From 44a425c2b429b9513244092d0caeaaf5fcbfeb3a Mon Sep 17 00:00:00 2001 From: Ryan Hall Date: Tue, 20 Feb 2018 09:51:37 -0500 Subject: [PATCH 1/9] add option to pass SSLCertificateFile and SSLCertificateKey to ssl.conf --- manifests/mod/ssl.pp | 2 ++ spec/classes/mod/ssl_spec.rb | 20 ++++++++++++++++++++ templates/mod/ssl.conf.erb | 6 ++++++ 3 files changed, 28 insertions(+) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 76726b8e56..f9fc8b6f65 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -3,6 +3,8 @@ $ssl_cryptodevice = 'builtin', $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, + $ssl_cert = undef, + $ssl_key = undef, $ssl_ca = undef, $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true, diff --git a/spec/classes/mod/ssl_spec.rb b/spec/classes/mod/ssl_spec.rb index 463e17ee33..2d638dcb8b 100644 --- a/spec/classes/mod/ssl_spec.rb +++ b/spec/classes/mod/ssl_spec.rb @@ -185,6 +185,26 @@ it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLPassPhraseDialog builtin$}) } end + context 'setting ssl_cert' do + let :params do + { + ssl_cert: '/etc/pki/some/path/localhost.crt', + } + end + + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCertificateFile}) } + end + + context 'setting ssl_key' do + let :params do + { + ssl_key: '/etc/pki/some/path/localhost.key', + } + end + + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCertificateKeyFile}) } + end + context 'setting ssl_ca to a path' do let :params do { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index e041342c2c..a3cf61868f 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -20,6 +20,12 @@ <%- end -%> SSLCryptoDevice <%= @ssl_cryptodevice %> SSLHonorCipherOrder <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %> + <%- if @ssl_cert -%> + SSLCertificateFile "<%= @ssl_cert %>" + <%- end -%> + <%- if @ssl_key -%> + SSLCertificateKeyFile "<%= @ssl_key %>" + <%- end -%> <%- if @ssl_ca -%> SSLCACertificateFile "<%= @ssl_ca %>" <%- end -%> From 5fa382165e3cb00826ba5998579005c45f64a7ac Mon Sep 17 00:00:00 2001 From: Ryan Hall Date: Tue, 20 Feb 2018 09:58:06 -0500 Subject: [PATCH 2/9] add optional --- manifests/mod/ssl.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index f9fc8b6f65..3064bf815e 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -3,8 +3,8 @@ $ssl_cryptodevice = 'builtin', $ssl_options = [ 'StdEnvVars' ], $ssl_openssl_conf_cmd = undef, - $ssl_cert = undef, - $ssl_key = undef, + Optional[String] $ssl_cert = undef, + Optional[String] $ssl_key = undef, $ssl_ca = undef, $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true, From 802e7d202ac748d65d5464b8ca92a2808c6839bc Mon Sep 17 00:00:00 2001 From: Paula McMaw Date: Tue, 20 Feb 2018 15:51:08 +0000 Subject: [PATCH 3/9] Updating docs --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index e7ad0a67de..05b076a361 100755 --- a/README.md +++ b/README.md @@ -1376,6 +1376,22 @@ Values: a command to restart the Apache service. The default setting uses the [d Default: `undef`. +##### `ssl_cert` + +This enables the user to specify a specific SSLCertificateFile. + +For more information see: [SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile) + +Default: `undef.` + +##### `ssl_key` +This enables the user to specify a specific SSLCertificateKey. + +For more information see: [SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile) + +Default: `undef`. + + ##### `ssl_ca` Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile) to use to verify certificate used in ssl client authentication. @@ -2728,6 +2744,8 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] - `ssl_cryptodevice`: Default: 'builtin'. - `ssl_honorcipherorder`: Default: true. - `ssl_openssl_conf_cmd`: Default: undef. +- `ssl_cert`: Default: undef. +- `ssl_key`: Default: undef. - `ssl_options`: Default: ['StdEnvVars'] - `ssl_pass_phrase_dialog`: Default: 'builtin'. - `ssl_protocol`: Default: ['all', '-SSLv2', '-SSLv3']. @@ -2761,6 +2779,14 @@ To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] Default: `undef`. +* `ssl_cert` + + Default: `undef`. + +* `ssl_key` + + Default: `undef`. + * `ssl_options` Default: ['StdEnvVars'] From 0b5792560517038a932989ad3b5690342caab1c5 Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Fri, 23 Feb 2018 10:52:48 -0800 Subject: [PATCH 4/9] Updating translations for readmes/README_ja_JP.md --- readmes/README_ja_JP.md | 346 +++++++++++++++++++++++++++++++--------- 1 file changed, 275 insertions(+), 71 deletions(-) diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 33f261e9fc..81a119259f 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -24,6 +24,7 @@ [パブリック定義タイプ]: #public-defined-types [プライベート定義タイプ]: #private-defined-types [テンプレート]: #templates +[タスク]: #tasks [制約事項]: #limitations @@ -49,6 +50,7 @@ [`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd [`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap [`apache::mod::cluster`]: #class-apachemodcluster +[`apache::mod::data]: #class-apachemoddata [`apache::mod::disk_cache`]: #class-apachemoddisk_cache [`apache::mod::dumpio`]: #class-apachemoddumpio [`apache::mod::event`]: #class-apachemodevent @@ -64,6 +66,7 @@ [`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer [`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi [`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::python`]: #class-apachemodpython [`apache::mod::security`]: #class-apachemodsecurity [`apache::mod::shib`]: #class-apachemodshib [`apache::mod::ssl`]: #class-apachemodssl @@ -143,6 +146,7 @@ [`keepalive`パラメータ]: #keepalive [`keepalive_timeout`]: #keepalive_timeout [`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize +[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields [`lib`]: #lib [`lib_path`]: #lib_path @@ -187,6 +191,7 @@ [`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html [`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html [`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_python`]: http://modpython.org/ [`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [`mod_security`]: https://www.modsecurity.org/ [`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html @@ -261,6 +266,8 @@ [テンプレート]: http://docs.puppet.com/puppet/latest/reference/lang_template.html [`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable +[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname + [`verify_config`]: #verify_config [`vhost`]: #defined-type-apachevhost [`vhost_dir`]: #vhost_dir @@ -287,6 +294,7 @@ - [パブリック定義タイプ][] - [プライベート定義タイプ][] - [テンプレート][] + - [タスク][] 5. [制約事項 - OSの互換性など][制約事項] 6. [開発 - モジュールへの貢献方法][開発] - [apacheモジュールへの貢献][貢献] @@ -814,6 +822,7 @@ apache::balancer { 'puppet01': - [定義タイプ: apache::peruser::processor](#defined-type-apacheperuserprocessor) - [定義タイプ: apache::security::file_link](#defined-type-apachesecurityfile_link) - [**テンプレート**](#templates) +- [**タスク**](#tasks) ### パブリッククラス @@ -1090,9 +1099,9 @@ HTTPプロトコルチェックの厳密さを指定します。 [`KeepAlive`][]ディレクティブによってHTTPの持続的接続を有効にするかどうかを決定します。 'On'に設定する場合は、[`keepalive_timeout`][]および[`max_keepalive_requests`][]パラメータを使って関連オプションを設定してください。 -値: 'Off', 'On'。 +値: 'Off'、'On'。 -デフォルト値: 'Off'。 +デフォルト値: 'On'。 ##### `keepalive_timeout` @@ -1386,10 +1395,18 @@ Apacheの[`TimeOut`][]ディレクティブを設定します。このディレ [`TraceEnable`][]ディレクティブで、Apacheが`TRACE`リクエスト([RFC 2616][]ごと)をどのように処理するかを制御します。 -値: 'Off', 'On'。 +値: 'Off'、'On'。 デフォルト値: 'On'。 +##### `use_canonical_name` + +Apacheの [`UseCanonicalName`][]ディレクティブを制御します。このディレクティブは、Apacheが自己参照URLをどのように処理するかを制御します。指定しない場合、このパラメータの宣言がサーバの設定から除外され、Apacheのデフォルト設定'off'が使用されます。 + +値: 'On', 'on', 'Off', 'off', 'DNS', 'dns'。 + +デフォルト値: `undef`。 + ##### `use_systemd` systemdモジュールをCentos 7サーバにインストールするかどうかを制御します。これは、カスタムビルトのRPMを使用している場合は特に役立ちます。 @@ -1500,6 +1517,12 @@ Puppetがこのユーザを管理しないようにするには、[`manage_user` - **Red Hat**: 'access_log' - **Suse**: 'access.log' +##### `limitreqfields` + +[`limitreqfields`][]パラメータは、HTTPリクエスト内のリクエストヘッダフィールドの最大数を設定します。このディレクティブを使用すると、サーバ管理者は異常なクライアントリクエスト動作の制御を強化できるので、ある種のDoS攻撃の防止に役立てることができます。送信リクエスト内のフィールドが多過ぎることを示すエラー応答が、通常のクライアントに対して表示される場合、この値を増やす必要があります。 + +デフォルト値: '100'。 + #### クラス: `apache::dev` Apache開発ライブラリをインストールします。 @@ -1515,7 +1538,7 @@ Apache開発ライブラリをインストールします。 [`apache::vhost`][]定義タイプを作成します。 -**パラメータ**: +**パラメータ**:  * `vhosts`: [`apache::vhost`][]定義タイプのパラメータを指定します。 @@ -1570,6 +1593,7 @@ class { 'apache::mod::alias': * `cgi` * `cgid` * `cluster` ([`apache::mod::cluster`][]参照) +* `data` * `dav` * `dav_fs` * `dav_svn`\* @@ -1612,7 +1636,7 @@ class { 'apache::mod::alias': * `proxy_balancer` * `proxy_html` ([`apache::mod::proxy_html`][]参照) * `proxy_http` -* `python` +* `python` ([`apache::mod::python`][]参照) * `reqtimeout` * `remoteip`\* * `rewrite` @@ -1650,7 +1674,7 @@ class { 'apache::mod::alias': * **Debian**: `/usr/share/apache2/icons` * **FreeBSD**: `/usr/local/www/apache24/icons` * **Gentoo**: `/var/www/icons` - * *Red Hat**: `/var/www/icons`、ただし、Apache 2.4は`/usr/share/httpd/icons` + * **Red Hat**: `/var/www/icons`、Apache 2.4の場合のみ、`/usr/share/httpd/icons` #### クラス: `apache::mod::disk_cache` @@ -1671,13 +1695,21 @@ class {'::apache::mod::disk_cache': } ``` +キャッシュ無視ヘッダを指定するには、文字列を`cache_ignore_headers`パラメータに渡します。 + +``` puppet +class {'::apache::mod::disk_cache': + cache_ignore_headers => "Set-Cookie", +} +``` + ##### クラス: `apache::mod::diskio` [`mod_diskio`][]をインストールして設定します。 ```puppet class{'apache': - default_mods => `false`, + default_mods => false, log_level => 'dumpio:trace7', } class{'apache::mod::diskio': @@ -1988,9 +2020,9 @@ class { '::apache::mod::cluster': **パラメータ**:  -* `types`: デフレートする[MIMEタイプ][MIME `content*type`]の[配列][]。  +* `types`: デフレートする[配列][]または[MIMEタイプ][MIME `content-type`]。 - デフォルト値: [ 'text/html text/plain text/xml'、'text/css'、'application/x*javascript application/javascript application/ecmascript'、'application/rss+xml'、'application/json' ]。 + デフォルト値: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']。 * `notes`: [ハッシュ][]、キーはタイプを表し、値はノート名を表します。 @@ -2012,9 +2044,9 @@ class { '::apache::mod::cluster': デフォルト値: `undef`。 -* `expires_by_type`: [MIME `content*type`][]とその有効時間のセットを記述します。 +* `expires_by_type`: 一連の[MIME `content-type`][]とその有効期限を表します。 - 値: [ハッシュ][ハッシュ]の[配列][]、各ハッシュのキーは有効なMIME `content*type` ('text/json'など)、値は以下の有効な [インターバル構文][]。 + 値: [ハッシュ][ハッシュ]の[配列][]、各ハッシュのキーは有効なMIME `content-type` ('text/json'など)、値は以下の有効な [インターバル構文][]。 デフォルト値: `undef`。 @@ -2146,6 +2178,54 @@ apache::vhost { 'example.org': デフォルト値: `true`。 +##### クラス: `apache::mod::itk` + +[`mod_itk`][]をインストールして管理します。これはHTTPDプロセス向けにロードおよび設定されるMPMです。[公式ドキュメント](http://mpm-itk.sesse.net/)。 + +**パラメータ**:  + +* `startservers`: 起動時に作成される子サーバプロセスの数。 + + 値: 整数。 + + デフォルト値: `8`。 + +* `minspareservers`: 待機する子サーバプロセスに望ましい最小数。 + + 値: 整数。 + + デフォルト値: `5`。 + +* `maxspareservers`: 待機する子サーバプロセスに望ましい最大数。 + + 値: 整数。 + + デフォルト値: `20`。 + +* `serverlimit`: Apache httpdプロセスの継続期間に対して設定されるMaxRequestWorkersの最大数。 + + 値: 整数。 + + デフォルト値: `256`。 + +* `maxclients`: 処理される同時リクエストの最大数。 + + 値: 整数。 + + デフォルト値: `256`。 + +* `maxrequestsperchild`: 個々の子サーバプロセスが処理する接続の最大数。 + + 値: 整数。 + + デフォルト値: `4000`。 + +* `enablecapabilities`: 親プロセスのルート機能をほぼすべて削除し、User/Groupディレクティブで指定されたユーザとして、いくつかの追加機能(特にsetuid)付きで実行します。 セキュリティはある程度強化されますが、NFSなどの機能に対応しないファイルシステムによる処理では問題が生じるおそれがあります。 + + 値: ブール値。 + + デフォルト値: `undef`。 + ##### クラス: `apache::mod::jk` `mod_jk`をインストールして管理します。これは、Apache httpdリダイレクションと古いバージョンのTomCatおよびJBossを結ぶコネクタです。 @@ -2300,33 +2380,102 @@ $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' [`mod_passenger`][]をインストールして管理します。Red Hatベースのシステムの場合は、[passengerドキュメント](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux)に記載された最小要件を満たしていることを確認してください。 -**パラメータ**:  - -* `passenger_high_performance`: [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance)を設定します。 - - 値: 'On'、'Off'。  - - デフォルト値: `undef`。 - -* `passenger_pool_idle_time`: [`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpoolidletime)を設定します。 - - デフォルト値: `undef`。 - -* `passenger_max_pool_size`: [`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpoolsize)を設定します。 - - デフォルト値: `undef`。 - -* `passenger_max_request_queue_size`: [`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize)を設定します。 - - デフォルト値: `undef`。 - -* `passenger_max_requests`: [`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests)を設定します。 +現在のサーバ設定は、[Passengerリファレンス](https://www.phusionpassenger.com/library/config/apache/reference/)から直接取得されています。廃止予定の警告と削除失敗メッセージを有効にするには、 サーバにインストールされているバージョン番号を`passenger_installed_version`に設定します。 - デフォルト値: `undef`。 +**パラメータ**:  -* `passenger_data_buffer_dir`: [`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdatabufferdir)を設定します。 +|パラメータ|デフォルト値|passengerの設定|コンテキスト|注記| +|---------|-------------|------------------------|-------|-----| +|manage_repo|true|n/a||| +|mod_id|未定義|n/a||| +|mod_lib|未定義|n/a||| +|mod_lib_path|未定義|n/a||| +|mod_package|未定義|n/a||| +|mod_package_ensure|未定義|n/a||| +|mod_path|未定義|n/a||| +|passenger_allow_encoded_slashes|未定義|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virutal-host htaccess directory || +|passenger_app_env|未定義|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virutal-host htaccess directory || +|passenger_app_group_name|未定義|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virutal-host htaccess directory || +|passenger_app_root|未定義|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virutal-host htaccess directory || +|passenger_app_type|未定義|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virutal-host htaccess directory || +|passenger_base_uri|未定義|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virutal-host htaccess directory || +|passenger_buffer_response|未定義|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virutal-host htaccess directory || +|passenger_buffer_upload|未定義|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virutal-host htaccess directory || +|passenger_concurrency_model|未定義|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virutal-host htaccess directory || +|passenger_conf_file|$::apache::params::passenger_conf_file|n/a||| +|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a||| +|passenger_data_buffer_dir|未定義|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config || +|passenger_debug_log_file|未定義|PassengerDebugLogFile|server-config |このオプションの名前は、バージョン5.0.5でPassengerLogFileに変更されています。| +|passenger_debugger|未定義|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virutal-host htaccess directory || +|passenger_default_group|未定義|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config || +|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config || +|passenger_default_user|未定義|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config || +|passenger_disable_security_update_check|未定義|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config || +|passenger_enabled|未定義|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virutal-host htaccess directory || +|passenger_error_override|未定義|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virutal-host htaccess directory || +|passenger_file_descriptor_log_file|未定義|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config || +|passenger_fly_with|未定義|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config || +|passenger_force_max_concurrent_requests_per_process|未定義|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virutal-host htaccess directory || +|passenger_friendly_error_pages|未定義|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virutal-host htaccess directory || +|passenger_group|未定義|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virutal-host directory || +|passenger_high_performance|未定義|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virutal-host htaccess directory || +|passenger_installed_version|未定義|n/a| |このオプションを設定すると、指定した値に対するpassengerオプションのバージョンチェックが有効になります。| +|passenger_instance_registry_dir|未定義|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config || +|passenger_load_shell_envvars|未定義|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virutal-host htaccess directory || +|passenger_log_file|未定義|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config || +|passenger_log_level|未定義|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config || +|passenger_lve_min_uid|未定義|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virutal-host || +|passenger_max_instances|未定義|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virutal-host htaccess directory || +|passenger_max_instances_per_app|未定義|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config || +|passenger_max_pool_size|未定義|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config || +|passenger_max_preloader_idle_time|未定義|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virutal-host || +|passenger_max_request_queue_size|未定義|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virutal-host htaccess directory || +|passenger_max_request_time|未定義|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virutal-host htaccess directory || +|passenger_max_requests|未定義|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virutal-host htaccess directory || +|passenger_memory_limit|未定義|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virutal-host htaccess directory || +|passenger_meteor_app_settings|未定義|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virutal-host htaccess directory || +|passenger_min_instances|未定義|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virutal-host htaccess directory || +|passenger_nodejs|未定義|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virutal-host htaccess directory || +|passenger_pool_idle_time|未定義|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config || +|passenger_pre_start|未定義|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virutal-host || +|passenger_python|未定義|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virutal-host htaccess directory || +|passenger_resist_deployment_errors|未定義|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virutal-host htaccess directory || +|passenger_resolve_symlinks_in_document_root|未定義|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virutal-host htaccess directory || +|passenger_response_buffer_high_watermark|未定義|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config || +|passenger_restart_dir|未定義|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virutal-host htaccess directory || +|passenger_rolling_restarts|未定義|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory || +|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config || +|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory || +|passenger_security_update_check_proxy|未定義|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config || +|passenger_show_version_in_header|未定義|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config || +|passenger_socket_backlog|未定義|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config || +|passenger_spawn_method|未定義|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virutal-host || +|passenger_start_timeout|未定義|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virutal-host htaccess directory || +|passenger_startup_file|未定義|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virutal-host htaccess directory || +|passenger_stat_throttle_rate|未定義|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config || +|passenger_sticky_sessions|未定義|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virutal-host htaccess directory || +|passenger_sticky_sessions_cookie_name|未定義|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virutal-host htaccess directory || +|passenger_thread_count|未定義|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virutal-host htaccess directory || +|passenger_use_global_queue|未定義|PassengerUseGlobalQueue|server-config || +|passenger_user|未定義|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virutal-host directory || +|passenger_user_switching|未定義|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config || +|rack_auto_detect|未定義|RackAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| +|rack_autodetect|未定義|n/a||| +|rack_base_uri|未定義|RackBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| +|rack_env|未定義|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virutal-host htaccess directory || +|rails_allow_mod_rewrite|未定義|RailsAllowModRewrite|server-config |このオプションは、バージョン4.0.0以降では何の影響も与えません。| +|rails_app_spawner_idle_time|未定義|RailsAppSpawnerIdleTime|server-config |このオプションはバージョン4.0.0で削除され、PassengerMaxPreloaderIdleTimeに置き換えられました。| +|rails_auto_detect|未定義|RailsAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| +|rails_autodetect|未定義|n/a||| +|rails_base_uri|未定義|RailsBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| +|rails_default_user|未定義|RailsDefaultUser|server-config |3.0.0で廃止され、PassengerDefaultUserが採用されました。| +|rails_env|未定義|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virutal-host htaccess directory || +|rails_framework_spawner_idle_time|未定義|RailsFrameworkSpawnerIdleTime|server-config |このオプションはバージョン4.0.0では使用できません。フレームワークスポーンも同時に削除されたので、代わりのオプションはありません。スマートスポーンを使用してください。| +|rails_ruby|未定義|RailsRuby|server-config |3.0.0で廃止され、PassengerRubyが採用されました。| +|rails_spawn_method|未定義|RailsSpawnMethod|server-config |3.0.0で廃止され、PassengerSpawnMethodが採用されました。| +|rails_user_switching|未定義|RailsUserSwitching|server-config |3.0.0で廃止され、PassengerUserSwitchingが採用されました。| +|wsgi_auto_detect|未定義|WsgiAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| - デフォルト値: `undef`。 ##### クラス: `apache::mod::ldap` @@ -2336,6 +2485,7 @@ $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', ldap_trusted_global_cert_type => 'CA_DER', + ldap_trusted_mode => 'TLS', ldap_shared_cache_size => '500000', ldap_cache_entries => '1024', ldap_cache_ttl => '600', @@ -2356,6 +2506,8 @@ class { 'apache::mod::ldap': デフォルト値: 'CA_BASE64'。 +* `ldap_trusted_mode`: LDAPサーバ接続時に使用されるSSL/TLSモードを指定します。 + * `ldap_shared_cache_size`: 共有されたメモリのキャッシュのサイズをバイトで指定します。 * `ldap_cache_entries`: 一次LDAPキャッシュのエントリの最大数を指定します。 @@ -2384,7 +2536,7 @@ class { 'apache::mod::ldap': * `language_priority`: モジュールの`LanguagePriority`オプションを設定するための言語の[配列][]。 - デフォルト値: [ 'en'、'ca'、'cs'、'da'、'de'、'el'、'eo'、'es'、'et'、'fr'、'he'、'hr'、'it'、'ja'、'ko'、'ltz'、'nl'、'nn'、'no'、'pl'、'pt'、'pt*BR'、'ru'、'sv'、'zh*CN'、'zh*TW' ]。 + デフォルト値: ['en'、'ca'、cs'、'da'、'de'、'el'、'eo'、'es'、'et'、'fr'、'he'、'hr'、'it'、'ja'、'ko'、'ltz'、'nl'、'nn'、'no'、'pl'、'pt'、'pt-BR'、'ru'、'sv'、'zh-CN'、'zh-TW']。 ##### クラス: `apache::mod::nss` @@ -2504,9 +2656,9 @@ I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使 * `manager_path`: バランサマネージャのサーバロケーション。 - デフォルト値: '/balancer*manager'。 + デフォルト値: '/balancer-manager'。 -* `allow_from`: `/balancer*manager`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 +* `allow_from`: `/balancer-manager`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 デフォルト値: ['127.0.0.1','::1']。  @@ -2532,6 +2684,14 @@ I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使 **注意**: `mod_proxy_html`に関して提供されている公式なパッケージはありません。そのため、apacheモジュールの外部から使用できるようにする必要があります。 +##### クラス: `apache::mod::python` + +[`mod_python`][]をインストールして設定します。 + +**パラメータ**  + +* `loadfile_name`: pythonモジュールのロードに使用される設定ファイルの名前を指定します。 + ##### クラス: `apache::mod::reqtimeout` [`mod_reqtimeout`][]をインストールして設定します。 @@ -2567,9 +2727,9 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします - `ssl_cryptodevice`: デフォルト値: 'builtin' - `ssl_honorcipherorder`: デフォルト値: true - `ssl_openssl_conf_cmd`: デフォルト値: undef -- `ssl_options`: デフォルト値: [ 'StdEnvVars' ] +- `ssl_options`: デフォルト値: ['StdEnvVars'] - `ssl_pass_phrase_dialog`: デフォルト値: 'builtin' -- `ssl_protocol`: デフォルト値: [ 'all', '-SSLv2', '-SSLv3' ] +- `ssl_protocol`: デフォルト値: ['all', '-SSLv2', '-SSLv3']。 - `ssl_proxy_protocol`: デフォルト値: [] - `ssl_random_seed_bytes`: 有効なオプション: 文字列、デフォルト値: '512' - `ssl_sessioncache`: 有効なオプション: 文字列。デフォルト値: '300' @@ -2602,7 +2762,7 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `ssl_options` - デフォルト値: [ 'StdEnvVars' ] + デフォルト値: ['StdEnvVars'] * `ssl_pass_phrase_dialog` @@ -2610,7 +2770,7 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `ssl_protocol` - デフォルト値: [ 'all', '*SSLv2', '*SSLv3' ] + デフォルト値: ['all', '*SSLv2', '*SSLv3']。 * `ssl_random_seed_bytes` @@ -2645,6 +2805,24 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `allow_from`: `/server-status`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 デフォルト値: ['127.0.0.1','::1']。  + +* Apacheバージョン2.4以降の`mod_authz_host` ディレクティブ(`require ip`、`require host`など)を使用して、アクセスできる/できないIPまたは名前の文字列、[配列][]、または[ハッシュ][]。このパラメータは、以下のいずれかの構成で指定します。 + + > Apacheバージョンが2.4以降の場合のみ使用 + + - `undef` - `allow_from` および古いディレクティブ構文(`Allow from `)を使用し、廃止予定の警告を通知します。 + - 文字列 + - `''`または`'unmanaged'` - authディレクティブなし(アクセス制御は別の方法で実施) + - `'ip '` - `/server-status`にアクセスできるIP/範囲 + - `'host '` - `/server-status`にアクセスできる名前/ドメイン + - `'all [granted|denied]'` - すべてのユーザを許可/ブロック + - 配列 - 各要素には上記のいずれかの文字列が入ります。配列要素ごとに1つのディレクティブになります。 + - 以下の構造を持つハッシュ(キー => 値の形式で表示、キーは文字列) + - `'requires'` => 上記に従った配列 - 配列と同じ作用 + - `'enforce'` => `'Any'`、`'All'`、`'None'`のいずれかの文字列(任意指定) - `'requires'`キーで指定されたすべてのディレクティブを``ブロックで囲みます。 + + デフォルト値: 'ip 127.0.0.1 ::1' + * `extended_status`: [`ExtendedStatus`][]ディレクティブをつうじて、各リクエストに関する拡張ステータス情報を追跡するかどうかを決定します。 値: 'Off'、'On'。 @@ -2663,7 +2841,7 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします * `overrides`: ディレクティブタイプの[配列][]。 - デフォルト値: '[ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]'。 + デフォルト値: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']。 ##### クラス: `apache::mod::version` @@ -2678,13 +2856,13 @@ Trustwaveの[`mod_security`][]をインストールして設定します。こ **パラメータ**:  * `activated_rules`: `modsec_crs_path`のルールの[配列][]またはsymlinkを使用してアクティベートする絶対値。 -* `allowed_methods`: 許可されるHTTPメソッドのスペース*区切りリスト。 +* `allowed_methods`: 許可されるHTTPメソッドのスペース区切りリスト。 デフォルト値: 'GET HEAD POST OPTIONS'。 -* `content_types`: 1つまたは複数の許可される[MIMEタイプ][MIME `content*type`]のリスト。 +* `content_types`: 1つまたは複数の許可される[MIMEタイプ][MIME `content-type`]のリスト。 - デフォルト値: 'application/x*www*form*urlencoded|multipart/form*data|text/xml|application/xml|application/x*amf'。 + デフォルト値: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'。 * `crs_package`: CRSルールをインストールするパッケージの名前。 @@ -2703,13 +2881,13 @@ ${modsec\_dir}/activated\_rules。 デフォルト値: [`apache::params`][]の`modsec_secruleengine`。 -* `restricted_extensions`: 禁止されるファイル拡張子のスペース*区切りリスト。 +* `restricted_extensions`: 禁止されるファイル拡張子のスペース区切りリスト。 デフォルト値: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'。 * `restricted_headers`: 禁止されるヘッダのスラッシュおよびスペースで区切ったリスト。 - デフォルト値: 'Proxy*Connection/ /Lock*Token/ /Content*Range/ /Translate/ /via/ /if/'。 + デフォルト値: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'。 * `secdefaultaction`: OWASP ModSecurityコアルールセットに関して、動作モード、自己完結('deny')、コラボレーティブ検出('pass')を設定します。 @@ -2801,7 +2979,7 @@ ${modsec\_dir}/activated\_rules。 デフォルト値: `undef`。 -* `wsgi_python_path`: '/path/to/venv/site*packages'などの[`WSGIPythonPath`][]ディレクティブを定義します。 +* `wsgi_python_path`: '/path/to/venv/site-packages'などの[`WSGIPythonPath`][]ディレクティブを定義します。 値: パスを指定する文字列。  @@ -2869,6 +3047,12 @@ Apacheデーモンを管理します。 デフォルト値: '{}'。 +##### `options` + +バランサURLの後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 + +デフォルト値: []。  + ##### `collect_exported` [エクスポートリソース][]を使用するかどうかを決定します。 @@ -3101,7 +3285,7 @@ class { 'apache': ブーリアン。 -デフォルト値: `true`。  +デフォルト値: `true`。 ##### `access_log_env_var` @@ -3364,7 +3548,7 @@ apache::vhost { 'sample.example.net': } ``` -デフォルト値: '[]'。 +デフォルト値: []。  ##### `ensure` @@ -3380,7 +3564,7 @@ apache::vhost { 'sample.example.net': デフォルト値: `undef`。 -#####`fastcgi_idle_timeout` +##### `fastcgi_idle_timeout` fastcgiを使用する場合に、このオプションにより、サーバ応答のタイムアウトを設定します。 @@ -3549,7 +3733,7 @@ apache::vhost { 'sample.example.net': - `krb_method_negotiate`: Negotiateメソッドを使用するかどうかを決定します。デフォルト値: 'on'。 - `krb_method_k5passwd`: Kerberos v5に関してパスワードベースの認証を使用するかどうかを決定します。デフォルト値: 'on'。 - `krb_authoritative`: 'off'に設定すると、認証コントロールを別のモジュールに渡すことができます。デフォルト値: 'on'。 -- `krb_auth_realms`: 認証に使用するKerberos領域の配列を指定します。デフォルト値: '[]'。 +- `krb_auth_realms`: 認証に使用するKerberos領域の配列を指定します。デフォルト値: []。 - `krb_5keytab`: Kerberos v5キータブファイルのロケーションを指定します。デフォルト値: `undef`。 - `krb_local_user_mapping`: 今後の使用のために、ユーザ名から@REALMを取り除きます。デフォルト値: `undef`。 @@ -3663,13 +3847,13 @@ apache::vhost { 'sample.example.net': ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_msgs => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ], + modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], } ``` ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_msgs => { '/location1' => [ 'Blind SQL Injection Attack', 'Session Fixation Attack' ] }, + modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, } ``` @@ -3681,13 +3865,13 @@ apache::vhost { 'sample.example.net': ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_tags => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ], + modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], } ``` ``` puppet apache::vhost { 'sample.example.net': - modsec_disable_tags => { '/location1' => [ 'WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS' ] }, + modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, } ``` @@ -3774,7 +3958,7 @@ apache::vhost { 'site.name.fdqn': 指定されたバーチャルホストのオーバーライドを設定します。