From c24e2fae07c2af07ae72cf24d3ece07c7d739792 Mon Sep 17 00:00:00 2001 From: Pi3r Date: Sun, 7 Sep 2014 22:05:19 +0200 Subject: [PATCH 001/105] Clean-up hash lookup and avoid local undef var --- manifests/mod.pp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 2795578ec8..776a6c59f2 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -18,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -48,11 +47,10 @@ # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] } else { $_package = undef } From 0e93f27ba9b6850715ca7e5ef285ff8d132c2062 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:06:30 -0700 Subject: [PATCH 002/105] add php_flag, php_value to docs --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index ba805b8cbe..0c612b672a 100644 --- a/README.md +++ b/README.md @@ -1105,6 +1105,10 @@ Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/User Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. +#####`php_flags & values` + +Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'. + #####`php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. @@ -1684,6 +1688,10 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ``` *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. + +######`php_value` and `php_flag` + +`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). ######`php_admin_value` and `php_admin_flag` From 3e50baecdb8a2128907dea8374556f93d99c15d8 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:15:48 -0700 Subject: [PATCH 003/105] duplicate php_admin_{value,flag} for php_{value,flag} --- manifests/vhost.pp | 13 +++++++++++++ templates/vhost/_directories.erb | 11 +++++++++++ templates/vhost/_php.erb | 12 ++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 templates/vhost/_php.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e1..325345857f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -60,6 +60,8 @@ $suphp_addhandler = $::apache::params::suphp_addhandler, $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, $php_admin_flags = {}, $php_admin_values = {}, $no_proxy_uris = [], @@ -708,6 +710,17 @@ } } + # Template uses: + # - $php_values + # - $php_flags + if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { + concat::fragment { "${name}-php": + target => "${priority_real}-${filename}.conf", + order => 220, + content => template('apache/vhost/_php.erb'), + } + } + # Template uses: # - $php_admin_values # - $php_admin_flags diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e756875f29..c27cabb199 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -87,6 +87,17 @@ <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> + <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> + <%- directory['php_flags'].each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_values'] and ! directory['php_values'].empty? -%> + <%- directory['php_values'].each do |key,value| -%> + php_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> <%- directory['php_admin_flags'].each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> diff --git a/templates/vhost/_php.erb b/templates/vhost/_php.erb new file mode 100644 index 0000000000..369fdb7f92 --- /dev/null +++ b/templates/vhost/_php.erb @@ -0,0 +1,12 @@ +<% if @php_values and not @php_values.empty? -%> + <%- @php_values.sort.each do |key,value| -%> + php_value <%= key %> <%= value %> + <%- end -%> +<% end -%> +<% if @php_flags and not @php_flags.empty? -%> + <%- @php_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> \ No newline at end of file From adb90bf1c243f11f68c571cc2690517312f6ac98 Mon Sep 17 00:00:00 2001 From: Jesse Weisner Date: Tue, 21 Oct 2014 19:22:06 -0700 Subject: [PATCH 004/105] add tests --- spec/acceptance/mod_php_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index a0efe7fb86..91eab0f1f7 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -53,7 +53,7 @@ class { 'apache::mod::php': } end end - context "custom extensions, php_admin_flag, and php_admin_value" do + context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do it 'succeeds in puppeting php' do pp= <<-EOS class { 'apache': @@ -65,6 +65,8 @@ class { 'apache::mod::php': apache::vhost { 'php.example.com': port => '80', docroot => '/var/www/php', + php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, + php_flags => { 'display_errors' => 'on', }, php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, php_admin_flags => { 'engine' => 'on', }, } @@ -83,6 +85,8 @@ class { 'apache::mod::php': end describe file("#{vhost_dir}/25-php.example.com.conf") do + it { is_expected.to contain " php_flag display_errors on" } + it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" } it { is_expected.to contain " php_admin_flag engine on" } it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } end From 6b0a8b25509905c1b5011c4aabed887143700800 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Wed, 22 Oct 2014 16:43:25 +0200 Subject: [PATCH 005/105] Add params to proxy_pass to provide ProxyPass key=value connection settings --- README.md | 3 ++- templates/vhost/_proxy.erb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ba805b8cbe..28787297e1 100644 --- a/README.md +++ b/README.md @@ -1135,7 +1135,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, ], @@ -1143,6 +1143,7 @@ apache::vhost { 'site.name.fdqn': ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). #####`rack_base_uris` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 045c906911..0f21af2ec3 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,8 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 332c66c0adffff9583027337f15abf514db560fb Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Thu, 23 Oct 2014 13:16:44 +0200 Subject: [PATCH 006/105] cleanup condition --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 0f21af2ec3..190239de92 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,7 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> > <%- if proxy['reverse_urls'].nil? -%> From e49b77c68c5cbcb36072d220e3432a5f20b3f35f Mon Sep 17 00:00:00 2001 From: Ben Sandberg Date: Thu, 23 Oct 2014 14:06:21 -0700 Subject: [PATCH 007/105] passenger concat needs to be wrapped in a check --- manifests/vhost.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e1..0841dfff47 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -795,10 +795,12 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_passenger.erb'), + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } } # Template uses: From dd69adc9827fae3b7294a98c31cc45b44c8fc30b Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Fri, 24 Oct 2014 14:02:20 +0200 Subject: [PATCH 008/105] (MODULES-1457) apache::vhost: SSLCACertificatePath can't be unset The SSLCACertificatePath is always set. The check for @ssl_certs_dir only covers "undef". As there is a default value in ::apache::params for ssl_certs_dir it needs to be overriden with an empty string. Right now the _ssl.erb template outputs 'SSLCACertificatePath ""' for an empty string, which triggers a failing reload of httpd. This patch just adds a "&& @ssl_certs_dir != ''" to the condition. On a Puppet master passenger vhost it's probably security relevant setting, as it enables all system CA signed certificates access. Related patch: https://github.com/puppetlabs/puppetlabs-apache/pull/787 --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 70213f48c1..516992558f 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,7 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> - <%- if @ssl_certs_dir -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> <%- if @ssl_ca -%> From 95426e5f2bc43ae99205f0d10afbea3e82301b5e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:03:20 -0500 Subject: [PATCH 009/105] Updates to mod::fcgid test don't work on RHEL5 --- spec/acceptance/mod_fcgid_spec.rb | 97 +++++++++++++++---------------- 1 file changed, 46 insertions(+), 51 deletions(-) diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 8e94fa08fa..2511b46ce6 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,62 +1,57 @@ require 'spec_helper_acceptance' describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('osfamily') - when 'Debian' - # Not implemented - when 'RedHat' - context "default fcgid config" do - it 'succeeds in puppeting fcgid' do - pp = <<-EOS - class { 'epel': } # mod_fcgid lives in epel - class { 'apache': } - class { 'apache::mod::php': } # For /usr/bin/php-cgi - class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', + context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do + it 'succeeds in puppeting fcgid' do + pp = <<-EOS + class { 'epel': } # mod_fcgid lives in epel + class { 'apache': } + class { 'apache::mod::php': } # For /usr/bin/php-cgi + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + }, + } + apache::vhost { 'fcgid.example.com': + port => '80', + docroot => '/var/www/fcgid', + directories => { + path => '/var/www/fcgid', + options => '+ExecCGI', + addhandlers => { + handler => 'fcgid-script', + extensions => '.php', }, - } - apache::vhost { 'fcgid.example.com': - port => '80', - docroot => '/var/www/fcgid', - directories => { - path => '/var/www/fcgid', - options => '+ExecCGI', - addhandlers => { - handler => 'fcgid-script', - extensions => '.php', - }, - fcgiwrapper => { - command => '/usr/bin/php-cgi', - suffix => '.php', - } - }, - } - file { '/var/www/fcgid/index.php': - ensure => file, - owner => 'root', - group => 'root', - content => "\\n", - } - EOS - apply_manifest(pp, :catch_failures => true) - end + fcgiwrapper => { + command => '/usr/bin/php-cgi', + suffix => '.php', + } + }, + } + file { '/var/www/fcgid/index.php': + ensure => file, + owner => 'root', + group => 'root', + content => "\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end - describe service('httpd') do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('httpd') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'should answer to fcgid.example.com' do - shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| - expect(r.stdout).to match(/^Hello world$/) - expect(r.exit_code).to eq(0) - end + it 'should answer to fcgid.example.com' do + shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| + expect(r.stdout).to match(/^Hello world$/) + expect(r.exit_code).to eq(0) end + end - it 'should run a php-cgi process' do - shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) - end + it 'should run a php-cgi process' do + shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) end end end From ccb07c6a613821756ab784e7204f43e89915ece0 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 15:25:21 -0500 Subject: [PATCH 010/105] Fix custom_config check for ubuntu precise. --- manifests/custom_config.pp | 2 +- manifests/params.pp | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index 543ace94e5..cadc2354db 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -5,7 +5,7 @@ $content = undef, $priority = '25', $source = undef, - $verify_command = '/usr/sbin/apachectl -t', + $verify_command = $::apache::params::verify_command, $verify_config = true, ) { diff --git a/manifests/params.pp b/manifests/params.pp index fc9a86e320..d8922e9fde 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,6 +28,11 @@ # The default error log level $log_level = 'warn' + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + $verify_command = '/usr/sbin/apache2ctl -t' + } else { + $verify_command = '/usr/sbin/apachectl -t' + } if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' From bb849cdec4330dd68b3b85b072bf2cf72d87b6c5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 16:15:04 -0500 Subject: [PATCH 011/105] Fix dav_svn for debian 6 --- manifests/mod/dav_svn.pp | 25 ++++++++++++++----------- spec/acceptance/mod_dav_svn_spec.rb | 6 +++++- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index c46976e850..36af06fa41 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -1,17 +1,20 @@ class apache::mod::dav_svn ( $authz_svn_enabled = false, ) { - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] - include ::apache::mod::dav - ::apache::mod { 'dav_svn': } + Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] + include ::apache::mod::dav + ::apache::mod { 'dav_svn': } - if $authz_svn_enabled { - ::apache::mod { 'authz_svn': - loadfile_name => $::osfamily ? { - 'Debian' => undef, - default => 'dav_svn_authz_svn.load', - }, - require => Apache::Mod['dav_svn'], - } + if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + $loadfile_name = undef + } else { + $loadfile_name = 'dav_svn_authz_svn.load' + } + + if $authz_svn_enabled { + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], } + } } diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 5125ada0b2..90e0db5636 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,11 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - authz_svn_load_file = 'authz_svn.load' + if fact('operatingsystemmajrelease') == '6' + authz_svn_load_file = 'dav_svn_authz_svn.load' + else + authz_svn_load_file = 'authz_svn.load' + end when 'RedHat' mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' From 4fe8892df667ee650b9980fb6d0af6203e2b5e20 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Sep 2014 18:10:42 -0500 Subject: [PATCH 012/105] Fix vhost and mod_passenger tests on deb7 Also fix broken tests with strict variables. --- README.md | 2 ++ spec/acceptance/mod_passenger_spec.rb | 4 +-- spec/acceptance/vhost_spec.rb | 3 ++ spec/classes/mod/dav_svn_spec.rb | 47 ++++++++++++++------------- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index ba805b8cbe..28c541d44c 100644 --- a/README.md +++ b/README.md @@ -1745,6 +1745,8 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array } ``` +***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. + ######`shib_request_setting` Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index d141322348..9a758a44ee 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -137,7 +137,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/sbin/passenger-memory-stats") do |r| + shell("/usr/sbin/passenger-memory-stats") do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) @@ -262,7 +262,7 @@ class { 'apache::mod::passenger': end it 'should output status via passenger-memory-stats' do - shell("sudo /usr/bin/passenger-memory-stats", :pty => true) do |r| + shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 08c717fc9c..d45eaee9fa 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -991,6 +991,9 @@ class { 'apache': } pp = <<-EOS class { 'apache': } host { 'test.server': ip => '127.0.0.1' } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } apache::vhost { 'test.server': docroot => '/tmp', directories => [ diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 859174af77..95abef9948 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -7,14 +7,15 @@ context "on a Debian OS" do let :facts do { - :lsbdistcodename => 'squeeze', - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -24,13 +25,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -40,13 +42,14 @@ context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } From 1be599daf1aa1da5e591a506f7fb43f2e21ea36b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Sep 2014 14:41:14 -0500 Subject: [PATCH 013/105] Need fcgid to load after unixd on RHEL7 --- manifests/mod/fcgid.pp | 10 ++++- spec/classes/mod/fcgid_spec.rb | 71 +++++++++++++++++++++++----------- 2 files changed, 58 insertions(+), 23 deletions(-) diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 70997768bc..70761e41d7 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -1,7 +1,15 @@ class apache::mod::fcgid( $options = {}, ) { - ::apache::mod { 'fcgid': } + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + $loadfile_name = 'unixd_fcgid.load' + } else { + $loadfile_name = undef + } + + ::apache::mod { 'fcgid': + loadfile_name => $loadfile_name + } # Template uses: # - $options diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index ab47a5a8e3..a342e58135 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -8,14 +8,15 @@ context "on a Debian OS" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :lsbdistcodename => 'squeeze', - :operatingsystem => 'Debian', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end it { is_expected.to contain_class("apache::params") } @@ -26,13 +27,14 @@ context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - :operatingsystem => 'RedHat', - :id => 'root', - :kernel => 'Linux', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end @@ -66,16 +68,41 @@ end end + context "on RHEL7" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :operatingsystemmajrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + describe 'without parameters' do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) + } + it { is_expected.to contain_package("mod_fcgid") } + end + end + context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', - :operatingsystem => 'FreeBSD', - :id => 'root', - :kernel => 'FreeBSD', - :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', } end From 56f884f00e93298adf15058e1b7ad4475b448669 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 10:34:06 -0700 Subject: [PATCH 014/105] Remove OEL5 --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index f84ff41b8a..3063ccf649 100644 --- a/metadata.json +++ b/metadata.json @@ -27,7 +27,6 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", "6", "7" ] From 9d4bb7c9351fc88923983f67675b266726a45445 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 20 Oct 2014 14:38:54 -0700 Subject: [PATCH 015/105] Update loadfile name for Ubuntu 10.04 --- manifests/mod/dav_svn.pp | 2 +- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index 36af06fa41..d13a7d886f 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and $::operatingsystemmajrelease != '6' { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 90e0db5636..28cd5705f8 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From 1f9aaad9ff55451cf2b18bdfaaf25f9bce39c364 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 21 Oct 2014 15:50:32 -0700 Subject: [PATCH 016/105] OEL7 packaging has some issues This makes mod_dav_svn and mod_fcgid unable to install. --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- spec/acceptance/mod_fcgid_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 28cd5705f8..189bb15c42 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::dav_svn class' do +describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 2511b46ce6..e99a7f299e 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::fcgid class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do it 'succeeds in puppeting fcgid' do pp = <<-EOS From 88c6a98a5cfd33a7ba75a15ad6b09621b71768a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:15:04 +0200 Subject: [PATCH 017/105] allow disabling default vhosts under 2.4 when disabling the default vhost(s) under 2.4, there's nothing to include in $sites-enabled/, which causes the following error: The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 46 of /etc/apache2/apache2.conf: No matches for the wildcard '*' in '/etc/apache2/sites-enabled', failing (use IncludeOptional if required) Action 'configtest' failed. The Apache error log may have more information. by using IncludeOptional (as recommended), we allow the use of httpd as simple web server, with single purpose configuration, without having to define a (default) vhost. --- templates/httpd.conf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 68d6b50ae2..e1075e38c9 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -70,7 +70,11 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> From 8f2df799b242321c750372c5baa6eb83222bfde5 Mon Sep 17 00:00:00 2001 From: Jeff Tickle Date: Thu, 16 Oct 2014 14:00:55 -0400 Subject: [PATCH 018/105] Added ssl_protocol parameter to apache::mod::ssl makes it easier to fix things like POODLE --- README.md | 1 + manifests/mod/ssl.pp | 1 + templates/mod/ssl.conf.erb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1418696bf2..a4ab395c91 100644 --- a/README.md +++ b/README.md @@ -710,6 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7e115fb661..293e9319cc 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 35ec92afd9..e92e37e7a9 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From 2799c4e405caff93571d05bd86bf062f3b795ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 28 Oct 2014 15:14:26 +0100 Subject: [PATCH 019/105] fix ssl_protocol docs to be in line with code --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a4ab395c91..02932ff34e 100644 --- a/README.md +++ b/README.md @@ -710,7 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], - ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` From 360239c8dc5fc3eded26d27cb2cc5fa932193874 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Fri, 6 Jun 2014 22:23:19 -0400 Subject: [PATCH 020/105] Support parameters along with proxy_pass --- README.md | 4 +++- templates/vhost/_proxy.erb | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1418696bf2..22c7f0fb9c 100644 --- a/README.md +++ b/README.md @@ -1127,7 +1127,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': @@ -1138,6 +1138,8 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => ['retry=0', 'timeout=5'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 190239de92..8477157956 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -8,7 +8,6 @@ <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> - > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 934f2d4884b945f53150e5e6d488f1256ad8dc77 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 14:27:27 -0400 Subject: [PATCH 021/105] Support keywords along with proxy_pass, use hash for params --- README.md | 4 +++- templates/vhost/_proxy.erb | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 22c7f0fb9c..d31ae362f5 100644 --- a/README.md +++ b/README.md @@ -1139,7 +1139,9 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => ['retry=0', 'timeout=5'] }, + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 8477157956..dd25e2c87a 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,13 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 4c54a52c17e346e0c487e293c7727cb131aaca06 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 17:22:40 -0400 Subject: [PATCH 022/105] Add some tests for ProxyPass parameters --- tests/vhost_proxypass.pp | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 tests/vhost_proxypass.pp diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp new file mode 100644 index 0000000000..968de41959 --- /dev/null +++ b/tests/vhost_proxypass.pp @@ -0,0 +1,60 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => "http://localhost:8080/first" + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => "http://localhost:8080/second", + 'params' => {'retry' => '0', 'timeout' => '5'} + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => "http://localhost:8080/third", + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => "http://localhost:8080/fourth", + 'params' => {'retry' => '0', 'timeout' => '5'}, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} \ No newline at end of file From 0edb041427f4b6019db48d776b351833558552d6 Mon Sep 17 00:00:00 2001 From: Tim Hartmann Date: Thu, 23 Oct 2014 15:50:15 -0400 Subject: [PATCH 023/105] Linting and adding some tests Adding tests --- spec/defines/vhost_spec.rb | 16 +++++++++--- tests/vhost_proxypass.pp | 50 +++++++++++++++++++++----------------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3eac5ffb45..84a95bf44d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -172,8 +172,13 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/' + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } } ], 'suphp_addhandler' => 'foo', @@ -296,7 +301,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-action') } it { is_expected.to contain_concat__fragment('rspec.example.com-block') } it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp index 968de41959..e911f85f9d 100644 --- a/tests/vhost_proxypass.pp +++ b/tests/vhost_proxypass.pp @@ -9,37 +9,40 @@ # Most basic vhost with proxy_pass apache::vhost { 'first.example.com': - port => 80, - docroot => '/var/www/first', - proxy_pass => [ + port => 80, + docroot => '/var/www/first', + proxy_pass => [ { - 'path' => '/first', - 'url' => "http://localhost:8080/first" + 'path' => '/first', + 'url' => 'http://localhost:8080/first' }, ], } # vhost with proxy_pass and parameters apache::vhost { 'second.example.com': - port => 80, - docroot => '/var/www/second', - proxy_pass => [ + port => 80, + docroot => '/var/www/second', + proxy_pass => [ { 'path' => '/second', - 'url' => "http://localhost:8080/second", - 'params' => {'retry' => '0', 'timeout' => '5'} + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } }, ], } # vhost with proxy_pass and keywords apache::vhost { 'third.example.com': - port => 80, - docroot => '/var/www/third', - proxy_pass => [ + port => 80, + docroot => '/var/www/third', + proxy_pass => [ { - 'path' => '/third', - 'url' => "http://localhost:8080/third", + 'path' => '/third', + 'url' => 'http://localhost:8080/third', 'keywords' => ['noquery', 'interpolate'] }, ], @@ -47,14 +50,17 @@ # vhost with proxy_pass, parameters and keywords apache::vhost { 'fourth.example.com': - port => 80, - docroot => '/var/www/fourth', - proxy_pass => [ + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ { - 'path' => '/fourth', - 'url' => "http://localhost:8080/fourth", - 'params' => {'retry' => '0', 'timeout' => '5'}, + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, 'keywords' => ['noquery', 'interpolate'] }, ], -} \ No newline at end of file +} From 040546da0e13f62a86be3a0a73b78299b63734ce Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 12:21:55 -0400 Subject: [PATCH 024/105] Satisfy doesn't work with apache 2.4 The ability to use the more complex Require* syntax for apache 2.4 will be added eventually, but Satisfy shouldn't be tested as that is deprecated in apache. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d45eaee9fa..966f85cf5e 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -298,7 +298,7 @@ class { 'apache': } end end - describe 'Satisfy and Auth directive' do + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do it 'should configure a vhost with Satisfy and Auth directive' do pp = <<-EOS class { 'apache': } From c44e513dd69f459f81a49bfa0874a7ec556294ff Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 16:49:15 -0400 Subject: [PATCH 025/105] wsgi_chunked_request doesn't work on lucid --- spec/acceptance/vhost_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 966f85cf5e..483b74945c 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1082,7 +1082,6 @@ class { 'apache::mod::wsgi': } wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) From b85460162d319af89cf4ab17a64aec325c604d79 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 10:34:20 -0400 Subject: [PATCH 026/105] Update metadata Fix PE compatibility, update issues URL, and fix requirements to match output from PMT. --- metadata.json | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/metadata.json b/metadata.json index 3063ccf649..f2266960f4 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -58,7 +58,7 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 3.4.0" + "version_requirement": "3.x" }, { "name": "puppet", @@ -67,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.1" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] } From be2bfab1f98cd86d7048d84f6abea17206d59c30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:02:59 +0200 Subject: [PATCH 027/105] MODULES-1446: mod_version is now builtin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit while we are not loading it (by default), we should make it easier for people transitioning their configuration from 2.2 to 2.4 to find issues: thus adding a warning when someone tries to load mod_version. --- things i have learned during this pr: × @hunner: There is no '&&' in puppet; only 'and'* × add puppet to PATH, so vim can check syntax. thanks @mhaskel especially for the patience. *zuhl. --- README.md | 10 ++++++++++ manifests/default_mods.pp | 8 ++++---- manifests/mod/version.pp | 8 ++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 manifests/mod/version.pp diff --git a/README.md b/README.md index 02932ff34e..3b71c5baac 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -823,6 +824,15 @@ mod_reqtimeout configuration. } ``` +####Class: `apache::mod::reqtimeout` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + #####`timeouts` A string or an array that sets the `RequestReadTimeout` option. Defaults to diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f031..71759030b5 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -36,10 +36,11 @@ include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -51,7 +52,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } @@ -71,6 +71,7 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling @@ -93,7 +94,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp new file mode 100644 index 0000000000..c0e405686a --- /dev/null +++ b/manifests/mod/version.pp @@ -0,0 +1,8 @@ +class apache::mod::version { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +} From e20f70750d72dd61abf354b113ebc3c030f7521c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 15:37:22 -0400 Subject: [PATCH 028/105] Relying on missing fact Ubuntu 10.04 with PE3.3 is missing the operatingsystemmajrelease fact, so check either operatingsystemmajrelease or operatingsystemrelease. --- manifests/mod/dav_svn.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index d13a7d886f..6e70598d0a 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' From 61789fa9d8f84757c42cc9e8ed91154d834dd108 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 30 Oct 2014 15:45:37 +0100 Subject: [PATCH 029/105] Fixes indentation of versioncmp --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f031..fef78d6388 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -120,7 +120,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From 4002f9bffde12f67f60f839b3d23779f201ff84f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 30 Oct 2014 11:27:41 -0700 Subject: [PATCH 030/105] Update the test to match the fix from yesterday --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 189bb15c42..7e5afed520 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From e72fd7021cb63f90746e2cccc952d98f539526eb Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 5 Nov 2014 11:49:32 +0100 Subject: [PATCH 031/105] add sort to LogFormats to ensure consistency between runs --- templates/httpd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index e1075e38c9..54d24c8ae3 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -59,7 +59,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> From 3111c0dcd1920342cb2dcae3732573e91424e219 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= Date: Mon, 18 Aug 2014 18:38:26 +0200 Subject: [PATCH 032/105] Add support for specifying the docroot option for RHEL SCL httpd24 The pattern of defining these variables in the init.pp goes back into 2012. However, it's much better to use the params.pp pattern for this purpose, and it's also required to make this work with the RHEL's Software Collections. Without this patch, the Apache::Vhost['default'] is instantiated (regardless whether it's with ensure => absent or present) and bails out due to /var/www being missing on asystem which has never had RHEL6's regular httpd package installed. --- manifests/init.pp | 4 +--- manifests/params.pp | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b5e9204570..32966b86f7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', @@ -239,7 +240,6 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' @@ -247,7 +247,6 @@ $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' $error_documents_path = '/var/www/error' @@ -255,7 +254,6 @@ $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $error_documents_path = '/usr/local/www/apache22/error' diff --git a/manifests/params.pp b/manifests/params.pp index d8922e9fde..6b6f38891a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -100,6 +100,7 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { @@ -160,6 +161,7 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' # # Passenger-specific settings @@ -270,6 +272,7 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache22/data' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } From e4aadd546e8e9dff8027ef467776a3353729ce15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 15:43:19 +0200 Subject: [PATCH 033/105] add documentation for `docroot` (in init) and apparently strip a lot of trailing white-space. thanks lighttable let's see what this breaks... --- README.md | 146 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index a1846b5261..b98749b584 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -182,9 +182,9 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -253,7 +253,7 @@ Generates default set of include-able Apache configuration files under `${apach #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). @@ -310,6 +310,10 @@ SSL vhosts only respond to HTTPS queries. Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. @@ -375,9 +379,9 @@ Determines which MPM is loaded and configured for the HTTPD process. Valid value * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` +* `apache::mod::worker` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -566,7 +570,7 @@ The modules mentioned above, and other Apache modules that have templates, cause ####Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages mod_info which provides a comprehensive overview of the server configuration. Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). @@ -681,7 +685,7 @@ Overriding the default configuartion: } ``` -or +or ```puppet class {'::apache::mod::php': template => 'apache/php.conf.erb', @@ -719,7 +723,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -963,7 +967,9 @@ Sets the list of resources to look for when a client requests an index of the di #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -1142,7 +1148,7 @@ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/do ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, @@ -1220,7 +1226,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1281,7 +1287,7 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -1342,7 +1348,7 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1369,9 +1375,9 @@ To set up a virtual host with suPHP Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +#####`virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1407,8 +1413,8 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', @@ -1431,9 +1437,9 @@ General `directories` usage looks something like apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } @@ -1454,15 +1460,15 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` @@ -1474,10 +1480,10 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1489,10 +1495,10 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1559,7 +1565,7 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': - … + … custom_fragment => ' SetHandler balancer-manager @@ -1582,24 +1588,24 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1629,9 +1635,9 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1645,11 +1651,11 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` @@ -1661,9 +1667,9 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1676,9 +1682,9 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } @@ -1791,10 +1797,10 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1809,10 +1815,10 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1825,7 +1831,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1837,7 +1843,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. @@ -1899,7 +1905,7 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -2148,7 +2154,7 @@ If you want to add two name-based vhosts so that they answer on either 10.0.0.10 ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -2164,7 +2170,7 @@ Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mo #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. @@ -2242,7 +2248,7 @@ If you need to use ProxySet in the balancer config * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -2261,7 +2267,7 @@ If you need to use ProxySet in the balancer config * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types @@ -2280,7 +2286,7 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -2288,7 +2294,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. From 38d797025c5f76871ad844d6fa57a4aff7b2572e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 16:42:57 +0200 Subject: [PATCH 034/105] add spec test for (default) docroot directory , which is now a parameter to init.pp --- spec/classes/apache_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index dc5d6b46a1..c1ecf80cc3 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -23,6 +23,10 @@ it { is_expected.to contain_user("www-data") } it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -225,6 +229,10 @@ it { is_expected.to contain_user("apache") } it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -498,6 +506,10 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', From a65f3f74108d36604553dc400dce781000a4bf91 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 7 Nov 2014 11:37:33 -0800 Subject: [PATCH 035/105] Fix unit test failures with ruby 1.8.7 rspec with 1.8.7 seems to be having issues with trailing commas and unescaped '{' or '}' within the %r{} block. --- spec/classes/apache_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index c1ecf80cc3..fe61a9796b 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -24,7 +24,7 @@ it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( @@ -168,7 +168,7 @@ end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -230,7 +230,7 @@ it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www/html").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/httpd/conf.d").with( @@ -507,7 +507,7 @@ it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/usr/local/www/apache22/data").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( From a51bfa87e3c1c2ea17aaf4d590ad26758a07c5de Mon Sep 17 00:00:00 2001 From: enekogb Date: Wed, 12 Nov 2014 09:47:35 +0100 Subject: [PATCH 036/105] Add $status_path parameter to change mod_status url --- README.md | 18 +++++++++++++++++- manifests/mod/status.pp | 7 +++++-- spec/classes/mod/status_spec.rb | 13 +++++++------ templates/mod/status.conf.erb | 2 +- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b98749b584..564e65536a 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) + * [Class: apache::mod::status](#class-apachemodstatus) * [Class: apache::mod::wsgi](#class-apachemodwsgi) * [Class: apache::mod::fcgid](#class-apachemodfcgid) * [Class: apache::mod::negotiation](#class-apachemodnegotiation) @@ -556,7 +557,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) -* `status`* +* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below) * `suphp` * `userdir`* * `vhost_alias` @@ -721,6 +722,21 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +####Class: `apache::mod::status` + +Installs Apache mod_status and uses the status.conf.erb template. These are the defaults: + +```puppet + class { 'apache::mod::status': + allow_from = ['127.0.0.1','::1'], + extended_status = 'On', + status_path = '/server-status', +){ + + + } +``` + ####Class: `apache::mod::wsgi` Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index cfab5d58ea..9c61836960 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -9,7 +9,9 @@ # /server-status URL. Defaults to ['127.0.0.1', '::1']. # - $extended_status track and display extended status information. Valid # values are 'On' or 'Off'. Defaults to 'On'. -# +# - $status_path is the path assigned to the Location directive which +# defines the URL to access the server status. Defaults to '/server-status'. +# # Actions: # - Enable and configure Apache mod_status # @@ -27,11 +29,12 @@ $allow_from = ['127.0.0.1','::1'], $extended_status = 'On', $apache_version = $::apache::apache_version, + $status_path = '/server-status', ){ validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } - # Template uses $allow_from, $extended_status, $apache_version + # Template uses $allow_from, $extended_status, $apache_version, $status_path file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index adb60861ba..502562959c 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -1,10 +1,10 @@ require 'spec_helper' # Helper function for testing the contents of `status.conf` -def status_conf_spec(allow_from, extended_status) +def status_conf_spec(allow_from, extended_status, status_path) it do is_expected.to contain_file("status.conf").with_content( - "\n"\ + "\n"\ " SetHandler server-status\n"\ " Order deny,allow\n"\ " Deny from all\n"\ @@ -41,7 +41,7 @@ def status_conf_spec(allow_from, extended_status) it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") it { is_expected.to contain_file("status.conf").with({ :ensure => 'file', @@ -70,13 +70,13 @@ def status_conf_spec(allow_from, extended_status) it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } end - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off'" do + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do let :facts do { :osfamily => 'Debian', @@ -93,10 +93,11 @@ def status_conf_spec(allow_from, extended_status) { :allow_from => ['10.10.10.10','11.11.11.11'], :extended_status => 'Off', + :status_path => '/custom-status', } end - status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off") + status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status") end diff --git a/templates/mod/status.conf.erb b/templates/mod/status.conf.erb index 84f2e03430..f02ed156ff 100644 --- a/templates/mod/status.conf.erb +++ b/templates/mod/status.conf.erb @@ -1,4 +1,4 @@ - +> SetHandler server-status <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> From fdd960abe8e92420365e4c78ebd678f6b03f86f2 Mon Sep 17 00:00:00 2001 From: Antoine Cotten Date: Wed, 12 Nov 2014 16:34:15 +0100 Subject: [PATCH 037/105] 'allow_encoded_slashes' was omitted --- manifests/vhost.pp | 62 +++++++++++++--------- spec/defines/vhost_spec.rb | 1 + templates/vhost/_allow_encoded_slashes.erb | 4 ++ 3 files changed, 41 insertions(+), 26 deletions(-) create mode 100644 templates/vhost/_allow_encoded_slashes.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 0841dfff47..50b3a1ec4a 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -491,6 +491,16 @@ content => template('apache/vhost/_fallbackresource.erb'), } } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => "${priority_real}-${filename}.conf", + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } # Template uses: # - $_directories @@ -501,7 +511,7 @@ if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": target => "${priority_real}-${filename}.conf", - order => 50, + order => 60, content => template('apache/vhost/_directories.erb'), } } @@ -511,7 +521,7 @@ if $additional_includes and ! empty($additional_includes) { concat::fragment { "${name}-additional_includes": target => "${priority_real}-${filename}.conf", - order => 60, + order => 70, content => template('apache/vhost/_additional_includes.erb'), } } @@ -524,7 +534,7 @@ if $error_log or $log_level { concat::fragment { "${name}-logging": target => "${priority_real}-${filename}.conf", - order => 70, + order => 80, content => template('apache/vhost/_logging.erb'), } } @@ -532,7 +542,7 @@ # Template uses no variables concat::fragment { "${name}-serversignature": target => "${priority_real}-${filename}.conf", - order => 80, + order => 90, content => template('apache/vhost/_serversignature.erb'), } @@ -545,7 +555,7 @@ if $access_log { concat::fragment { "${name}-access_log": target => "${priority_real}-${filename}.conf", - order => 90, + order => 100, content => template('apache/vhost/_access_log.erb'), } } @@ -555,7 +565,7 @@ if $action { concat::fragment { "${name}-action": target => "${priority_real}-${filename}.conf", - order => 100, + order => 110, content => template('apache/vhost/_action.erb'), } } @@ -566,7 +576,7 @@ if $block and ! empty($block) { concat::fragment { "${name}-block": target => "${priority_real}-${filename}.conf", - order => 110, + order => 120, content => template('apache/vhost/_block.erb'), } } @@ -576,7 +586,7 @@ if $error_documents and ! empty($error_documents) { concat::fragment { "${name}-error_document": target => "${priority_real}-${filename}.conf", - order => 120, + order => 130, content => template('apache/vhost/_error_document.erb'), } } @@ -589,7 +599,7 @@ if $proxy_dest or $proxy_pass { concat::fragment { "${name}-proxy": target => "${priority_real}-${filename}.conf", - order => 130, + order => 140, content => template('apache/vhost/_proxy.erb'), } } @@ -599,7 +609,7 @@ if $rack_base_uris { concat::fragment { "${name}-rack": target => "${priority_real}-${filename}.conf", - order => 140, + order => 150, content => template('apache/vhost/_rack.erb'), } } @@ -620,7 +630,7 @@ if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}-${filename}.conf", - order => 150, + order => 160, content => template('apache/vhost/_redirect.erb'), } } @@ -633,7 +643,7 @@ if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": target => "${priority_real}-${filename}.conf", - order => 160, + order => 170, content => template('apache/vhost/_rewrite.erb'), } } @@ -644,7 +654,7 @@ if $scriptaliases and ! empty($scriptaliases) { concat::fragment { "${name}-scriptalias": target => "${priority_real}-${filename}.conf", - order => 170, + order => 180, content => template('apache/vhost/_scriptalias.erb'), } } @@ -654,7 +664,7 @@ if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": target => "${priority_real}-${filename}.conf", - order => 180, + order => 190, content => template('apache/vhost/_serveralias.erb'), } } @@ -665,7 +675,7 @@ if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { concat::fragment { "${name}-setenv": target => "${priority_real}-${filename}.conf", - order => 190, + order => 200, content => template('apache/vhost/_setenv.erb'), } } @@ -691,7 +701,7 @@ if $ssl { concat::fragment { "${name}-ssl": target => "${priority_real}-${filename}.conf", - order => 200, + order => 210, content => template('apache/vhost/_ssl.erb'), } } @@ -703,7 +713,7 @@ if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": target => "${priority_real}-${filename}.conf", - order => 210, + order => 220, content => template('apache/vhost/_suphp.erb'), } } @@ -714,7 +724,7 @@ if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": target => "${priority_real}-${filename}.conf", - order => 220, + order => 230, content => template('apache/vhost/_php_admin.erb'), } } @@ -724,7 +734,7 @@ if $headers and ! empty($headers) { concat::fragment { "${name}-header": target => "${priority_real}-${filename}.conf", - order => 230, + order => 240, content => template('apache/vhost/_header.erb'), } } @@ -734,7 +744,7 @@ if $request_headers and ! empty($request_headers) { concat::fragment { "${name}-requestheader": target => "${priority_real}-${filename}.conf", - order => 240, + order => 250, content => template('apache/vhost/_requestheader.erb'), } } @@ -751,7 +761,7 @@ if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": target => "${priority_real}-${filename}.conf", - order => 250, + order => 260, content => template('apache/vhost/_wsgi.erb'), } } @@ -761,7 +771,7 @@ if $custom_fragment { concat::fragment { "${name}-custom_fragment": target => "${priority_real}-${filename}.conf", - order => 260, + order => 270, content => template('apache/vhost/_custom_fragment.erb'), } } @@ -774,7 +784,7 @@ if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": target => "${priority_real}-${filename}.conf", - order => 270, + order => 280, content => template('apache/vhost/_fastcgi.erb'), } } @@ -784,7 +794,7 @@ if $suexec_user_group { concat::fragment { "${name}-suexec": target => "${priority_real}-${filename}.conf", - order => 280, + order => 290, content => template('apache/vhost/_suexec.erb'), } } @@ -798,7 +808,7 @@ if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { concat::fragment { "${name}-passenger": target => "${priority_real}-${filename}.conf", - order => 290, + order => 300, content => template('apache/vhost/_passenger.erb'), } } @@ -808,7 +818,7 @@ if $add_default_charset { concat::fragment { "${name}-charsets": target => "${priority_real}-${filename}.conf", - order => 300, + order => 310, content => template('apache/vhost/_charsets.erb'), } } diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 84a95bf44d..d80752d8ae 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -322,6 +322,7 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } diff --git a/templates/vhost/_allow_encoded_slashes.erb b/templates/vhost/_allow_encoded_slashes.erb new file mode 100644 index 0000000000..40c73433b1 --- /dev/null +++ b/templates/vhost/_allow_encoded_slashes.erb @@ -0,0 +1,4 @@ +<%- if @allow_encoded_slashes -%> + + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> From a425c288cc357dc1d9c8dd4738b086365ec6adf5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 13 Nov 2014 11:23:07 -0800 Subject: [PATCH 038/105] We should get rid of unused templates Otherwise we run the risk of having updates going into the wrong place --- templates/vhost.conf.erb | 69 ---------------------------------------- 1 file changed, 69 deletions(-) delete mode 100644 templates/vhost.conf.erb diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb deleted file mode 100644 index 859a3ae7f4..0000000000 --- a/templates/vhost.conf.erb +++ /dev/null @@ -1,69 +0,0 @@ -# ************************************ -# Vhost template in module puppetlabs-apache -# Managed by Puppet -# ************************************ - -> - ServerName <%= @servername %> -<% if @serveradmin -%> - ServerAdmin <%= @serveradmin %> -<% end -%> - - ## Vhost docroot -<% if @virtual_docroot -%> - VirtualDocumentRoot "<%= @virtual_docroot %>" -<% else -%> - DocumentRoot "<%= @docroot %>" -<% end -%> -<%= scope.function_template(['apache/vhost/_aliases.erb']) -%> - -<%= scope.function_template(['apache/vhost/_itk.erb']) -%> - -<% if @fallbackresource -%> - FallbackResource <%= @fallbackresource %> -<% end -%> -<%- if @allow_encoded_slashes -%> - AllowEncodedSlashes <%= @allow_encoded_slashes %> -<%- end -%> - - ## Directories, there should at least be a declaration for <%= @docroot %> -<%= scope.function_template(['apache/vhost/_directories.erb']) -%> - - ## Load additional static includes -<% Array(@additional_includes).each do |include| -%> - Include "<%= include %>" -<% end -%> - - ## Logging -<% if @error_log -%> - ErrorLog "<%= @error_log_destination %>" -<% end -%> -<% if @log_level -%> - LogLevel <%= @log_level %> -<% end -%> - ServerSignature Off -<% if @access_log and @_access_log_env_var -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> -<% elsif @access_log -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> -<% end -%> -<%= scope.function_template(['apache/vhost/_action.erb']) -%> -<%= scope.function_template(['apache/vhost/_block.erb']) -%> -<%= scope.function_template(['apache/vhost/_error_document.erb']) -%> -<%= scope.function_template(['apache/vhost/_proxy.erb']) -%> -<%= scope.function_template(['apache/vhost/_rack.erb']) -%> -<%= scope.function_template(['apache/vhost/_redirect.erb']) -%> -<%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> -<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> -<%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> -<%= scope.function_template(['apache/vhost/_setenv.erb']) -%> -<%= scope.function_template(['apache/vhost/_ssl.erb']) -%> -<%= scope.function_template(['apache/vhost/_suphp.erb']) -%> -<%= scope.function_template(['apache/vhost/_php_admin.erb']) -%> -<%= scope.function_template(['apache/vhost/_header.erb']) -%> -<%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> -<%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> -<%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_suexec.erb']) -%> - From 8d22b806eb528e3d8c93bf5229b86b9529bce7b9 Mon Sep 17 00:00:00 2001 From: muresan Date: Fri, 14 Nov 2014 17:05:02 +0000 Subject: [PATCH 039/105] Updated _directories.erb to add support for 'SetEnv' Updated _directories.erb to add support for 'SetEnv'. --- templates/vhost/_directories.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index e756875f29..9827e38c7a 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -195,6 +195,11 @@ <%- end -%> <%- end -%> <%- end -%> + <%- if directory['setenv'] -%> + <%- Array(directory['setenv']).each do |setenv| -%> + SetEnv <%= setenv %> + <%- end -%> + <%- end -%> <%- if @shibboleth_enabled -%> <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> ShibRequireSession <%= directory['shib_require_session'] %> From a767f1510a619785cdba4b3ca0fc484bfd300b5c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 17 Nov 2014 13:42:05 -0800 Subject: [PATCH 040/105] MODULES-1403 - fix doc bug --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 564e65536a..c565da3ab2 100644 --- a/README.md +++ b/README.md @@ -1582,7 +1582,10 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': … - custom_fragment => ' + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' SetHandler balancer-manager Order allow,deny @@ -1594,7 +1597,9 @@ Pass a string of custom configuration directives to be placed at the end of the Allow from all ProxyStatus On', -} + }, + ] + } ``` ######`deny` From 6d100c8033468e34c96a6cd8161a89b149201e94 Mon Sep 17 00:00:00 2001 From: Mike Delaney Date: Tue, 30 Sep 2014 08:54:03 -0400 Subject: [PATCH 041/105] MODULES-1384 - idempotency for wsgi_script_aliases When parsing wsgi_aliases, sort the keys then generate the underlying template. --- templates/vhost/_wsgi.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/vhost/_wsgi.erb b/templates/vhost/_wsgi.erb index a0d4ded654..9f01d40910 100644 --- a/templates/vhost/_wsgi.erb +++ b/templates/vhost/_wsgi.erb @@ -13,9 +13,9 @@ WSGIProcessGroup <%= @wsgi_process_group %> <% end -%> <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> - <%- @wsgi_script_aliases.each do |a, p| -%> - <%- if a != '' and p != ''-%> - WSGIScriptAlias <%= a %> "<%= p %>" + <%- @wsgi_script_aliases.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" <%- end -%> <%- end -%> <% end -%> From 5ac2f34e46f7347ba04fd86f5096ffc4f287e164 Mon Sep 17 00:00:00 2001 From: Geoffrey Corey Date: Tue, 18 Nov 2014 14:37:03 +0100 Subject: [PATCH 042/105] Add configurable options for mpm_event --- manifests/mod/event.pp | 20 ++++++++++++-------- spec/classes/mod/event_spec.rb | 33 +++++++++++++++++++++++++++++++++ templates/mod/event.conf.erb | 4 ++++ 3 files changed, 49 insertions(+), 8 deletions(-) diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index cb7ed96cd6..f2b28fde28 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -1,12 +1,16 @@ class apache::mod::event ( - $startservers = '2', - $maxclients = '150', - $minsparethreads = '25', - $maxsparethreads = '75', - $threadsperchild = '25', - $maxrequestsperchild = '0', - $serverlimit = '25', - $apache_version = $::apache::apache_version, + $startservers = '2', + $maxclients = '150', + $minsparethreads = '25', + $maxsparethreads = '75', + $threadsperchild = '25', + $maxrequestsperchild = '0', + $serverlimit = '25', + $apache_version = $::apache::apache_version, + $threadlimit = '64', + $listenbacklog = '511', + $maxrequestworkers = '256', + $maxconnectionsperchild = '0', ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 3061ca9b1f..f85f4d3288 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -34,11 +34,44 @@ } end + it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('event') } it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + context "Test mpm_event params" do + let :params do + { + :serverlimit => '0', + :startservers => '1', + :maxclients => '2', + :minsparethreads => '3', + :maxsparethreads => '4', + :threadsperchild => '5', + :maxrequestsperchild => '6', + :threadlimit => '7', + :listenbacklog => '8', + :maxrequestworkers => '9', + :maxconnectionsperchild => '10', + } + end + + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') + .with_content(/^\s*ServerLimit\s*0/) + .with_content(/^\s*StartServers\s*1/) + .with_content(/^\s*MaxClients\s*2/) + .with_content(/^\s*MinSpareThreads\s*3/) + .with_content(/^\s*MaxSpareThreads\s*4/) + .with_content(/^\s*ThreadsPerChild\s*5/) + .with_content(/^\s*MaxRequestsPerChild\s*6/) + .with_content(/^\s*ThreadLimit\s*7/) + .with_content(/^\s*ListenBacklog\s*8/) + .with_content(/^\s*MaxRequestWorkers\s*9/) + .with_content(/^\s*MaxConnectionsPerChild\s*10/) + } + end + context "with Apache version < 2.4" do let :params do { diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index 40099543d5..e7ef7ea6ea 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -6,4 +6,8 @@ MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> + MaxRequestWorkers <%= @maxrequestworkers %> + MaxConnectionsPerChild <%= @maxconnectionsperchild %> From 468647c1ea2e9a95b7633fe419a24c5b9f447815 Mon Sep 17 00:00:00 2001 From: Geoffrey Corey Date: Wed, 19 Nov 2014 14:12:50 +0100 Subject: [PATCH 043/105] Add basic mpm_event docs, fix formatting, appease older ruby --- README.md | 20 ++++++++++++++++++-- spec/classes/mod/event_spec.rb | 24 +++++++++++------------- templates/mod/event.conf.erb | 20 ++++++++++---------- 3 files changed, 39 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index c565da3ab2..719e6bde14 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::event](#class-apachemodevent) * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) @@ -525,7 +526,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `dev` * `dir`* * `disk_cache` -* `event` +* `event`(see [`apache::mod::event`](#class-apachemodevent) below) * `expires` * `fastcgi` * `fcgid` @@ -569,11 +570,26 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. +####Class: `apache::mod::event + +Installs and manages mpm_event module. + +Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html). + +To configure the event thread limit: + +```puppet + class {'apache::mod::event': + $threadlimit => '128', + } +``` + + ####Class: `apache::mod::info` Installs and manages mod_info which provides a comprehensive overview of the server configuration. -Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). +Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html). These are the default settings: diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index f85f4d3288..7030a72e8b 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -57,19 +57,17 @@ } end - it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') - .with_content(/^\s*ServerLimit\s*0/) - .with_content(/^\s*StartServers\s*1/) - .with_content(/^\s*MaxClients\s*2/) - .with_content(/^\s*MinSpareThreads\s*3/) - .with_content(/^\s*MaxSpareThreads\s*4/) - .with_content(/^\s*ThreadsPerChild\s*5/) - .with_content(/^\s*MaxRequestsPerChild\s*6/) - .with_content(/^\s*ThreadLimit\s*7/) - .with_content(/^\s*ListenBacklog\s*8/) - .with_content(/^\s*MaxRequestWorkers\s*9/) - .with_content(/^\s*MaxConnectionsPerChild\s*10/) - } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) } end context "with Apache version < 2.4" do diff --git a/templates/mod/event.conf.erb b/templates/mod/event.conf.erb index e7ef7ea6ea..970ce088ce 100644 --- a/templates/mod/event.conf.erb +++ b/templates/mod/event.conf.erb @@ -1,13 +1,13 @@ - ServerLimit <%= @serverlimit %> - StartServers <%= @startservers %> - MaxClients <%= @maxclients %> - MinSpareThreads <%= @minsparethreads %> - MaxSpareThreads <%= @maxsparethreads %> - ThreadsPerChild <%= @threadsperchild %> - MaxRequestsPerChild <%= @maxrequestsperchild %> - ThreadLimit <%= @threadlimit %> - ListenBacklog <%= @listenbacklog %> - MaxRequestWorkers <%= @maxrequestworkers %> + ServerLimit <%= @serverlimit %> + StartServers <%= @startservers %> + MaxClients <%= @maxclients %> + MinSpareThreads <%= @minsparethreads %> + MaxSpareThreads <%= @maxsparethreads %> + ThreadsPerChild <%= @threadsperchild %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> + MaxRequestWorkers <%= @maxrequestworkers %> MaxConnectionsPerChild <%= @maxconnectionsperchild %> From fb729a09f9d1ea586ab04bd163617483748b550e Mon Sep 17 00:00:00 2001 From: Joshua Brunner Date: Tue, 11 Nov 2014 16:13:21 +0100 Subject: [PATCH 044/105] Omit priority prefix if {priority => false} passed to vhost/custom_config Do not prefix filenames in apache::vhost and apache::custom_config when priority is set to false. --- README.md | 4 + manifests/custom_config.pp | 13 +- manifests/vhost.pp | 1489 +++++++++++++------------ spec/acceptance/custom_config_spec.rb | 17 + spec/acceptance/vhost_spec.rb | 16 + 5 files changed, 793 insertions(+), 746 deletions(-) diff --git a/README.md b/README.md index 719e6bde14..d0d90bab28 100644 --- a/README.md +++ b/README.md @@ -477,6 +477,8 @@ The content of the configuration file. Only one of `$content` and `$source` can The priority of the configuration file, used for ordering. Defaults to '25'. +Pass priority `false` to omit the priority prefix in file names. + #####`source` The source of the configuration file. Only one of `$content` and `$source` can be specified. @@ -1170,6 +1172,8 @@ If nothing matches the priority, the first name-based vhost is used. Likewise, p *Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. +Pass priority `false` to omit the priority prefix in file names. + #####`proxy_dest` Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp index cadc2354db..7bd4d3ed8e 100644 --- a/manifests/custom_config.pp +++ b/manifests/custom_config.pp @@ -23,8 +23,15 @@ validate_bool($verify_config) + if $priority { + $priority_prefix = "${priority}-" + } else { + $priority_prefix = '' + } + ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') + $filename_middle = regsubst($name, ' ', '_', 'G') + $filename = "${priority_prefix}${filename_middle}.conf" if ! $verify_config or $ensure == 'absent' { $notifies = Service['httpd'] @@ -34,7 +41,7 @@ file { "apache_${name}": ensure => $ensure, - path => "${confdir}/${priority}-${filename}.conf", + path => "${confdir}/${filename}", content => $content, source => $source, require => Package['httpd'], @@ -51,7 +58,7 @@ } exec { "remove ${name} if invalid": - command => "/bin/rm ${confdir}/${priority}-${filename}.conf", + command => "/bin/rm ${confdir}/${filename}", unless => $verify_command, subscribe => File["apache_${name}"], refreshonly => true, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 50b3a1ec4a..997866980b 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -61,772 +61,775 @@ $suphp_engine = $::apache::params::suphp_engine, $suphp_configpath = $::apache::params::suphp_configpath, $php_admin_flags = {}, - $php_admin_values = {}, - $no_proxy_uris = [], - $proxy_preserve_host = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $redirectmatch_dest = undef, - $rack_base_uris = undef, - $headers = undef, - $request_headers = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $setenv = [], - $setenvif = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases = undef, - $wsgi_pass_authorization = undef, - $wsgi_chunked_request = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $additional_includes = [], - $apache_version = $::apache::apache_version, - $allow_encoded_slashes = undef, - $suexec_user_group = undef, - $passenger_app_root = undef, - $passenger_ruby = undef, - $passenger_min_instances = undef, - $passenger_start_timeout = undef, - $passenger_pre_start = undef, - $add_default_charset = undef, -) { - # The base class must be included first because it is used by parameter defaults - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $apache_name = $::apache::params::apache_name - - validate_re($ensure, '^(present|absent)$', - "${ensure} is not supported for ensure. - Allowed values are 'present' and 'absent'.") - validate_re($suphp_engine, '^(on|off)$', - "${suphp_engine} is not supported for suphp_engine. - Allowed values are 'on' and 'off'.") - validate_bool($ip_based) - validate_bool($access_log) - validate_bool($error_log) - validate_bool($ssl) - validate_bool($default_vhost) - validate_bool($ssl_proxyengine) - if $rewrites { - validate_array($rewrites) - validate_hash($rewrites[0]) - } - - # Input validation begins - - if $suexec_user_group { - validate_re($suexec_user_group, '^\w+ \w+$', - "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") - } - - if $wsgi_pass_authorization { - validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', - "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. - Allowed values are 'on' and 'off'.") - } - - # Deprecated backwards-compatibility - if $rewrite_base { - warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') - } - if $rewrite_rule { - warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') - } - if $rewrite_cond { - warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') - } - - if $wsgi_script_aliases { - validate_hash($wsgi_script_aliases) - } - if $wsgi_daemon_process_options { - validate_hash($wsgi_daemon_process_options) - } - if $wsgi_import_script_options { - validate_hash($wsgi_import_script_options) - } - if $itk { - validate_hash($itk) - } - - validate_re($logroot_ensure, '^(directory|absent)$', - "${logroot_ensure} is not supported for logroot_ensure. - Allowed values are 'directory' and 'absent'.") - - if $log_level { - validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', - "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") - } - - if $access_log_file and $access_log_pipe { - fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") - } - - if $error_log_file and $error_log_pipe { - fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") - } - - if $fallbackresource { - validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') - } - - if $custom_fragment { - validate_string($custom_fragment) - } - - if $allow_encoded_slashes { - validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") - } - - # Input validation ends - - if $ssl and $ensure == 'present' { - include ::apache::mod::ssl - # Required for the AddType lines. - include ::apache::mod::mime - } - - if $virtual_docroot { - include ::apache::mod::vhost_alias - } - - if $wsgi_daemon_process { - include ::apache::mod::wsgi - } - - if $suexec_user_group { - include ::apache::mod::suexec - } - - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { - include ::apache::mod::passenger - } - - # Configure the defaultness of a vhost - if $priority { - $priority_real = $priority - } elsif $default_vhost { - $priority_real = '10' - } else { - $priority_real = '25' - } - - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') - - # This ensures that the docroot exists - # But enables it to be specified across multiple vhost resources - if ! defined(File[$docroot]) and $manage_docroot { - file { $docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, - mode => $docroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], - } - } - - # Same as above, but for logroot - if ! defined(File[$logroot]) { - file { $logroot: - ensure => $logroot_ensure, - mode => $logroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], - } - } - - - # Is apache::mod::passenger enabled (or apache::mod['passenger']) - $passenger_enabled = defined(Apache::Mod['passenger']) - - # Is apache::mod::shib enabled (or apache::mod['shib2']) - $shibboleth_enabled = defined(Apache::Mod['shib2']) - - # Define log file names - if $access_log_file { - $access_log_destination = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $access_log_destination = $access_log_pipe - } elsif $access_log_syslog { - $access_log_destination = $access_log_syslog - } else { - if $ssl { - $access_log_destination = "${logroot}/${name}_access_ssl.log" - } else { - $access_log_destination = "${logroot}/${name}_access.log" - } - } - - if $error_log_file { - $error_log_destination = "${logroot}/${error_log_file}" - } elsif $error_log_pipe { - $error_log_destination = $error_log_pipe - } elsif $error_log_syslog { - $error_log_destination = $error_log_syslog - } else { - if $ssl { - $error_log_destination = "${logroot}/${name}_error_ssl.log" - } else { - $error_log_destination = "${logroot}/${name}_error.log" - } - } - - # Set access log format - if $access_log_format { - $_access_log_format = "\"${access_log_format}\"" - } else { - $_access_log_format = 'combined' - } - - if $access_log_env_var { - $_access_log_env_var = "env=${access_log_env_var}" - } - - if $ip { - if $port { - $listen_addr_port = "${ip}:${port}" - $nvh_addr_port = "${ip}:${port}" - } else { - $listen_addr_port = undef - $nvh_addr_port = $ip - if ! $servername and ! $ip_based { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") - } - } - } else { - if $port { - $listen_addr_port = $port - $nvh_addr_port = "${vhost_name}:${port}" - } else { - $listen_addr_port = undef - $nvh_addr_port = $name - if ! $servername { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") - } - } - } - if $add_listen { - if $ip and defined(Apache::Listen["${port}"]) { - fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") - } - if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { "${listen_addr_port}": } - } - } - if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { - ::apache::namevirtualhost { $nvh_addr_port: } - } - } - - # Load mod_rewrite if needed and not yet loaded - if $rewrites or $rewrite_cond { - if ! defined(Class['apache::mod::rewrite']) { - include ::apache::mod::rewrite - } - } - - # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { - if ! defined(Class['apache::mod::alias']) { - include ::apache::mod::alias - } - } - - # Load mod_proxy if needed and not yet loaded - if ($proxy_dest or $proxy_pass) { - if ! defined(Class['apache::mod::proxy']) { - include ::apache::mod::proxy - } - if ! defined(Class['apache::mod::proxy_http']) { - include ::apache::mod::proxy_http - } - } - - # Load mod_passenger if needed and not yet loaded - if $rack_base_uris { - if ! defined(Class['apache::mod::passenger']) { - include ::apache::mod::passenger - } - } - - # Load mod_fastci if needed and not yet loaded - if $fastcgi_server and $fastcgi_socket { - if ! defined(Class['apache::mod::fastcgi']) { - include ::apache::mod::fastcgi - } - } - - # Check if mod_headers is required to process $headers/$request_headers - if $headers or $request_headers { - if ! defined(Class['apache::mod::headers']) { - include ::apache::mod::headers - } - } - - ## Create a default directory list if none defined - if $directories { - if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { - fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") - } - $_directories = $directories - } else { - $_directory = { - provider => 'directory', - path => $docroot, - options => $options, - allow_override => $override, - directoryindex => $directoryindex, - } - - if versioncmp($apache_version, '2.4') >= 0 { - $_directory_version = { - require => 'all granted', + $php_admin_values = {}, + $no_proxy_uris = [], + $proxy_preserve_host = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $rack_base_uris = undef, + $headers = undef, + $request_headers = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $apache_version = $::apache::apache_version, + $allow_encoded_slashes = undef, + $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, + $add_default_charset = undef, + ) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['apache']) { + fail('You must include the apache base class before using any apache defined resources') + } + + $apache_name = $::apache::params::apache_name + + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. + Allowed values are 'present' and 'absent'.") + validate_re($suphp_engine, '^(on|off)$', + "${suphp_engine} is not supported for suphp_engine. + Allowed values are 'on' and 'off'.") + validate_bool($ip_based) + validate_bool($access_log) + validate_bool($error_log) + validate_bool($ssl) + validate_bool($default_vhost) + validate_bool($ssl_proxyengine) + if $rewrites { + validate_array($rewrites) + validate_hash($rewrites[0]) + } + + # Input validation begins + + if $suexec_user_group { + validate_re($suexec_user_group, '^\w+ \w+$', + "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") + } + + if $wsgi_pass_authorization { + validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', + "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. + Allowed values are 'on' and 'off'.") + } + + # Deprecated backwards-compatibility + if $rewrite_base { + warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') + } + if $rewrite_rule { + warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites') + } + if $rewrite_cond { + warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites') + } + + if $wsgi_script_aliases { + validate_hash($wsgi_script_aliases) + } + if $wsgi_daemon_process_options { + validate_hash($wsgi_daemon_process_options) + } + if $wsgi_import_script_options { + validate_hash($wsgi_import_script_options) + } + if $itk { + validate_hash($itk) + } + + validate_re($logroot_ensure, '^(directory|absent)$', + "${logroot_ensure} is not supported for logroot_ensure. + Allowed values are 'directory' and 'absent'.") + + if $log_level { + validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', + "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") + } + + if $access_log_file and $access_log_pipe { + fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") + } + + if $error_log_file and $error_log_pipe { + fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") + } + + if $fallbackresource { + validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') + } + + if $custom_fragment { + validate_string($custom_fragment) + } + + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + # Input validation ends + + if $ssl and $ensure == 'present' { + include ::apache::mod::ssl + # Required for the AddType lines. + include ::apache::mod::mime + } + + if $virtual_docroot { + include ::apache::mod::vhost_alias + } + + if $wsgi_daemon_process { + include ::apache::mod::wsgi + } + + if $suexec_user_group { + include ::apache::mod::suexec + } + + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + include ::apache::mod::passenger + } + + # Configure the defaultness of a vhost + if $priority { + $priority_prefix = "${priority}-" + } elsif $priority == false { + $priority_prefix = '' + } elsif $default_vhost { + $priority_prefix = '10-' + } else { + $priority_prefix = '25-' + } + + ## Apache include does not always work with spaces in the filename + $filename_middle = regsubst($name, ' ', '_', 'G') + $filename = "${priority_prefix}${filename_middle}.conf" + + # This ensures that the docroot exists + # But enables it to be specified across multiple vhost resources + if ! defined(File[$docroot]) and $manage_docroot { + file { $docroot: + ensure => directory, + owner => $docroot_owner, + group => $docroot_group, + mode => $docroot_mode, + require => Package['httpd'], + before => Concat[$filename], + } + } + + # Same as above, but for logroot + if ! defined(File[$logroot]) { + file { $logroot: + ensure => $logroot_ensure, + mode => $logroot_mode, + require => Package['httpd'], + before => Concat[$filename], + } + } + + + # Is apache::mod::passenger enabled (or apache::mod['passenger']) + $passenger_enabled = defined(Apache::Mod['passenger']) + + # Is apache::mod::shib enabled (or apache::mod['shib2']) + $shibboleth_enabled = defined(Apache::Mod['shib2']) + + # Define log file names + if $access_log_file { + $access_log_destination = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $access_log_destination = $access_log_pipe + } elsif $access_log_syslog { + $access_log_destination = $access_log_syslog + } else { + if $ssl { + $access_log_destination = "${logroot}/${name}_access_ssl.log" + } else { + $access_log_destination = "${logroot}/${name}_access.log" + } + } + + if $error_log_file { + $error_log_destination = "${logroot}/${error_log_file}" + } elsif $error_log_pipe { + $error_log_destination = $error_log_pipe + } elsif $error_log_syslog { + $error_log_destination = $error_log_syslog + } else { + if $ssl { + $error_log_destination = "${logroot}/${name}_error_ssl.log" + } else { + $error_log_destination = "${logroot}/${name}_error.log" + } + } + + # Set access log format + if $access_log_format { + $_access_log_format = "\"${access_log_format}\"" + } else { + $_access_log_format = 'combined' + } + + if $access_log_env_var { + $_access_log_env_var = "env=${access_log_env_var}" + } + + if $ip { + if $port { + $listen_addr_port = "${ip}:${port}" + $nvh_addr_port = "${ip}:${port}" + } else { + $listen_addr_port = undef + $nvh_addr_port = $ip + if ! $servername and ! $ip_based { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") + } + } + } else { + if $port { + $listen_addr_port = $port + $nvh_addr_port = "${vhost_name}:${port}" + } else { + $listen_addr_port = undef + $nvh_addr_port = $name + if ! $servername { + fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") + } + } + } + if $add_listen { + if $ip and defined(Apache::Listen["${port}"]) { + fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") + } + if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { + ::apache::listen { "${listen_addr_port}": } + } + } + if ! $ip_based { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { + ::apache::namevirtualhost { $nvh_addr_port: } + } + } + + # Load mod_rewrite if needed and not yet loaded + if $rewrites or $rewrite_cond { + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } + } + + # Load mod_alias if needed and not yet loaded + if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { + if ! defined(Class['apache::mod::alias']) { + include ::apache::mod::alias + } + } + + # Load mod_proxy if needed and not yet loaded + if ($proxy_dest or $proxy_pass) { + if ! defined(Class['apache::mod::proxy']) { + include ::apache::mod::proxy + } + if ! defined(Class['apache::mod::proxy_http']) { + include ::apache::mod::proxy_http + } + } + + # Load mod_passenger if needed and not yet loaded + if $rack_base_uris { + if ! defined(Class['apache::mod::passenger']) { + include ::apache::mod::passenger + } + } + + # Load mod_fastci if needed and not yet loaded + if $fastcgi_server and $fastcgi_socket { + if ! defined(Class['apache::mod::fastcgi']) { + include ::apache::mod::fastcgi + } + } + + # Check if mod_headers is required to process $headers/$request_headers + if $headers or $request_headers { + if ! defined(Class['apache::mod::headers']) { + include ::apache::mod::headers + } + } + + ## Create a default directory list if none defined + if $directories { + if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { + fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes") + } + $_directories = $directories + } else { + $_directory = { + provider => 'directory', + path => $docroot, + options => $options, + allow_override => $override, + directoryindex => $directoryindex, + } + + if versioncmp($apache_version, '2.4') >= 0 { + $_directory_version = { + require => 'all granted', + } + } else { + $_directory_version = { + order => 'allow,deny', + allow => 'from all', + } + } + + $_directories = [ merge($_directory, $_directory_version) ] + } + + concat { $filename: + ensure => $ensure, + path => "${::apache::vhost_dir}/${filename}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + order => 'numeric', + require => Package['httpd'], + notify => Service['httpd'], + } + if $::osfamily == 'Debian' { + $vhost_enable_dir = $::apache::vhost_enable_dir + $vhost_symlink_ensure = $ensure ? { + present => link, + default => $ensure, + } + file{ "${filename} symlink": + ensure => $vhost_symlink_ensure, + path => "${vhost_enable_dir}/${filename}", + target => "${::apache::vhost_dir}/${filename}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => Concat[$filename], + notify => Service['httpd'], + } + } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => $filename, + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + concat::fragment { "${name}-docroot": + target => $filename, + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => $filename, + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => $filename, + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => $filename, + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => $filename, + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + # - $shibboleth_enabled + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => $filename, + order => 60, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => $filename, + order => 70, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => $filename, + order => 80, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => $filename, + order => 90, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + if $access_log { + concat::fragment { "${name}-access_log": + target => $filename, + order => 100, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => $filename, + order => 110, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => $filename, + order => 120, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => $filename, + order => 130, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass { + concat::fragment { "${name}-proxy": + target => $filename, + order => 140, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => $filename, + order => 150, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_dest + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + # - $redirectmatch_dest + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + concat::fragment { "${name}-redirect": + target => $filename, + order => 160, + content => template('apache/vhost/_redirect.erb'), + } } - } else { - $_directory_version = { - order => 'allow,deny', - allow => 'from all', + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => $filename, + order => 170, + content => template('apache/vhost/_rewrite.erb'), } } - - $_directories = [ merge($_directory, $_directory_version) ] - } - - concat { "${priority_real}-${filename}.conf": - ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - order => 'numeric', - require => Package['httpd'], - notify => Service['httpd'], - } - if $::osfamily == 'Debian' { - $vhost_enable_dir = $::apache::vhost_enable_dir - $vhost_symlink_ensure = $ensure ? { - present => link, - default => $ensure, - } - file{ "${priority_real}-${filename}.conf symlink": - ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - require => Concat["${priority_real}-${filename}.conf"], - notify => Service['httpd'], - } - } - - # Template uses: - # - $nvh_addr_port - # - $servername - # - $serveradmin - concat::fragment { "${name}-apache-header": - target => "${priority_real}-${filename}.conf", - order => 0, - content => template('apache/vhost/_file_header.erb'), - } - - # Template uses: - # - $virtual_docroot - # - $docroot - concat::fragment { "${name}-docroot": - target => "${priority_real}-${filename}.conf", - order => 10, - content => template('apache/vhost/_docroot.erb'), - } - - # Template uses: - # - $aliases - if $aliases and ! empty($aliases) { - concat::fragment { "${name}-aliases": - target => "${priority_real}-${filename}.conf", - order => 20, - content => template('apache/vhost/_aliases.erb'), - } - } - - # Template uses: - # - $itk - # - $::kernelversion - if $itk and ! empty($itk) { - concat::fragment { "${name}-itk": - target => "${priority_real}-${filename}.conf", - order => 30, - content => template('apache/vhost/_itk.erb'), - } - } - - # Template uses: - # - $fallbackresource - if $fallbackresource { - concat::fragment { "${name}-fallbackresource": - target => "${priority_real}-${filename}.conf", - order => 40, - content => template('apache/vhost/_fallbackresource.erb'), - } - } - - # Template uses: - # - $allow_encoded_slashes - if $allow_encoded_slashes { - concat::fragment { "${name}-allow_encoded_slashes": - target => "${priority_real}-${filename}.conf", - order => 50, - content => template('apache/vhost/_allow_encoded_slashes.erb'), - } - } - - # Template uses: - # - $_directories - # - $docroot - # - $apache_version - # - $suphp_engine - # - $shibboleth_enabled - if $_directories and ! empty($_directories) { - concat::fragment { "${name}-directories": - target => "${priority_real}-${filename}.conf", - order => 60, - content => template('apache/vhost/_directories.erb'), - } - } - - # Template uses: - # - $additional_includes - if $additional_includes and ! empty($additional_includes) { - concat::fragment { "${name}-additional_includes": - target => "${priority_real}-${filename}.conf", - order => 70, - content => template('apache/vhost/_additional_includes.erb'), - } - } - - # Template uses: - # - $error_log - # - $log_level - # - $error_log_destination - # - $log_level - if $error_log or $log_level { - concat::fragment { "${name}-logging": - target => "${priority_real}-${filename}.conf", - order => 80, - content => template('apache/vhost/_logging.erb'), - } - } - - # Template uses no variables - concat::fragment { "${name}-serversignature": - target => "${priority_real}-${filename}.conf", - order => 90, - content => template('apache/vhost/_serversignature.erb'), - } - - # Template uses: - # - $access_log - # - $_access_log_env_var - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - if $access_log { - concat::fragment { "${name}-access_log": - target => "${priority_real}-${filename}.conf", - order => 100, - content => template('apache/vhost/_access_log.erb'), - } - } - - # Template uses: - # - $action - if $action { - concat::fragment { "${name}-action": - target => "${priority_real}-${filename}.conf", - order => 110, - content => template('apache/vhost/_action.erb'), - } - } - - # Template uses: - # - $block - # - $apache_version - if $block and ! empty($block) { - concat::fragment { "${name}-block": - target => "${priority_real}-${filename}.conf", - order => 120, - content => template('apache/vhost/_block.erb'), - } - } - - # Template uses: - # - $error_documents - if $error_documents and ! empty($error_documents) { - concat::fragment { "${name}-error_document": - target => "${priority_real}-${filename}.conf", - order => 130, - content => template('apache/vhost/_error_document.erb'), - } - } - - # Template uses: - # - $proxy_dest - # - $proxy_pass - # - $proxy_preserve_host - # - $no_proxy_uris - if $proxy_dest or $proxy_pass { - concat::fragment { "${name}-proxy": - target => "${priority_real}-${filename}.conf", - order => 140, - content => template('apache/vhost/_proxy.erb'), - } - } - - # Template uses: - # - $rack_base_uris - if $rack_base_uris { - concat::fragment { "${name}-rack": - target => "${priority_real}-${filename}.conf", - order => 150, - content => template('apache/vhost/_rack.erb'), - } - } - - # Template uses: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # - $redirect_dest_a - # - $redirect_source_a - # - $redirect_status_a - # - $redirectmatch_status - # - $redirectmatch_regexp - # - $redirectmatch_dest - # - $redirectmatch_status_a - # - $redirectmatch_regexp_a - # - $redirectmatch_dest - if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { - concat::fragment { "${name}-redirect": - target => "${priority_real}-${filename}.conf", - order => 160, - content => template('apache/vhost/_redirect.erb'), - } - } - - # Template uses: - # - $rewrites - # - $rewrite_base - # - $rewrite_rule - # - $rewrite_cond - if $rewrites or $rewrite_rule { - concat::fragment { "${name}-rewrite": - target => "${priority_real}-${filename}.conf", - order => 170, - content => template('apache/vhost/_rewrite.erb'), - } - } - - # Template uses: - # - $scriptaliases - # - $scriptalias - if $scriptaliases and ! empty($scriptaliases) { - concat::fragment { "${name}-scriptalias": - target => "${priority_real}-${filename}.conf", + + # Template uses: + # - $scriptaliases + # - $scriptalias + if $scriptaliases and ! empty($scriptaliases) { + concat::fragment { "${name}-scriptalias": + target => $filename, order => 180, content => template('apache/vhost/_scriptalias.erb'), } } - + # Template uses: # - $serveraliases if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": - target => "${priority_real}-${filename}.conf", - order => 190, - content => template('apache/vhost/_serveralias.erb'), - } + target => $filename, + order => 190, + content => template('apache/vhost/_serveralias.erb'), } +} - # Template uses: - # - $setenv - # - $setenvif - if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { - concat::fragment { "${name}-setenv": - target => "${priority_real}-${filename}.conf", - order => 200, - content => template('apache/vhost/_setenv.erb'), - } - } +# Template uses: +# - $setenv +# - $setenvif +if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => $filename, + order => 200, + content => template('apache/vhost/_setenv.erb'), +} +} - # Template uses: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl_path - # - $ssl_crl - # - $ssl_crl_check - # - $ssl_proxyengine - # - $ssl_protocol - # - $ssl_cipher - # - $ssl_honorcipherorder - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # - $apache_version - if $ssl { - concat::fragment { "${name}-ssl": - target => "${priority_real}-${filename}.conf", - order => 210, - content => template('apache/vhost/_ssl.erb'), - } - } +# Template uses: +# - $ssl +# - $ssl_cert +# - $ssl_key +# - $ssl_chain +# - $ssl_certs_dir +# - $ssl_ca +# - $ssl_crl_path +# - $ssl_crl +# - $ssl_crl_check +# - $ssl_proxyengine +# - $ssl_protocol +# - $ssl_cipher +# - $ssl_honorcipherorder +# - $ssl_verify_client +# - $ssl_verify_depth +# - $ssl_options +# - $apache_version +if $ssl { + concat::fragment { "${name}-ssl": + target => $filename, + order => 210, + content => template('apache/vhost/_ssl.erb'), +} +} - # Template uses: - # - $suphp_engine - # - $suphp_addhandler - # - $suphp_configpath - if $suphp_engine == 'on' { - concat::fragment { "${name}-suphp": - target => "${priority_real}-${filename}.conf", - order => 220, - content => template('apache/vhost/_suphp.erb'), - } - } +# Template uses: +# - $suphp_engine +# - $suphp_addhandler +# - $suphp_configpath +if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => $filename, + order => 220, + content => template('apache/vhost/_suphp.erb'), +} +} - # Template uses: - # - $php_admin_values - # - $php_admin_flags - if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { - concat::fragment { "${name}-php_admin": - target => "${priority_real}-${filename}.conf", - order => 230, - content => template('apache/vhost/_php_admin.erb'), - } - } +# Template uses: +# - $php_admin_values +# - $php_admin_flags +if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => $filename, + order => 230, + content => template('apache/vhost/_php_admin.erb'), +} +} - # Template uses: - # - $headers - if $headers and ! empty($headers) { - concat::fragment { "${name}-header": - target => "${priority_real}-${filename}.conf", - order => 240, - content => template('apache/vhost/_header.erb'), - } - } +# Template uses: +# - $headers +if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => $filename, + order => 240, + content => template('apache/vhost/_header.erb'), +} +} - # Template uses: - # - $request_headers - if $request_headers and ! empty($request_headers) { - concat::fragment { "${name}-requestheader": - target => "${priority_real}-${filename}.conf", - order => 250, - content => template('apache/vhost/_requestheader.erb'), - } - } +# Template uses: +# - $request_headers +if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => $filename, + order => 250, + content => template('apache/vhost/_requestheader.erb'), +} +} - # Template uses: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_daemon_process_options - # - $wsgi_import_script - # - $wsgi_import_script_options - # - $wsgi_process_group - # - $wsgi_script_aliases - # - $wsgi_pass_authorization - if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { - concat::fragment { "${name}-wsgi": - target => "${priority_real}-${filename}.conf", - order => 260, - content => template('apache/vhost/_wsgi.erb'), - } - } +# Template uses: +# - $wsgi_application_group +# - $wsgi_daemon_process +# - $wsgi_daemon_process_options +# - $wsgi_import_script +# - $wsgi_import_script_options +# - $wsgi_process_group +# - $wsgi_script_aliases +# - $wsgi_pass_authorization +if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => $filename, + order => 260, + content => template('apache/vhost/_wsgi.erb'), +} +} - # Template uses: - # - $custom_fragment - if $custom_fragment { - concat::fragment { "${name}-custom_fragment": - target => "${priority_real}-${filename}.conf", - order => 270, - content => template('apache/vhost/_custom_fragment.erb'), - } - } +# Template uses: +# - $custom_fragment +if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => $filename, + order => 270, + content => template('apache/vhost/_custom_fragment.erb'), +} +} - # Template uses: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # - $apache_version - if $fastcgi_server or $fastcgi_dir { - concat::fragment { "${name}-fastcgi": - target => "${priority_real}-${filename}.conf", - order => 280, - content => template('apache/vhost/_fastcgi.erb'), - } - } +# Template uses: +# - $fastcgi_server +# - $fastcgi_socket +# - $fastcgi_dir +# - $apache_version +if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => $filename, + order => 280, + content => template('apache/vhost/_fastcgi.erb'), +} +} - # Template uses: - # - $suexec_user_group - if $suexec_user_group { - concat::fragment { "${name}-suexec": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_suexec.erb'), - } - } +# Template uses: +# - $suexec_user_group +if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => $filename, + order => 290, + content => template('apache/vhost/_suexec.erb'), +} +} - # Template uses: - # - $passenger_app_root - # - $passenger_ruby - # - $passenger_min_instances - # - $passenger_start_timeout - # - $passenger_pre_start - if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 300, - content => template('apache/vhost/_passenger.erb'), - } - } +# Template uses: +# - $passenger_app_root +# - $passenger_ruby +# - $passenger_min_instances +# - $passenger_start_timeout +# - $passenger_pre_start +if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => $filename, + order => 300, + content => template('apache/vhost/_passenger.erb'), +} +} - # Template uses: - # - $add_default_charset - if $add_default_charset { - concat::fragment { "${name}-charsets": - target => "${priority_real}-${filename}.conf", - order => 310, - content => template('apache/vhost/_charsets.erb'), - } - } +# Template uses: +# - $add_default_charset +if $add_default_charset { + concat::fragment { "${name}-charsets": + target => $filename, + order => 310, + content => template('apache/vhost/_charsets.erb'), +} +} - # Template uses no variables - concat::fragment { "${name}-file_footer": - target => "${priority_real}-${filename}.conf", - order => 999, - content => template('apache/vhost/_file_footer.erb'), - } +# Template uses no variables +concat::fragment { "${name}-file_footer": +target => $filename, +order => 999, +content => template('apache/vhost/_file_footer.erb'), +} } diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index fce6bb306f..bbceaca3e7 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -35,4 +35,21 @@ class { 'apache': } it { is_expected.to contain '# just a comment' } end end + + describe 'custom_config without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'prefix_test': + priority => false, + content => '# just a comment', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/prefix_test.conf") do + it { is_expected.to be_file } + end + end end diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..72d30f10ff 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1223,4 +1223,20 @@ class { 'apache': } end end + describe 'virtualhost without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.server': + priority => false, + docroot => '/tmp' + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/test.server.conf") do + it { is_expected.to be_file } + end + end end From 2bae808dce4f2edbd23516d216445ae9ed0e2a85 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Thu, 20 Nov 2014 15:34:34 -0800 Subject: [PATCH 045/105] Add metadata summary per FM-1523 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index f6361a10e0..f59c55a60b 100644 --- a/metadata.json +++ b/metadata.json @@ -2,7 +2,7 @@ "name": "puppetlabs-apache", "version": "1.2.0", "author": "puppetlabs", - "summary": "Puppet module for Apache", + "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", From d833c3e6a81752453738becf56fafd8c0d996d09 Mon Sep 17 00:00:00 2001 From: Lauren Rother Date: Fri, 21 Nov 2014 11:08:20 -0800 Subject: [PATCH 046/105] Fix MODULES-1510 Removes wiki link from Contributing section and replaces it with newly-created docs site link. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 719e6bde14..8994e6baa2 100644 --- a/README.md +++ b/README.md @@ -2374,7 +2374,7 @@ Puppet Labs modules on the Puppet Forge are open projects, and community contrib We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) +Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html) ###Running tests From 5efcdcda4a71f69dbe80ca8326dfdc2d13ab8829 Mon Sep 17 00:00:00 2001 From: valeriominetti Date: Wed, 26 Nov 2014 14:58:52 +0100 Subject: [PATCH 047/105] MODULES-825: apache 2.4 mod_itk needs mod_prefork in apache 2.4 mod_prefork can be installed along with mod_itk On ubuntu 14.04 mod_itk library name is "mpm_itk.so" instead of "mod_mpm_itk.so". Added an if statement that creates a symlink in case of a debian distro. this preserve old manifest behaviour in library loading while fixing ubuntu bug. --- manifests/mod/itk.pp | 6 ++++-- manifests/mod/prefork.pp | 6 ++++-- manifests/mpm.pp | 7 +++++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index 1083e5ed24..dc020b810a 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -13,8 +13,10 @@ if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + } } if defined(Class['apache::mod::worker']) { fail('May not include both apache::mod::itk and apache::mod::worker on the same node') diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index b3adeae8c8..6a66ef1c90 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -10,8 +10,10 @@ if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + } } if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node') diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 6437016ba7..ca976a41bd 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -45,6 +45,13 @@ before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } + + if $mpm == 'itk' { + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } + } } if versioncmp($apache_version, '2.4') < 0 { From 66036ddae62ce92377381846c0ad4d21ba72da29 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 2 Dec 2014 11:41:33 -0800 Subject: [PATCH 048/105] Update for using Geppetto plugin in CI --- .geppetto-rc.json | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .geppetto-rc.json diff --git a/.geppetto-rc.json b/.geppetto-rc.json new file mode 100644 index 0000000000..7df2329891 --- /dev/null +++ b/.geppetto-rc.json @@ -0,0 +1,9 @@ +{ + "excludes": [ + "**/contrib/**", + "**/examples/**", + "**/tests/**", + "**/spec/**", + "**/pkg/**" + ] +} From 8f89cae176f0b6bb97c54f48f5859834c3422bb8 Mon Sep 17 00:00:00 2001 From: Justin Stoller Date: Tue, 2 Dec 2014 16:43:07 -0800 Subject: [PATCH 049/105] Fix uninitialized variable lint --- manifests/mod/version.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp index c0e405686a..1cc4412e1d 100644 --- a/manifests/mod/version.pp +++ b/manifests/mod/version.pp @@ -1,4 +1,6 @@ -class apache::mod::version { +class apache::mod::version( + $apache_version = $::apache::apache_version +) { if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { warning("${module_name}: module version_module is built-in and can't be loaded") From 371da59865bff0d410f1c40d97ef5b8331ecda05 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Tue, 2 Dec 2014 20:14:31 -0700 Subject: [PATCH 050/105] add centos7 beaker host --- spec/acceptance/nodesets/centos-70-x64.