("php5") } - it { should contain_package("libapache2-mod-php5") } - end - - context "On a RedHat OS" do - let :facts do - { :osfamily => 'RedHat' } - end - it { should include_class("apache::params") } - it { should contain_apache__mod("php5") } - it { should contain_package("php") } - end - - context "On undefined OS" do - it { expect { should raise_error(Puppet::Error) } } - end -end diff --git a/spec/classes/python_spec.rb b/spec/classes/python_spec.rb deleted file mode 100644 index fb934d6412..0000000000 --- a/spec/classes/python_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require 'spec_helper' - -describe 'apache::python', :type => :class do - context "On a Debian OS" do - let :facts do - { :osfamily => 'Debian' } - end - it { should include_class("apache::params") } - it { should contain_package("libapache2-mod-python") } - end - context "On a RedHat OS" do - let :facts do - { :osfamily => 'RedHat' } - end - it { should include_class("apache::params") } - it { should contain_package("mod_python") } - it { should contain_a2mod("python").with('ensure'=>'present') } - end -end diff --git a/spec/classes/ssl_spec.rb b/spec/classes/ssl_spec.rb deleted file mode 100644 index ab6a5a34b8..0000000000 --- a/spec/classes/ssl_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'spec_helper' - -describe 'apache::ssl', :type => :class do - describe 'when running on redhat' do - let(:facts) { {:operatingsystem => 'redhat', :osfamily => 'redhat'} } - it { should include_class('apache::mod::ssl') } - end -end diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 0bb686c0c4..77c8dfd918 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -1,35 +1,79 @@ require 'spec_helper' describe 'apache::mod', :type => :define do - context "On a Red Hat OS with shibboleth module and package param passed" do + let :pre_condition do + 'include apache' + end + context "on a RedHat osfamily" do let :facts do - { :osfamily => 'RedHat' } + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end - # name/title for the apache::mod define - let :title do - 'xsendfile' + + describe "for non-special modules" do + let :title do + 'spec_m' + end + it { should include_class("apache::params") } + it "should manage the module load file" do + should contain_file('spec_m.load').with({ + :path => '/etc/httpd/conf.d/spec_m.load', + :content => "LoadModule spec_m_module modules/mod_spec_m.so\n", + :owner => 'root', + :group => 'root', + :mode => '0644', + } ) + end end - # parameters - let(:params) { {:package => 'mod_xsendfile'} } - it { should include_class("apache::params") } - it { should contain_package('mod_xsendfile') } + describe "with shibboleth module and package param passed" do + # name/title for the apache::mod define + let :title do + 'xsendfile' + end + # parameters + let(:params) { {:package => 'mod_xsendfile'} } + + it { should include_class("apache::params") } + it { should contain_package('mod_xsendfile') } + end end - context "On a Red Hat OS with shibboleth module" do + context "on a Debian osfamily" do let :facts do - { :osfamily => 'redhat' } - end - let :title do - 'shibboleth' + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } end - it { should include_class("apache::params") } - it { should contain_package('shibboleth') } - it do - should contain_a2mod(title).with({ - 'ensure' => 'present', - 'identifier' => 'mod_shib', - }) + + describe "for non-special modules" do + let :title do + 'spec_m' + end + it { should include_class("apache::params") } + it "should manage the module load file" do + should contain_file('spec_m.load').with({ + :path => '/etc/apache2/mods-available/spec_m.load', + :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", + :owner => 'root', + :group => 'root', + :mode => '0644', + } ) + end + it "should link the module load file" do + should contain_file('spec_m.load symlink').with({ + :path => '/etc/apache2/mods-enabled/spec_m.load', + :target => '/etc/apache2/mods-available/spec_m.load', + :owner => 'root', + :group => 'root', + :mode => '0644', + } ) + end end end end diff --git a/spec/defines/vhost/proxy_spec.rb b/spec/defines/vhost/proxy_spec.rb deleted file mode 100644 index 4ede33343b..0000000000 --- a/spec/defines/vhost/proxy_spec.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'spec_helper' - -describe 'apache::vhost::proxy', :type => :define do - - let :title do - 'my_proxy_vhost' - end - - let :facts do - { - :operatingsystem => 'redhat', - :osfamily => 'redhat' - } - end - - let :default_params do - { - :port => '80', - :dest => 'example.com', - :priority => '10', - :template => "apache/vhost-proxy.conf.erb", - :servername => '', - :serveraliases => '', - :ssl => false, - :vhost_name => '*' - } - end - - [{ - :dest => 'example2.com', - :servername => 'example3.com', - :port => '80', - :ssl => true, - :access_log => false, - }, - ].each do |param_set| - - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - - let :param_hash do - default_params.merge(param_set) - end - - let :params do - param_set - end - - it { should include_class("apache") } - it { should contain_apache__params } - - it { - if param_hash[:ssl] - should contain_apache__mod__ssl - else - should_not contain_apache__mod__ssl - end - } - - it { should contain_file("#{param_hash[:priority]}-#{title}.conf").with({ - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0755', - 'require' => 'Package[httpd]', - 'notify' => 'Service[httpd]' - }) - } - - it 'should accept $servername' do - verify_contents(subject, "#{param_hash[:priority]}-#{title}.conf", [ - ' ServerName example3.com' - ] ) - end - end - - [true,false].each do |value| - describe "when access_log is #{value}" do - let :params do - default_params.merge({:access_log => value}) - end - - it "#{value ? "should" : "should not"} contain access logs" do - lines = subject.resource('file', "#{params[:priority]}-#{title}.conf").send(:parameters)[:content].split("\n") - !!lines.grep('_access.log combined').should == value - end - end - end - end -end diff --git a/spec/defines/vhost/redirect_spec.rb b/spec/defines/vhost/redirect_spec.rb deleted file mode 100644 index 396d03938b..0000000000 --- a/spec/defines/vhost/redirect_spec.rb +++ /dev/null @@ -1,52 +0,0 @@ -require 'spec_helper' - -describe 'apache::vhost::redirect', :type => :define do - context "On a Debian OS" do - let :facts do - { :osfamily => 'Debian' } - end - let :title do - 'my_vhost_redirect' - end - let :default_params do - { - :port => '80', - :dest => 'example.com', - :priority => '10', - :template => "apache/vhost-redirect.conf.erb", - :vhost_name => '*' - } - end - [{ - :dest => 'example2.com', - :port => '80', - }, - ].each do |param_set| - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - let :param_hash do - default_params.merge(param_set) - end - let :params do - param_set - end - it { should include_class("apache") } - it { should contain_apache__params } - it { should contain_file("#{param_hash[:priority]}-#{title}.conf").with({ - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0755', - 'require' => 'Package[httpd]', - 'notify' => 'Service[httpd]' - }) - } - # FIXME: Firewall is not actually realized anywhere - #it { should contain_firewall("0100-INPUT ACCEPT #{param_hash[:port]}").with( { - # 'jump' => 'Accept', - # 'dport' => "#{param_hash[:port]}", - # 'proto' => 'tcp' - # }) - #} - end - end - end -end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index ed23822aef..aea21cd22b 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1,96 +1,544 @@ require 'spec_helper' describe 'apache::vhost', :type => :define do - context "On a RedHat OS" do - let :facts do - { :osfamily => 'RedHat' } + let :pre_condition do + 'class { "apache": default_vhost => false, }' + end + let :title do + 'rspec.example.com' + end + let :default_params do + { + :docroot => '/rspec/docroot', + :port => '84', + } + end + describe 'os-dependent items' do + context "on RedHat based systems" do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :params do default_params end + let :facts do default_facts end + it { should include_class("apache") } + it { should include_class("apache::params") } end - let :title do - 'my_vhost' + context "on Debian based systems" do + let :default_facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + } + end + let :params do default_params end + let :facts do default_facts end + it { should include_class("apache") } + it { should include_class("apache::params") } end - - let :default_params do + end + describe 'os-independent items' do + let :facts do { - :apache_name => 'apache2', - :auth => false, - :docroot => 'path/to/docroot', - :options => 'Indexes FollowSymLinks MultiViews', - :override => 'None', - :port => '80', - :priority => '25', - :redirect_ssl => false, - :serveraliases => '', - :servername => '', - :ssl => true, - :template => 'apache/vhost-default.conf.erb', - :vhost_name => '*', - :ensure => 'present' + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', } end + describe 'basic assumptions' do + let :params do default_params end + it { should include_class("apache") } + it { should include_class("apache::params") } + it { should contain_apache__listen(params[:port]) } + it { should contain_apache__namevirtualhost("*:#{params[:port]}") } + end - [{ - :apache_name => 'httpd', - :docroot => 'path/to/docroot', - :override => ['Options', 'FileInfo'], - :port => '80', - :priority => '25', - :serveradmin => 'serveradmin@puppet', - :ssl => false, - :access_log => false, - :template => 'apache/vhost-default.conf.erb', - }, - ].each do |param_set| - - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do + context ".conf content" do + [ + { + :title => 'should contain docroot', + :attr => 'docroot', + :value => '/not/default', + :match => [' DocumentRoot /not/default',' '], + }, + { + :title => 'should set a port', + :attr => 'port', + :value => '8080', + :match => '', + }, + { + :title => 'should set an ip', + :attr => 'ip', + :value => '10.0.0.1', + :match => '', + }, + { + :title => 'should set a serveradmin', + :attr => 'serveradmin', + :value => 'test@test.com', + :match => ' ServerAdmin test@test.com' + }, + { + :title => 'should enable ssl', + :attr => 'ssl', + :value => true, + :match => ' SSLEngine on', + }, + { + :title => 'should set a servername', + :attr => 'servername', + :value => 'param.test', + :match => ' ServerName param.test', + }, + { + :title => 'should accept server aliases', + :attr => 'serveraliases', + :value => ['one.com','two.com'], + :match => [' ServerAlias one.com',' ServerAlias two.com'], + }, + { + :title => 'should accept setenv', + :attr => 'setenv', + :value => ['TEST1 one','TEST2 two'], + :match => [' SetEnv TEST1 one',' SetEnv TEST2 two'], + }, + { + :title => 'should accept setenvif', + :attr => 'setenvif', + ## These are bugged in rspec-puppet; the $1 is droped + #:value => ['Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], + #:match => [' SetEnvIf Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], + :value => ['Host "^test\.com$" VHOST_ACCESS=test'], + :match => [' SetEnvIf Host "^test\.com$" VHOST_ACCESS=test'], + }, + { + :title => 'should accept options', + :attr => 'options', + :value => ['Fake','Options'], + :match => ' Options Fake Options', + }, + { + :title => 'should accept overrides', + :attr => 'override', + :value => ['Fake', 'Override'], + :match => ' AllowOverride Fake Override', + }, + { + :title => 'should accept logroot', + :attr => 'logroot', + :value => '/fake/log', + :match => [/CustomLog \/fake\/log\//,/ErrorLog \/fake\/log\//], + }, + { + :title => 'should accept pipe destination for access log', + :attr => 'access_log_pipe', + :value => '| /bin/fake/logging', + :match => /CustomLog "| \/bin\/fake\/logging" combined$/, + }, + { + :title => 'should accept pipe destination for error log', + :attr => 'error_log_pipe', + :value => '| /bin/fake/logging', + :match => /ErrorLog "| \/bin\/fake\/logging" combined$/, + }, + { + :title => 'should accept custom format for access logs', + :attr => 'access_log_format', + :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', + :match => /CustomLog \/var\/log\/.+_access\.log "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/, + }, + { + :title => 'should contain access logs', + :attr => 'access_log', + :value => true, + :match => /CustomLog \/var\/log\/.+_access\.log combined$/, + }, + { + :title => 'should not contain access logs', + :attr => 'access_log', + :value => false, + :notmatch => /CustomLog \/var\/log\/.+_access\.log combined$/, + }, + { + :title => 'should contain error logs', + :attr => 'error_log', + :value => true, + :match => /ErrorLog.+$/, + }, + { + :title => 'should not contain error logs', + :attr => 'error_log', + :value => false, + :notmatch => /ErrorLog.+$/, + }, + { + :title => 'should accept scriptaliases', + :attr => 'scriptalias', + :value => '/usr/scripts', + :match => ' ScriptAlias /cgi-bin/ "/usr/scripts/"', + }, + { + :title => 'should accept proxy destinations', + :attr => 'proxy_dest', + :value => 'http://fake.com', + :match => [ + ' ProxyPass / http://fake.com/', + ' ProxyPassReverse / http://fake.com/', + ], + :notmatch => /ProxyPass .+!$/, + }, + { + :title => 'should accept proxy_pass array of hash', + :attr => 'proxy_pass', + :value => [ + { 'path' => '/path-a', 'url' => 'http://fake.com/a/' }, + { 'path' => '/path-b', 'url' => 'http://fake.com/b/' }, + ], + :match => [ + ' ProxyPass /path-a http://fake.com/a/', + ' ProxyPassReverse /path-a http://fake.com/a/', + ' ProxyPass /path-b http://fake.com/b/', + ' ProxyPassReverse /path-b http://fake.com/b/', + ], + :notmatch => /ProxyPass .+!$/, + }, + { + :title => 'should enable rack', + :attr => 'rack_base_uris', + :value => ['/rack1','/rack2'], + :match => [' RackBaseURI /rack1',' RackBaseURI /rack2'], + }, + { + :title => 'should accept request headers', + :attr => 'request_headers', + :value => ['append something', 'unset something_else'], + :match => [ + ' RequestHeader append something', + ' RequestHeader unset something_else', + ], + }, + { + :title => 'should accept rewrite rules', + :attr => 'rewrite_rule', + :value => 'not a real rule', + :match => ' RewriteRule not a real rule', + }, + { + :title => 'should block scm', + :attr => 'block', + :value => 'scm', + :match => ' ', + }, + { + :title => 'should accept a custom fragment', + :attr => 'custom_fragment', + :value => " Some custom fragment line\n That spans multiple lines", + :match => [ + ' Some custom fragment line', + ' That spans multiple lines', + '', + ], + }, + { + :title => 'should accept an alias', + :attr => 'aliases', + :value => [ { 'alias' => '/', 'path' => '/var/www'} ], + :match => ' Alias / /var/www', + }, + { + :title => 'should accept multiple aliases', + :attr => 'aliases', + :value => [ + { 'alias' => '/', 'path' => '/var/www'}, + { 'alias' => '/cgi-bin', 'path' => '/var/www/cgi-bin'}, + { 'alias' => '/css', 'path' => '/opt/someapp/css'}, + ], + :match => [ + ' Alias / /var/www', + ' Alias /cgi-bin /var/www/cgi-bin', + ' Alias /css /opt/someapp/css' + ], + }, + { + :title => 'should accept a directory', + :attr => 'directories', + :value => [ { 'path' => '/opt/app' }], + :notmatch => ' ', + :match => [ + ' ', + ' AllowOverride None', + ' Order allow,deny', + ' Allow from all', + ' ', + ], + }, + { + :title => 'should accept directory directives', + :attr => 'directories', + :value => [ + { + 'path' => '/opt/app', + 'allow' => 'from rspec.org', + 'allow_override' => 'Lol', + 'deny' => 'from google.com', + 'options' => '-MultiViews', + 'order' => 'deny,yned', + 'passenger_enabled' => 'onf', + }, + ], + :match => [ + ' ', + ' Allow from rspec.org', + ' AllowOverride Lol', + ' Deny from google.com', + ' Options -MultiViews', + ' Order deny,yned', + ' PassengerEnabled onf', + ' ', + ], + }, + { + :title => 'should accept directory directives with arrays', + :attr => 'directories', + :value => [ + { + 'path' => '/opt/app', + 'allow' => 'from rspec.org', + 'allow_override' => ['AuthConfig','Indexes'], + 'deny' => 'from google.com', + 'options' => ['-MultiViews','+MultiViews'], + 'order' => ['deny','yned'], + 'passenger_enabled' => 'onf', + }, + ], + :match => [ + ' ', + ' Allow