[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)引数の配列を使用できます。 -デフォルト値: '[none]'。 +デフォルト値: ['None']。 ##### `passenger_spawn_method` @@ -3871,12 +4055,17 @@ sengermaxrequests)を設定します。これは、アプリケーションプ [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)パスを設定します。このパスは、アプリケーションルートに関連しています。 -##### `php_flags & values` +##### `php_values & php_flags` バーチャルホストごとの設定[`php_value`または`php_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 デフォルト値: '{}'。 +vhostの宣言内 +``` puppet + php_values => [ 'include_path ".:/usr/local/example-app/include"' ], +``` + ##### `php_admin_flags & values` バーチャルホストごとの設定[`php_admin_value`または`php_admin_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 @@ -3957,7 +4146,7 @@ rack設定のリソース識別子を設定します。指定されたファイ デフォルト値: `undef`。 -#####`passenger_base_uris` +##### `passenger_base_uris` 任意のURIをPhusion Passengerのサーブするアプリケーションとして指定するのに使用します。指定されたファイルパスは、_passenger_base_uris.erbテンプレート内の[Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI)のpassengerアプリケーションルートとしてリストされます。 @@ -4181,7 +4370,7 @@ ScriptAliasおよびScriptAliasMatchディレクティブは、指定した順 サイトの[ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)を設定します。 -デフォルト値: '[]'。 +デフォルト値: []。  ##### `servername` @@ -4193,7 +4382,7 @@ ScriptAliasおよびScriptAliasMatchディレクティブは、指定した順 HTTPDにより使用し、バーチャルホストの環境変数を設定します。 -デフォルト値: '[]'。 +デフォルト値: []。  例: @@ -4207,13 +4396,13 @@ apache::vhost { 'setenv.example.com': HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します。 -デフォルト値: '[]'。 +デフォルト値: []。  ##### `setenvifnocase` HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します(大文字小文字を区別しないマッチング)。 -デフォルト値: '[]'。 +デフォルト値: []。  ##### `suphp_*` @@ -4712,6 +4901,7 @@ apache::vhost { 'sample.example.net': - `mellon_sp_private_key_file`: サービスプロバイダのプライベートキー保存場所に関する[MellonSPPrivateKeyFile][`mod_auth_mellon`]ディレクティブを設定します。 - `mellon_sp_cert_file`: サービスプロバイダの公開キー保存場所に関する[MellonSPCertFile][`mod_auth_mellon`]ディレクティブを設定します。 - `mellon_user`: ユーザ名に関して使用する[MellonUser][`mod_auth_mellon`]属性を設定します。 +- `mellon_session_length`: [MellonSessionLength][`mod_auth_mellon`]属性を設定します。 ##### `options` @@ -4877,12 +5067,12 @@ apache::vhost { 'secure.example.net': rewrites => [ { comment => 'Permalink Rewrites', rewrite_base => '/' }, - { rewrite_rule => [ '^index\.php$ - [L]' ] + { rewrite_rule => ['^index\.php$ - [L]'] }, - { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', + { rewrite_cond => ['%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', ], - rewrite_rule => [ '. /index.php [L]' ], + rewrite_rule => ['. /index.php [L]'], } ], }, @@ -4912,6 +5102,10 @@ apache::vhost { 'secure.example.net': 'On'に設定すると、アプリケーションに属性を公開するリクエストヘッダの使用がオンになります。このキーの値は'On'または'Off'です。デフォルト値は'Off'です。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 +##### `shib_compat_valid_user` + +このコマンドが存在しなかったときの動作と合わせるため、デフォルト値はOffです。 "valid-user"および"user"のRequireルールの処理で、「標準」Apacheの動作を復元して、Shibbolethをその他のauth/authモジュールと組み合わせて使用する場合の競合を解消します。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)、および[NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)を参照してください。`apache::mod::shib`が定義されていない場合、このキーは無効です。 + ##### `ssl_options` [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)の文字列またはリスト。これにより、SSLエンジンのランタイムオプションが設定されます。このハンドラは、バーチャルホストの親ブロック内のSSLOptionsセットよりも優先されます。 @@ -4924,7 +5118,7 @@ apache::vhost { 'secure.example.net': ssl_options => '+ExportCertData', }, { path => '/path/to/different/dir', - ssl_options => [ '-StdEnvVars', '+ExportCertData'], + ssl_options => ['-StdEnvVars', '+ExportCertData'], }, ], } @@ -4956,7 +5150,7 @@ apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/different/dir', - additional_includes => [ '/custom/path/includes', '/custom/path/another_includes', ], + additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], }, ], } @@ -5100,6 +5294,12 @@ apache::vhost { 'sample.example.net': デフォルト値: `undef`。  +##### `ssl_proxy_cipher_suite` + +[SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)ディレクティブを設定します。このディレクティブは、sslプロキシトラフィックに対してサポートされる暗号化スイートを制御します。 + +デフォルト値: `undef`。  + ##### `ssl_proxy_ca_cert` [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)ディレクティブを設定します。これにより、やりとりするリモートサーバに関する認証局(CA)の証明書を集められるオールインワンファイルを指定します。これはリモートサーバ認証に用いられます。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 @@ -5161,7 +5361,7 @@ apache::vhost { 'sample.example.net': ``` puppet apache::vhost { 'sample.example.net': … - ssl_options => [ '+StrictRequire', '+ExportCertData' ], + ssl_options => ['+StrictRequire', '+ExportCertData'], } ``` @@ -5327,6 +5527,10 @@ FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。 Apacheモジュールは、[`apache::vhost`][]および[`apache::mod`][]定義タイプを有効にするにあたり、テンプレートに大きく依存しています。このテンプレートは、オペレーティングシステムに固有の[Facter][] factsをベースに構築されています。明示的にコールアウトされない限り、ほとんどのテンプレートは設定には使われません。 +### タスク + +Apacheモジュールには、サービスの再起動なしでApache設定を再ロードできるタスクがあります。タスクの実行方法については、[Puppet Enterpriseマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html)を参照してください。 + ### 関数 #### apache_pw_hash Apacheが読みこむhtpasswdファイルに適したフォーマットでパスワードをハッシュします。 