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 spec/acceptance/nodesets/centos-70-x64.yml diff --git a/spec/acceptance/nodesets/centos-70-x64.yml b/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 0000000000..2ab0052043 --- /dev/null +++ b/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + box : puppetlabs/centos-7.0-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm + hypervisor : vagrant +CONFIG: + log_level: verbose + type: foss From f2b83cb22a9313e7f44a1f4e697a6ebabbb26870 Mon Sep 17 00:00:00 2001 From: Spencer Krum Date: Sun, 7 Dec 2014 12:16:17 -0800 Subject: [PATCH 051/105] Fix linting errors --- manifests/mpm.pp | 6 +++--- manifests/params.pp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/mpm.pp b/manifests/mpm.pp index ca976a41bd..180686cfa3 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -45,11 +45,11 @@ before => File[$::apache::mod_enable_dir], notify => Service['httpd'], } - + if $mpm == 'itk' { file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so" + ensure => link, + target => "${lib_path}/mpm_itk.so" } } } diff --git a/manifests/params.pp b/manifests/params.pp index 6a221fd633..7c836146cc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -104,7 +104,7 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef From 4bb91692bcd05c3e0dde16d05025384e65ccc048 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Mon, 8 Dec 2014 13:02:02 -0500 Subject: [PATCH 052/105] Fix support for Fedora Rawhide --- manifests/version.pp | 2 +- spec/classes/apache_spec.rb | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index dc5288dca0..fae008a84d 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -12,7 +12,7 @@ case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { + if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { $default = '2.4' } else { $default = '2.2' diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index fe61a9796b..a9d9438544 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -488,6 +488,42 @@ it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } end end + context "on Fedora" do + let :facts do + super().merge({ + :operatingsystem => 'Fedora' + }) + end + + context "21" do + let :facts do + super().merge({ + :lsbdistrelease => '21', + :operatingsystemrelease => '21' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + context "Rawhide" do + let :facts do + super().merge({ + :lsbdistrelease => 'Rawhide', + :operatingsystemrelease => 'Rawhide' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + # kinda obsolete + context "17" do + let :facts do + super().merge({ + :lsbdistrelease => '17', + :operatingsystemrelease => '17' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } + end + end end context "on a FreeBSD OS" do let :facts do From 4bf9de724f8421411efa4daee42b91fb473f71a5 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 8 Dec 2014 10:23:13 -0800 Subject: [PATCH 053/105] Update .travis.yml, Gemfile, Rakefile, and CONTRIBUTING.md --- .travis.yml | 2 +- CONTRIBUTING.md | 22 ++++------------------ Gemfile | 12 +++++++----- 3 files changed, 12 insertions(+), 24 deletions(-) diff --git a/.travis.yml b/.travis.yml index 86222c2813..bd66c7d1c3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ --- language: ruby -bundler_args: --without development +bundler_args: --without system_tests script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e1288478a2..f1cbde4bbf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -41,11 +41,9 @@ Checklist (and a short version for the impatient) * Pre-requisites: - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. * Preferred method: @@ -94,17 +92,7 @@ The long version whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches + 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of @@ -124,7 +112,7 @@ The long version in order to open a pull request. - 4. Update the related GitHub issue. + 3. Update the related GitHub issue. If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the @@ -220,14 +208,12 @@ review. Additional Resources ==================== -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) +* [Getting additional help](http://puppetlabs.com/community/get-help) * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) * [Patchwork](https://patchwork.puppetlabs.com) -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) diff --git a/Gemfile b/Gemfile index e960f7c4b7..0684f19238 100644 --- a/Gemfile +++ b/Gemfile @@ -1,15 +1,17 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do +group :development, :unit_tests do gem 'rake', :require => false gem 'rspec-puppet', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'serverspec', :require => false gem 'puppet-lint', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false - gem 'pry', :require => false gem 'simplecov', :require => false + gem 'puppet_facts', :require => false +end + +group :system_tests do + gem 'beaker-rspec', :require => false + gem 'serverspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION'] From e079dc81c441ea2f460ae0bee89d402556bde9df Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 8 Dec 2014 22:52:02 -0800 Subject: [PATCH 054/105] Add json gem The puppet_facts gem implicitly depends on the json gem. On Ruby 1.8.7, json is not built in. On Puppet 2.7, it is not explicitly pulled in by the hiera gem. So we add it here explicitly. --- Gemfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Gemfile b/Gemfile index 0684f19238..12fd363eac 100644 --- a/Gemfile +++ b/Gemfile @@ -7,6 +7,7 @@ group :development, :unit_tests do gem 'puppet-lint', :require => false gem 'simplecov', :require => false gem 'puppet_facts', :require => false + gem 'json', :require => false end group :system_tests do From dd4a8d8fb7579d0461e40be8a92308a4e288b2a4 Mon Sep 17 00:00:00 2001 From: David Schmitt Date: Tue, 16 Dec 2014 22:32:56 +0100 Subject: [PATCH 055/105] acceptance: add test for actual port --- spec/acceptance/class_spec.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index e006251cf8..954b6ac587 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -32,6 +32,10 @@ class { 'apache': } it { is_expected.to be_enabled } it { is_expected.to be_running } end + + describe port(80) do + it { should be_listening } + end end context 'custom site/mod dir parameters' do From afca7d5317d783e64e3f974146a80b48565b6be3 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Wed, 17 Dec 2014 11:55:15 +0100 Subject: [PATCH 056/105] Fix apache::mod::version title written as apache::mod::reqtimeout --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8994e6baa2..f580bb6bc9 100644 --- a/README.md +++ b/README.md @@ -860,7 +860,7 @@ mod_reqtimeout configuration. } ``` -####Class: `apache::mod::reqtimeout` +####Class: `apache::mod::version` This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 about loading mod_version, as on these platforms it's already built-in. From 45efd31927f60ddf795410ea99d15a856db8a9b1 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Tue, 2 Dec 2014 20:08:03 -0700 Subject: [PATCH 057/105] add mod_security apache module --- README.md | 85 ++++-- manifests/mod/security.pp | 64 ++++ manifests/params.pp | 54 ++++ manifests/security/rule_link.pp | 12 + manifests/vhost.pp | 30 +- spec/acceptance/mod_security_spec.rb | 228 ++++++++++++++ spec/classes/mod/security_spec.rb | 93 ++++++ spec/defines/modsec_link_spec.rb | 51 ++++ templates/mod/security.conf.erb | 68 +++++ templates/mod/security_crs.conf.erb | 428 +++++++++++++++++++++++++++ templates/vhost/_security.erb | 20 ++ 11 files changed, 1114 insertions(+), 19 deletions(-) create mode 100644 manifests/mod/security.pp create mode 100644 manifests/security/rule_link.pp create mode 100644 spec/acceptance/mod_security_spec.rb create mode 100644 spec/classes/mod/security_spec.rb create mode 100644 spec/defines/modsec_link_spec.rb create mode 100644 templates/mod/security.conf.erb create mode 100644 templates/mod/security_crs.conf.erb create mode 100644 templates/vhost/_security.erb diff --git a/README.md b/README.md index 8994e6baa2..87c385348c 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::security](#class-modsecurity) * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) @@ -555,6 +556,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rewrite` * `rpaf`* * `setenvif` +* `security` * `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) @@ -583,7 +585,7 @@ To configure the event thread limit: $threadlimit => '128', } ``` - + ####Class: `apache::mod::info` @@ -748,8 +750,8 @@ Installs Apache mod_status and uses the status.conf.erb template. These are the extended_status = 'On', status_path = '/server-status', ){ - - + + } ``` @@ -875,6 +877,24 @@ A string or an array that sets the `RequestReadTimeout` option. Defaults to `['header=20-40,MinRate=500', 'body=20,MinRate=500']`. +####Class: `apache::mod::security` + +Installs and configures mod_security. Defaults to enabled and running on all +vhosts. + +```puppet + include '::apache::mod::security' +``` + +#####`modsec_dir` + +Directory to install the modsec configuration and activated rules links into + +#####`activated_rules` + +Array of rules from the modsec_crs_path to activate by symlinking to +${modsec_dir}/activated_rules. + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. @@ -907,7 +927,7 @@ If you have a series of specific configurations and do not want a base `::apache #####`access_log` -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. +Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. #####`access_log_file` @@ -1109,6 +1129,34 @@ in without being aware of the consequences; see http://httpd.apache.org/docs/2.4 Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. +######`modsec_body_limit` + +Configures the maximum request body size (in bytes) ModSecurity will accept for buffering + +######`modsec_disable_vhost` + +Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. + +######`modsec_disable_ids` + +Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], + } +``` + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, + } +``` + +######`modsec_disable_ips` + +Array of IPs to exclude from mod_security rule matching + #####`no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). @@ -1160,7 +1208,7 @@ Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.ne #####`port` -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. #####`priority` @@ -1208,7 +1256,7 @@ Specifies the address to redirect to. Defaults to 'undef'. #####`redirect_source` -Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. +Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ```puppet apache::vhost { 'site.name.fdqn': @@ -1459,9 +1507,9 @@ To set up a virtual host with WSGI The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. -The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. +The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. -The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. General `directories` usage looks something like @@ -1488,7 +1536,7 @@ Available handlers, represented as keys, should be placed within the `directory` } ``` -Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: +Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: ######`addhandlers` @@ -1620,7 +1668,7 @@ Pass a string of custom configuration directives to be placed at the end of the ######`deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': @@ -1734,10 +1782,10 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', + directories => [ + { path => '/path/to/directory', passenger_enabled => 'on', - }, + }, ], } ``` @@ -1771,9 +1819,9 @@ Sets a `SetHandler` directive as per the [Apache Core documentation](http://http ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', } ], } @@ -1824,7 +1872,7 @@ Allows an valid content setting to be set or altered for the application request ######`shib_use_headers` -When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. +When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. ######`ssl_options` @@ -2015,7 +2063,7 @@ A unique alias. This is used internally to link the action with the FastCGI serv #####`file_type` -The MIME-type of the file to be processed by the FastCGI server. +The MIME-type of the file to be processed by the FastCGI server. ###Virtual Host Examples @@ -2310,6 +2358,7 @@ If you need to use ProxySet in the balancer config * `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. * `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. +* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk. ###Templates diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp new file mode 100644 index 0000000000..9641d70df5 --- /dev/null +++ b/manifests/mod/security.pp @@ -0,0 +1,64 @@ +class apache::mod::security ( + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, +){ + + if $::osfamily == 'FreeBSD' { + fail('FreeBSD is not currently supported') + } + + ::apache::mod { 'security': + id => 'security2_module', + lib => 'mod_security2.so', + } + + ::apache::mod { 'unique_id_module': + id => 'unique_id_module', + lib => 'mod_unique_id.so', + } + + if $crs_package { + package { $crs_package: + ensure => 'latest', + before => File['security.conf'], + } + } + + # Template uses: + # - $modsec_dir + file { 'security.conf': + ensure => file, + content => template('apache/mod/security.conf.erb'), + path => "${::apache::mod_dir}/security.conf", + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + + file { $modsec_dir: + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + recurse => true, + } + + file { "${modsec_dir}/activated_rules": + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + } + + file { "${modsec_dir}/security_crs.conf": + ensure => file, + content => template('apache/mod/security_crs.conf.erb'), + require => File[$modsec_dir], + notify => Service['httpd'], + } + + apache::security::rule_link { $activated_rules: } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 6a221fd633..ac92b2b147 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -83,6 +83,7 @@ }, 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', + 'security' => 'mod_security', 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', @@ -109,6 +110,32 @@ } else { $wsgi_socket_prefix = undef } + $modsec_crs_package = 'mod_security_crs' + $modsec_crs_path = '/usr/lib/modsecurity.d' + $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -149,6 +176,7 @@ 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', @@ -165,6 +193,32 @@ $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' $docroot = '/var/www' + $modsec_crs_package = 'modsecurity-crs' + $modsec_crs_path = '/usr/share/modsecurity-crs' + $modsec_dir = '/etc/modsecurity' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] # # Passenger-specific settings diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp new file mode 100644 index 0000000000..1ddc9d6aa3 --- /dev/null +++ b/manifests/security/rule_link.pp @@ -0,0 +1,12 @@ +define apache::security::rule_link () { + + $parts = split($title, '/') + $filename = $parts[-1] + + file { $filename: + ensure => 'link', + path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", + target => "${::apache::params::modsec_crs_path}/${title}", + require => File["${::apache::mod::security::modsec_dir}/activated_rules"], + } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 50b3a1ec4a..711dffeeb2 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -106,6 +106,10 @@ $passenger_start_timeout = undef, $passenger_pre_start = undef, $add_default_charset = undef, + $modsec_disable_vhost = undef, + $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + $modsec_body_limit = undef, ) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { @@ -414,6 +418,17 @@ $_directories = [ merge($_directory, $_directory_version) ] } + ## Create a global LocationMatch if locations aren't defined + if $modsec_disable_ids { + if is_hash($modsec_disable_ids) { + $_modsec_disable_ids = $modsec_disable_ids + } elsif is_array($modsec_disable_ids) { + $_modsec_disable_ids = { '.*' => $modsec_disable_ids } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + } + } + concat { "${priority_real}-${filename}.conf": ensure => $ensure, path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", @@ -491,7 +506,7 @@ content => template('apache/vhost/_fallbackresource.erb'), } } - + # Template uses: # - $allow_encoded_slashes if $allow_encoded_slashes { @@ -823,6 +838,19 @@ } } + # Template uses: + # - $modsec_disable_vhost + # - $modsec_disable_ids + # - $modsec_disable_ips + # - $modsec_body_limit + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { + concat::fragment { "${name}-security": + target => "${priority_real}-${filename}.conf", + order => 320, + content => template('apache/vhost/_security.erb') + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}-${filename}.conf", diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb new file mode 100644 index 0000000000..74d1cd26ea --- /dev/null +++ b/spec/acceptance/mod_security_spec.rb @@ -0,0 +1,228 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::security class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + package_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + package_name = 'httpd' + end + + context "default mod_security config" do + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe package(package_name) do + it { is_expected.to be_installed } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + end #default mod_security config + + context "mod_security should allow disabling by vhost" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Index page\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_vhost => false, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by vhost + + context "mod_security should allow disabling by ip" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => "Index page\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ips => [ '127.0.0.1' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by ip + + context "mod_security should allow disabling by id" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + host { 'modsec.example.com': ip => '127.0.0.1', } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + file { '/var/www/html/index2.html': + ensure => file, + content => 'Page 2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ids => [ '950007' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + end #mod_security should allow disabling by id + + +end #apache::mod::security class diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb new file mode 100644 index 0000000000..05586c2caa --- /dev/null +++ b/spec/classes/mod/security_spec.rb @@ -0,0 +1,93 @@ +require 'spec_helper' + +describe 'apache::mod::security', :type => :class do + let :pre_condition do + 'include apache' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('mod_security_crs') } + it { should contain_file('security.conf').with( + :path => '/etc/httpd/conf.d/security.conf' + ) } + it { should contain_file('/etc/httpd/modsecurity.d').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d/activated_rules', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( + :path => '/etc/httpd/modsecurity.d/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux' + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('modsecurity-crs') } + it { should contain_file('security.conf').with( + :path => '/etc/apache2/mods-available/security.conf' + ) } + it { should contain_file('/etc/modsecurity').with( + :ensure => 'directory', + :path => '/etc/modsecurity', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/activated_rules').with( + :ensure => 'directory', + :path => '/etc/modsecurity/activated_rules', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/security_crs.conf').with( + :path => '/etc/modsecurity/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + +end diff --git a/spec/defines/modsec_link_spec.rb b/spec/defines/modsec_link_spec.rb new file mode 100644 index 0000000000..c1633d01d8 --- /dev/null +++ b/spec/defines/modsec_link_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe 'apache::security::rule_link', :type => :define do + let :pre_condition do + 'class { "apache": } + class { "apache::mod::security": activated_rules => [] } + ' + end + + let :title do + 'base_rules/modsecurity_35_bad_robots.data' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data' + ) } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux' + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data' + ) } + end + +end diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb new file mode 100644 index 0000000000..ed884eadde --- /dev/null +++ b/templates/mod/security.conf.erb @@ -0,0 +1,68 @@ + + # ModSecurity Core Rules Set configuration +<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> + IncludeOptional <%= @modsec_dir %>/*.conf + IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf +<%- else -%> + Include <%= @modsec_dir %>/*.conf + Include <%= @modsec_dir %>/activated_rules/*.conf +<%- end -%> + + # Default recommended configuration + SecRuleEngine On + SecRequestBodyAccess On + SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + SecRequestBodyLimit 13107200 + SecRequestBodyNoFilesLimit 131072 + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimitAction Reject + SecRule REQBODY_ERROR "!@eq 0" \ + "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_MISSING_SEMICOLON}, \ + IQ %{MULTIPART_INVALID_QUOTING}, \ + IP %{MULTIPART_INVALID_PART}, \ + IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ + FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" + + SecPcreMatchLimit 1000 + SecPcreMatchLimitRecursion 1000 + + SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + SecResponseBodyAccess Off + SecResponseBodyMimeType text/plain text/html text/xml + SecResponseBodyLimit 524288 + SecResponseBodyLimitAction ProcessPartial + SecDebugLogLevel 0 + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogParts ABIJDEFHZ + SecAuditLogType Serial + SecArgumentSeparator & + SecCookieFormat 0 +<%- if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> + SecDebugLog /var/log/apache2/modsec_debug.log + SecAuditLog /var/log/apache2/modsec_audit.log + SecTmpDir /var/cache/modsecurity + SecDataDir /var/cache/modsecurity +<% else -%> + SecDebugLog /var/log/httpd/modsec_debug.log + SecAuditLog /var/log/httpd/modsec_audit.log + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security +<% end -%> + diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb new file mode 100644 index 0000000000..4a990eb3a5 --- /dev/null +++ b/templates/mod/security_crs.conf.erb @@ -0,0 +1,428 @@ +# --------------------------------------------------------------- +# Core ModSecurity Rule Set ver.2.2.6 +# Copyright (C) 2006-2012 Trustwave All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENCE file for full details. +# --------------------------------------------------------------- + + +# +# -- [[ Recommended Base Configuration ]] ------------------------------------------------- +# +# The configuration directives/settings in this file are used to control +# the OWASP ModSecurity CRS. These settings do **NOT** configure the main +# ModSecurity settings such as: +# +# - SecRuleEngine +# - SecRequestBodyAccess +# - SecAuditEngine +# - SecDebugLog +# +# You should use the modsecurity.conf-recommended file that comes with the +# ModSecurity source code archive. +# +# Ref: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended +# + + +# +# -- [[ Rule Version ]] ------------------------------------------------------------------- +# +# Rule version data is added to the "Producer" line of Section H of the Audit log: +# +# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. +# +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecComponentSignature +# +SecComponentSignature "OWASP_CRS/2.2.6" + + +# +# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] ----------------- +# +# Each detection rule uses the "block" action which will inherit the SecDefaultAction +# specified below. Your settings here will determine which mode of operation you use. +# +# -- [[ Self-Contained Mode ]] -- +# Rules inherit the "deny" disruptive action. The first rule that matches will block. +# +# -- [[ Collaborative Detection Mode ]] -- +# This is a "delayed blocking" mode of operation where each matching rule will inherit +# the "pass" action and will only contribute to anomaly scores. Transactional blocking +# can be applied +# +# -- [[ Alert Logging Control ]] -- +# You have three options - +# +# - To log to both the Apache error_log and ModSecurity audit_log file use: "log" +# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog" +# - To log *only* to the Apache error_log file use: "log,noauditlog" +# +# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction +# +SecDefaultAction "phase:1,deny,log" + + +# +# -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- +# +# These are the default scoring points for each severity level. You may +# adjust these to you liking. These settings will be used in macro expansion +# in the rules to increment the anomaly scores when rules match. +# +# These are the default Severity ratings (with anomaly scores) of the individual rules - +# +# - 2: Critical - Anomaly Score of 5. +# Is the highest severity level possible without correlation. It is +# normally generated by the web attack rules (40 level files). +# - 3: Error - Anomaly Score of 4. +# Is generated mostly from outbound leakage rules (50 level files). +# - 4: Warning - Anomaly Score of 3. +# Is generated by malicious client rules (35 level files). +# - 5: Notice - Anomaly Score of 2. +# Is generated by the Protocol policy and anomaly files. +# +SecAction \ + "id:'900001', \ + phase:1, \ + t:none, \ + setvar:tx.critical_anomaly_score=5, \ + setvar:tx.error_anomaly_score=4, \ + setvar:tx.warning_anomaly_score=3, \ + setvar:tx.notice_anomaly_score=2, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Scoring Threshold Levels ]] ------------------------------ +# +# These variables are used in macro expansion in the 49 inbound blocking and 59 +# outbound blocking files. +# +# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric +# operators. If you have an earlier version, edit the 49/59 files directly to +# set the appropriate anomaly score levels. +# +# You should set the score to the proper threshold you would prefer. If set to "5" +# it will work similarly to previous Mod CRS rules and will create an event in the error_log +# file if there are any rules that match. If you would like to lessen the number of events +# generated in the error_log file, you should increase the anomaly score threshold to +# something like "20". This would only generate an event in the error_log file if +# there are multiple lower severity rule matches or if any 1 higher severity item matches. +# +SecAction \ + "id:'900002', \ + phase:1, \ + t:none, \ + setvar:tx.inbound_anomaly_score_level=5, \ + nolog, \ + pass" + + +SecAction \ + "id:'900003', \ + phase:1, \ + t:none, \ + setvar:tx.outbound_anomaly_score_level=4, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- +# +# This is a collaborative detection mode where each rule will increment an overall +# anomaly score for the transaction. The scores are then evaluated in the following files: +# +# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file +# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file +# +# If you want to use anomaly scoring mode, then uncomment this line. +# +#SecAction \ + "id:'900004', \ + phase:1, \ + t:none, \ + setvar:tx.anomaly_score_blocking=on, \ + nolog, \ + pass" + + +# +# -- [[ GeoIP Database ]] ----------------------------------------------------------------- +# +# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. +# +# You must first download the MaxMind GeoIP Lite City DB - +# +# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +# +# You then need to define the proper path for the SecGeoLookupDb directive +# +# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html +# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html +# +#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat + +# +# -- [[ Regression Testing Mode ]] -------------------------------------------------------- +# +# If you are going to run the regression testing mode, you should uncomment the +# following rule. It will enable DetectionOnly mode for the SecRuleEngine and +# will enable Response Header tagging so that the client testing script can see +# which rule IDs have matched. +# +# You must specify the your source IP address where you will be running the tests +# from. +# +#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ + "id:'900005', \ + phase:1, \ + t:none, \ + ctl:ruleEngine=DetectionOnly, \ + setvar:tx.regression_testing=1, \ + nolog, \ + pass" + + +# +# -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- +# +# Set the following policy settings here and they will be propagated to the 23 rules +# file (modsecurity_common_23_request_limits.conf) by using macro expansion. +# If you run into false positives, you can adjust the settings here. +# +# Only the max number of args is uncommented by default as there are a high rate +# of false positives. Uncomment the items you wish to set. +# +# +# -- Maximum number of arguments in request limited +SecAction \ + "id:'900006', \ + phase:1, \ + t:none, \ + setvar:tx.max_num_args=255, \ + nolog, \ + pass" + +# +# -- Limit argument name length +#SecAction \ + "id:'900007', \ + phase:1, \ + t:none, \ + setvar:tx.arg_name_length=100, \ + nolog, \ + pass" + +# +# -- Limit value name length +#SecAction \ + "id:'900008', \ + phase:1, \ + t:none, \ + setvar:tx.arg_length=400, \ + nolog, \ + pass" + +# +# -- Limit arguments total length +#SecAction \ + "id:'900009', \ + phase:1, \ + t:none, \ + setvar:tx.total_arg_length=64000, \ + nolog, \ + pass" + +# +# -- Individual file size is limited +#SecAction \ + "id:'900010', \ + phase:1, \ + t:none, \ + setvar:tx.max_file_size=1048576, \ + nolog, \ + pass" + +# +# -- Combined file size is limited +#SecAction \ + "id:'900011', \ + phase:1, \ + t:none, \ + setvar:tx.combined_file_sizes=1048576, \ + nolog, \ + pass" + + +# +# Set the following policy settings here and they will be propagated to the 30 rules +# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. +# If you run into false positves, you can adjust the settings here. +# +SecAction \ + "id:'900012', \ + phase:1, \ + t:none, \ + setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \ + setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ + setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ + setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \ + setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ + nolog, \ + pass" + + +# +# -- [[ Content Security Policy (CSP) Settings ]] ----------------------------------------- +# +# The purpose of these settings is to send CSP response headers to +# Mozilla FireFox users so that you can enforce how dynamic content +# is used. CSP usage helps to prevent XSS attacks against your users. +# +# Reference Link: +# +# https://developer.mozilla.org/en/Security/CSP +# +# Uncomment this SecAction line if you want use CSP enforcement. +# You need to set the appropriate directives and settings for your site/domain and +# and activate the CSP file in the experimental_rules directory. +# +# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html +# +#SecAction \ + "id:'900013', \ + phase:1, \ + t:none, \ + setvar:tx.csp_report_only=1, \ + setvar:tx.csp_report_uri=/csp_violation_report, \ + setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \ + nolog, \ + pass" + + +# +# -- [[ Brute Force Protection ]] --------------------------------------------------------- +# +# If you are using the Brute Force Protection rule set, then uncomment the following +# lines and set the following variables: +# - Protected URLs: resources to protect (e.g. login pages) - set to your login page +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900014', \ + phase:1, \ + t:none, \ + setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \ + setvar:'tx.brute_force_burst_time_slice=60', \ + setvar:'tx.brute_force_counter_threshold=10', \ + setvar:'tx.brute_force_block_timeout=300', \ + nolog, \ + pass" + + +# +# -- [[ DoS Protection ]] ---------------------------------------------------------------- +# +# If you are using the DoS Protection rule set, then uncomment the following +# lines and set the following variables: +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900015', \ + phase:1, \ + t:none, \ + setvar:'tx.dos_burst_time_slice=60', \ + setvar:'tx.dos_counter_threshold=100', \ + setvar:'tx.dos_block_timeout=600', \ + nolog, \ + pass" + + +# +# -- [[ Check UTF enconding ]] ----------------------------------------------------------- +# +# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise +# it will result in false positives. +# +# Uncomment this line if your site uses UTF8 encoding +#SecAction \ + "id:'900016', \ + phase:1, \ + t:none, \ + setvar:tx.crs_validate_utf8_encoding=1, \ + nolog, \ + pass" + + +# +# -- [[ Enable XML Body Parsing ]] ------------------------------------------------------- +# +# The rules in this file will trigger the XML parser upon an XML request +# +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'900017', \ + phase:1, \ + t:none,t:lowercase, \ + nolog, \ + pass, \ + chain" + SecRule REQBODY_PROCESSOR "!@streq XML" \ + "ctl:requestBodyProcessor=XML" + + +# +# -- [[ Global and IP Collections ]] ----------------------------------------------------- +# +# Create both Global and IP collections for rules to use +# There are some CRS rules that assume that these two collections +# have already been initiated. +# +SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \ + "id:'900018', \ + phase:1, \ + t:none,t:sha1,t:hexEncode, \ + setvar:tx.ua_hash=%{matched_var}, \ + nolog, \ + pass" + + +SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \ + "id:'900019', \ + phase:1, \ + t:none, \ + capture, \ + setvar:tx.real_ip=%{tx.1}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "!@eq 0" \ + "id:'900020', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "@eq 0" \ + "id:'900021', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ + nolog, \ + pass" diff --git a/templates/vhost/_security.erb b/templates/vhost/_security.erb new file mode 100644 index 0000000000..5ab0a5b5da --- /dev/null +++ b/templates/vhost/_security.erb @@ -0,0 +1,20 @@ +<% if @modsec_disable_vhost -%> + SecRuleEngine Off +<% end -%> +<% if @_modsec_disable_ids.is_a?(Hash) -%> +<% @_modsec_disable_ids.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveById <%= rule %> +<% end -%> + +<% end -%> +<% end -%> +<% ips = Array(@modsec_disable_ips).join(',') %> +<% if ips != '' %> + SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" + SecAction "phase:2,pass,nolog,id:1234123456" +<% end -%> +<% if @modsec_body_limit -%> + SecRequestBodyLimit <%= @modsec_body_limit %> +<% end -%> From 69456070d21de95457eea754362fef890335a26c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 18 Dec 2014 16:36:59 -0800 Subject: [PATCH 058/105] Fix tests from #948 --- spec/acceptance/mod_security_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 74d1cd26ea..2e7948023c 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -101,7 +101,7 @@ class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', docroot => '/var/www/html', - modsec_disable_vhost => false, + modsec_disable_vhost => true, } EOS apply_manifest(pp, :catch_failures => true) From a1309d889b0387c923e76603cbcaa2e23caec275 Mon Sep 17 00:00:00 2001 From: Armin ranjbar Date: Fri, 19 Dec 2014 16:56:42 +0330 Subject: [PATCH 059/105] Fixes version automatic detection for debian jessie; Debian 8, Jessie uses Apache version 2.4 --- manifests/version.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/version.pp b/manifests/version.pp index dc5288dca0..4c245339e0 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -21,6 +21,8 @@ 'Debian': { if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { $default = '2.4' + } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { + $default = '2.4' } else { $default = '2.2' } From c47f0e45749058edf2b85767fa7a70308fc478f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 19 Dec 2014 11:06:32 -0800 Subject: [PATCH 060/105] Paths should be different for all deb based OSes Not just ubuntu. Fix for #948 --- templates/mod/security.