from rspec.org', + ' AllowOverride AuthConfig Indexes', + ' Deny from google.com', + ' Options -MultiViews +MultiViews', + ' Order deny,yned', + ' PassengerEnabled onf', + ' ', + ], + }, + { + :title => 'should accept multiple directories', + :attr => 'directories', + :value => [ + { 'path' => '/opt/app' }, + { 'path' => '/var/www' }, + { 'path' => '/rspec/docroot'} + ], + :match => [ + ' ', + ' ', + ' ', + ], + }, + { + :title => 'should contain virtual_docroot', + :attr => 'virtual_docroot', + :value => '/not/default', + :match => [ + ' VirtualDocumentRoot /not/default', + ], + }, + ].each do |param| + describe "when #{param[:attr]} is #{param[:value]}" do + let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - let :param_hash do - default_params.merge(param_set) + it { should contain_file("25-#{title}.conf").with_mode('0644') } + it param[:title] do + lines = subject.resource('file', "25-#{title}.conf").send(:parameters)[:content].split("\n") + (Array(param[:match]).collect { |x| lines.grep x }.flatten.length).should == Array(param[:match]).length + (Array(param[:notmatch]).collect { |x| lines.grep x }.flatten).should be_empty + end end + end + end - let :params do - param_set + context 'attribute resources' do + describe 'when access_log_file and access_log_pipe are specified' do + let :params do default_params.merge({ + :access_log_file => 'fake.log', + :access_log_pipe => '| /bin/fake', + }) end + it 'should cause a failure' do + expect {should raise_error(Puppet::Error, 'Apache::Vhost[${name}]: \'access_log_file\' and \'access_log_pipe\' cannot be defined at the same time') } + end + end + describe 'when error_log_file and error_log_pipe are specified' do + let :params do default_params.merge({ + :error_log_file => 'fake.log', + :error_log_pipe => '| /bin/fake', + }) end + it 'should cause a failure' do + expect { should raise_error(Puppet::Error, 'Apache::Vhost[${name}]: \'error_log_file\' and \'error_log_pipe\' cannot be defined at the same time') } + end + end + describe 'when docroot owner is specified' do + let :params do default_params.merge({ + :docroot_owner => 'testuser', + :docroot_group => 'testgroup', + }) end + it 'should set vhost ownership' do + should contain_file(params[:docroot]).with({ + :ensure => :directory, + :owner => 'testuser', + :group => 'testgroup', + }) end + end - it { should include_class("apache") } - it { should contain_apache__params } + describe 'when rewrite_rule and rewrite_cond are specified' do + let :params do default_params.merge({ + :rewrite_cond => '%{HTTPS} off', + :rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', + }) end + it 'should set RewriteCond' do + should contain_file("25-#{title}.conf").with_content( + /^ RewriteCond %\{HTTPS\} off$/ + ) + end + end - it { - if param_hash[:ssl] - should contain_apache__ssl - else - should_not contain_apache__ssl + describe 'priority/default settings' do + describe 'when neither priority/default is specified' do + let :params do default_params end + it { should contain_file("25-#{title}.conf").with_path( + /25-#{title}.conf/ + ) } + end + describe 'when both priority/default_vhost is specified' do + let :params do + default_params.merge({ + :priority => 15, + :default_vhost => true, + }) end - } + it { should contain_file("15-#{title}.conf").with_path( + /15-#{title}.conf/ + ) } + end + describe 'when only priority is specified' do + let :params do + default_params.merge({ :priority => 14, }) + end + it { should contain_file("14-#{title}.conf").with_path( + /14-#{title}.conf/ + ) } + end + describe 'when only default is specified' do + let :params do + default_params.merge({ :default_vhost => true, }) + end + it { should contain_file("10-#{title}.conf").with_path( + /10-#{title}.conf/ + ) } + end + end - it { should contain_file("#{param_hash[:priority]}-#{title}.conf").with({ - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0755', - 'notify' => 'Service[httpd]' - }) - } + describe 'various ip/port combos' do + describe 'when ip_based is true' do + let :params do default_params.merge({ :ip_based => true }) end + it 'should not specify a NameVirtualHost' do + should contain_apache__listen(params[:port]) + should_not contain_apache__namevirtualhost("*:#{params[:port]}") + end + end - # FIXME: Firewall is not actually realized anywhere - #it { should contain_firewall("0100-INPUT ACCEPT #{param_hash[:port]}").with( { - # 'action' => 'accept', - # 'dport' => "#{param_hash[:port]}", - # 'proto' => 'tcp' - # }) - #} + describe 'when ip_based is default' do + let :params do default_params end + it 'should specify a NameVirtualHost' do + should contain_apache__listen(params[:port]) + should contain_apache__namevirtualhost("*:#{params[:port]}") + end + end + describe 'when an ip is set' do + let :params do default_params.merge({ :ip => '10.0.0.1' }) end + it 'should specify a NameVirtualHost for the ip' do + should_not contain_apache__listen(params[:port]) + should contain_apache__listen("10.0.0.1:#{params[:port]}") + should contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") + end + end + describe 'an ip_based vhost without a port' do + let :params do + { + :docroot => '/fake', + :ip => '10.0.0.1', + :ip_based => true, + } + end + it 'should specify a NameVirtualHost for the ip' do + should_not contain_apache__listen(params[:ip]) + should_not contain_apache__namevirtualhost(params[:ip]) + should contain_file("25-#{title}.conf").with_content %r{} + end + end end - end - [true,false].each do |value| - describe "when access_log is #{value}" do - let :params do - default_params.merge({:access_log => value}) + describe 'redirect rules' do + describe 'without lockstep arrays' do + let :params do + default_params.merge({ + :redirect_source => [ + '/login', + '/logout', + ], + :redirect_dest => [ + 'http://10.0.0.10/login', + 'http://10.0.0.10/logout', + ], + :redirect_status => [ + 'permanent', + '', + ], + }) + end + + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } + end + describe 'without a status' do + let :params do + default_params.merge({ + :redirect_source => [ + '/login', + '/logout', + ], + :redirect_dest => [ + 'http://10.0.0.10/login', + 'http://10.0.0.10/logout', + ], + }) + end + + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } end + describe 'with a single status and dest' do + let :params do + default_params.merge({ + :redirect_source => [ + '/login', + '/logout', + ], + :redirect_dest => 'http://10.0.0.10/test', + :redirect_status => 'permanent', + }) + end - it "#{value ? "should" : "should not"} contain access logs" do - lines = subject.resource('file', "#{params[:priority]}-#{title}.conf").send(:parameters)[:content].split("\n") - !!lines.grep('_access.log combined').should == value + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } + it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } end end end diff --git a/spec/fixtures/modules/site_apache/templates/fake.conf.erb b/spec/fixtures/modules/site_apache/templates/fake.conf.erb new file mode 100644 index 0000000000..019debfe48 --- /dev/null +++ b/spec/fixtures/modules/site_apache/templates/fake.conf.erb @@ -0,0 +1 @@ +Fake template for rspec. diff --git a/spec/fixtures/system/distro_commands.yaml b/spec/fixtures/system/distro_commands.yaml new file mode 100644 index 0000000000..49817d0b44 --- /dev/null +++ b/spec/fixtures/system/distro_commands.yaml @@ -0,0 +1,15 @@ +Debian: + package_check: + command: '/usr/bin/dpkg --get-selections apache2' + stdout: !ruby/regexp '/^apache2\s+install$/' + service_check: + command: '/usr/sbin/service apache2 status' + stdout: '' +RedHat: + package_check: + command: 'rpm -q httpd' + stdout: !ruby/regexp '/httpd/' + service_check: + command: '/sbin/service httpd status' + stdout: '' + diff --git a/spec/spec.opts b/spec/spec.opts index 91cd6427ed..de653df4b3 100644 --- a/spec/spec.opts +++ b/spec/spec.opts @@ -1,6 +1,4 @@ ---format -s +--format s --colour ---loadby -mtime +--loadby mtime --backtrace diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb new file mode 100644 index 0000000000..638c562aa8 --- /dev/null +++ b/spec/spec_helper_system.rb @@ -0,0 +1,26 @@ +require 'rspec-system/spec_helper' +require 'rspec-system-puppet/helpers' + +include RSpecSystemPuppet::Helpers + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Enable colour + c.tty = true + + c.include RSpecSystemPuppet::Helpers + + # This is where we 'setup' the nodes before running our tests + c.before :suite do + # Install puppet + puppet_install + + # Install modules and dependencies + puppet_module_install(:source => proj_root, :module_name => 'apache') + shell('puppet module install ripienaar-concat') + shell('puppet module install puppetlabs-stdlib') + end +end + diff --git a/spec/system/basic_spec.rb b/spec/system/basic_spec.rb new file mode 100644 index 0000000000..e83affd591 --- /dev/null +++ b/spec/system/basic_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper_system' + +describe 'basic tests:' do + # Using puppet_apply as a subject + context puppet_apply 'notice("foo")' do + its(:stdout) { should =~ /foo/ } + its(:stderr) { should be_empty } + its(:exit_code) { should be_zero } + end + + # Using puppet_apply as a helper + it 'my class should work with no errors' do + pp = <<-EOS + class { 'apache': } + EOS + + # Run it twice and test for idempotency + puppet_apply(pp) do |r| + r.exit_code.should_not == 1 + r.refresh + r.exit_code.should be_zero + end + end +end + diff --git a/spec/system/class_spec.rb b/spec/system/class_spec.rb new file mode 100644 index 0000000000..20f83934e7 --- /dev/null +++ b/spec/system/class_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper_system' + +describe 'apache class' do + let(:distro_commands) { + YAML.load(File.read(File.dirname(__FILE__) + '/../fixtures/system/distro_commands.yaml')) + } + let(:os) { + node.facts['osfamily'] + } + + it 'should install apache' do + if distro_commands.has_key?(os) + shell(distro_commands[os]["package_check"]["command"]) do |r| + r.stdout.should =~ distro_commands[os]['package_check']['stdout'] + r.exit_code.should == 0 + end + end + end + + it 'should start the apache service' do + if distro_commands.has_key?(os) + shell(distro_commands[os]["service_check"]["command"]) do |r| + r.exit_code.should == 0 + end + end + end +end diff --git a/spec/system/mod_php_spec.rb b/spec/system/mod_php_spec.rb new file mode 100644 index 0000000000..e007d8e797 --- /dev/null +++ b/spec/system/mod_php_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper_system' + +describe 'apache::mod::php class' do + let(:distro_commands) { + YAML.load(File.read(File.dirname(__FILE__) + '/../fixtures/system/distro_commands.yaml')) + } + let(:os) { + node.facts['osfamily'] + } + let(:mod_dir) { + case node.facts['osfamily'] + when 'Debian' + '/etc/apache2/mods-available' + when 'RedHat' + '/etc/httpd/conf.d' + end + } + let(:vhost_dir) { + case node.facts['osfamily'] + when 'Debian' + '/etc/apache2/sites-enabled' + when 'RedHat' + '/etc/httpd/conf.d' + end + } + + context "default php config" do + it 'should install php' do + puppet_apply(%{ + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::php': } + apache::vhost { 'php.example.com': + port => '80', + docroot => '/var/www/php', + } + host { 'php.example.com': ip => '127.0.0.1', } + file { '/var/www/php/index.php': + ensure => file, + content => "\\n", + } + }) { |r| [0,2].should include r.exit_code} + + if distro_commands.has_key?(os) + shell(distro_commands[os]["service_check"]["command"]) do |r| + r.exit_code.should == 0 + end + end + end + + it 'should have a default config file' do + shell("/bin/cat #{mod_dir}/php.conf") do |r| + r.stdout.should =~ /^DirectoryIndex index\.php$/ + r.exit_code.should == 0 + end + end + + it 'should answer to php.example.com' do + shell("/usr/bin/curl php.example.com:80") do |r| + r.stdout.should =~ /PHP Version/ + r.exit_code.should == 0 + end + end + end +end diff --git a/spec/system/vhost_spec.rb b/spec/system/vhost_spec.rb new file mode 100644 index 0000000000..9e1221b03b --- /dev/null +++ b/spec/system/vhost_spec.rb @@ -0,0 +1,168 @@ +require 'spec_helper_system' + +describe 'apache::vhost define' do + let(:distro_commands) { + YAML.load(File.read(File.dirname(__FILE__) + '/../fixtures/system/distro_commands.yaml')) + } + let(:os) { + node.facts['osfamily'] + } + let(:vhost_dir) { + case node.facts['osfamily'] + when 'Debian' + '/etc/apache2/sites-enabled' + when 'RedHat' + '/etc/httpd/conf.d' + end + } + + context "default vhost without ssl" do + it 'should create a default vhost config' do + puppet_apply(%{ + class { 'apache': } + }) { |r| [0,2].should include r.exit_code} + end + + it 'should have a default config file' do + shell("/bin/cat #{vhost_dir}/15-default.conf") do |r| + r.stdout.should =~ /^$/ + r.exit_code.should == 0 + end + end + + it 'should not have a default ssl config file' do + shell("/bin/cat #{vhost_dir}/15-default-ssl.conf") do |r| + r.exit_code.should == 1 + end + end + end + + context 'default vhost with ssl' do + it 'should create default vhost configs' do + puppet_apply(%{ + class { 'apache': + default_ssl_vhost => true, + } + }) { |r| [0,2].should include r.exit_code} + end + + it 'should have a default config file' do + shell("/bin/cat #{vhost_dir}/15-default.conf") do |r| + r.stdout.should =~ /^$/ + r.exit_code.should == 0 + end + end + + it 'should have a default ssl config file' do + shell("/bin/cat #{vhost_dir}/15-default-ssl.conf") do |r| + r.stdout.should =~ /^$/ + r.stdout.should =~ /SSLEngine on/ + r.exit_code.should == 0 + end + end + end + + context 'new vhost on port 80' do + it 'should configure an apache vhost' do + puppet_apply(%{ + class { 'apache': } + apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', + } + }) { |r| [0,2].should include r.exit_code} + + shell("/bin/cat #{vhost_dir}/25-first.example.com.conf") do |r| + r.stdout.should =~ /^$/ + r.stdout.should =~ /ServerName first\.example\.com$/ + r.exit_code.should == 0 + end + end + end + + context 'new vhost on port 80' do + it 'should configure two apache vhosts' do + puppet_apply(%{ + class { 'apache': } + apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', + } + host { 'first.example.com': ip => '127.0.0.1', } + file { '/var/www/first/index.html': + ensure => file, + content => "Hello from first\\n", + } + apache::vhost { 'second.example.com': + port => '80', + docroot => '/var/www/second', + } + host { 'second.example.com': ip => '127.0.0.1', } + file { '/var/www/second/index.html': + ensure => file, + content => "Hello from second\\n", + } + }) { |r| [0,2].should include r.exit_code} + + if distro_commands.has_key?(os) + shell(distro_commands[os]["service_check"]["command"]) do |r| + r.exit_code.should == 0 + end + end + end + + it 'should answer to first.example.com' do + shell("/usr/bin/curl first.example.com:80") do |r| + r.stdout.should == "Hello from first\n" + r.exit_code.should == 0 + end + end + + it 'should answer to second.example.com' do + shell("/usr/bin/curl second.example.com:80") do |r| + r.stdout.should == "Hello from second\n" + r.exit_code.should == 0 + end + end + end + context 'virtual_docroot hosting separate sites' do + it 'should configure a vhost with VirtualDocumentRoot' do + puppet_apply(%{ + class { 'apache': } + apache::vhost { 'virt.example.com': + vhost_name => '*', + serveraliases => '*virt.example.com', + port => '80', + docroot => '/var/www/virt', + virtual_docroot => '/var/www/virt/%1', + } + host { 'virt.example.com': ip => '127.0.0.1', } + host { 'a.virt.example.com': ip => '127.0.0.1', } + host { 'b.virt.example.com': ip => '127.0.0.1', } + file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, } + file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", } + file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", } + }) { |r| [0,2].should include r.exit_code} + + if distro_commands.has_key?