From 3383b7d7721796af4200f314caa1210f262275c9 Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Tue, 6 Mar 2018 16:14:05 -0800 Subject: [PATCH 5/9] Update changelog to reflect http://keepachangelog.com/ This should also reflect our internal documentation style. - Document all parameters, classes, defines, facts, & functions as API. - The three changelog sections are "Changed" for breaking changes, "Added" for features, and "Fixed" for bugfixes, in that order. - Changes irrelevant to end users (such as .gitignore changes or .travis.yml changes) need not be mentioned. - Changelogs should follow README style and convention where code formatting is concerned. --- CHANGELOG.md | 124 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 93 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e441808b2a..f1f29b4da8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,41 +5,103 @@ and this project adheres to [Semantic Versioning](http://semver.org). ## Supported Release [3.0.0] ### Summary -This release updates the code to match the set Rubocop standards in additiont to adding several minor features. AS this release includes Puppet 4 updates it is thus backwards incompatible. +This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes. -### Fixed -- Fixes made to mod_passenger test's. -- REMOVED options bug fix. -- Fix case of setting apache::mpm_module to false and declaring the mpm class yourself b/c you need to set params. -- Various small fixes. +#### Changed +- Default `apache::keepalive` from `Off` to `On`. #### Added -- ShibCompatValidUser option added to vhost config. -- loadfile_name option exposed to mod::python class. -- $options added to 'balancer' type. -- log formats updated to include client ip. -- EnableCapabilities added for itk. -- Support added for UseCanonicalName. -- Option added to include CacheIgnorHEaders for disk_cache module. -- Added ability to specify MellonSessionLength. -- CASSscrubRequestHeaders now created in _auth_cas.erb. -- $apache_version param now defined. -- Auxiliary template included for 'Require' directives for mod::*. -- Acceptance test added for param LimitRequestFields. -- Acceptance test added for param shib_compat_valid_user. -- Updated to use puppet 4 functions-api. - -#### Changed -- remoteip: apacher::service notified instead of service['httpd']. -- Travis test parellelism reduced. -- Modulesync updates. -- Default keepalive set to on in all distros. -- php_values section adjusted. -- Various doc changes made. -- Code updated to match the set Rubocop standards. +- Class `apache::mod::data` +- Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`) +- Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`) +- Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`) +- Parameter `apache::balancer::options` for additional directives. +- Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100. +- Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs. +- Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers. +- Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities. +- Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode. +- Parameters for `apache::mod::passenger`: + - `passenger_allow_encoded_slashes` + - `passenger_app_group_name` + - `passenger_app_root` + - `passenger_app_type` + - `passenger_base_uri` + - `passenger_buffer_response` + - `passenger_buffer_upload` + - `passenger_concurrency_model` + - `passenger_debug_log_file` + - `passenger_debugger` + - `passenger_default_group` + - `passenger_default_user` + - `passenger_disable_security_update_check` + - `passenger_enabled` + - `passenger_error_override` + - `passenger_file_descriptor_log_file` + - `passenger_fly_with` + - `passenger_force_max_concurrent_requests_per_process` + - `passenger_friendly_error_pages` + - `passenger_group` + - `passenger_installed_version` + - `passenger_instance_registry_dir` + - `passenger_load_shell_envvars` + - `passenger_lve_min_uid` + - `passenger_max_instances` + - `passenger_max_preloader_idle_time` + - `passenger_max_request_time` + - `passenger_memory_limit` + - `passenger_meteor_app_settings` + - `passenger_nodejs` + - `passenger_pre_start` + - `passenger_python` + - `passenger_resist_deployment_errors` + - `passenger_resolve_symlinks_in_document_root` + - `passenger_response_buffer_high_watermark` + - `passenger_restart_dir` + - `passenger_rolling_restarts` + - `passenger_security_update_check_proxy` + - `passenger_show_version_in_header` + - `passenger_socket_backlog` + - `passenger_start_timeout` + - `passenger_startup_file` + - `passenger_sticky_sessions` + - `passenger_sticky_sessions_cookie_name` + - `passenger_thread_count` + - `passenger_user` + - `passenger_user_switching` + - `rack_auto_detect` + - `rack_base_uri` + - `rack_env` + - `rails_allow_mod_rewrite` + - `rails_app_spawner_idle_time` + - `rails_auto_detect` + - `rails_base_uri` + - `rails_default_user` + - `rails_env` + - `rails_framework_spawner_idle_time` + - `rails_ruby` + - `rails_spawn_method` + - `rails_user_switching` + - `wsgi_auto_detect` +- Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511. +- Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts. +- Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert. +- Parameter `apache::mod::ssl::ssl_key` to manage the client auth key. +- Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from` +- Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive. +- Parameter `apache::vhost::shib_compat_valid_user` to manage that directive. +- Parameter `apache::vhost::use_canonical_name` to manage that directive. +- Parameter value `mellon_session_length` for `apache::vhost::directories` -#### Removed -- Unused variable $_logs_dest removed. +### Fixed +- `apache_version` is confined to just Linux to avoid erroring on AIX. +- Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain. +- Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts. +- ITK package name on Debian 9 +- Dav_svn package for SLES +- Log client IP instead of loadbalancer IP when behind a loadbalancer. +- `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false. +- `apache::vhost::cas_scrub_request_headers` actually manages the directive. ## Supported Release [2.3.1] ### Summary From 0853260b47433a5044f457c85431ff76908a0250 Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Wed, 7 Mar 2018 11:52:04 +0000 Subject: [PATCH 6/9] PDK Convert 1.4.1 --- .gitignore | 37 +++++----- .rubocop.yml | 19 +++-- .rubocop_todo.yml | 2 + .sync.yml | 58 ++++++++++++--- .travis.yml | 85 +++++++++++++++------ Gemfile | 175 ++++++++++++++++++++++++++++---------------- Rakefile | 38 +--------- metadata.json | 16 +++- spec/spec_helper.rb | 29 +++++++- 9 files changed, 292 insertions(+), 167 deletions(-) diff --git a/.gitignore b/.gitignore index a1022772e0..56efb9ca14 100644 --- a/.gitignore +++ b/.gitignore @@ -1,23 +1,22 @@ -# This file is generated by ModuleSync, do not edit. -*.iml .