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mod/security.conf.erb b/templates/mod/security.conf.erb index ed884eadde..7597c461f6 100644 --- a/templates/mod/security.conf.erb +++ b/templates/mod/security.conf.erb @@ -54,7 +54,7 @@ SecAuditLogType Serial SecArgumentSeparator & SecCookieFormat 0 -<%- if scope.lookupvar('::operatingsystem') == 'Ubuntu' -%> +<%- if scope.lookupvar('::osfamily') == 'Debian' -%> SecDebugLog /var/log/apache2/modsec_debug.log SecAuditLog /var/log/apache2/modsec_audit.log SecTmpDir /var/cache/modsecurity From bb96180f62a1897a9f81dfb6a821f2f10c9bdfd3 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 4 Dec 2014 05:58:54 -0700 Subject: [PATCH 061/105] MODULES-1382: support multiple access log directives --- manifests/vhost.pp | 56 +++++++++++++-------------- spec/acceptance/vhost_spec.rb | 28 ++++++++++++++ spec/defines/vhost_spec.rb | 67 +++++++++++++++++++++++++++++++++ templates/vhost/_access_log.erb | 24 ++++++++++-- 4 files changed, 143 insertions(+), 32 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 52a8056f70..9e05cb566f 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -40,11 +40,12 @@ $logroot_mode = undef, $log_level = undef, $access_log = true, - $access_log_file = undef, - $access_log_pipe = undef, - $access_log_syslog = undef, - $access_log_format = undef, - $access_log_env_var = undef, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + $access_logs = undef, $aliases = undef, $directories = undef, $error_log = true, @@ -269,19 +270,28 @@ # Is apache::mod::shib enabled (or apache::mod['shib2']) $shibboleth_enabled = defined(Apache::Mod['shib2']) - # Define log file names - if $access_log_file { - $access_log_destination = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $access_log_destination = $access_log_pipe - } elsif $access_log_syslog { - $access_log_destination = $access_log_syslog - } else { - if $ssl { - $access_log_destination = "${logroot}/${name}_access_ssl.log" + if $access_log and !$access_logs { + if $access_log_file { + $_logs_dest = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $_logs_dest = $access_log_pipe + } elsif $access_log_syslog { + $_logs_dest = $access_log_syslog } else { - $access_log_destination = "${logroot}/${name}_access.log" + $_logs_dest = undef } + $_access_logs = [{ + 'file' => $access_log_file, + 'pipe' => $access_log_pipe, + 'syslog' => $access_log_syslog, + 'format' => $access_log_format, + 'env' => $access_log_env_var + }] + } elsif $access_logs { + if !is_array($access_logs) { + fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") + } + $_access_logs = $access_logs } if $error_log_file { @@ -298,17 +308,6 @@ } } - # Set access log format - if $access_log_format { - $_access_log_format = "\"${access_log_format}\"" - } else { - $_access_log_format = 'combined' - } - - if $access_log_env_var { - $_access_log_env_var = "env=${access_log_env_var}" - } - if $ip { if $port { $listen_addr_port = "${ip}:${port}" @@ -569,7 +568,8 @@ # - $access_log_destination # - $_access_log_format # - $_access_log_env_var - if $access_log { + # - $access_logs + if $access_log or $access_logs { concat::fragment { "${name}-access_log": target => "${priority_real}-${filename}.conf", order => 100, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..0aff9268c1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -761,6 +761,34 @@ class { 'apache': } end end + describe 'multiple access_logs' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + access_logs => [ + {'file' => 'log1'}, + {'file' => 'log2', 'env' => 'admin' }, + {'file' => '/var/tmp/log3', 'format' => '%h %l'}, + {'syslog' => 'syslog' } + ] + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "/tmp/log1" combined' } + it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' } + it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' } + it { is_expected.to contain 'CustomLog "syslog" combined' } + end + end + describe 'aliases' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index d80752d8ae..66b1862508 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -407,6 +407,63 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end end + describe 'access logs' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context 'single log file' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s*$/ + )} + end + context 'single log file with environment' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + 'access_log_env_var' => 'prod' + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s+env=prod$/ + )} + end + context 'multiple log files' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => [ + { 'file' => '/tmp/log1', 'env' => 'dev' }, + { 'file' => 'log2' }, + { 'syslog' => 'syslog', 'format' => '%h %l' } + ], + } + end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "syslog" "%h %l"\s*$/ + )} + end + end # access logs describe 'validation' do context 'bad ensure' do let :params do @@ -620,5 +677,15 @@ let :facts do default_facts end it { expect { is_expected.to compile }.to raise_error } end + context 'bad access_logs' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => '/var/log/somewhere', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end end end diff --git a/templates/vhost/_access_log.erb b/templates/vhost/_access_log.erb index 1ec47ff710..d1ec426a4a 100644 --- a/templates/vhost/_access_log.erb +++ b/templates/vhost/_access_log.erb @@ -1,5 +1,21 @@ -<% if @access_log and @_access_log_env_var -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> -<% elsif @access_log -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> +<% @_access_logs.each do |log| -%> +<% env ||= "env=#{log['env']}" if log['env'] -%> +<% env ||= '' -%> +<% format ||= "\"#{log['format']}\"" if log['format'] -%> +<% format ||= 'combined' -%> +<% if log['file'] -%> +<% if log['file'].chars.first == '/' -%> +<% destination = "#{log['file']}" -%> +<% else -%> +<% destination = "#{@logroot}/#{log['file']}" -%> +<% end -%> +<% elsif log['syslog'] -%> +<% destination = "syslog" -%> +<% elsif log['pipe'] -%> +<% destination = log['pipe'] -%> +<% else -%> +<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> +<% destination ||= "#{@logroot}/#{@name}_access.log" -%> +<% end -%> + CustomLog "<%= destination %>" <%= format %> <%= env %> <% end -%> From 1c40ea31f96ca8d551164eb983d3192b6e0d397c Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 23 Dec 2014 11:25:30 -0800 Subject: [PATCH 062/105] Don't run tests on platforms they don't work on Also, some formatting cleanup. --- spec/acceptance/mod_security_spec.rb | 42 ++++++++++++++-------------- spec/spec_helper_acceptance.rb | 2 +- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/spec/acceptance/mod_security_spec.rb b/spec/acceptance/mod_security_spec.rb index 2e7948023c..60295787e0 100644 --- a/spec/acceptance/mod_security_spec.rb +++ b/spec/acceptance/mod_security_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::security class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' @@ -22,13 +22,13 @@ it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': port => '80', docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, content => 'Index page', @@ -51,14 +51,14 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end end #default mod_security config @@ -66,16 +66,16 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by vhost" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, - content => "Index page\\n", + content => 'Index page', } EOS apply_manifest(pp, :catch_failures => true) @@ -91,7 +91,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -108,7 +108,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end @@ -118,16 +118,16 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by ip" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, - content => "Index page\\n", + content => 'Index page', } EOS apply_manifest(pp, :catch_failures => true) @@ -143,7 +143,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -160,7 +160,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" modsec.example.com:80') do |r| + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end @@ -170,13 +170,13 @@ class { 'apache::mod::security': } context "mod_security should allow disabling by id" do it 'succeeds in puppeting mod_security' do pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } class { 'apache': } class { 'apache::mod::security': } apache::vhost { 'modsec.example.com': - port => '80', - docroot => '/var/www/html', + port => '80', + docroot => '/var/www/html', } - host { 'modsec.example.com': ip => '127.0.0.1', } file { '/var/www/html/index.html': ensure => file, content => 'Index page', @@ -199,7 +199,7 @@ class { 'apache::mod::security': } end it 'should block query with SQL' do - shell '/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] end it 'should disable mod_security per vhost' do @@ -216,7 +216,7 @@ class { 'apache::mod::security': } end it 'should return index page' do - shell('/usr/bin/curl -H"User-Agent: beaker" -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| expect(r.stdout).to match(/Index page/) expect(r.exit_code).to eq(0) end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 94178fbd7f..ce388328f9 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -41,7 +41,7 @@ on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] } end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } end end end From 649cc799b75dfc6eef4e5cfce8bfc3b1b595ac58 Mon Sep 17 00:00:00 2001 From: Jason Antman Date: Fri, 24 Oct 2014 09:13:48 -0400 Subject: [PATCH 063/105] MODULES-1458 allow specifying mod_wsgi package and path/module name --- README.md | 16 ++++++++++++ manifests/mod/wsgi.pp | 22 ++++++++++++++++- spec/classes/mod/wsgi_spec.rb | 46 +++++++++++++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ba805b8cbe..ee6e03ec79 100644 --- a/README.md +++ b/README.md @@ -729,6 +729,22 @@ For customized parameters, which tell Apache how Python is currently configured } ``` +To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides, +(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory): + +```puppet + class { 'apache::mod::wsgi': + wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", + wsgi_python_home => '/path/to/venv', + wsgi_python_path => '/path/to/venv/site-packages', + package_name => 'python27-mod_wsgi', + mod_path => 'python27-mod_wsgi.so', + } +``` + +If ``mod_path`` does not contain "/", it will be prefixed by the default module path +for your OS; otherwise, it will be used literally. + More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). ####Class: `apache::mod::fcgid` diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 2a47bb68e3..7841706035 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -2,8 +2,28 @@ $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, $wsgi_python_path = undef, $wsgi_python_home = undef, + $package_name = undef, + $mod_path = undef, ){ - ::apache::mod { 'wsgi': } + + if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { + fail('apache::mod::wsgi - both package_name and mod_path must be specified!') + } + + if $package_name != undef { + if $mod_path =~ /\// { + $_mod_path = $mod_path + } else { + $_mod_path = "${::apache::params::lib_path}/${mod_path}" + } + ::apache::mod { 'wsgi': + package => $package_name, + path => $_mod_path, + } + } + else { + ::apache::mod { 'wsgi': } + } # Template uses: # - $wsgi_socket_prefix diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index 3875d3fd09..a68c808305 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -55,6 +55,52 @@ end it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} end + describe "with custom package_name and mod_path" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => '/foo/bar/baz', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'package' => 'mod_wsgi_package', + 'path' => '/foo/bar/baz', + }) + } + it { is_expected.to contain_package("mod_wsgi_package") } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module /foo/bar/baz") } + end + describe "with custom mod_path not containing /" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => 'wsgi_mod_name.so', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'path' => 'modules/wsgi_mod_name.so', + 'package' => 'mod_wsgi_package', + }) + } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module modules/wsgi_mod_name.so") } + + end + describe "with package_name but no mod_path" do + let :params do + { + :mod_path => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + end + describe "with mod_path but no package_name" do + let :params do + { + :package_name => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + end end context "on a FreeBSD OS" do let :facts do From 54fce8ab86810aa844b5cbc7e1d68e45cd6878a7 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Mon, 29 Dec 2014 10:40:50 -0800 Subject: [PATCH 064/105] Add IntelliJ files to the ignore list --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b5b7a00d67..b5db85e051 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +.idea/ +*.iml From 1bd26e02e69f0da6b4fc3c162ef50b80faa43ebd Mon Sep 17 00:00:00 2001 From: John Woffindin Date: Wed, 19 Nov 2014 14:46:40 +1300 Subject: [PATCH 065/105] Add support for SSLPassPhraseDialog to be specified for mod_ssl. Defaults to 'builtin' to match the current behavior. --- README.md | 7 ++++--- manifests/mod/ssl.pp | 13 +++++++------ spec/classes/mod/ssl_spec.rb | 29 +++++++++++++++++++++++++++++ templates/mod/ssl.conf.erb | 2 +- 4 files changed, 41 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 019e0e1fa8..09616ad41c 100644 --- a/README.md +++ b/README.md @@ -732,9 +732,10 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ```puppet class { 'apache::mod::ssl': - ssl_compression => false, - ssl_options => [ 'StdEnvVars' ], - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], + ssl_compression => false, + ssl_options => [ 'StdEnvVars' ], + ssl_pass_phrase_dialog => 'builtin', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 293e9319cc..c1278ff74f 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -1,10 +1,11 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_options = [ 'StdEnvVars' ], - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - $apache_version = $::apache::apache_version, - $package_name = undef, + $ssl_compression = false, + $ssl_options = [ 'StdEnvVars' ], + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_pass_phrase_dialog = 'builtin', + $apache_version = $::apache::apache_version, + $package_name = undef, ) { $session_cache = $::osfamily ? { 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 93f04e3ca5..f3fc7ae645 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -78,4 +78,33 @@ it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('ssl') } end + + # Template config doesn't vary by distro + context "on all distros" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + context 'not setting ssl_pass_phrase_dialog' do + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)} + end + + context 'setting ssl_pass_phrase_dialog' do + let :params do + { + :ssl_pass_phrase_dialog => 'exec:/path/to/program', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} + end + + end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index e92e37e7a9..a0e61650e0 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -7,7 +7,7 @@ AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl - SSLPassPhraseDialog builtin + SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout 300 <% if @ssl_compression -%> From 0012b4ab952f745de06953e486dbcbb71bddd127 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 29 Dec 2014 14:56:16 -0800 Subject: [PATCH 066/105] $::selinux is a bool, not a string --- spec/acceptance/apache_parameters_spec.rb | 2 +- spec/acceptance/class_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 3a21ab0eb2..50ee3e85fa 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -339,7 +339,7 @@ class { 'apache': describe 'setup' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 954b6ac587..92870bb6ac 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -42,7 +42,7 @@ class { 'apache': } # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 483b74945c..ec143756f2 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1187,7 +1187,7 @@ class { 'apache::mod::fastcgi': } describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', From b659a8effaeb62b862594204688cbb53a2410145 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Dec 2014 11:13:03 -0800 Subject: [PATCH 067/105] Make sure we're using system ruby in the mod_passenger tests PE ships with different versions of ruby than the version mod_passenger was compiled against. Make sure we use the system ruby in the tests. --- spec/acceptance/mod_passenger_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 9a758a44ee..4b3516f69e 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -137,7 +137,7 @@ class { 'apache::mod::passenger': } end it 'should output status via passenger-memory-stats' do - shell("/usr/sbin/passenger-memory-stats") do |r| + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| expect(r.stdout).to match(/Apache processes/) expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) @@ -158,7 +158,7 @@ class { 'apache::mod::passenger': } unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' it 'should output status via passenger-status' do # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("/usr/sbin/passenger-status") do |r| + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| # spacing may vary expect(r.stdout).to match(/[\-]+ General information [\-]+/) if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' From 9416be717d48ec1cb6ac85498693477b9432b390 Mon Sep 17 00:00:00 2001 From: Pete Soloway Date: Tue, 30 Dec 2014 11:41:59 -0800 Subject: [PATCH 068/105] Added code example for setenv class Example usage is based on the Apache docs' own example for the SetEnv directive: http://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv Change requested here: https://tickets.puppetlabs.com/browse/DOCUMENT-204 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 019e0e1fa8..aa9266cddc 100644 --- a/README.md +++ b/README.md @@ -1426,6 +1426,14 @@ Sets the servername corresponding to the hostname you connect to the virtual hos Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. +Example: + +```puppet + apache::vhost {'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], + } +``` + #####`setenvif` Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. From 1db205abccb41d633d7babb5338c7c7f3b6b0efd Mon Sep 17 00:00:00 2001 From: Pete Soloway Date: Tue, 30 Dec 2014 14:07:47 -0800 Subject: [PATCH 069/105] Corrected style errors Thanks for the edits, Hunter! Can you validate my corrections? I'm making these in-browser, and GitHub's editor might be throwing me off by converting my spaces to tabs. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index aa9266cddc..b517027208 100644 --- a/README.md +++ b/README.md @@ -1429,9 +1429,9 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: ```puppet - apache::vhost {'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], - } + apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], + } ``` #####`setenvif` From 48080116661465d082543a335d4e1629332a7b6a Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 30 Dec 2014 14:34:30 -0800 Subject: [PATCH 070/105] Strict variable fix --- manifests/version.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/version.pp b/manifests/version.pp index 010061b703..f22797c4cb 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -12,14 +12,14 @@ case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { + if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { $default = '2.4' } else { $default = '2.2' } } 'Debian': { - if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { + if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { $default = '2.4' } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { $default = '2.4' From 46574de24196a71bdcd83485d23beac105d40d9d Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Fri, 2 Jan 2015 02:33:31 +0100 Subject: [PATCH 071/105] fix apache_version for Debian >7 --- manifests/version.pp | 2 +- spec/acceptance/version.rb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/version.pp b/manifests/version.pp index f22797c4cb..8304bb1a0c 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -21,7 +21,7 @@ 'Debian': { if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { $default = '2.4' - } elsif $::operatingsystem == 'Debian' and $::operatingsystemrelease == 'jessie/sid' { + } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 { $default = '2.4' } else { $default = '2.2' diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index b88412b42f..c1578c52e6 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -38,6 +38,8 @@ if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10 $apache_version = '2.4' + elsif _operatingsystem == 'Debian' and _operatingsystemrelease >= 8.0 + $apache_version = '2.4' else $apache_version = '2.2' end From 35d7d04afdd8b6e0d00fa5807420d531bc7de86c Mon Sep 17 00:00:00 2001 From: Michael Moll Date: Fri, 2 Jan 2015 03:28:29 +0100 Subject: [PATCH 072/105] add passenger support for Debian/jessie --- README.passenger.md | 1 + manifests/params.pp | 5 +++++ spec/acceptance/mod_passenger_spec.rb | 12 ++++++++++-- spec/classes/mod/passenger_spec.rb | 19 +++++++++++++++++++ templates/mod/passenger.conf.erb | 2 +- 5 files changed, 36 insertions(+), 3 deletions(-) diff --git a/README.passenger.md b/README.passenger.md index 4b4caa8c09..84e6992ffa 100644 --- a/README.passenger.md +++ b/README.passenger.md @@ -27,6 +27,7 @@ puppetlabs-apache: OS | Passenger version | `PassengerRoot` ---------------- | ------------------ | ---------------- Debian 7 | 3.0.13 | /usr +Debian 8 | 4.0.53 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini Ubuntu 12.04 | 2.2.11 | /usr Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21 diff --git a/manifests/params.pp b/manifests/params.pp index d7e00ca18b..616102fa62 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -256,6 +256,11 @@ $passenger_ruby = '/usr/bin/ruby' $passenger_default_ruby = undef } + 'jessie': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } default: { # The following settings may or may not work on Debian releases not # supported by this module. diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index 4b3516f69e..f6e710db01 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -31,6 +31,10 @@ when 'wheezy' passenger_root = '/usr' passenger_ruby = '/usr/bin/ruby' + when 'jessie' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' else # This may or may not work on Debian releases other than the above passenger_root = '/usr' @@ -124,6 +128,9 @@ class { 'apache::mod::passenger': } when 'wheezy' it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when 'jessie' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } else # This may or may not work on Debian releases other than the above it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } @@ -142,9 +149,10 @@ class { 'apache::mod::passenger': } expect(r.stdout).to match(/Nginx processes/) expect(r.stdout).to match(/Passenger processes/) - # passenger-memory-stats output on Ubuntu 14.04 does not contain + # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain # these two lines - unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' + unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Debian' && fact('operatingsystemrelease') == '8.0')) expect(r.stdout).to match(/### Processes: [0-9]+/) expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) end diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 23154014a4..0093d4b919 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -175,6 +175,25 @@ it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } end + + context "with Debian 8 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8.0', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'jessie', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end end context "on a RedHat OS" do diff --git a/templates/mod/passenger.conf.erb b/templates/mod/passenger.conf.erb index dd9eee3b13..a56d2d5d14 100644 --- a/templates/mod/passenger.conf.erb +++ b/templates/mod/passenger.conf.erb @@ -1,4 +1,4 @@ -# The Passanger Apache module configuration file is being +# The Passenger Apache module configuration file is being # managed by Puppet and changes will be overwritten. <%- if @passenger_root -%> From 52bb5c77bd3832fb7b7dc2bfb3fb663058f1ecd8 Mon Sep 17 00:00:00 2001 From: Jason Lingohr Date: Mon, 12 Jan 2015 17:41:36 +1100 Subject: [PATCH 073/105] Typo for custom_fragment example --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cc48f837a2..484bb3eb7d 100644 --- a/README.md +++ b/README.md @@ -2069,7 +2069,7 @@ Within your virtual host, you can then configure the specified file type to be h ```puppet apache::vhost { 'www': ... - custom_fragment = 'AddType application/x-httpd-php .php' + custom_fragment => 'AddType application/x-httpd-php .php' ... } ``` From 7511cdaeaba8adc9afbadfaa60d65fe77abccdfa Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 4 Dec 2014 03:32:21 -0700 Subject: [PATCH 074/105] MODULES-1554: update error docs and icons path for RHEL7-based systems --- manifests/init.pp | 3 -- manifests/mod/alias.pp | 7 +++- manifests/params.pp | 8 +++- spec/classes/mod/alias_spec.rb | 68 ++++++++++++++++++++++++++++++++++ 4 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 spec/classes/mod/alias_spec.rb diff --git a/manifests/init.pp b/manifests/init.pp index 32966b86f7..a8084131fb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -242,21 +242,18 @@ 'debian': { $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { $pidfile = 'run/httpd.pid' $error_log = 'error_log' - $error_documents_path = '/var/www/error' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' - $error_documents_path = '/usr/local/www/apache22/error' $scriptalias = '/usr/local/www/apache22/cgi-bin' $access_log_file = 'httpd-access.log' } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index ee017b490f..0e019abbd1 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,9 +1,14 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { + $ver24 = versioncmp($apache_version, 2.4) >= 0 + $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', - 'redhat' => '/var/www/icons', + 'redhat' => $ver24 ? { + true => '/usr/share/httpd/icons', + default => '/var/www/icons', + }, 'freebsd' => '/usr/local/www/apache22/icons', } apache::mod { 'alias': } diff --git a/manifests/params.pp b/manifests/params.pp index 616102fa62..7e19d99fa9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -105,7 +105,11 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' - if $::osfamily == 'RedHat' { + $error_documents_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/error', + default => '/var/www/error' + } + if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef @@ -219,6 +223,7 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf' ] + $error_documents_path = '/usr/share/apache2/error' # # Passenger-specific settings @@ -335,6 +340,7 @@ $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache22/data' + $error_documents_path = '/usr/local/www/apache22/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb new file mode 100644 index 0000000000..503575af61 --- /dev/null +++ b/spec/classes/mod/alias_spec.rb @@ -0,0 +1,68 @@ +require 'spec_helper' + +describe 'apache::mod::alias', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) } + end + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) } + end + context "on a RedHat 7-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } + end + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache22\/icons\/"/) } + end +end From 4a96814e13a81d8a434a104929c2f0a265a69e43 Mon Sep 17 00:00:00 2001 From: Farzad FARID Date: Fri, 16 Jan 2015 10:09:53 +0100 Subject: [PATCH 075/105] ssl_protocol expects a string, not an array. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 484bb3eb7d..2de3522992 100644 --- a/README.md +++ b/README.md @@ -735,7 +735,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_options => [ 'StdEnvVars' ], ssl_pass_phrase_dialog => 'builtin', - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` From 3c3df650278ef17bb4931922e7a3a775ab128464 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Sat, 17 Jan 2015 06:06:28 -0700 Subject: [PATCH 076/105] fix versioncmp test in mod::alias --- manifests/mod/alias.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..40480c3d4c 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,7 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { - $ver24 = versioncmp($apache_version, 2.4) >= 0 + $ver24 = versioncmp($apache_version, '2.4') >= 0 $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', From 6ab9b84fb3d5b46eaf111603d7cf5d0a8e3dce12 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Tue, 20 Jan 2015 15:37:40 +0100 Subject: [PATCH 077/105] Fix doc about confd_dir on Debian --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 484bb3eb7d..49a9ddbd0b 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ Changes the location of the configuration directory the main configuration file #####`confd_dir` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, and '/usr/local/etc/apache22' on FreeBSD. #####`conf_template` From 83df47136427292973d813777fcd69ef5bb8ae72 Mon Sep 17 00:00:00 2001 From: Sergii Golovatiuk Date: Tue, 20 Jan 2015 15:23:25 +0100 Subject: [PATCH 078/105] Specify mod_proxy_connect module for Apache >= 2.3.5 mod_proxy_connect was moved to own module since Apache >= 2.3.5. AllowCONNECT directive won't work without this module on Ubuntu 14.04 or Debian 8. Signed-off-by: Sergii Golovatiuk --- manifests/mod/proxy_connect.pp | 8 +++++ spec/classes/mod/proxy_connect_spec.rb | 50 ++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 manifests/mod/proxy_connect.pp create mode 100644 spec/classes/mod/proxy_connect_spec.rb diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp new file mode 100644 index 0000000000..3bae848446 --- /dev/null +++ b/manifests/mod/proxy_connect.pp @@ -0,0 +1,8 @@ +class apache::mod::proxy_connect ( + $apache_version = $::apache::apache_version, +) { + if versioncmp($apache_version, '2.4') >= 0 { + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] + ::apache::mod { 'proxy_connect': } + } +} diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb new file mode 100644 index 0000000000..c54d255a5e --- /dev/null +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper' + +describe 'apache::mod::proxy_connect', :type => :class do + let :pre_condition do + [ + 'include apache', + 'include apache::mod::proxy', + ] + end + context 'on a Debian OS' do + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + context 'with Apache version < 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '7.0', + :lsbdistcodename => 'wheezy', + }) + end + let :params do + { + :apache_version => '2.2', + } + end + it { is_expected.not_to contain_apache__mod('proxy_connect') } + end + context 'with Apache version >= 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '8.0', + :lsbdistcodename => 'jessie', + }) + end + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_apache__mod('proxy_connect') } + end + end +end From a4cbf7920727b4328da9a44f8af5480d9a30039e Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Wed, 21 Jan 2015 22:32:30 +0000 Subject: [PATCH 079/105] Quoted params to versioncmp in mod/alias.pp to avoid type error --- manifests/mod/alias.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..40480c3d4c 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -1,7 +1,7 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { - $ver24 = versioncmp($apache_version, 2.4) >= 0 + $ver24 = versioncmp($apache_version, '2.4') >= 0 $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', From da59ce65e3f790f5fcba7a3d52bbb78c64f1e4b0 Mon Sep 17 00:00:00 2001 From: tphoney Date: Wed, 21 Jan 2015 13:02:53 -0800 Subject: [PATCH 080/105] modules-1559 apache module no service refresh --- README.md | 4 +++ manifests/init.pp | 3 +++ manifests/mod.pp | 6 ++--- manifests/mod/alias.pp | 2 +- manifests/mod/authnz_ldap.pp | 2 +- manifests/mod/autoindex.pp | 2 +- manifests/mod/cgid.pp | 2 +- manifests/mod/dav_fs.pp | 2 +- manifests/mod/deflate.pp | 2 +- manifests/mod/dir.pp | 2 +- manifests/mod/disk_cache.pp | 2 +- manifests/mod/event.pp | 2 +- manifests/mod/fastcgi.pp | 2 +- manifests/mod/fcgid.pp | 2 +- manifests/mod/info.pp | 2 +- manifests/mod/itk.pp | 2 +- manifests/mod/ldap.pp | 2 +- manifests/mod/mime.pp | 2 +- manifests/mod/mime_magic.pp | 2 +- manifests/mod/negotiation.pp | 2 +- manifests/mod/nss.pp | 2 +- manifests/mod/pagespeed.pp | 2 +- manifests/mod/passenger.pp | 2 +- manifests/mod/peruser.pp | 2 +- manifests/mod/php.pp | 2 +- manifests/mod/prefork.pp | 4 +-- manifests/mod/proxy.pp | 2 +- manifests/mod/proxy_html.pp | 2 +- manifests/mod/reqtimeout.pp | 2 +- manifests/mod/rpaf.pp | 2 +- manifests/mod/security.pp | 4 +-- manifests/mod/setenvif.pp | 2 +- manifests/mod/ssl.pp | 2 +- manifests/mod/status.pp | 2 +- manifests/mod/suphp.pp | 2 +- manifests/mod/userdir.pp | 2 +- manifests/mod/worker.pp | 4 +-- manifests/mod/wsgi.pp | 2 +- manifests/mpm.pp | 6 ++--- manifests/peruser/multiplexer.pp | 2 +- manifests/peruser/processor.pp | 2 +- manifests/service.pp | 13 +++++---- manifests/vhost.pp | 4 +-- spec/acceptance/apache_parameters_spec.rb | 19 +++++++++++++ spec/classes/service_spec.rb | 33 +++++++++++++++++++++++ spec/defines/vhost_spec.rb | 2 +- 46 files changed, 116 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 484bb3eb7d..d48e237f91 100644 --- a/README.md +++ b/README.md @@ -438,6 +438,10 @@ Determines whether the service should be running. Valid values are 'true', 'fals Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian, and 'apache22' on FreeBSD. +#####`service_manage` + +Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. + #####`trace_enable` Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. diff --git a/manifests/init.pp b/manifests/init.pp index a8084131fb..81f32e26a8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,6 +28,7 @@ $default_ssl_crl_check = undef, $ip = undef, $service_enable = true, + $service_manage = true, $service_ensure = 'running', $purge_configs = true, $purge_vhost_dir = undef, @@ -72,6 +73,7 @@ validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) + validate_bool($service_manage) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', @@ -126,6 +128,7 @@ class { '::apache::service': service_name => $service_name, service_enable => $service_enable, + service_manage => $service_manage, service_ensure => $service_ensure, } diff --git a/manifests/mod.pp b/manifests/mod.pp index 88cdcd6a5b..0891bf0b77 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -88,7 +88,7 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $::osfamily == 'Debian' { @@ -105,7 +105,7 @@ Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } # Each module may have a .conf file as well, which should be # defined in the class apache::mod::module @@ -123,7 +123,7 @@ Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index 0e019abbd1..f1f331da28 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -19,6 +19,6 @@ content => template('apache/mod/alias.