(os) + shell(distro_commands[os]["service_check"]["command"]) do |r| + r.exit_code.should == 0 + end + end + end + + it 'should answer to a.virt.example.com' do + shell("/usr/bin/curl a.virt.example.com:80") do |r| + r.stdout.should == "Hello from a.virt\n" + r.exit_code.should == 0 + end + end + + it 'should answer to b.virt.example.com' do + shell("/usr/bin/curl b.virt.example.com:80") do |r| + r.stdout.should == "Hello from b.virt\n" + r.exit_code.should == 0 + end + end + end +end diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 5b5d963dae..0146e76241 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -1,861 +1,85 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running +# Security ServerTokens OS +ServerSignature On +TraceEnable Off -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "<%= scope.lookupvar('apache::params::httpd_dir') %>" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# +ServerRoot "<%= @httpd_dir %>" +PidFile <%= @pidfile %> Timeout 120 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# KeepAliveTimeout 15 -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 2 -MaxClients 150 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 - - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include mod.d/*.load -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User <%= scope.lookupvar('apache::params::user') %> -Group <%= scope.lookupvar('apache::params::group') %> - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin <%= @serveradmin %> - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# +User <%= @user %> +Group <%= @group %> -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# Order allow,deny Deny from all + Satisfy all -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - + + Options FollowSymLinks + AllowOverride None + -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# +DefaultType none HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -<% if sendfile %> +ErrorLog <%= @logroot %>/<%= @error_log %> +LogLevel warn +<% if @sendfile #XXX Why? %> EnableSendfile <%= @sendfile %> <% end %> -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log +#Listen 80 +Include <%= @mod_dir %>/*.load +<% if @mod_dir != @confd_dir and @mod_dir != @vhost_dir -%> +Include <%= @mod_dir %>/*.conf +<% end -%> +Include <%= @ports_file %> -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all +Include <%= @confd_dir %>/*.conf +<% if @vhost_dir != @confd_dir -%> +Include <%= @vhost_dir %>/*.conf +<% end -%> + +<% if @error_documents -%> +# /usr/share/apache2/error on debian +Alias /error/ "<%= @error_documents_path %>/" + +"> + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en cs de es fr it nl sv pt-br ro + ForceLanguagePriority Prefer Fallback -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +<% end -%> diff --git a/templates/listen.erb b/templates/listen.erb new file mode 100644 index 0000000000..8fc871b0ad --- /dev/null +++ b/templates/listen.erb @@ -0,0 +1,6 @@ +<%# Listen should always be one of: + - + - : + - [ +-%> +Listen <%= @listen_addr_port %> diff --git a/templates/mod/alias.conf.erb b/templates/mod/alias.conf.erb new file mode 100644 index 0000000000..9e8b0de9bd --- /dev/null +++ b/templates/mod/alias.conf.erb @@ -0,0 +1,7 @@ +Alias /icons/ "<%= @icons_path %>/" +"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + diff --git a/templates/mod/autoindex.conf.erb b/templates/mod/autoindex.conf.erb new file mode 100644 index 0000000000..ef6bbebea6 --- /dev/null +++ b/templates/mod/autoindex.conf.erb @@ -0,0 +1,56 @@ +IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon (SND,/icons/sound2.gif) .ogg +AddIcon (VID,/icons/movie.gif) .ogm + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +AddIcon /icons/odf6odt-20x22.png .odt +AddIcon /icons/odf6ods-20x22.png .ods +AddIcon /icons/odf6odp-20x22.png .odp +AddIcon /icons/odf6odg-20x22.png .odg +AddIcon /icons/odf6odc-20x22.png .odc +AddIcon /icons/odf6odf-20x22.png .odf +AddIcon /icons/odf6odb-20x22.png .odb +AddIcon /icons/odf6odi-20x22.png .odi +AddIcon /icons/odf6odm-20x22.png .odm + +AddIcon /icons/odf6ott-20x22.png .ott +AddIcon /icons/odf6ots-20x22.png .ots +AddIcon /icons/odf6otp-20x22.png .otp +AddIcon /icons/odf6otg-20x22.png .otg +AddIcon /icons/odf6otc-20x22.png .otc +AddIcon /icons/odf6otf-20x22.png .otf +AddIcon /icons/odf6oti-20x22.png .oti +AddIcon /icons/odf6oth-20x22.png .oth + +DefaultIcon /icons/unknown.gif +ReadmeName README.html +HeaderName HEADER.html + +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t diff --git a/templates/mod/cgid.conf.erb b/templates/mod/cgid.conf.erb new file mode 100644 index 0000000000..d771012de9 --- /dev/null +++ b/templates/mod/cgid.conf.erb @@ -0,0 +1 @@ +ScriptSock <%= @cgisock_path %> diff --git a/templates/mod/dav_fs.conf.erb b/templates/mod/dav_fs.conf.erb new file mode 100644 index 0000000000..50edf004e9 --- /dev/null +++ b/templates/mod/dav_fs.conf.erb @@ -0,0 +1 @@ +DAVLockDB <%= @dav_lock %> diff --git a/templates/mod/deflate.conf.erb b/templates/mod/deflate.conf.erb new file mode 100644 index 0000000000..d0997dfebb --- /dev/null +++ b/templates/mod/deflate.conf.erb @@ -0,0 +1,4 @@ +AddOutputFilterByType DEFLATE text/html text/plain text/xml +AddOutputFilterByType DEFLATE text/css +AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript +AddOutputFilterByType DEFLATE application/rss+xml diff --git a/templates/mod/dir.conf.erb b/templates/mod/dir.conf.erb new file mode 100644 index 0000000000..741f6ae034 --- /dev/null +++ b/templates/mod/dir.conf.erb @@ -0,0 +1 @@ +DirectoryIndex <%= @indexes.join(' ') %> diff --git a/templates/mod/disk_cache.conf.erb b/templates/mod/disk_cache.conf.erb index b44ed704bf..0c7e2c4b73 100644 --- a/templates/mod/disk_cache.conf.erb +++ b/templates/mod/disk_cache.conf.erb @@ -1,8 +1,8 @@ - # To enable a cache of proxied content, uncomment the following lines. - # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. CacheEnable disk / - CacheRoot "<%= cache_root %>" + CacheRoot "<%= @cache_root %>" + CacheDirLevels 2 + CacheDirLength 1 diff --git a/templates/mod/info.conf.erb b/templates/mod/info.conf.erb new file mode 100644 index 0000000000..01ffe95a91 --- /dev/null +++ b/templates/mod/info.conf.erb @@ -0,0 +1,6 @@ + + SetHandler server-info + Order deny,allow + Deny from all + Allow from <%= Array(@allow_from).join(" ") %> + diff --git a/templates/mod/ldap.conf.erb b/templates/mod/ldap.conf.erb new file mode 100644 index 0000000000..14f33ab2b2 --- /dev/null +++ b/templates/mod/ldap.conf.erb @@ -0,0 +1,7 @@ + + SetHandler ldap-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 ::1 + Satisfy all + diff --git a/templates/mod/mime.conf.erb b/templates/mod/mime.conf.erb new file mode 100644 index 0000000000..34f4add924 --- /dev/null +++ b/templates/mod/mime.conf.erb @@ -0,0 +1,36 @@ +TypesConfig /etc/mime.types + +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz +AddType application/x-bzip2 .bz2 + +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +AddHandler type-map var +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml diff --git a/templates/mod/mime_magic.conf.erb b/templates/mod/mime_magic.conf.erb new file mode 100644 index 0000000000..ee69bca4ae --- /dev/null +++ b/templates/mod/mime_magic.conf.erb @@ -0,0 +1 @@ +MIMEMagicFile conf/magic diff --git a/templates/mod/mpm_event.conf.erb b/templates/mod/mpm_event.conf.erb new file mode 100644 index 0000000000..eb6f1ff5f5 --- /dev/null +++ b/templates/mod/mpm_event.conf.erb @@ -0,0 +1,9 @@ + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 150 + MaxRequestsPerChild 0 + diff --git a/templates/mod/negotiation.conf.erb b/templates/mod/negotiation.conf.erb new file mode 100644 index 0000000000..50921019bc --- /dev/null +++ b/templates/mod/negotiation.conf.erb @@ -0,0 +1,2 @@ +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb new file mode 100644 index 0000000000..f6777cbd2b --- /dev/null +++ b/templates/mod/passenger.conf.erb @@ -0,0 +1,5 @@ +PassengerRoot <%= @passenger_root %> +PassengerRuby <%= @passenger_ruby %> +<% if @passenger_max_pool_size -%> +PassengerMaxPoolSize <%= @passenger_max_pool_size %> +<% end -%> diff --git a/templates/mod/prefork.conf.erb b/templates/mod/prefork.conf.erb new file mode 100644 index 0000000000..aabfdf7b22 --- /dev/null +++ b/templates/mod/prefork.conf.erb @@ -0,0 +1,8 @@ + + StartServers <%= @startservers %> + MinSpareServers <%= @minspareservers %> + MaxSpareServers <%= @maxspareservers %> + ServerLimit <%= @serverlimit %> + MaxClients <%= @maxclients %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + diff --git a/templates/mod/proxy.conf.erb b/templates/mod/proxy.conf.erb index 2360e0595e..d4531a519c 100644 --- a/templates/mod/proxy.conf.erb +++ b/templates/mod/proxy.conf.erb @@ -6,12 +6,12 @@ # Do not enable proxying with ProxyRequests until you have secured your # server. Open proxy servers are dangerous both to your network and to the # Internet at large. - ProxyRequests <%= proxy_requests %> + ProxyRequests <%= @proxy_requests %> Order deny,allow Deny from all - #Allow from .example.com + Allow from <%= Array(@allow_from).join(" ") %> # Enable/disable the handling of HTTP/1.1 "Via:" headers. diff --git a/templates/mod/proxy_html.conf.erb b/templates/mod/proxy_html.conf.erb new file mode 100644 index 0000000000..7f5898ef74 --- /dev/null +++ b/templates/mod/proxy_html.conf.erb @@ -0,0 +1,24 @@ +<% if @proxy_html_loadfiles -%> +<% Array(@proxy_html_loadfiles).each do |loadfile| -%> +LoadFile <%= loadfile %> +<% end -%> + +<% end -%> +ProxyHTMLLinks a href +ProxyHTMLLinks area href +ProxyHTMLLinks link href +ProxyHTMLLinks img src longdesc usemap +ProxyHTMLLinks object classid codebase data usemap +ProxyHTMLLinks q cite +ProxyHTMLLinks blockquote cite +ProxyHTMLLinks ins cite +ProxyHTMLLinks del cite +ProxyHTMLLinks form action +ProxyHTMLLinks input src usemap +ProxyHTMLLinks head profileProxyHTMLLinks base href +ProxyHTMLLinks script src for + +ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ + onmouseover onmousemove onmouseout onkeypress \ + onkeydown onkeyup onfocus onblur onload \ + onunload onsubmit onreset onselect onchange diff --git a/templates/mod/reqtimeout.conf.erb b/templates/mod/reqtimeout.conf.erb new file mode 100644 index 0000000000..9a18800da5 --- /dev/null +++ b/templates/mod/reqtimeout.conf.erb @@ -0,0 +1,2 @@ +RequestReadTimeout header=20-40,minrate=500 +RequestReadTimeout body=10,minrate=500 diff --git a/templates/mod/setenvif.conf.erb b/templates/mod/setenvif.conf.erb new file mode 100644 index 0000000000..d31c79fe5d --- /dev/null +++ b/templates/mod/setenvif.conf.erb @@ -0,0 +1,34 @@ +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^gvfs/1" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +BrowserMatch " Konqueror/4" redirect-carefully + + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb new file mode 100644 index 0000000000..854a0d0a64 --- /dev/null +++ b/templates/mod/ssl.conf.erb @@ -0,0 +1,21 @@ + + SSLRandomSeed startup builtin + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLRandomSeed connect file:/dev/urandom 512 + + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + SSLPassPhraseDialog builtin + SSLSessionCache shmcb:<%= @session_cache %> + SSLSessionCacheTimeout 300 +<% if @ssl_compression -%> + SSLCompression Off +<% end -%> + SSLMutex <%= @ssl_mutex %> + SSLCryptoDevice builtin + SSLHonorCipherOrder On + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + SSLProtocol all -SSLv2 + diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb new file mode 100644 index 0000000000..b29324ee99 --- /dev/null +++ b/templates/mod/status.conf.erb @@ -0,0 +1,12 @@ + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 ::1 + +ExtendedStatus On + + + # Show Proxy LoadBalancer status in mod_status + ProxyStatus On + diff --git a/templates/mod/userdir.conf.erb b/templates/mod/userdir.conf.erb index 47f8125065..cfe2e3879c 100644 --- a/templates/mod/userdir.conf.erb +++ b/templates/mod/userdir.conf.erb @@ -1,29 +1,19 @@ -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - #UserDir disable +<% if @disable_root -%> + UserDir disabled root +<% end -%> + UserDir <%= @dir %> - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disable" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - UserDir <%= dir %> + /*/<%= @dir %>> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Order allow,deny + Allow from all + + + Order deny,allow + Deny from all + + diff --git a/templates/mod/worker.conf.erb b/templates/mod/worker.conf.erb new file mode 100644 index 0000000000..f0bba39085 --- /dev/null +++ b/templates/mod/worker.conf.erb @@ -0,0 +1,9 @@ + + ServerLimit <%= @serverlimit %> + StartServers <%= @startservers %> + MaxClients <%= @maxclients %> + MinSpareThreads <%= @minsparethreads %> + MaxSpareThreads <%= @maxsparethreads %> + ThreadsPerChild <%= @threadsperchild %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + diff --git a/templates/namevirtualhost.erb b/templates/namevirtualhost.erb new file mode 100644 index 0000000000..cf767680fc --- /dev/null +++ b/templates/namevirtualhost.erb @@ -0,0 +1,8 @@ +<%# NameVirtualHost should always be one of: + - * + - *: + - _default_: + - + - : +-%> +NameVirtualHost <%= @addr_port %> diff --git a/templates/ports_header.erb b/templates/ports_header.erb new file mode 100644 index 0000000000..4908db4ad3 --- /dev/null +++ b/templates/ports_header.erb @@ -0,0 +1,5 @@ +# ************************************ +# Listen & NameVirtualHost resources in module puppetlabs-apache +# Managed by Puppet +# ************************************ + diff --git a/templates/test.vhost.erb b/templates/test.vhost.erb deleted file mode 100644 index 2b2522823d..0000000000 --- a/templates/test.vhost.erb +++ /dev/null @@ -1,18 +0,0 @@ -# -# Test vhost -# -NameVirtualHost *:80 - - ServerName testvhost - DocumentRoot <%= docroot %> - > - Options <%= options %> - AllowOverride <%= Array(override).join(' ') %> - Order allow,deny - allow from all - - ErrorLog /var/log/apache2/error.log - LogLevel warn - CustomLog /var/log/apache2/access.log combined - ServerSignature On - diff --git a/templates/vhost-default.conf.erb b/templates/vhost-default.conf.erb deleted file mode 100644 index 658979fa23..0000000000 --- a/templates/vhost-default.conf.erb +++ /dev/null @@ -1,31 +0,0 @@ -# ************************************ -# Default template in module puppetlabs-apache -# Managed by Puppet -# ************************************ - -NameVirtualHost <%= vhost_name %>:<%= port %> -:<%= port %>> - ServerName <%= srvname %> -<% if serveradmin %> - ServerAdmin <%= serveradmin %> -<% end %> -<% if serveraliases.is_a? Array -%> -<% serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%> -<% elsif serveraliases != '' -%> -<%= " ServerAlias #{serveraliases}" %> -<% end -%> - DocumentRoot <%= docroot %> - > - Options <%= options %> - AllowOverride <%= Array(override).join(' ') %> - Order allow,deny - allow from all - - ErrorLog <%= logroot %>/<%= name %>_error.log - LogLevel warn -<% if access_log -%> - CustomLog <%= logroot %>/<%= name %>_access.log combined -<% end -%> - ServerSignature Off - - diff --git a/templates/vhost-proxy.conf.erb b/templates/vhost-proxy.conf.erb deleted file mode 100644 index 9f804fc81b..0000000000 --- a/templates/vhost-proxy.conf.erb +++ /dev/null @@ -1,33 +0,0 @@ -NameVirtualHost <%= vhost_name %>:<%= port %> -:<%= port %>> - <% if ssl == true %> - SSLEngine on - SSLCertificateFile <%= ssl_path %>/certs/pl.cert - SSLCertificateKeyFile <%= ssl_path %>/private/pl.key - <% end %> - ServerName <%= srvname %> -<% if serveraliases.is_a? Array %> -<% serveraliases.each do |name| %><%= " ServerAlias #{name}\n" %><% end %> -<% elsif serveraliases != '' %> -<%= " ServerAlias #{serveraliases}" %> -<% end %> - ProxyRequests Off - - Order deny,allow - Allow from all - - -<% for uri in no_proxy_uris %> - ProxyPass <%= uri %> ! -<% end %> - ProxyPass / <%= dest %>/ - ProxyPassReverse / <%= dest %>/ - ProxyPreserveHost On - - ErrorLog /var/log/<%= scope.lookupvar("apache::params::apache_name") %>/<%= name %>_error.log - LogLevel warn -<% if access_log -%> - CustomLog /var/log/<%= scope.lookupvar("apache::params::apache_name") %>/<%= name %>_access.log combined -<% end -%> - - diff --git a/templates/vhost-redirect.conf.erb b/templates/vhost-redirect.conf.erb deleted file mode 100644 index 240f924cdf..0000000000 --- a/templates/vhost-redirect.conf.erb +++ /dev/null @@ -1,11 +0,0 @@ -NameVirtualHost <%= vhost_name %>:<%= port %> -:<%= port %>> - ServerName <%= srvname %> -<% if serveraliases.is_a? Array %> -<% serveraliases.each do |name| %><%= " ServerAlias #{name}\n" %><% end %> -<% elsif serveraliases != '' %> -<%= " ServerAlias #{serveraliases}" %> -<% end %> - Redirect / <%= dest %>/ - - diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb new file mode 100644 index 0000000000..8a5a705d35 --- /dev/null +++ b/templates/vhost.conf.erb @@ -0,0 +1,43 @@ +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +> + ServerName <%= @servername_real %> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%> + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot <%= @virtual_docroot %> +<% else -%> + DocumentRoot <%= @docroot %> +<% end -%> +<%= scope.function_template(['apache/vhost/_aliases.erb']) -%> + + ## Directories, there should at least be a declaration for <%= @docroot %> +<%= scope.function_template(['apache/vhost/_directories.erb']) -%> + + ## Logging +<% if @error_log -%> + ErrorLog <%= @error_log_destination %> +<% end -%> + LogLevel warn + ServerSignature Off +<% if @access_log -%> + CustomLog <%= @access_log_destination %> <%= @_access_log_format %> +<% end -%> +<%= scope.function_template(['apache/vhost/_block.erb']) -%> +<%= scope.function_template(['apache/vhost/_proxy.erb']) -%> +<%= scope.function_template(['apache/vhost/_rack.erb']) -%> +<%= scope.function_template(['apache/vhost/_redirect.erb']) -%> +<%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> +<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> +<%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> +<%= scope.function_template(['apache/vhost/_setenv.erb']) -%> +<%= scope.function_template(['apache/vhost/_ssl.erb']) -%> +<%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> +<%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> + diff --git a/templates/vhost/_aliases.erb b/templates/vhost/_aliases.erb new file mode 100644 index 0000000000..73d683fc29 --- /dev/null +++ b/templates/vhost/_aliases.erb @@ -0,0 +1,8 @@ +<% if @aliases and ! @aliases.empty? -%> + ## Alias declarations for resources outside the DocumentRoot + <%- Array(@aliases).each do |alias_statement| -%> + <%- if alias_statement["alias"] != '' and alias_statement["path"] != ''-%> + Alias <%= alias_statement["alias"] %> <%= alias_statement["path"] %> + <%- end -%> + <%- end -%> +<% end -%> \ No newline at end of file diff --git a/templates/vhost/_block.erb b/templates/vhost/_block.erb new file mode 100644 index 0000000000..f235f89d28 --- /dev/null +++ b/templates/vhost/_block.erb @@ -0,0 +1,10 @@ +<% if @block and ! @block.empty? -%> + + ## Block access statements +<% if @block.include? 'scm' -%> + # Block access to SCM directories. + + Deny From All + +<% end -%> +<% end -%> diff --git a/templates/vhost/_custom_fragment.erb b/templates/vhost/_custom_fragment.erb new file mode 100644 index 0000000000..973964655e --- /dev/null +++ b/templates/vhost/_custom_fragment.erb @@ -0,0 +1,5 @@ +<% if @custom_fragment -%> + + ## Custom fragment +<%= @custom_fragment %> +<% end -%> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb new file mode 100644 index 0000000000..10504c553d --- /dev/null +++ b/templates/vhost/_directories.erb @@ -0,0 +1,38 @@ +<% if @_directories and ! @_directories.empty? -%> + <%- Array(@_directories).each do |directory| -%> + <%- if directory['path'] and directory['path'] != ''-%> + + > + <%- if directory['options'] -%> + Options <%= Array(directory['options']).join(' ') %> + <%- end -%> + <%- if directory['allow_override'] -%> + AllowOverride <%= Array(directory['allow_override']).join(' ') %> + <%- else -%> + AllowOverride None + <%- end -%> + <%- if directory['order'] and directory['order'] != '' -%> + Order <%= Array(directory['order']).join(',') %> + <%- else -%> + Order allow,deny + <%- end -%> + <%- if directory['deny'] and directory['deny'] != '' -%> + Deny <%= directory['deny'] %> + <%- end -%> + <%- if directory['allow'] and directory['allow'] != '' -%> + Allow <%= directory['allow'] %> + <%- else -%> + Allow from all + <%- end -%> + <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> + <%- Array(directory['addhandlers']).each do |addhandler| -%> + AddHandler <%= addhandler['handler'] %> <%= Array(addhandler['extensions']).join(' ') %> + <%- end -%> + <%- end -%> + <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> + PassengerEnabled <%= directory['passenger_enabled'] %> + <%- end -%> + + <%- end -%> + <%- end -%> +<% end -%> diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb new file mode 100644 index 0000000000..8b5c6073dc --- /dev/null +++ b/templates/vhost/_proxy.erb @@ -0,0 +1,21 @@ +<% if @proxy_dest or @proxy_pass -%> + + ## Proxy rules + ProxyRequests Off + + Order deny,allow + Allow from all + +<%- end -%> +<% Array(@proxy_pass).each do |proxy| %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> +<% end %> +<% if @proxy_dest -%> +<% Array(@no_proxy_uris).each do |uri| %> + ProxyPass <%= uri %> ! +<% end %> + ProxyPass / <%= @proxy_dest %>/ + ProxyPassReverse / <%= @proxy_dest %>/ + ProxyPreserveHost On +<% end -%> diff --git a/templates/vhost/_rack.erb b/templates/vhost/_rack.erb new file mode 100644 index 0000000000..4a5b5f1cdc --- /dev/null +++ b/templates/vhost/_rack.erb @@ -0,0 +1,7 @@ +<% if @rack_base_uris -%> + + ## Enable rack +<% Array(@rack_base_uris).each do |uri| -%> + RackBaseURI <%= uri %> +<% end -%> +<% end -%> diff --git a/templates/vhost/_redirect.erb b/templates/vhost/_redirect.erb new file mode 100644 index 0000000000..66eee5e6d8 --- /dev/null +++ b/templates/vhost/_redirect.erb @@ -0,0 +1,12 @@ +<% if @redirect_source and @redirect_dest -%> +<% @redirect_dest_a = Array(@redirect_dest) -%> +<% @redirect_source_a = Array(@redirect_source) -%> +<% @redirect_status_a = Array(@redirect_status) -%> + + ## Redirect rules +<% @redirect_source_a.each_with_index do |source, i| -%> +<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> +<% @redirect_status_a[i] ||= @redirect_status_a[0] -%> + Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> +<% end -%> +<% end -%> diff --git a/templates/vhost/_requestheader.erb b/templates/vhost/_requestheader.erb new file mode 100644 index 0000000000..9f175052b5 --- /dev/null +++ b/templates/vhost/_requestheader.erb @@ -0,0 +1,10 @@ +<% if @request_headers and ! @request_headers.empty? -%> + + ## Request header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader + <%- Array(@request_headers).each do |request_statement| -%> + <%- if request_statement != '' -%> + RequestHeader <%= request_statement %> + <%- end -%> + <%- end -%> +<% end -%> diff --git a/templates/vhost/_rewrite.erb b/templates/vhost/_rewrite.erb new file mode 100644 index 0000000000..d04ad25f61 --- /dev/null +++ b/templates/vhost/_rewrite.erb @@ -0,0 +1,14 @@ +<% if @rewrite_rule -%> + + ## Rewrite rules + RewriteEngine On +<% if @rewrite_base -%> + RewriteBase <%= @rewrite_base -%> +<% end -%> +<% if @rewrite_cond -%> +<% Array(@rewrite_cond).each do |cond| -%> + RewriteCond <%= cond %> +<% end -%> +<% end -%> + RewriteRule <%= @rewrite_rule %> +<% end -%> diff --git a/templates/vhost/_scriptalias.erb b/templates/vhost/_scriptalias.erb new file mode 100644 index 0000000000..0262055f37 --- /dev/null +++ b/templates/vhost/_scriptalias.erb @@ -0,0 +1,14 @@ +<% if @scriptalias -%> + + ## Script alias directives + ScriptAlias /cgi-bin/ "<%= @scriptalias %>/" + "> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all +<% if @ssl -%> + SSLOptions +StdEnvVars +<% end -%> + +<% end -%> diff --git a/templates/vhost/_serveralias.erb b/templates/vhost/_serveralias.erb new file mode 100644 index 0000000000..278b6ddc53 --- /dev/null +++ b/templates/vhost/_serveralias.erb @@ -0,0 +1,7 @@ +<% if @serveraliases and ! @serveraliases.empty? -%> + + ## Server aliases +<% Array(@serveraliases).each do |serveralias| -%> + ServerAlias <%= serveralias %> +<% end -%> +<% end -%> diff --git a/templates/vhost/_setenv.erb b/templates/vhost/_setenv.erb new file mode 100644 index 0000000000..d5f9ea8450 --- /dev/null +++ b/templates/vhost/_setenv.erb @@ -0,0 +1,12 @@ +<% if @setenv and ! @setenv.empty? -%> + + ## SetEnv/SetEnvIf for environment variables +<% Array(@setenv).each do |envvar| -%> + SetEnv <%= envvar %> +<% end -%> +<% end -%> +<% if @setenvif and ! @setenvif.empty? -%> +<% Array(@setenvif).each do |envifvar| -%> + SetEnvIf <%= envifvar %> +<% end -%> +<% end -%> diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb new file mode 100644 index 0000000000..8cf093263a --- /dev/null +++ b/templates/vhost/_ssl.erb @@ -0,0 +1,23 @@ +<% if @ssl -%> + + ## SSL directives + SSLEngine on + SSLCertificateFile <%= @ssl_cert %> + SSLCertificateKeyFile <%= @ssl_key %> +<% if @ssl_chain -%> + SSLCertificateChainFile <%= @ssl_chain %> +<% end -%> + SSLCACertificatePath <%= @ssl_certs_dir %> +<% if @ssl_ca -%> + SSLCACertificateFile <%= @ssl_ca %> +<% end -%> +<% if @ssl_crl_path -%> + SSLCARevocationPath <%= @ssl_crl_path %> +<% end -%> +<% if @ssl_crl -%> + SSLCARevocationFile <%= @ssl_crl %> +<% end -%> + + SSLOptions +StdEnvVars + +<% end -%> diff --git a/tests/vhost.pp b/tests/vhost.pp index 23366e3570..10aa9e3241 100644 --- a/tests/vhost.pp +++ b/tests/vhost.pp @@ -1,12 +1,185 @@ -include apache -apache::vhost { - 'test.vhost': - port => 80, - docroot => '/tmp/testvhost', - template => 'apache/test.vhost.erb'; - 'test.vhost-override': - port => 80, - docroot => '/tmp/testvhost', - override => ['Options', 'FileInfo'], - template => 'apache/test.vhost.erb'; +## Default vhosts, and custom vhosts +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost +apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', +} + +# Vhost with different docroot owner/group +apache::vhost { 'second.example.com': + port => '80', + docroot => '/var/www/second', + docroot_owner => 'third', + docroot_group => 'third', +} + +# Vhost with serveradmin +apache::vhost { 'third.example.com': + port => '80', + docroot => '/var/www/third', + serveradmin => 'admin@example.com', +} + +# Vhost with ssl (uses default ssl certs) +apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, +} + +# Vhost with ssl and specific ssl certs +apache::vhost { 'fourth.example.com': + port => '443', + docroot => '/var/www/fourth', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', +} + +# Vhost with english title and servername parameter +apache::vhost { 'The fifth vhost': + servername => 'fifth.example.com', + port => '80', + docroot => '/var/www/fifth', +} + +# Vhost with server aliases +apache::vhost { 'sixth.example.com': + serveraliases => [ + 'sixth.example.org', + 'sixth.example.net', + ], + port => '80', + docroot => '/var/www/fifth', +} + +# Vhost with alternate options +apache::vhost { 'seventh.example.com': + port => '80', + docroot => '/var/www/seventh', + options => [ + 'Indexes', + 'MultiViews', + ], +} + +# Vhost with AllowOverride for .htaccess +apache::vhost { 'eighth.example.com': + port => '80', + docroot => '/var/www/eighth', + override => 'All', +} + +# Vhost with access and error logs disabled +apache::vhost { 'ninth.example.com': + port => '80', + docroot => '/var/www/ninth', + access_log => false, + error_log => false, +} + +# Vhost with custom access and error logs and logroot +apache::vhost { 'tenth.example.com': + port => '80', + docroot => '/var/www/tenth', + access_log_file => 'tenth_vhost.log', + error_log_file => 'tenth_vhost_error.log', + logroot => '/var/log', +} + +# Vhost with a cgi-bin +apache::vhost { 'eleventh.example.com': + port => '80', + docroot => '/var/www/eleventh', + scriptalias => '/usr/lib/cgi-bin', +} + +# Vhost with a proxypass configuration +apache::vhost { 'twelfth.example.com': + port => '80', + docroot => '/var/www/twelfth', + proxy_dest => 'http://internal.example.com:8080/twelfth', + no_proxy_uris => ['/login','/logout'], +} + +# Vhost to redirect /login and /logout +apache::vhost { 'thirteenth.example.com': + port => '80', + docroot => '/var/www/thirteenth', + redirect_source => [ + '/login', + '/logout', + ], + redirect_dest => [ + 'http://10.0.0.10/login', + 'http://10.0.0.10/logout', + ], +} + +# Vhost to permamently redirect +apache::vhost { 'fourteenth.example.com': + port => '80', + docroot => '/var/www/fourteenth', + redirect_source => '/blog', + redirect_dest => 'http://blog.example.com', + redirect_status => 'permanent', +} + +# Vhost with a rack configuration +apache::vhost { 'fifteenth.example.com': + port => '80', + docroot => '/var/www/fifteenth', + rack_base_uris => ['/rackapp1', '/rackapp2'], +} + +# Vhost to redirect non-ssl to ssl +apache::vhost { 'sixteenth.example.com non-ssl': + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrite_cond => '%{HTTPS} off', + rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', +} +apache::vhost { 'sixteenth.example.com ssl': + servername => 'sixteenth.example.com', + port => '443', + docroot => '/var/www/sixteenth', + ssl => true, +} + +# Vhost to block repository files +apache::vhost { 'seventeenth.example.com': + port => '80', + docroot => '/var/www/seventeenth', + block => 'scm', +} + +# Vhost with special environment variables +apache::vhost { 'eighteenth.example.com': + port => '80', + docroot => '/var/www/eighteenth', + setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'], +} +apache::vhost { 'nineteenth.example.com': + port => '80', + docroot => '/var/www/nineteenth', + setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1', +} + +# Vhost with alias for subdomain mapped to same named directory +# http://example.com.loc => /var/www/example.com +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], } diff --git a/tests/vhost_ip_based.pp b/tests/vhost_ip_based.pp new file mode 100644 index 0000000000..dc0fa4f33b --- /dev/null +++ b/tests/vhost_ip_based.pp @@ -0,0 +1,25 @@ +## IP-based vhosts on any listen port +# IP-based vhosts respond to requests on specific IP addresses. + +# Base class. Turn off the default vhosts; we will be declaring +# all vhosts below. +class { 'apache': + default_vhost => false, +} + +# Listen on port 80 and 81; required because the following vhosts +# are not declared with a port parameter. +apache::listen { '80': } +apache::listen { '81': } + +# IP-based vhosts +apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, +} +apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, +} diff --git a/tests/vhost_ssl.pp b/tests/vhost_ssl.pp new file mode 100644 index 0000000000..8e7a2b279e --- /dev/null +++ b/tests/vhost_ssl.pp @@ -0,0 +1,23 @@ +## SSL-enabled vhosts +# SSL-enabled vhosts respond only to HTTPS queries. + +# Base class. Turn off the default vhosts; we will be declaring +# all vhosts below. +class { 'apache': + default_vhost => false, +} + +# Non-ssl vhost +apache::vhost { 'first.example.com non-ssl': + servername => 'first.example.com', + port => '80', + docroot => '/var/www/first', +} + +# SSL vhost at the same domain +apache::vhost { 'first.example.com ssl': + servername => 'first.example.com', + port => '443', + docroot => '/var/www/first', + ssl => true, +} diff --git a/tests/vhosts_without_listen.pp b/tests/vhosts_without_listen.pp new file mode 100644 index 0000000000..e7d6cc036c --- /dev/null +++ b/tests/vhosts_without_listen.pp @@ -0,0 +1,53 @@ +## Declare ip-based and name-based vhosts +# Mixing Name-based vhost with IP-specific vhosts requires `add_listen => +# 'false'` on the non-IP vhosts + +# Base class. Turn off the default vhosts; we will be declaring +# all vhosts below. +class { 'apache': + default_vhost => false, +} + + +# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl +apache::vhost { 'The first IP-based vhost, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', +} +apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, +} + +# Two name-based vhost listening on 10.0.0.20 +apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', +} +apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', +} + +# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare +# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict +# with the IP-based preceeding vhosts. +apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, +} +apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, +}