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp index 800e656e89..b75369ffcd 100644 --- a/manifests/mod/authnz_ldap.pp +++ b/manifests/mod/authnz_ldap.pp @@ -14,6 +14,6 @@ content => template('apache/mod/authnz_ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp index f5f0f07458..c0969a814e 100644 --- a/manifests/mod/autoindex.pp +++ b/manifests/mod/autoindex.pp @@ -7,6 +7,6 @@ content => template('apache/mod/autoindex.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index 2a0c178e01..ee9044cd5a 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -17,7 +17,7 @@ content => template('apache/mod/cgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp index 0cb663f5c5..af037e32d0 100644 --- a/manifests/mod/dav_fs.pp +++ b/manifests/mod/dav_fs.pp @@ -15,6 +15,6 @@ content => template('apache/mod/dav_fs.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp index 561cbadbf9..9b8d43621c 100644 --- a/manifests/mod/deflate.pp +++ b/manifests/mod/deflate.pp @@ -19,6 +19,6 @@ content => template('apache/mod/deflate.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp index 11631305a4..6243a1bb7d 100644 --- a/manifests/mod/dir.pp +++ b/manifests/mod/dir.pp @@ -16,6 +16,6 @@ content => template('apache/mod/dir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 13c9c78352..54c0528379 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -19,6 +19,6 @@ content => template('apache/mod/disk_cache.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp index f2b28fde28..18a226ee53 100644 --- a/manifests/mod/event.pp +++ b/manifests/mod/event.pp @@ -43,7 +43,7 @@ content => template('apache/mod/event.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp index a185bb31fa..1f7e5df4fb 100644 --- a/manifests/mod/fastcgi.pp +++ b/manifests/mod/fastcgi.pp @@ -17,7 +17,7 @@ content => template('apache/mod/fastcgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp index 70761e41d7..a143c2b434 100644 --- a/manifests/mod/fcgid.pp +++ b/manifests/mod/fcgid.pp @@ -19,6 +19,6 @@ content => template('apache/mod/fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp index 2c3d56ed88..f0d03eb0f6 100644 --- a/manifests/mod/info.pp +++ b/manifests/mod/info.pp @@ -13,6 +13,6 @@ content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp index dc020b810a..49794945d4 100644 --- a/manifests/mod/itk.pp +++ b/manifests/mod/itk.pp @@ -39,7 +39,7 @@ content => template('apache/mod/itk.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp index d3b17ff5b8..fbd56d539a 100644 --- a/manifests/mod/ldap.pp +++ b/manifests/mod/ldap.pp @@ -9,6 +9,6 @@ content => template('apache/mod/ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp index ccdb5d4b3c..86000d1679 100644 --- a/manifests/mod/mime.pp +++ b/manifests/mod/mime.pp @@ -10,7 +10,7 @@ content => template('apache/mod/mime.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $mime_support_package { package { $mime_support_package: diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp index c276268e4d..c057b01f50 100644 --- a/manifests/mod/mime_magic.pp +++ b/manifests/mod/mime_magic.pp @@ -9,6 +9,6 @@ content => template('apache/mod/mime_magic.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp index 0bdbfdc3cc..02a3a0e64d 100644 --- a/manifests/mod/negotiation.pp +++ b/manifests/mod/negotiation.pp @@ -20,6 +20,6 @@ content => template('apache/mod/negotiation.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp index f0eff1cdf7..132b41b3f6 100644 --- a/manifests/mod/nss.pp +++ b/manifests/mod/nss.pp @@ -20,6 +20,6 @@ content => template('apache/mod/nss.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp index efe100861d..588849c472 100644 --- a/manifests/mod/pagespeed.pp +++ b/manifests/mod/pagespeed.pp @@ -50,6 +50,6 @@ content => template('apache/mod/pagespeed.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 12139cb2b4..7ff6b71be3 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -81,6 +81,6 @@ content => template('apache/mod/passenger.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 518655a1d4..107e47ce81 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -43,7 +43,7 @@ content => template('apache/mod/peruser.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } file { "${::apache::mod_dir}/peruser": ensure => directory, diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index c1f76065a6..4c5d85d56c 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -55,6 +55,6 @@ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 6a66ef1c90..90fa39a89c 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -39,7 +39,7 @@ content => template('apache/mod/prefork.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { @@ -56,7 +56,7 @@ line => '#HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp index 03c1e78c95..8c685d55b5 100644 --- a/manifests/mod/proxy.pp +++ b/manifests/mod/proxy.pp @@ -11,6 +11,6 @@ content => template('apache/mod/proxy.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp index 549eb117fa..279cb64ade 100644 --- a/manifests/mod/proxy_html.pp +++ b/manifests/mod/proxy_html.pp @@ -32,6 +32,6 @@ content => template('apache/mod/proxy_html.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp index 62088873bb..34c96a6784 100644 --- a/manifests/mod/reqtimeout.pp +++ b/manifests/mod/reqtimeout.pp @@ -9,6 +9,6 @@ content => template('apache/mod/reqtimeout.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp index 6fbc1d4e04..12b86eb8bd 100644 --- a/manifests/mod/rpaf.pp +++ b/manifests/mod/rpaf.pp @@ -15,6 +15,6 @@ content => template('apache/mod/rpaf.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 9641d70df5..57b75726e1 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -33,7 +33,7 @@ path => "${::apache::mod_dir}/security.conf", require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } file { $modsec_dir: @@ -56,7 +56,7 @@ ensure => file, content => template('apache/mod/security_crs.conf.erb'), require => File[$modsec_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } apache::security::rule_link { $activated_rules: } diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp index 15b1441d83..c73102dfbe 100644 --- a/manifests/mod/setenvif.pp +++ b/manifests/mod/setenvif.pp @@ -7,6 +7,6 @@ content => template('apache/mod/setenvif.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index c1278ff74f..4036fd28af 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -56,6 +56,6 @@ content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp index 9c61836960..4c3f8d9e25 100644 --- a/manifests/mod/status.pp +++ b/manifests/mod/status.pp @@ -41,6 +41,6 @@ content => template('apache/mod/status.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp index f9a572f463..c50beea06c 100644 --- a/manifests/mod/suphp.pp +++ b/manifests/mod/suphp.pp @@ -8,7 +8,7 @@ content => template('apache/mod/suphp.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } } diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp index accfe64a79..038e0790bc 100644 --- a/manifests/mod/userdir.pp +++ b/manifests/mod/userdir.pp @@ -13,6 +13,6 @@ content => template('apache/mod/userdir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 0d2815964b..48d1c9f229 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -41,7 +41,7 @@ content => template('apache/mod/worker.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { @@ -58,7 +58,7 @@ line => 'HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } } diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp index 7841706035..80f9738ff9 100644 --- a/manifests/mod/wsgi.pp +++ b/manifests/mod/wsgi.pp @@ -35,7 +35,7 @@ content => template('apache/mod/wsgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 180686cfa3..a5cca49882 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -23,7 +23,7 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } @@ -34,7 +34,7 @@ target => "${::apache::mod_dir}/${mpm}.conf", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if versioncmp($apache_version, '2.4') >= 0 { @@ -43,7 +43,7 @@ target => "${::apache::mod_dir}/${mpm}.load", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $mpm == 'itk' { diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp index 9e57ac30b2..97143a1d4f 100644 --- a/manifests/peruser/multiplexer.pp +++ b/manifests/peruser/multiplexer.pp @@ -12,6 +12,6 @@ ensure => file, content => "Multiplexer ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/multiplexers"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp index 1d68934657..30de61d7c4 100644 --- a/manifests/peruser/processor.pp +++ b/manifests/peruser/processor.pp @@ -12,6 +12,6 @@ ensure => file, content => "Processor ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/processors"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/manifests/service.pp b/manifests/service.pp index 0c1f7b96aa..d934f3d46b 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -20,12 +20,14 @@ $service_name = $::apache::params::service_name, $service_enable = true, $service_ensure = 'running', + $service_manage = true, ) { # The base class must be included first because parameter defaults depend on it if ! defined(Class['apache::params']) { fail('You must include the apache::params class before using any apache defined resources') } validate_bool($service_enable) + validate_bool($service_manage) case $service_ensure { true, false, 'running', 'stopped': { @@ -35,10 +37,11 @@ $_service_ensure = undef } } - - service { 'httpd': - ensure => $_service_ensure, - name => $service_name, - enable => $service_enable, + if $service_manage { + service { 'httpd': + ensure => $_service_ensure, + name => $service_name, + enable => $service_enable, + } } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e05cb566f..3c0b149dfe 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -438,7 +438,7 @@ mode => '0644', order => 'numeric', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } if $::osfamily == 'Debian' { $vhost_enable_dir = $::apache::vhost_enable_dir @@ -454,7 +454,7 @@ group => $::apache::params::root_group, mode => '0644', require => Concat["${priority_real}-${filename}.conf"], - notify => Service['httpd'], + notify => Class['apache::service'], } } diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 50ee3e85fa..82d589f78d 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -46,6 +46,7 @@ pp = <<-EOS class { 'apache': service_enable => true, + service_manage => true, service_ensure => running, } EOS @@ -75,6 +76,24 @@ class { 'apache': end end + describe 'service manage => false' do + it 'we dont manage the service, so it shouldnt start the service' do + pp = <<-EOS + class { 'apache': + service_enable => true, + service_manage => false, + service_ensure => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + end + describe 'purge parameters => false' do it 'applies cleanly' do pp = <<-EOS diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 4d6efbe3fd..fda1f51279 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -60,6 +60,14 @@ end end + context "$service_manage must be a bool" do + let (:params) {{ :service_manage => 'not-a-boolean' }} + + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a boolean/) + end + end + context "with $service_ensure => 'running'" do let (:params) {{ :service_ensure => 'running', }} it { is_expected.to contain_service("httpd").with( @@ -124,4 +132,29 @@ ) } end + + context "on a RedHat 5 OS, do not manage service" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '5', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + let(:params) do + { + 'service_ensure' => 'running', + 'service_name' => 'httpd', + 'service_manage' => false + } + end + it 'should not manage the httpd service' do + subject.should_not contain_service('httpd') + end + end + end diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 66b1862508..16b7f4e41d 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -285,7 +285,7 @@ 'owner' => 'root', 'mode' => '0644', 'require' => 'Package[httpd]', - 'notify' => 'Service[httpd]', + 'notify' => 'Class[Apache::Service]', }) } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } From cc36364179836f4152dafc9d40f78b611c220bf9 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 21 Jan 2015 16:36:22 -0800 Subject: [PATCH 081/105] MODULES-1680 - sort php_* hashes for idempotency They were already being sorted in templates/vhost/_php*.erb, but not in templates/vhost/_directories.erb --- templates/vhost/_directories.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 703afaa8dd..97f2318c64 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -88,24 +88,24 @@ PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> - <%- directory['php_flags'].each do |flag,value| -%> + <%- directory['php_flags'].sort.each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_values'] and ! directory['php_values'].empty? -%> - <%- directory['php_values'].each do |key,value| -%> + <%- directory['php_values'].sort.each do |key,value| -%> php_value <%= "#{key} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> - <%- directory['php_admin_flags'].each do |flag,value| -%> + <%- directory['php_admin_flags'].sort.each do |flag,value| -%> <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_admin_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> - <%- directory['php_admin_values'].each do |key,value| -%> + <%- directory['php_admin_values'].sort.each do |key,value| -%> php_admin_value <%= "#{key} #{value}" %> <%- end -%> <%- end -%> From 361ce833ba13cf555a54eec850e5d8579898fb3b Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 22 Jan 2015 05:35:56 -0700 Subject: [PATCH 082/105] MODULES-1696: ensure mod::setenvif is included if needed --- manifests/vhost.pp | 6 ++++++ spec/defines/vhost_spec.rb | 1 + 2 files changed, 7 insertions(+) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 9e05cb566f..d26f281f92 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -390,6 +390,12 @@ } } + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + if ! defined(Class['apache::mod::setenvif']) { + include ::apache::mod::setenvif + } + } + ## Create a default directory list if none defined if $directories { if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) { diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 66b1862508..7545a6e505 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -281,6 +281,7 @@ it { is_expected.to contain_class('apache::mod::passenger') } it { is_expected.to contain_class('apache::mod::fastcgi') } it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::setenvif') } it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ 'owner' => 'root', 'mode' => '0644', From 16e2a0de444fcf48ca0497b90341aa68674054d2 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Thu, 15 Jan 2015 06:41:47 -0700 Subject: [PATCH 083/105] MODULES-1688: fix indenting in vhost/_directories.erb template --- templates/vhost/_directories.erb | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 97f2318c64..685dad9a1f 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -3,20 +3,20 @@ ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> - <%- if /^(.*)match$/ =~ directory['provider'] -%> - <%- provider = $1.capitalize + 'Match' -%> - <%- else -%> - <%- provider = directory['provider'].capitalize -%> - <%- end -%> - <%- else -%> - <%- provider = 'Directory' -%> - <%- end -%> - <%- path = directory['path'] -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = $1.capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> + <%- end -%> + <%- else -%> + <%- provider = 'Directory' -%> + <%- end -%> + <%- path = directory['path'] -%> <<%= provider %> "<%= path %>"> - <%- if directory['headers'] -%> - <%- Array(directory['headers']).each do |header| -%> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> Header <%= header %> <%- end -%> <%- end -%> @@ -89,7 +89,7 @@ <%- end -%> <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> <%- directory['php_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> @@ -100,7 +100,7 @@ <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> <%- directory['php_admin_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_admin_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> From a723b5609723295630419e701035474eb5e2d140 Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Fri, 23 Jan 2015 06:44:51 -0700 Subject: [PATCH 084/105] add configuration options to mod_security --- README.md | 23 ++++++++++++++++++++++- manifests/mod/security.pp | 25 ++++++++++++++++++------- manifests/security/rule_link.pp | 1 + templates/mod/security_crs.conf.erb | 8 ++++---- 4 files changed, 45 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index d48e237f91..eef827481a 100644 --- a/README.md +++ b/README.md @@ -907,6 +907,10 @@ vhosts. include '::apache::mod::security' ``` +#####`crs_package` + +Name of package to install containing crs rules + #####`modsec_dir` Directory to install the modsec configuration and activated rules links into @@ -916,6 +920,23 @@ Directory to install the modsec configuration and activated rules links into Array of rules from the modsec_crs_path to activate by symlinking to ${modsec_dir}/activated_rules. +#####`allowed_methods` + +HTTP methods allowed by mod_security + +#####`content_types` + +Content-types allowed by mod_security + +#####`restricted_extensions` + +Extensions prohibited by mod_security + +#####`restricted_headers` + +Headers restricted by mod_security + + ####Defined Type: `apache::vhost` The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. @@ -1824,7 +1845,7 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ ``` *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. - + ######`php_value` and `php_flag` `php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp index 57b75726e1..84e55e2921 100644 --- a/manifests/mod/security.pp +++ b/manifests/mod/security.pp @@ -1,7 +1,11 @@ class apache::mod::security ( - $crs_package = $::apache::params::modsec_crs_package, - $activated_rules = $::apache::params::modsec_default_rules, - $modsec_dir = $::apache::params::modsec_dir, + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, + $allowed_methods = 'GET HEAD POST OPTIONS', + $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', + $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', + $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', ){ if $::osfamily == 'FreeBSD' { @@ -31,6 +35,8 @@ ensure => file, content => template('apache/mod/security.conf.erb'), path => "${::apache::mod_dir}/security.conf", + owner => $::apache::params::user, + group => $::apache::params::group, require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], @@ -42,14 +48,19 @@ group => $::apache::params::group, mode => '0555', purge => true, + force => true, recurse => true, } file { "${modsec_dir}/activated_rules": - ensure => directory, - owner => $::apache::params::user, - group => $::apache::params::group, - mode => '0555', + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + force => true, + recurse => true, + notify => Class['apache::service'], } file { "${modsec_dir}/security_crs.conf": diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp index 1ddc9d6aa3..a56a2d97f0 100644 --- a/manifests/security/rule_link.pp +++ b/manifests/security/rule_link.pp @@ -8,5 +8,6 @@ path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", target => "${::apache::params::modsec_crs_path}/${title}", require => File["${::apache::mod::security::modsec_dir}/activated_rules"], + notify => Class['apache::service'], } } diff --git a/templates/mod/security_crs.conf.erb b/templates/mod/security_crs.conf.erb index 4a990eb3a5..016efc797e 100644 --- a/templates/mod/security_crs.conf.erb +++ b/templates/mod/security_crs.conf.erb @@ -269,11 +269,11 @@ SecAction \ "id:'900012', \ phase:1, \ t:none, \ - setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \ - setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', \ + setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \ + setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \ setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ - setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \ - setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \ + setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \ + setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \ nolog, \ pass" From df385d64095cad7369ed404351e2a8c5f8207937 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 4 Feb 2015 17:02:03 +0100 Subject: [PATCH 085/105] Pin rspec gems --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 12fd363eac..62c5693973 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,8 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :unit_tests do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false gem 'puppet-lint', :require => false gem 'simplecov', :require => false From ad7d6bc9bb1594dc792ae82dd0fe1a89d10ca3bc Mon Sep 17 00:00:00 2001 From: Justin Lambert Date: Wed, 4 Feb 2015 13:36:01 -0700 Subject: [PATCH 086/105] use bool2httpd for server_signature and trace_enable --- templates/httpd.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 54d24c8ae3..9b889ac508 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -1,7 +1,7 @@ # Security ServerTokens <%= @server_tokens %> -ServerSignature <%= @server_signature %> -TraceEnable <%= @trace_enable %> +ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> +TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> ServerName "<%= @servername %>" ServerRoot "<%= @server_root %>" From 67f9c0cf665452fd30bb87ec073c8ee0b368083f Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Wed, 4 Feb 2015 14:01:10 -0800 Subject: [PATCH 087/105] (MODULES-1719) Add parameter for SSLRandomSeed bytes --- README.md | 6 ++++-- manifests/mod/ssl.pp | 1 + spec/classes/mod/ssl_spec.rb | 9 +++++++++ templates/mod/ssl.conf.erb | 4 ++-- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a4b17ae596..b36b16d89b 100644 --- a/README.md +++ b/README.md @@ -738,9 +738,11 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', + ssl_protocol => ['all','-SSLv2','-SSLv3'], ssl_pass_phrase_dialog => 'builtin', - ssl_protocol => 'all -SSLv2 -SSLv3', - } + ssl_random_seed_bytes => '512', + } ``` To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 4036fd28af..f2b62459e3 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -4,6 +4,7 @@ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index f3fc7ae645..75a844151e 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -106,5 +106,14 @@ it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} end + context 'setting ssl_random_seed_bytes' do + let :params do + { + :ssl_random_seed_bytes => '1024', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} + end + end end diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index a0e61650e0..6fb25c16ee 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -1,8 +1,8 @@ SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom 512 + SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl From 555825e4911ea87b25d3f840b9ca1ca8a87f7f79 Mon Sep 17 00:00:00 2001 From: Zachary Alex Stern Date: Fri, 6 Feb 2015 13:18:09 -0800 Subject: [PATCH 088/105] Fix license for forge linting. --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index f59c55a60b..73ef359875 100644 --- a/metadata.json +++ b/metadata.json @@ -3,7 +3,7 @@ "version": "1.2.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", - "license": "Apache 2.0", + "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", From 18ade35b9da6a6c0dea0ade8875e23e77548e080 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Mon, 9 Feb 2015 14:23:56 +0100 Subject: [PATCH 089/105] ssl_protocol expects a string, not an array. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b36b16d89b..42d04bc337 100644 --- a/README.md +++ b/README.md @@ -739,7 +739,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t ssl_compression => false, ssl_options => [ 'StdEnvVars' ], ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_protocol => ['all','-SSLv2','-SSLv3'], + ssl_protocol => 'all -SSLv2 -SSLv3', ssl_pass_phrase_dialog => 'builtin', ssl_random_seed_bytes => '512', } From 5bc940d74121815119c140cd0f96c0995fd65a67 Mon Sep 17 00:00:00 2001 From: cristi1979 Date: Wed, 10 Sep 2014 10:12:03 +0300 Subject: [PATCH 090/105] add _additional_includes.erb --- README.md | 4 ++++ manifests/init.pp | 2 ++ manifests/params.pp | 1 + spec/acceptance/apache_parameters_spec.rb | 2 +- spec/classes/apache_spec.rb | 10 ++++++++-- templates/httpd.conf.erb | 2 +- templates/vhost/_additional_includes.erb | 9 +++++++-- 7 files changed, 24 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index a4b17ae596..35d9cf6b74 100644 --- a/README.md +++ b/README.md @@ -1001,6 +1001,10 @@ Determines whether the vhost creates a Listen statement. The default value is 't Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +#####`use_optional_includes` + +Specifies if for apache > 2.4 it should use IncludeOptional instead of Include. + #####`additional_includes` Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. diff --git a/manifests/init.pp b/manifests/init.pp index 81f32e26a8..74cf753db4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -67,6 +67,7 @@ $trace_enable = 'On', $allow_encoded_slashes = undef, $package_ensure = 'installed', + $use_optional_includes = $::apache::params::use_optional_includes, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -74,6 +75,7 @@ # true/false is sufficient for both ensure and enable validate_bool($service_enable) validate_bool($service_manage) + validate_bool($use_optional_includes) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', diff --git a/manifests/params.pp b/manifests/params.pp index 7e19d99fa9..7568179fdc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -27,6 +27,7 @@ # The default error log level $log_level = 'warn' + $use_optional_includes = false if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index 82d589f78d..4c6fa7f56d 100644 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -242,7 +242,7 @@ class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } describe 'confd_dir' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped }" + pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }" apply_manifest(pp, :catch_failures => true) end end diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a9d9438544..a8786bba5e 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -92,7 +92,10 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => '2.4' } + { + :apache_version => '2.4', + :use_optional_includes => true + } end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } @@ -315,7 +318,10 @@ context "with Apache version >= 2.4" do let :params do - { :apache_version => '2.4' } + { + :apache_version => '2.4', + :use_optional_includes => true + } end it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 54d24c8ae3..fd9b0a293d 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -64,7 +64,7 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" diff --git a/templates/vhost/_additional_includes.erb b/templates/vhost/_additional_includes.erb index d4d5f91342..aa9f0fe351 100644 --- a/templates/vhost/_additional_includes.erb +++ b/templates/vhost/_additional_includes.erb @@ -1,5 +1,10 @@ <% Array(@additional_includes).each do |include| -%> - + ## Load additional static includes - Include "<%= include %>" +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> +IncludeOptional "<%= include %>" +<%- else -%> +Include "<%= include %>" +<%- end -%> + <% end -%> From 1581972e83c52b6fd3e56fc41b0c8319788f017f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 07:53:32 -0800 Subject: [PATCH 091/105] Fix for PR 845 `use_optional_includes` should only be used for `additional_includes`, otherwise things don't work. --- README.md | 2 +- templates/httpd.conf.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e18516a1f5..96339e86fe 100644 --- a/README.md +++ b/README.md @@ -1005,7 +1005,7 @@ Setting `add_listen` to 'false' stops the vhost from creating a Listen statement #####`use_optional_includes` -Specifies if for apache > 2.4 it should use IncludeOptional instead of Include. +Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'. #####`additional_includes` diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 417526ba3c..9b889ac508 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -64,7 +64,7 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" From c971a1fd088f0212e2e703397a63f58b91c592a5 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 07:44:26 -0800 Subject: [PATCH 092/105] FM-2140 - Fix for suphp test Add a sleep in the suphp test to allow things to start up properly --- spec/acceptance/mod_suphp_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index 1b91581441..190edfc613 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -32,6 +32,7 @@ class { 'apache::mod::suphp': } end it 'should answer to suphp.example.com' do + shell("/bin/sleep 10") shell("/usr/bin/curl suphp.example.com:80") do |r| expect(r.stdout).to match(/^daemon$/) expect(r.exit_code).to eq(0) From e11d499722ea60332cb32758144a20c98403849f Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 11:35:50 -0800 Subject: [PATCH 093/105] Concat started using a new fact --- spec/classes/apache_spec.rb | 5 +++++ spec/classes/dev_spec.rb | 3 +++ spec/classes/mod/alias_spec.rb | 4 ++++ spec/classes/mod/auth_kerb_spec.rb | 3 +++ spec/classes/mod/authnz_ldap_spec.rb | 2 ++ spec/classes/mod/dav_svn_spec.rb | 3 +++ spec/classes/mod/deflate_spec.rb | 3 +++ spec/classes/mod/dev_spec.rb | 1 + spec/classes/mod/dir_spec.rb | 3 +++ spec/classes/mod/event_spec.rb | 3 +++ spec/classes/mod/fastcgi_spec.rb | 2 ++ spec/classes/mod/fcgid_spec.rb | 4 ++++ spec/classes/mod/info_spec.rb | 3 +++ spec/classes/mod/itk_spec.rb | 2 ++ spec/classes/mod/mime_magic_spec.rb | 3 +++ spec/classes/mod/mime_spec.rb | 2 ++ spec/classes/mod/negotiation_spec.rb | 1 + spec/classes/mod/pagespeed_spec.rb | 2 ++ spec/classes/mod/passenger_spec.rb | 7 +++++++ spec/classes/mod/perl_spec.rb | 3 +++ spec/classes/mod/peruser_spec.rb | 1 + spec/classes/mod/php_spec.rb | 4 ++++ spec/classes/mod/prefork_spec.rb | 3 +++ spec/classes/mod/proxy_connect_spec.rb | 1 + spec/classes/mod/proxy_html_spec.rb | 3 +++ spec/classes/mod/python_spec.rb | 3 +++ spec/classes/mod/reqtimeout_spec.rb | 3 +++ spec/classes/mod/rpaf_spec.rb | 2 ++ spec/classes/mod/security_spec.rb | 4 +++- spec/classes/mod/shib_spec.rb | 4 +++- spec/classes/mod/speling_spec.rb | 2 ++ spec/classes/mod/ssl_spec.rb | 5 +++++ spec/classes/mod/status_spec.rb | 7 +++++++ spec/classes/mod/suphp_spec.rb | 2 ++ spec/classes/mod/worker_spec.rb | 4 ++++ spec/classes/mod/wsgi_spec.rb | 3 +++ spec/classes/params_spec.rb | 1 + spec/classes/service_spec.rb | 4 ++++ spec/defines/balancermember_spec.rb | 1 + spec/defines/custom_config_spec.rb | 1 + spec/defines/fastcgi_server_spec.rb | 4 ++++ spec/defines/mod_spec.rb | 3 +++ spec/defines/modsec_link_spec.rb | 4 +++- spec/defines/vhost_spec.rb | 7 +++++++ 44 files changed, 132 insertions(+), 3 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index a8786bba5e..6d1e3ca00e 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -12,6 +12,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -221,6 +222,7 @@ :operatingsystemrelease => '5', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -541,6 +543,7 @@ :operatingsystemrelease => '9', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -621,6 +624,7 @@ :operatingsystemrelease => '6', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with a custom apache_name parameter' do @@ -659,6 +663,7 @@ { :osfamily => 'Darwin', :operatingsystemrelease => '13.1.0', :concat_basedir => '/dne', + :is_pe => false, } end diff --git a/spec/classes/dev_spec.rb b/spec/classes/dev_spec.rb index df342d40e8..83292b1b15 100644 --- a/spec/classes/dev_spec.rb +++ b/spec/classes/dev_spec.rb @@ -8,6 +8,7 @@ :osfamily => 'Debian', :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -21,6 +22,7 @@ :osfamily => 'RedHat', :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -35,6 +37,7 @@ :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 503575af61..7f1458ccf8 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -15,6 +15,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -30,6 +31,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -45,6 +47,7 @@ :operatingsystemrelease => '7', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } @@ -60,6 +63,7 @@ :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } diff --git a/spec/classes/mod/auth_kerb_spec.rb b/spec/classes/mod/auth_kerb_spec.rb index 1706bfb8d3..8f82ff4dd4 100644 --- a/spec/classes/mod/auth_kerb_spec.rb +++ b/spec/classes/mod/auth_kerb_spec.rb @@ -15,6 +15,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index a0a913a6e2..f897833996 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -16,6 +16,7 @@ :kernel => 'Linux', :operatingsystem => 'Debian', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -49,6 +50,7 @@ :kernel => 'Linux', :operatingsystem => 'RedHat', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/dav_svn_spec.rb b/spec/classes/mod/dav_svn_spec.rb index 95abef9948..791baae03c 100644 --- a/spec/classes/mod/dav_svn_spec.rb +++ b/spec/classes/mod/dav_svn_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -50,6 +52,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index c61010f28a..343e940f63 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -41,6 +41,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end @@ -67,6 +68,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '6', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end @@ -86,6 +88,7 @@ class { "apache::mod::deflate": :operatingsystemrelease => '9', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end diff --git a/spec/classes/mod/dev_spec.rb b/spec/classes/mod/dev_spec.rb index 84d80e344a..f653389776 100644 --- a/spec/classes/mod/dev_spec.rb +++ b/spec/classes/mod/dev_spec.rb @@ -18,6 +18,7 @@ :osfamily => osfamily, :operatingsystem => osfamily, :operatingsystemrelease => operatingsystemrelease, + :is_pe => false, } end it { is_expected.to contain_class('apache::dev') } diff --git a/spec/classes/mod/dir_spec.rb b/spec/classes/mod/dir_spec.rb index 1efed2fe79..8aec59fed0 100644 --- a/spec/classes/mod/dir_spec.rb +++ b/spec/classes/mod/dir_spec.rb @@ -17,6 +17,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :lsbdistcodename => 'squeeze', + :is_pe => false, } end context "passing no parameters" do @@ -48,6 +49,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do @@ -79,6 +81,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index 7030a72e8b..bc5aa41106 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -108,6 +110,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/fastcgi_spec.rb b/spec/classes/mod/fastcgi_spec.rb index 126c5cc3ef..e204bb7460 100644 --- a/spec/classes/mod/fastcgi_spec.rb +++ b/spec/classes/mod/fastcgi_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/fcgid_spec.rb b/spec/classes/mod/fcgid_spec.rb index a342e58135..214ec75bea 100644 --- a/spec/classes/mod/fcgid_spec.rb +++ b/spec/classes/mod/fcgid_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -35,6 +36,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -79,6 +81,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -103,6 +106,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index 20ed127dcb..cdf1663456 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -78,6 +78,7 @@ def general_info_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -104,6 +105,7 @@ def general_info_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -126,6 +128,7 @@ def general_info_specs :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index b5d50a18af..5556f5ee7c 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/mime_magic_spec.rb b/spec/classes/mod/mime_magic_spec.rb index 5e78230e28..f846ce386b 100644 --- a/spec/classes/mod/mime_magic_spec.rb +++ b/spec/classes/mod/mime_magic_spec.rb @@ -21,6 +21,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -65,6 +66,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -91,6 +93,7 @@ def general_mime_magic_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/mime_spec.rb b/spec/classes/mod/mime_spec.rb index 32edbc4b02..3c7ad88d18 100644 --- a/spec/classes/mod/mime_spec.rb +++ b/spec/classes/mod/mime_spec.rb @@ -21,6 +21,7 @@ def general_mime_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -40,6 +41,7 @@ def general_mime_specs :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/negotiation_spec.rb b/spec/classes/mod/negotiation_spec.rb index d01442cb9a..813e76def0 100644 --- a/spec/classes/mod/negotiation_spec.rb +++ b/spec/classes/mod/negotiation_spec.rb @@ -13,6 +13,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/pagespeed_spec.rb b/spec/classes/mod/pagespeed_spec.rb index c4abd3e100..c3f5a41447 100644 --- a/spec/classes/mod/pagespeed_spec.rb +++ b/spec/classes/mod/pagespeed_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -33,6 +34,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index 0093d4b919..9c9935939e 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -130,6 +131,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -149,6 +151,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -168,6 +171,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -187,6 +191,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -206,6 +211,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -244,6 +250,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/perl_spec.rb b/spec/classes/mod/perl_spec.rb index 2c14c31f06..5bfe8ff2d2 100644 --- a/spec/classes/mod/perl_spec.rb +++ b/spec/classes/mod/perl_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index c0dfc96f55..9ae063cceb 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index cf61318797..1508863513 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -12,6 +12,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do @@ -49,6 +50,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with default params" do @@ -130,6 +132,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do @@ -163,6 +166,7 @@ :concat_basedir => '/dne', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with content param' do diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index 34bca08dc0..f5c0e93759 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -105,6 +107,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/proxy_connect_spec.rb b/spec/classes/mod/proxy_connect_spec.rb index c54d255a5e..f4b4cc2e6b 100644 --- a/spec/classes/mod/proxy_connect_spec.rb +++ b/spec/classes/mod/proxy_connect_spec.rb @@ -16,6 +16,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'with Apache version < 2.4' do diff --git a/spec/classes/mod/proxy_html_spec.rb b/spec/classes/mod/proxy_html_spec.rb index 81a2bb5371..ce3e70c3a9 100644 --- a/spec/classes/mod/proxy_html_spec.rb +++ b/spec/classes/mod/proxy_html_spec.rb @@ -25,6 +25,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :hardwaremodel => 'i386', + :is_pe => false, } end @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -76,6 +78,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/python_spec.rb b/spec/classes/mod/python_spec.rb index 17b62d43bd..9b6d846de0 100644 --- a/spec/classes/mod/python_spec.rb +++ b/spec/classes/mod/python_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -31,6 +32,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -47,6 +49,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/reqtimeout_spec.rb b/spec/classes/mod/reqtimeout_spec.rb index 07c09b0940..97aa7db453 100644 --- a/spec/classes/mod/reqtimeout_spec.rb +++ b/spec/classes/mod/reqtimeout_spec.rb @@ -17,6 +17,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :lsbdistcodename => 'squeeze', + :is_pe => false, } end context "passing no parameters" do @@ -51,6 +52,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do @@ -85,6 +87,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index ca3a594848..418797bdf8 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -56,6 +57,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/security_spec.rb b/spec/classes/mod/security_spec.rb index 05586c2caa..93f751ee4e 100644 --- a/spec/classes/mod/security_spec.rb +++ b/spec/classes/mod/security_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :concat_basedir => '/', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { should contain_apache__mod('security').with( @@ -57,7 +58,8 @@ :lsbdistcodename => 'squeeze', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :kernel => 'Linux' + :kernel => 'Linux', + :is_pe => false, } end it { should contain_apache__mod('security').with( diff --git a/spec/classes/mod/shib_spec.rb b/spec/classes/mod/shib_spec.rb index e515db96df..0254d4c3c6 100644 --- a/spec/classes/mod/shib_spec.rb +++ b/spec/classes/mod/shib_spec.rb @@ -14,6 +14,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :fqdn => 'test.example.com', + :is_pe => false, } end describe 'with no parameters' do @@ -31,10 +32,11 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :fqdn => 'test.example.com', + :is_pe => false, } end describe 'with no parameters' do it { should contain_apache__mod('shib2').with_id('mod_shib') } end end -end \ No newline at end of file +end diff --git a/spec/classes/mod/speling_spec.rb b/spec/classes/mod/speling_spec.rb index 814e0d6720..b07af25897 100644 --- a/spec/classes/mod/speling_spec.rb +++ b/spec/classes/mod/speling_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__mod('speling') } @@ -30,6 +31,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__mod('speling') } diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 75a844151e..f7755ed362 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { expect { subject }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } @@ -29,6 +30,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -56,6 +58,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -73,6 +76,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class('apache::params') } @@ -90,6 +94,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 502562959c..e3b3d24428 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -36,6 +36,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -65,6 +66,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -87,6 +89,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -112,6 +115,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -134,6 +138,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -159,6 +164,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -183,6 +189,7 @@ def status_conf_spec(allow_from, extended_status, status_path) :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do diff --git a/spec/classes/mod/suphp_spec.rb b/spec/classes/mod/suphp_spec.rb index b74b4c8646..9b20000f30 100644 --- a/spec/classes/mod/suphp_spec.rb +++ b/spec/classes/mod/suphp_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -30,6 +31,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 5902c2c7ea..7afdb70e6a 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -60,6 +61,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -105,6 +107,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -123,6 +126,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/classes/mod/wsgi_spec.rb b/spec/classes/mod/wsgi_spec.rb index a68c808305..e8dd00db0a 100644 --- a/spec/classes/mod/wsgi_spec.rb +++ b/spec/classes/mod/wsgi_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -34,6 +35,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } @@ -112,6 +114,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_class("apache::params") } diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb index 6f63758a3a..92b314f92e 100644 --- a/spec/classes/params_spec.rb +++ b/spec/classes/params_spec.rb @@ -12,6 +12,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_apache__params } diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index fda1f51279..786b3935f4 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -15,6 +15,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -103,6 +104,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -123,6 +125,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { is_expected.to contain_service("httpd").with( @@ -143,6 +146,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let(:params) do diff --git a/spec/defines/balancermember_spec.rb b/spec/defines/balancermember_spec.rb index b7293b390e..0322d308eb 100644 --- a/spec/defines/balancermember_spec.rb +++ b/spec/defines/balancermember_spec.rb @@ -28,6 +28,7 @@ :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernel => 'Linux', + :is_pe => false, } end describe "allows multiple balancermembers with the same url" do diff --git a/spec/defines/custom_config_spec.rb b/spec/defines/custom_config_spec.rb index 187b8a7b56..e9650a736b 100644 --- a/spec/defines/custom_config_spec.rb +++ b/spec/defines/custom_config_spec.rb @@ -17,6 +17,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'defaults with content' do diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 1dc8fd444a..8aa422dbcb 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -18,6 +18,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -39,6 +40,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -59,6 +61,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :facts do default_facts end @@ -81,6 +84,7 @@ :id => 'root', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end describe ".conf content" do diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index 377c877926..dbeaf4ac40 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -14,6 +14,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -57,6 +58,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -96,6 +98,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end diff --git a/spec/defines/modsec_link_spec.rb b/spec/defines/modsec_link_spec.rb index c1633d01d8..a5b4c5390c 100644 --- a/spec/defines/modsec_link_spec.rb +++ b/spec/defines/modsec_link_spec.rb @@ -21,6 +21,7 @@ class { "apache::mod::security": activated_rules => [] } :id => 'root', :concat_basedir => '/', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { should contain_file('modsecurity_35_bad_robots.data').with( @@ -39,7 +40,8 @@ class { "apache::mod::security": activated_rules => [] } :lsbdistcodename => 'squeeze', :id => 'root', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :kernel => 'Linux' + :kernel => 'Linux', + :is_pe => false, } end it { should contain_file('modsecurity_35_bad_robots.data').with( diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 9a8746a233..e52c901587 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -24,6 +24,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -42,6 +43,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -68,6 +70,7 @@ :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end @@ -91,6 +94,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end describe 'basic assumptions' do @@ -257,6 +261,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernelversion => '3.6.2', + :is_pe => false, } end @@ -350,6 +355,7 @@ :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :kernelversion => '3.6.2', + :is_pe => false, } end @@ -418,6 +424,7 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context 'single log file' do From be8de013021a924cbf0024afef604db4e4e865f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 11 Feb 2015 14:20:13 -0800 Subject: [PATCH 094/105] Fixup for PR 928 - omit priority There were a lot of conflicts in vhost so I updated them manually rather than in the merge. --- manifests/vhost.pp | 94 +++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index edd589a623..5d2ad8e5d6 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -230,11 +230,13 @@ # Configure the defaultness of a vhost if $priority { - $priority_real = $priority + $priority_real = "${priority}-" + } elsif $priority == false { + $priority_real = '' } elsif $default_vhost { - $priority_real = '10' + $priority_real = '10-' } else { - $priority_real = '25' + $priority_real = '25-' } ## Apache include does not always work with spaces in the filename @@ -249,7 +251,7 @@ group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}${filename}.conf"], } } @@ -259,7 +261,7 @@ ensure => $logroot_ensure, mode => $logroot_mode, require => Package['httpd'], - before => Concat["${priority_real}-${filename}.conf"], + before => Concat["${priority_real}${filename}.conf"], } } @@ -436,9 +438,9 @@ } } - concat { "${priority_real}-${filename}.conf": + concat { "${priority_real}${filename}.conf": ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -452,14 +454,14 @@ present => link, default => $ensure, } - file{ "${priority_real}-${filename}.conf symlink": + file{ "${priority_real}${filename}.conf symlink": ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${vhost_enable_dir}/${priority_real}${filename}.conf", + target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => Concat["${priority_real}-${filename}.conf"], + require => Concat["${priority_real}${filename}.conf"], notify => Class['apache::service'], } } @@ -469,7 +471,7 @@ # - $servername # - $serveradmin concat::fragment { "${name}-apache-header": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 0, content => template('apache/vhost/_file_header.erb'), } @@ -478,7 +480,7 @@ # - $virtual_docroot # - $docroot concat::fragment { "${name}-docroot": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 10, content => template('apache/vhost/_docroot.erb'), } @@ -487,7 +489,7 @@ # - $aliases if $aliases and ! empty($aliases) { concat::fragment { "${name}-aliases": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 20, content => template('apache/vhost/_aliases.erb'), } @@ -498,7 +500,7 @@ # - $::kernelversion if $itk and ! empty($itk) { concat::fragment { "${name}-itk": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 30, content => template('apache/vhost/_itk.erb'), } @@ -508,7 +510,7 @@ # - $fallbackresource if $fallbackresource { concat::fragment { "${name}-fallbackresource": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 40, content => template('apache/vhost/_fallbackresource.erb'), } @@ -518,7 +520,7 @@ # - $allow_encoded_slashes if $allow_encoded_slashes { concat::fragment { "${name}-allow_encoded_slashes": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 50, content => template('apache/vhost/_allow_encoded_slashes.erb'), } @@ -532,7 +534,7 @@ # - $shibboleth_enabled if $_directories and ! empty($_directories) { concat::fragment { "${name}-directories": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 60, content => template('apache/vhost/_directories.erb'), } @@ -542,7 +544,7 @@ # - $additional_includes if $additional_includes and ! empty($additional_includes) { concat::fragment { "${name}-additional_includes": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 70, content => template('apache/vhost/_additional_includes.erb'), } @@ -555,7 +557,7 @@ # - $log_level if $error_log or $log_level { concat::fragment { "${name}-logging": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 80, content => template('apache/vhost/_logging.erb'), } @@ -563,7 +565,7 @@ # Template uses no variables concat::fragment { "${name}-serversignature": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 90, content => template('apache/vhost/_serversignature.erb'), } @@ -577,7 +579,7 @@ # - $access_logs if $access_log or $access_logs { concat::fragment { "${name}-access_log": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 100, content => template('apache/vhost/_access_log.erb'), } @@ -587,7 +589,7 @@ # - $action if $action { concat::fragment { "${name}-action": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 110, content => template('apache/vhost/_action.erb'), } @@ -598,7 +600,7 @@ # - $apache_version if $block and ! empty($block) { concat::fragment { "${name}-block": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 120, content => template('apache/vhost/_block.erb'), } @@ -608,7 +610,7 @@ # - $error_documents if $error_documents and ! empty($error_documents) { concat::fragment { "${name}-error_document": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 130, content => template('apache/vhost/_error_document.erb'), } @@ -621,7 +623,7 @@ # - $no_proxy_uris if $proxy_dest or $proxy_pass { concat::fragment { "${name}-proxy": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 140, content => template('apache/vhost/_proxy.erb'), } @@ -631,7 +633,7 @@ # - $rack_base_uris if $rack_base_uris { concat::fragment { "${name}-rack": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 150, content => template('apache/vhost/_rack.erb'), } @@ -652,7 +654,7 @@ # - $redirectmatch_dest if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 160, content => template('apache/vhost/_redirect.erb'), } @@ -665,7 +667,7 @@ # - $rewrite_cond if $rewrites or $rewrite_rule { concat::fragment { "${name}-rewrite": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 170, content => template('apache/vhost/_rewrite.erb'), } @@ -676,7 +678,7 @@ # - $scriptalias if $scriptaliases and ! empty($scriptaliases) { concat::fragment { "${name}-scriptalias": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 180, content => template('apache/vhost/_scriptalias.erb'), } @@ -686,7 +688,7 @@ # - $serveraliases if $serveraliases and ! empty($serveraliases) { concat::fragment { "${name}-serveralias": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 190, content => template('apache/vhost/_serveralias.erb'), } @@ -697,7 +699,7 @@ # - $setenvif if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { concat::fragment { "${name}-setenv": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 200, content => template('apache/vhost/_setenv.erb'), } @@ -723,7 +725,7 @@ # - $apache_version if $ssl { concat::fragment { "${name}-ssl": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 210, content => template('apache/vhost/_ssl.erb'), } @@ -735,7 +737,7 @@ # - $suphp_configpath if $suphp_engine == 'on' { concat::fragment { "${name}-suphp": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 220, content => template('apache/vhost/_suphp.erb'), } @@ -746,7 +748,7 @@ # - $php_flags if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { concat::fragment { "${name}-php": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 220, content => template('apache/vhost/_php.erb'), } @@ -757,7 +759,7 @@ # - $php_admin_flags if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { concat::fragment { "${name}-php_admin": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 230, content => template('apache/vhost/_php_admin.erb'), } @@ -767,7 +769,7 @@ # - $headers if $headers and ! empty($headers) { concat::fragment { "${name}-header": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 240, content => template('apache/vhost/_header.erb'), } @@ -777,7 +779,7 @@ # - $request_headers if $request_headers and ! empty($request_headers) { concat::fragment { "${name}-requestheader": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 250, content => template('apache/vhost/_requestheader.erb'), } @@ -794,7 +796,7 @@ # - $wsgi_pass_authorization if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { concat::fragment { "${name}-wsgi": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 260, content => template('apache/vhost/_wsgi.erb'), } @@ -804,7 +806,7 @@ # - $custom_fragment if $custom_fragment { concat::fragment { "${name}-custom_fragment": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 270, content => template('apache/vhost/_custom_fragment.erb'), } @@ -817,7 +819,7 @@ # - $apache_version if $fastcgi_server or $fastcgi_dir { concat::fragment { "${name}-fastcgi": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 280, content => template('apache/vhost/_fastcgi.erb'), } @@ -827,7 +829,7 @@ # - $suexec_user_group if $suexec_user_group { concat::fragment { "${name}-suexec": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 290, content => template('apache/vhost/_suexec.erb'), } @@ -841,7 +843,7 @@ # - $passenger_pre_start if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 300, content => template('apache/vhost/_passenger.erb'), } @@ -851,7 +853,7 @@ # - $add_default_charset if $add_default_charset { concat::fragment { "${name}-charsets": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 310, content => template('apache/vhost/_charsets.erb'), } @@ -864,7 +866,7 @@ # - $modsec_body_limit if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { concat::fragment { "${name}-security": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 320, content => template('apache/vhost/_security.erb') } @@ -872,7 +874,7 @@ # Template uses no variables concat::fragment { "${name}-file_footer": - target => "${priority_real}-${filename}.conf", + target => "${priority_real}${filename}.conf", order => 999, content => template('apache/vhost/_file_footer.erb'), } From 1e50cd6f32d722281d8294168b6f58691f526792 Mon Sep 17 00:00:00 2001 From: Seth Lyons Date: Tue, 23 Dec 2014 00:47:25 +0000 Subject: [PATCH 095/105] change default version for freebsd from 2.2 to 2.4 --- README.md | 1 + manifests/default_mods.pp | 22 ++--- manifests/init.pp | 2 +- manifests/mod/alias.pp | 2 +- manifests/mod/cgi.pp | 8 +- manifests/mod/cgid.pp | 7 +- manifests/mod/disk_cache.pp | 8 +- manifests/mod/filter.pp | 3 + manifests/mod/peruser.pp | 107 ++++++++++++------------ manifests/mod/php.pp | 6 +- manifests/mpm.pp | 5 +- manifests/package.pp | 69 ++++++++------- manifests/params.pp | 26 +++--- manifests/version.pp | 2 +- spec/acceptance/class_spec.rb | 4 +- spec/acceptance/default_mods_spec.rb | 4 +- spec/acceptance/itk_spec.rb | 2 +- spec/acceptance/mod_dav_svn_spec.rb | 4 +- spec/acceptance/mod_deflate_spec.rb | 4 +- spec/acceptance/mod_mime_spec.rb | 4 +- spec/acceptance/mod_negotiation_spec.rb | 6 +- spec/acceptance/mod_pagespeed_spec.rb | 6 +- spec/acceptance/mod_php_spec.rb | 6 +- spec/acceptance/mod_proxy_html_spec.rb | 2 +- spec/acceptance/prefork_worker_spec.rb | 2 +- spec/acceptance/version.rb | 18 ++-- spec/classes/apache_spec.rb | 17 ++-- spec/classes/mod/alias_spec.rb | 4 +- spec/classes/mod/deflate_spec.rb | 2 +- spec/classes/mod/event_spec.rb | 2 +- spec/classes/mod/info_spec.rb | 68 +++++++++++++-- spec/classes/mod/itk_spec.rb | 6 +- spec/classes/mod/peruser_spec.rb | 10 ++- spec/classes/mod/php_spec.rb | 6 +- spec/classes/mod/prefork_spec.rb | 2 +- spec/classes/mod/rpaf_spec.rb | 2 +- spec/classes/mod/worker_spec.rb | 2 +- spec/classes/service_spec.rb | 2 +- spec/defines/fastcgi_server_spec.rb | 2 +- spec/defines/mod_spec.rb | 4 +- spec/defines/vhost_spec.rb | 2 +- 41 files changed, 278 insertions(+), 183 deletions(-) create mode 100644 manifests/mod/filter.pp diff --git a/README.md b/README.md index 984e2ce300..a8d621e4ed 100644 --- a/README.md +++ b/README.md @@ -535,6 +535,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `expires` * `fastcgi` * `fcgid` +* `filter` * `headers` * `include` * `info`* diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 09e360a49e..d3f5dc0a90 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -7,7 +7,7 @@ # They are not configurable at this time, so we just include # them to make sure it works. case $::osfamily { - 'redhat', 'freebsd': { + 'redhat': { ::apache::mod { 'log_config': } if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it @@ -18,6 +18,10 @@ ::apache::mod { 'unixd': } } } + 'freebsd': { + ::apache::mod { 'log_config': } + ::apache::mod { 'unixd': } + } default: {} } ::apache::mod { 'authz_host': } @@ -74,26 +78,27 @@ include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling + include ::apache::mod::filter ::apache::mod { 'asis': } ::apache::mod { 'auth_digest': } - ::apache::mod { 'authn_alias': } + ::apache::mod { 'auth_form': } ::apache::mod { 'authn_anon': } + ::apache::mod { 'authn_core': } ::apache::mod { 'authn_dbm': } - ::apache::mod { 'authn_default': } + ::apache::mod { 'authn_socache': } + ::apache::mod { 'authz_dbd': } ::apache::mod { 'authz_dbm': } ::apache::mod { 'authz_owner': } - ::apache::mod { 'cern_meta': } - ::apache::mod { 'charset_lite': } ::apache::mod { 'dumpio': } ::apache::mod { 'expires': } ::apache::mod { 'file_cache': } - ::apache::mod { 'filter':} ::apache::mod { 'imagemap':} ::apache::mod { 'include': } ::apache::mod { 'logio': } + ::apache::mod { 'request': } + ::apache::mod { 'session': } ::apache::mod { 'unique_id': } - ::apache::mod { 'usertrack': } } default: {} } @@ -126,9 +131,6 @@ id => 'authz_core_module', } - # filter is needed by mod_deflate - ::apache::mod { 'filter': } - # lots of stuff seems to break without access_compat ::apache::mod { 'access_compat': } } else { diff --git a/manifests/init.pp b/manifests/init.pp index 74cf753db4..f7b89076d8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -259,7 +259,7 @@ 'freebsd': { $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' - $scriptalias = '/usr/local/www/apache22/cgi-bin' + $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } default: { diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index ff196b01a3..c9f8e4dab1 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -9,7 +9,7 @@ true => '/usr/share/httpd/icons', default => '/var/www/icons', }, - 'freebsd' => '/usr/local/www/apache22/icons', + 'freebsd' => '/usr/local/www/apache24/icons', } apache::mod { 'alias': } # Template uses $icons_path diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp index 6c3c6aec8d..91352e8c8d 100644 --- a/manifests/mod/cgi.pp +++ b/manifests/mod/cgi.pp @@ -1,4 +1,10 @@ class apache::mod::cgi { - Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + } + } + ::apache::mod { 'cgi': } } diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp index ee9044cd5a..8946f652b9 100644 --- a/manifests/mod/cgid.pp +++ b/manifests/mod/cgid.pp @@ -1,5 +1,10 @@ class apache::mod::cgid { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + } + } # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp index 54c0528379..2730809cf1 100644 --- a/manifests/mod/disk_cache.pp +++ b/manifests/mod/disk_cache.pp @@ -4,6 +4,12 @@ 'redhat' => '/var/cache/mod_proxy', 'freebsd' => '/var/cache/mod_disk_cache', } + + $mod_name = $::osfamily ? { + 'FreeBSD' => 'cache_disk', + default => 'disk_cache', + } + if $::osfamily != 'FreeBSD' { # FIXME: investigate why disk_cache was dependent on proxy # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not @@ -11,7 +17,7 @@ } Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - apache::mod { 'disk_cache': } + apache::mod { $mod_name: } # Template uses $cache_proxy file { 'disk_cache.conf': ensure => file, diff --git a/manifests/mod/filter.pp b/manifests/mod/filter.pp new file mode 100644 index 0000000000..26dc488b3a --- /dev/null +++ b/manifests/mod/filter.pp @@ -0,0 +1,3 @@ +class apache::mod::filter { + ::apache::mod { 'filter': } +} diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp index 107e47ce81..6b9dfad95f 100644 --- a/manifests/mod/peruser.pp +++ b/manifests/mod/peruser.pp @@ -8,66 +8,63 @@ $expiretimeout = '120', $keepalive = 'Off', ) { - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::peruser and apache::mod::event on the same node') - } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - } - - $mod_dir = $::apache::mod_dir - - # Template uses: - # - $minspareprocessors - # - $minprocessors - # - $maxprocessors - # - $maxclients - # - $maxrequestsperchild - # - $idletimeout - # - $expiretimeout - # - $keepalive - # - $mod_dir - file { "${::apache::mod_dir}/peruser.conf": - ensure => file, - content => template('apache/mod/peruser.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - file { "${::apache::mod_dir}/peruser": - ensure => directory, - require => File[$::apache::mod_dir], - } - file { "${::apache::mod_dir}/peruser/multiplexers": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - file { "${::apache::mod_dir}/peruser/processors": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - - ::apache::peruser::multiplexer { '01-default': } case $::osfamily { 'freebsd' : { - class { '::apache::package': - mpm_module => 'peruser' - } + fail("Unsupported osfamily ${::osfamily}") } default: { - fail("Unsupported osfamily ${::osfamily}") + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::peruser and apache::mod::event on the same node') + } + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') + } + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') + } + File { + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + } + + $mod_dir = $::apache::mod_dir + + # Template uses: + # - $minspareprocessors + # - $minprocessors + # - $maxprocessors + # - $maxclients + # - $maxrequestsperchild + # - $idletimeout + # - $expiretimeout + # - $keepalive + # - $mod_dir + file { "${::apache::mod_dir}/peruser.conf": + ensure => file, + content => template('apache/mod/peruser.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + file { "${::apache::mod_dir}/peruser": + ensure => directory, + require => File[$::apache::mod_dir], + } + file { "${::apache::mod_dir}/peruser/multiplexers": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + file { "${::apache::mod_dir}/peruser/processors": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + + ::apache::peruser::multiplexer { '01-default': } } } } diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp index 4c5d85d56c..1d1274f3b4 100644 --- a/manifests/mod/php.pp +++ b/manifests/mod/php.pp @@ -6,7 +6,9 @@ $content = undef, $template = 'apache/mod/php5.conf.erb', $source = undef, -) { + $root_group = $::apache::params::root_group, +) inherits apache::params { + if defined(Class['::apache::mod::prefork']) { Class['::apache::mod::prefork']->File['php5.conf'] } @@ -47,7 +49,7 @@ ensure => file, path => "${::apache::mod_dir}/php5.conf", owner => 'root', - group => 'root', + group => $root_group, mode => '0644', content => $manage_content, source => $source, diff --git a/manifests/mpm.pp b/manifests/mpm.pp index a5cca49882..2b33634f29 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -13,7 +13,10 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 and + (($::osfamily != 'FreeBSD') or + ($::osfamily == 'FreeBSD' and $mpm == 'itk')) { + file { "${mod_dir}/${mpm}.load": ensure => file, path => "${mod_dir}/${mpm}.load", diff --git a/manifests/package.pp b/manifests/package.pp index a4e4015c52..56e81e5b74 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -3,43 +3,54 @@ $mpm_module = $::apache::params::mpm_module, ) inherits ::apache::params { case $::osfamily { - 'freebsd' : { - $all_mpms = [ - 'www/apache22', - 'www/apache22-worker-mpm', - 'www/apache22-event-mpm', - 'www/apache22-itk-mpm', - 'www/apache22-peruser-mpm', - ] - if $mpm_module { - $apache_package = $mpm_module ? { - 'prefork' => 'www/apache22', - default => "www/apache22-${mpm_module}-mpm" + 'FreeBSD': { + case $mpm_module { + 'prefork': { + $SET = 'MPM_PREFORK' + $UNSET = 'MPM_WORKER MPM_EVENT' } - } else { - $apache_package = 'www/apache22' + 'worker': { + $SET = 'MPM_WORKER' + $UNSET = 'MPM_PERFORK MPM_EVENT' + } + 'event': { + $SET = 'MPM_EVENT' + $UNSET = 'MPM_PERFORK MPM_WORKER' + } + 'itk': { + $SET = nil + $UNSET = nil + package { 'www/mod_mpm_itk': + ensure => installed, + } + } + default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } } - $other_mpms = delete($all_mpms, $apache_package) - # Configure ports to have apache module packages dependent on correct - # version of apache package (apache22, apache22-worker-mpm, ...) - file_line { 'APACHE_PORT in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "APACHE_PORT=${apache_package}", - match => '^\s*#?\s*APACHE_PORT\s*=\s*', - before => Package['httpd'], + + # Configure ports to have apache build options set correctly + if $SET { + file_line { + 'apache SET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_SET_FORCE= ${SET}", + match => '^apache24_SET_FORCE=.*', + before => Package['httpd']; + 'apache UNSET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_UNSET_FORCE= ${UNSET}", + match => '^apache24_UNSET_FORCE=.*', + before => Package['httpd']; + } } - # remove other packages - ensure_resource('package', $other_mpms, { - ensure => absent, - before => Package['httpd'], - require => File_line['APACHE_PORT in /etc/make.conf'], - }) + $apache_package = $::apache::params::apache_name } default: { $apache_package = $::apache::params::apache_name } } + package { 'httpd': ensure => $ensure, name => $apache_package, diff --git a/manifests/params.pp b/manifests/params.pp index 7568179fdc..2a77b033eb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -110,7 +110,7 @@ '7' => '/usr/share/httpd/error', default => '/var/www/error' } - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef @@ -282,9 +282,9 @@ $user = 'www' $group = 'www' $root_group = 'wheel' - $apache_name = 'apache22' - $service_name = 'apache22' - $httpd_dir = '/usr/local/etc/apache22' + $apache_name = 'apache24' + $service_name = 'apache24' + $httpd_dir = '/usr/local/etc/apache24' $server_root = '/usr/local' $conf_dir = $httpd_dir $confd_dir = "${httpd_dir}/Includes" @@ -294,14 +294,14 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" - $logroot = '/var/log/apache22' + $logroot = '/var/log/apache24' $logroot_mode = undef - $lib_path = '/usr/local/libexec/apache22' + $lib_path = '/usr/local/libexec/apache24' $mpm_module = 'prefork' $dev_packages = undef - $default_ssl_cert = '/usr/local/etc/apache22/server.crt' - $default_ssl_key = '/usr/local/etc/apache22/server.key' - $ssl_certs_dir = '/usr/local/etc/apache22' + $default_ssl_cert = '/usr/local/etc/apache24/server.crt' + $default_ssl_key = '/usr/local/etc/apache24/server.key' + $ssl_certs_dir = '/usr/local/etc/apache24' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' @@ -311,7 +311,7 @@ $suphp_engine = 'off' $suphp_configpath = undef $mod_packages = { - # NOTE: I list here only modules that are not included in www/apache22 + # NOTE: I list here only modules that are not included in www/apache24 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config # NOTE: 'php' needs to enable APACHE option in make config # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config @@ -320,7 +320,7 @@ 'fcgid' => 'www/mod_fcgid', 'passenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', - 'php5' => 'lang/php5', + 'php5' => 'www/mod_php5', 'proxy_html' => 'www/mod_proxy_html', 'python' => 'www/mod_python3', 'wsgi' => 'www/mod_wsgi', @@ -340,8 +340,8 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef - $docroot = '/usr/local/www/apache22/data' - $error_documents_path = '/usr/local/www/apache22/error' + $docroot = '/usr/local/www/apache24/data' + $error_documents_path = '/usr/local/www/apache24/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/version.pp b/manifests/version.pp index 8304bb1a0c..7f1da0f071 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -28,7 +28,7 @@ } } 'FreeBSD': { - $default = '2.2' + $default = '2.4' } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 92870bb6ac..76e5cd612f 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -9,8 +9,8 @@ package_name = 'apache2' service_name = 'apache2' when 'FreeBSD' - package_name = 'apache22' - service_name = 'apache22' + package_name = 'apache24' + service_name = 'apache24' end context 'default parameters' do diff --git a/spec/acceptance/default_mods_spec.rb b/spec/acceptance/default_mods_spec.rb index 2565ce77b9..f06a966af9 100644 --- a/spec/acceptance/default_mods_spec.rb +++ b/spec/acceptance/default_mods_spec.rb @@ -8,8 +8,8 @@ mod_dir = '/etc/apache2/mods-available' servicename = 'apache2' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - servicename = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + servicename = 'apache24' end describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do diff --git a/spec/acceptance/itk_spec.rb b/spec/acceptance/itk_spec.rb index b810657ec3..2dde8f407e 100644 --- a/spec/acceptance/itk_spec.rb +++ b/spec/acceptance/itk_spec.rb @@ -4,7 +4,7 @@ when 'Debian' service_name = 'apache2' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' else # Not implemented yet service_name = :skip diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 7e5afed520..10c9b77d75 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -15,8 +15,8 @@ service_name = 'httpd' authz_svn_load_file = 'dav_svn_authz_svn.load' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' authz_svn_load_file = 'dav_svn_authz_svn.load' end diff --git a/spec/acceptance/mod_deflate_spec.rb b/spec/acceptance/mod_deflate_spec.rb index 6052cc283f..668897c049 100644 --- a/spec/acceptance/mod_deflate_spec.rb +++ b/spec/acceptance/mod_deflate_spec.rb @@ -9,8 +9,8 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default deflate config" do diff --git a/spec/acceptance/mod_mime_spec.rb b/spec/acceptance/mod_mime_spec.rb index ff93dbca67..6bd959ce3a 100644 --- a/spec/acceptance/mod_mime_spec.rb +++ b/spec/acceptance/mod_mime_spec.rb @@ -9,8 +9,8 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default mime config" do diff --git a/spec/acceptance/mod_negotiation_spec.rb b/spec/acceptance/mod_negotiation_spec.rb index 25e4acbeae..371ab0f1d6 100644 --- a/spec/acceptance/mod_negotiation_spec.rb +++ b/spec/acceptance/mod_negotiation_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default negotiation config" do diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index 0bc07389da..24b6807946 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default pagespeed config" do diff --git a/spec/acceptance/mod_php_spec.rb b/spec/acceptance/mod_php_spec.rb index 91eab0f1f7..28da68d3af 100644 --- a/spec/acceptance/mod_php_spec.rb +++ b/spec/acceptance/mod_php_spec.rb @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default php config" do diff --git a/spec/acceptance/mod_proxy_html_spec.rb b/spec/acceptance/mod_proxy_html_spec.rb index eab162b1a3..91bb0a097c 100644 --- a/spec/acceptance/mod_proxy_html_spec.rb +++ b/spec/acceptance/mod_proxy_html_spec.rb @@ -7,7 +7,7 @@ when 'RedHat' service_name = 'httpd' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' end context "default proxy_html config" do diff --git a/spec/acceptance/prefork_worker_spec.rb b/spec/acceptance/prefork_worker_spec.rb index 562ff5323d..5ed8726d63 100644 --- a/spec/acceptance/prefork_worker_spec.rb +++ b/spec/acceptance/prefork_worker_spec.rb @@ -6,7 +6,7 @@ when 'Debian' servicename = 'apache2' when 'FreeBSD' - servicename = 'apache22' + servicename = 'apache24' end case fact('osfamily') diff --git a/spec/acceptance/version.rb b/spec/acceptance/version.rb index c1578c52e6..098b0f41c3 100644 --- a/spec/acceptance/version.rb +++ b/spec/acceptance/version.rb @@ -44,15 +44,15 @@ $apache_version = '2.2' end when 'FreeBSD' - $confd_dir = '/usr/local/etc/apache22/Includes' - $mod_dir = '/usr/local/etc/apache22/Modules' - $conf_file = '/usr/local/etc/apache22/httpd.conf' - $ports_file = '/usr/local/etc/apache22/Includes/ports.conf' - $vhost = '/usr/local/etc/apache22/Vhosts/15-default.conf' - $vhost_dir = '/usr/local/etc/apache22/Vhosts' - $run_dir = '/var/run/apache22' - $service_name = 'apache22' - $package_name = 'apache22' + $confd_dir = '/usr/local/etc/apache24/Includes' + $mod_dir = '/usr/local/etc/apache24/Modules' + $conf_file = '/usr/local/etc/apache24/httpd.conf' + $ports_file = '/usr/local/etc/apache24/Includes/ports.conf' + $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' + $vhost_dir = '/usr/local/etc/apache24/Vhosts' + $run_dir = '/var/run/apache24' + $service_name = 'apache24' + $package_name = 'apache24' $error_log = 'http-error.log' $apache_version = '2.2' diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 6d1e3ca00e..ebe267d7ad 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -540,7 +540,7 @@ :kernel => 'FreeBSD', :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :is_pe => false, @@ -551,25 +551,25 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } - it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + it { is_expected.to contain_file("/usr/local/www/apache24/data").with( 'ensure' => 'directory' ) } - it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( + it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules").with( + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { is_expected.to contain_concat("/usr/local/etc/apache22/ports.conf").with( + it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with( 'owner' => 'root', 'group' => 'wheel', 'mode' => '0644', @@ -579,7 +579,6 @@ [ 'auth_basic', 'authn_file', - 'authz_default', 'authz_groupfile', 'authz_host', 'authz_user', @@ -587,7 +586,7 @@ 'env' ].each do |modname| it { is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } it { is_expected.not_to contain_file("#{modname}.conf") } @@ -605,11 +604,11 @@ 'setenvif', ].each do |modname| it { is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } it { is_expected.to contain_file("#{modname}.conf").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.conf", + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf", 'ensure' => 'file' ) } end diff --git a/spec/classes/mod/alias_spec.rb b/spec/classes/mod/alias_spec.rb index 7f1458ccf8..151c37e65a 100644 --- a/spec/classes/mod/alias_spec.rb +++ b/spec/classes/mod/alias_spec.rb @@ -60,13 +60,13 @@ :kernel => 'FreeBSD', :osfamily => 'FreeBSD', :operatingsystem => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', :is_pe => false, } end it { is_expected.to contain_apache__mod("alias") } - it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache22\/icons\/"/) } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) } end end diff --git a/spec/classes/mod/deflate_spec.rb b/spec/classes/mod/deflate_spec.rb index 343e940f63..2eb6f5e8ad 100644 --- a/spec/classes/mod/deflate_spec.rb +++ b/spec/classes/mod/deflate_spec.rb @@ -97,7 +97,7 @@ class { "apache::mod::deflate": it { is_expected.to contain_file("deflate.conf").with({ :ensure => 'file', - :path => '/usr/local/etc/apache22/Modules/deflate.conf', + :path => '/usr/local/etc/apache24/Modules/deflate.conf', } ) } end end diff --git a/spec/classes/mod/event_spec.rb b/spec/classes/mod/event_spec.rb index bc5aa41106..796b6c3931 100644 --- a/spec/classes/mod/event_spec.rb +++ b/spec/classes/mod/event_spec.rb @@ -19,7 +19,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('event') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') } end context "on a Debian OS" do let :facts do diff --git a/spec/classes/mod/info_spec.rb b/spec/classes/mod/info_spec.rb index cdf1663456..32c6339dd9 100644 --- a/spec/classes/mod/info_spec.rb +++ b/spec/classes/mod/info_spec.rb @@ -1,5 +1,5 @@ # This function is called inside the OS specific contexts -def general_info_specs +def general_info_specs_22 it { is_expected.to contain_apache__mod('info') } context 'passing no parameters' do @@ -62,6 +62,62 @@ def general_info_specs end end +def general_info_specs_24 + it { is_expected.to contain_apache__mod('info') } + + context 'passing no parameters' do + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Require ip 127.0.0.1 ::1\n"\ + "\n" + ) + } + end + context 'passing restrict_access => false' do + let :params do { + :restrict_access => false + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } + end + context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do + let :params do + {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']} + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + " Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\ + "\n" + ) + } + end + context 'passing both restrict_access and allow_from' do + let :params do + { + :restrict_access => false, + :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1'] + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "\n"\ + " SetHandler server-info\n"\ + "\n" + ) + } + end +end + describe 'apache::mod::info', :type => :class do let :pre_condition do "class { 'apache': default_mods => false, }" @@ -83,7 +139,7 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', @@ -110,7 +166,7 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', @@ -122,7 +178,7 @@ def general_info_specs let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -133,11 +189,11 @@ def general_info_specs end # Load the more generic tests for this context - general_info_specs() + general_info_specs_24() it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', - :path => '/usr/local/etc/apache22/Modules/info.conf', + :path => '/usr/local/etc/apache24/Modules/info.conf', } ) } end diff --git a/spec/classes/mod/itk_spec.rb b/spec/classes/mod/itk_spec.rb index 5556f5ee7c..1644408761 100644 --- a/spec/classes/mod/itk_spec.rb +++ b/spec/classes/mod/itk_spec.rb @@ -55,17 +55,19 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', :kernel => 'FreeBSD', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :is_pe => false, + :mpm_module => 'itk', } end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('itk') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_package("www/mod_mpm_itk") } end end diff --git a/spec/classes/mod/peruser_spec.rb b/spec/classes/mod/peruser_spec.rb index 9ae063cceb..d38f8bba62 100644 --- a/spec/classes/mod/peruser_spec.rb +++ b/spec/classes/mod/peruser_spec.rb @@ -8,7 +8,7 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -17,8 +17,10 @@ :is_pe => false, } end - it { is_expected.to contain_class("apache::params") } - it { is_expected.not_to contain_apache__mod('peruser') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/) + end end end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 1508863513..f2dbfb1a91 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -126,7 +126,7 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -141,7 +141,7 @@ end it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_package("www/mod_php5") } it { is_expected.to contain_file('php5.load') } end context "with mpm_module => itk" do @@ -151,7 +151,7 @@ it { is_expected.to contain_class('apache::params') } it { is_expected.to contain_class('apache::mod::itk') } it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package("lang/php5") } + it { is_expected.to contain_package("www/mod_php5") } it { is_expected.to contain_file('php5.load') } end end diff --git a/spec/classes/mod/prefork_spec.rb b/spec/classes/mod/prefork_spec.rb index f5c0e93759..58c06e0bda 100644 --- a/spec/classes/mod/prefork_spec.rb +++ b/spec/classes/mod/prefork_spec.rb @@ -112,6 +112,6 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') } end end diff --git a/spec/classes/mod/rpaf_spec.rb b/spec/classes/mod/rpaf_spec.rb index 418797bdf8..d2d5c342d1 100644 --- a/spec/classes/mod/rpaf_spec.rb +++ b/spec/classes/mod/rpaf_spec.rb @@ -64,7 +64,7 @@ it { is_expected.to contain_apache__mod('rpaf') } it { is_expected.to contain_package("www/mod_rpaf2") } it { is_expected.to contain_file('rpaf.conf').with({ - 'path' => '/usr/local/etc/apache22/Modules/rpaf.conf', + 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf', }) } it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } diff --git a/spec/classes/mod/worker_spec.rb b/spec/classes/mod/worker_spec.rb index 7afdb70e6a..bb99a0fe65 100644 --- a/spec/classes/mod/worker_spec.rb +++ b/spec/classes/mod/worker_spec.rb @@ -112,7 +112,7 @@ end it { is_expected.to contain_class("apache::params") } it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') } end # Template config doesn't vary by distro diff --git a/spec/classes/service_spec.rb b/spec/classes/service_spec.rb index 786b3935f4..ef3504d19e 100644 --- a/spec/classes/service_spec.rb +++ b/spec/classes/service_spec.rb @@ -129,7 +129,7 @@ } end it { is_expected.to contain_service("httpd").with( - 'name' => 'apache22', + 'name' => 'apache24', 'ensure' => 'running', 'enable' => 'true' ) diff --git a/spec/defines/fastcgi_server_spec.rb b/spec/defines/fastcgi_server_spec.rb index 8aa422dbcb..efb913e6b0 100644 --- a/spec/defines/fastcgi_server_spec.rb +++ b/spec/defines/fastcgi_server_spec.rb @@ -69,7 +69,7 @@ it { should contain_class("apache::mod::fastcgi") } it { should contain_file("fastcgi-pool-#{title}.conf").with( :ensure => 'present', - :path => "/usr/local/etc/apache22/Includes/fastcgi-pool-#{title}.conf" + :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf" ) } end end diff --git a/spec/defines/mod_spec.rb b/spec/defines/mod_spec.rb index dbeaf4ac40..3700b0edb4 100644 --- a/spec/defines/mod_spec.rb +++ b/spec/defines/mod_spec.rb @@ -109,8 +109,8 @@ it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do is_expected.to contain_file('spec_m.load').with({ - :path => '/usr/local/etc/apache22/Modules/spec_m.load', - :content => "LoadModule spec_m_module /usr/local/libexec/apache22/mod_spec_m.so\n", + :path => '/usr/local/etc/apache24/Modules/spec_m.load', + :content => "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n", :owner => 'root', :group => 'wheel', :mode => '0644', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index e52c901587..3e8b6edab5 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -79,7 +79,7 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', - :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' + :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } end end From 7bf9f4e133d3f6471e375492b6db3f960e4fecd5 Mon Sep 17 00:00:00 2001 From: tphoney Date: Thu, 12 Feb 2015 09:55:06 +0000 Subject: [PATCH 096/105] removing a no longer working nodeset --- spec/acceptance/nodesets/sles-11sp1-x64.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 spec/acceptance/nodesets/sles-11sp1-x64.yml diff --git a/spec/acceptance/nodesets/sles-11sp1-x64.yml b/spec/acceptance/nodesets/sles-11sp1-x64.yml deleted file mode 100644 index a9f01d5f42..0000000000 --- a/spec/acceptance/nodesets/sles-11sp1-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - sles-11sp1-x64: - roles: - - master - platform: sles-11-x86_64 - box : sles-11sp1-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git From c00cdd4473eb064a185049a547a137b9c3433228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20M=C3=B6rner?= Date: Wed, 28 Jan 2015 22:23:16 +0100 Subject: [PATCH 097/105] Symlinks on all distros - Create symlinks on all distros (not just Debian) when a separate $vhost_enable_dir is used. Without this a different $vhost_enable_dir as conf.d on centos does not create symlinks to enable vhosts. - added a $vhost_enable_dir acceptance test --- manifests/vhost.pp | 2 +- spec/acceptance/vhost_spec.rb | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 3c0b149dfe..62472afad3 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -440,7 +440,7 @@ require => Package['httpd'], notify => Class['apache::service'], } - if $::osfamily == 'Debian' { + if $::apache::vhost_enable_dir { $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { present => link, diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 7309672ce9..5560ec5c07 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -92,6 +92,39 @@ class { 'apache': } end end + context 'new vhost with enable symlink' do + it 'should configure an apache vhost and symlink it from $vhost_enable_dir' do + pp = <<-EOS + class { 'apache': + vhost_enable_dir => "#{$httpd_dir}/sites-enabled", + } + file { '#{$run_dir}': + ensure => 'directory', + recurse => true, + } + + apache::vhost { 'first.example.com': + port => '80', + docroot => '/var/www/first', + require => File['#{$run_dir}'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-first.example.com.conf") do + it { is_expected.to contain '' } + it { is_expected.to contain "ServerName first.example.com" } + end + describe file("#{$httpd_dir}/sites-enabled") do + it { is_expected.to contain_file("25-first.example.com.conf").with( + :ensure => 'link', + :path => "#{$httpd_dir}/sites-enabled/25-first.example.com.conf", + :target => "#{$vhost_dir}/25-first.example.com.conf" + ) } + end + end + context 'new proxy vhost on port 80' do it 'should configure an apache proxy vhost' do pp = <<-EOS From bbe6d29a331081b68e20a1e89ee5e3ca7044ee94 Mon Sep 17 00:00:00 2001 From: Phil Fenstermacher Date: Thu, 30 Oct 2014 10:47:30 -0400 Subject: [PATCH 098/105] Add support for mod_auth_cas module configuration --- README.md | 8 ++++- manifests/mod/auth_cas.pp | 48 +++++++++++++++++++++++++++ manifests/params.pp | 7 +++- spec/classes/mod/auth_cas_spec.rb | 54 +++++++++++++++++++++++++++++++ templates/mod/auth_cas.conf.erb | 40 +++++++++++++++++++++++ 5 files changed, 155 insertions(+), 2 deletions(-) create mode 100644 manifests/mod/auth_cas.pp create mode 100644 spec/classes/mod/auth_cas_spec.rb create mode 100644 templates/mod/auth_cas.conf.erb diff --git a/README.md b/README.md index 2d0e3599b1..651d1b1385 100644 --- a/README.md +++ b/README.md @@ -520,6 +520,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `actions` * `alias` * `auth_basic` +* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` * `authnz_ldap`* * `autoindex` @@ -578,7 +579,7 @@ Modules noted with a * indicate that the module has settings and, thus, a templa The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. -####Class: `apache::mod::event +####Class: `apache::mod::event` Installs and manages mpm_event module. @@ -592,6 +593,11 @@ To configure the event thread limit: } ``` +####Class: `apache::mod::auth_cas` + +Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required. + +Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). ####Class: `apache::mod::info` diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp new file mode 100644 index 0000000000..fdb5ee80a2 --- /dev/null +++ b/manifests/mod/auth_cas.pp @@ -0,0 +1,48 @@ +class apache::mod::auth_cas ( + $cas_login_url, + $cas_validate_url, + $cas_cookie_path = $::apache::params::cas_cookie_path, + $cas_version = 2, + $cas_debug = 'Off', + $cas_validate_depth = undef, + $cas_certificate_path = undef, + $cas_proxy_validate_url = undef, + $cas_root_proxied_as = undef, + $cas_cookie_entropy = undef, + $cas_timeout = undef, + $cas_idle_timeout = undef, + $cas_cache_clean_interval = undef, + $cas_cookie_domain = undef, + $cas_cookie_http_only = undef, + $cas_authoritative = undef, + $suppress_warning = false, +) { + + validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) + + if $::osfamily == 'RedHat' and ! $suppress_warning { + warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') + } + + ::apache::mod { 'auth_cas': } + + file { $cas_cookie_path: + ensure => directory, + before => File['auth_cas.conf'], + mode => '0750', + owner => $apache::user, + group => $apache::group, + } + + # Template uses + # - All variables beginning with cas_ + file { 'auth_cas.conf': + ensure => file, + path => "${::apache::mod_dir}/auth_cas.conf", + content => template('apache/mod/auth_cas.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + +} diff --git a/manifests/params.pp b/manifests/params.pp index 7568179fdc..685579e349 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -67,7 +67,9 @@ $suphp_engine = 'off' $suphp_configpath = undef # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide + # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. $mod_packages = { + 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', @@ -110,11 +112,12 @@ '7' => '/usr/share/httpd/error', default => '/var/www/error' } - if $::osfamily == "RedHat" { + if $::osfamily == 'RedHat' { $wsgi_socket_prefix = '/var/run/wsgi' } else { $wsgi_socket_prefix = undef } + $cas_cookie_path = '/var/cache/mod_auth_cas/' $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' @@ -169,6 +172,7 @@ $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', @@ -198,6 +202,7 @@ $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' $docroot = '/var/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' diff --git a/spec/classes/mod/auth_cas_spec.rb b/spec/classes/mod/auth_cas_spec.rb new file mode 100644 index 0000000000..53c13c5a12 --- /dev/null +++ b/spec/classes/mod/auth_cas_spec.rb @@ -0,0 +1,54 @@ +require 'spec_helper' + +describe 'apache::mod::auth_cas', :type => :class do + let :params do + { + :cas_login_url => 'https://cas.example.com/login', + :cas_validate_url => 'https://cas.example.com/validate', + } + end + + let :pre_condition do + 'include ::apache' + end + + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("libapache2-mod-auth-cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') } + end + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("mod_auth_cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') } + end +end diff --git a/templates/mod/auth_cas.conf.erb b/templates/mod/auth_cas.conf.erb new file mode 100644 index 0000000000..926bd65f52 --- /dev/null +++ b/templates/mod/auth_cas.conf.erb @@ -0,0 +1,40 @@ +CASCookiePath <%= @cas_cookie_path %> +CASLoginURL <%= @cas_login_url %> +CASValidateURL <%= @cas_validate_url %> + +CASVersion <%= @cas_version %> +CASDebug <%= @cas_debug %> + +<% if @cas_certificate_path -%> +CASCertificatePath <%= @cas_certificate_path %> +<% end -%> +<% if @cas_proxy_validate_url -%> +CASProxyValidateURL <%= @cas_proxy_validate_url %> +<% end -%> +<% if @cas_validate_depth -%> +CASValidateDepth <%= @cas_validate_depth %> +<% end -%> +<% if @cas_root_proxied_as -%> +CASRootProxiedAs <%= @cas_root_proxied_as %> +<% end -%> +<% if @cas_cookie_entropy -%> +CASCookieEntropy <%= @cas_cookie_entropy %> +<% end -%> +<% if @cas_timeout -%> +CASTimeout <%= @cas_timeout %> +<% end -%> +<% if @cas_idle_timeout -%> +CASIdleTimeout <%= @cas_idle_timeout %> +<% end -%> +<% if @cas_cache_clean_interval -%> +CASCacheCleanInterval <%= @cas_cache_clean_interval %> +<% end -%> +<% if @cas_cookie_domain -%> +CASCookieDomain <%= @cas_cookie_domain %> +<% end -%> +<% if @cas_cookie_http_only -%> +CASCookieHttpOnly <%= @cas_cookie_http_only %> +<% end -%> +<% if @cas_authoritative -%> +CASAuthoritative <%= @cas_authoritative %> +<% end -%> From c0d3866f95eb4339acb2bc4f8186c6e74428854c Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Wed, 11 Feb 2015 15:00:22 -0800 Subject: [PATCH 099/105] Ensure that linter fails on warnings --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 01c85eb991..416807dadc 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,7 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') From 14c84595b8dcf8b535b340f46ef682243211227d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 13:37:08 -0800 Subject: [PATCH 100/105] Remove the ' ' for gepetto? --- manifests/package.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index 56e81e5b74..d4d96202f2 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -33,13 +33,13 @@ 'apache SET options in /etc/make.conf': ensure => $ensure, path => '/etc/make.conf', - line => "apache24_SET_FORCE= ${SET}", + line => "apache24_SET_FORCE=${SET}", match => '^apache24_SET_FORCE=.*', before => Package['httpd']; 'apache UNSET options in /etc/make.conf': ensure => $ensure, path => '/etc/make.conf', - line => "apache24_UNSET_FORCE= ${UNSET}", + line => "apache24_UNSET_FORCE=${UNSET}", match => '^apache24_UNSET_FORCE=.*', before => Package['httpd']; } From 3c43cf68f685e68897290ffb0980a9cf613abefd Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 14:13:26 -0800 Subject: [PATCH 101/105] Move test for symlinks to unit tests --- spec/acceptance/vhost_spec.rb | 33 --------------------------------- spec/defines/vhost_spec.rb | 7 ++++++- 2 files changed, 6 insertions(+), 34 deletions(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index e003ab886b..ce504cc3a3 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -92,39 +92,6 @@ class { 'apache': } end end - context 'new vhost with enable symlink' do - it 'should configure an apache vhost and symlink it from $vhost_enable_dir' do - pp = <<-EOS - class { 'apache': - vhost_enable_dir => "#{$httpd_dir}/sites-enabled", - } - file { '#{$run_dir}': - ensure => 'directory', - recurse => true, - } - - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - require => File['#{$run_dir}'], - } - EOS - apply_manifest(pp, :catch_failures => true) - end - - describe file("#{$vhost_dir}/25-first.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain "ServerName first.example.com" } - end - describe file("#{$httpd_dir}/sites-enabled") do - it { is_expected.to contain_file("25-first.example.com.conf").with( - :ensure => 'link', - :path => "#{$httpd_dir}/sites-enabled/25-first.example.com.conf", - :target => "#{$vhost_dir}/25-first.example.com.conf" - ) } - end - end - context 'new proxy vhost on port 80' do it 'should configure an apache proxy vhost' do pp = <<-EOS diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3e8b6edab5..807488369e 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -2,7 +2,7 @@ describe 'apache::vhost', :type => :define do let :pre_condition do - 'class { "apache": default_vhost => false, default_mods => false, }' + 'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}' end let :title do 'rspec.example.com' @@ -294,6 +294,11 @@ 'notify' => 'Class[Apache::Service]', }) } + it { is_expected.to contain_file('30-rspec.example.com.conf symlink').with({ + 'ensure' => 'link', + 'path' => '/etc/apache2/sites-enabled/30-rspec.example.com.conf', + }) + } it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } From 0aae912bf26ff9004aac91a4d4f3100cbf09346d Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 12 Feb 2015 15:50:52 -0800 Subject: [PATCH 102/105] Bad variables for freebsd patch --- manifests/package.pp | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/manifests/package.pp b/manifests/package.pp index d4d96202f2..395c03103c 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -6,20 +6,20 @@ 'FreeBSD': { case $mpm_module { 'prefork': { - $SET = 'MPM_PREFORK' - $UNSET = 'MPM_WORKER MPM_EVENT' + $set = 'MPM_PREFORK' + $unset = 'MPM_WORKER MPM_EVENT' } 'worker': { - $SET = 'MPM_WORKER' - $UNSET = 'MPM_PERFORK MPM_EVENT' + $set = 'MPM_WORKER' + $unset = 'MPM_PERFORK MPM_EVENT' } 'event': { - $SET = 'MPM_EVENT' - $UNSET = 'MPM_PERFORK MPM_WORKER' + $set = 'MPM_EVENT' + $unset = 'MPM_PERFORK MPM_WORKER' } 'itk': { - $SET = nil - $UNSET = nil + $set = undef + $unset = undef package { 'www/mod_mpm_itk': ensure => installed, } @@ -28,20 +28,20 @@ } # Configure ports to have apache build options set correctly - if $SET { - file_line { - 'apache SET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_SET_FORCE=${SET}", - match => '^apache24_SET_FORCE=.*', - before => Package['httpd']; - 'apache UNSET options in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "apache24_UNSET_FORCE=${UNSET}", - match => '^apache24_UNSET_FORCE=.*', - before => Package['httpd']; + if $set { + file_line { 'apache SET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_SET_FORCE=${set}", + match => '^apache24_SET_FORCE=.*', + before => Package['httpd'], + } + file_line { 'apache UNSET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_UNSET_FORCE=${unset}", + match => '^apache24_UNSET_FORCE=.*', + before => Package['httpd'], } } $apache_package = $::apache::params::apache_name From 2990db0da3c0bdd0259d3a2bbca008009215990b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 13 Feb 2015 09:45:32 -0800 Subject: [PATCH 103/105] Lost this in PR996 --- manifests/default_mods.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index d3f5dc0a90..2415464505 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -126,6 +126,9 @@ ::apache::mod { 'authn_file': } if versioncmp($apache_version, '2.4') >= 0 { + # filter is needed by mod_deflate + include ::apache::mod::filter + # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From 63ae2839c27ee83319d5a5e400128a4d58bcc748 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 13 Feb 2015 14:29:58 -0800 Subject: [PATCH 104/105] 1.3.0 prep --- CHANGELOG.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 2 +- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2ccb4c6c3..967e8a237d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,62 @@ +##2015-02-17 - Supported Release 1.3.0 +###Summary + +This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. + +####Features +- New parameters - `apache` + - `service_manage` + - `use_optional_includes` +- New parameters - `apache::service` + - `service_manage` +- New parameters - `apache::vhost` + - `access_logs` + - `php_flags` + - `php_values` + - `modsec_disable_vhost` + - `modsec_disable_ids` + - `modsec_disable_ips` + - `modsec_body_limit` +- Improved FreeBSD support +- Add ability to omit priority prefix if `$priority` is set to false +- Add `apache::security::rule_link` define +- Improvements to `apache::mod::*` + - Add `apache::mod::auth_cass` class + - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` + - Add `apache::mod::filter` class + - Add `root_group` to `apache::mod::php` + - Add `apache::mod::proxy_connect` class + - Add `apache::mod::security` class + - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes parameters to `apache::mod::ssl` (MODULES-1719) + - Add `status_path` parameter to `apache::mod::status` + - Add `apache_version` parameter to `apache::mod::version` + - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) +- Improved SCL support + - Add support for specifying the docroot +- Updated `_directories.erb` to add support for SetEnv +- Support multiple access log directives (MODULES-1382) +- Add passenger support for Debian Jessie +- Add support for not having puppet restart the apache service (MODULES-1559) + +####Bugfixes +- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) +- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) +- Load fcgid after unixd on RHEL7 +- Allow disabling default vhost for Apache 2.4 +- Test fixes +- `mod_version` is now built-in (MODULES-1446) +- Sort LogFormats for idempotency +- `allow_encoded_slashes` was omitted from `apache::vhost` +- Fix documentation bug (MODULES-1403, MODULES-1510) +- Sort `wsgi_script_aliases` for idempotency (MODULES-1384) +- lint fixes +- Fix automatic version detection for Debian Jessie +- Fix error docs and icons path for RHEL7-based systems (MODULES-1554) +- Sort php_* hashes for idempotency (MODULES-1680) +- Ensure `mod::setenvif` is included if needed (MODULES-1696) +- Fix indentation in `vhost/_directories.erb` template (MODULES-1688) +- Create symlinks on all distros if `vhost_enable_dir` is specified + ##2014-09-30 - Supported Release 1.2.0 ###Summary diff --git a/metadata.json b/metadata.json index 73ef359875..d778e3bfae 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "1.2.0", + "version": "1.3.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From d5535d782c8792ce53a84d94674f57a438a5dc20 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 17 Feb 2015 09:21:08 -0800 Subject: [PATCH 105/105] Test was using the wrong directory --- spec/acceptance/custom_config_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/custom_config_spec.rb b/spec/acceptance/custom_config_spec.rb index bbceaca3e7..8b59f703fb 100644 --- a/spec/acceptance/custom_config_spec.rb +++ b/spec/acceptance/custom_config_spec.rb @@ -48,7 +48,7 @@ class { 'apache': } apply_manifest(pp, :catch_failures => true) end - describe file("#{$vhost_dir}/prefix_test.conf") do + describe file("#{$confd_dir}/prefix_test.conf") do it { is_expected.to be_file } end end