*.sw[op] -.DS_Store -.bundle/ -.idea/ .metadata -.vagrant/ .yardoc .yardwarns -Gemfile.local -Gemfile.lock -bin/ -coverage/ -doc/ -junit/ -log/ -pkg/ -spec/fixtures/manifests/ -spec/fixtures/modules/ -tmp/ -vendor/ - +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +.DS_Store diff --git a/.rubocop.yml b/.rubocop.yml index 12e5637c4d..50220b4bce 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,7 +1,7 @@ --- -require: - - rubocop-rspec +require: rubocop-rspec AllCops: + DisplayCopNames: true TargetRubyVersion: '2.1' Include: - "./**/*.rb" @@ -13,7 +13,6 @@ AllCops: - pkg/**/* - spec/fixtures/**/* - vendor/**/* -inherit_from: .rubocop_todo.yml Metrics/LineLength: Description: People have wide screens, use them. Max: 200 @@ -64,12 +63,17 @@ Style/TrailingCommaInLiteral: Style/SymbolArray: Description: Using percent style obscures symbolic intent of array's contents. EnforcedStyle: brackets +inherit_from: ".rubocop_todo.yml" +RSpec/MessageSpies: + EnforcedStyle: receive Style/CollectionMethods: Enabled: true Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true +Layout/EndOfLine: + Enabled: false Metrics/AbcSize: Enabled: false Metrics/BlockLength: @@ -88,14 +92,17 @@ Metrics/PerceivedComplexity: Enabled: false RSpec/DescribeClass: Enabled: false +RSpec/ExampleLength: + Enabled: false RSpec/MessageExpectation: Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/NestedGroups: + Enabled: false Style/AsciiComments: Enabled: false Style/IfUnlessModifier: Enabled: false Style/SymbolProc: Enabled: false -#TODO: Additional value added to resolve error's -Style/GlobalVars: - Enabled: false \ No newline at end of file diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index e69de29bb2..91ec5a148a 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -0,0 +1,2 @@ +Style/GlobalVars: + Enabled: false diff --git a/.sync.yml b/.sync.yml index 8ea87b0d2d..01082093d3 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,16 +1,50 @@ --- -appveyor.yml: - delete: true -Rakefile: - extra_disabled_lint_checks: - - 'disable_only_variable_string' -spec/spec_helper.rb: - allow_deprecations: true .travis.yml: - env: - global: - - "PARALLEL_TEST_PROCESSORS=16 # reduce test parallelism to prevent overloading containers" + bundle_args: --without system_tests + docker_sets: + - set: docker/centos-7 + options: + - set: docker/ubuntu-14.04 + options: + docker_defaults: + bundler_args: "" + secure: "" + branches: + - release extras: - - rvm: 2.1.9 - script: bundle exec rake rubocop + - env: CHECK=release_checks + rvm: 2.1.9 + +Gemfile: + required: + ':system_tests': + - gem: 'puppet-module-posix-system-r#{minor_version}' + platforms: ruby + - gem: 'puppet-module-win-system-r#{minor_version}' + platforms: + - mswin + - mingw + - x64_mingw + - gem: beaker + version: '~> 3.13' + from_env: BEAKER_VERSION + - gem: beaker-abs + from_env: BEAKER_ABS_VERSION + version: '~> 0.1' + - gem: beaker-pe + - gem: beaker-hostgenerator + from_env: BEAKER_HOSTGENERATOR_VERSION + - gem: beaker-rspec + from_env: BEAKER_RSPEC_VERSION + ':development': + - gem: puppet-blacksmith + version: '~> 3.4' + +Rakefile: + requires: + - puppet_blacksmith/rake_tasks + - puppet-lint/tasks/puppet-lint +.rubocop.yml: + default_configs: + inherit_from: .rubocop_todo.yml diff --git a/.travis.yml b/.travis.yml index 1f04fd1d1d..05049515b6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,34 +1,71 @@ -#This file is generated by ModuleSync, do not edit. --- +env: + global: + - PARALLEL_TEST_PROCESSORS=16 # reduce test parallelism to prevent overloading containers sudo: false +dist: trusty language: ruby cache: bundler -script: "bundle exec rake release_checks" +before_install: + - bundle -v + - rm Gemfile.lock || true + - gem update --system + - gem update bundler + - gem --version + - bundle -v +script: + - 'bundle exec rake $CHECK' +bundler_args: --without system_tests +rvm: + - 2.4.1 env: - global: - - PARALLEL_TEST_PROCESSORS=16 # reduce test parallelism to prevent overloading containers + - PUPPET_GEM_VERSION="~> 5.0" CHECK=spec matrix: fast_finish: true include: - - rvm: 2.3.1 - dist: trusty - env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04 - script: bundle exec rake beaker - services: docker - sudo: required - - rvm: 2.3.1 - dist: trusty - env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7 - script: bundle exec rake beaker - services: docker - sudo: required - - rvm: 2.4.1 - bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 5.0" - - rvm: 2.1.9 - bundler_args: --without system_tests - env: PUPPET_GEM_VERSION="~> 4.0" - - rvm: 2.1.9 - script: bundle exec rake rubocop + - + bundler_args: + dist: trusty + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7 + rvm: 2.4.1 + script: bundle exec rake beaker + services: docker + sudo: required + - + bundler_args: + dist: trusty + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04 + rvm: 2.4.1 + script: bundle exec rake beaker + services: docker + sudo: required + - + env: CHECK=rubocop + - + env: CHECK="syntax lint" + - + env: CHECK=metadata_lint + - + env: CHECK=spec + - + env: PUPPET_GEM_VERSION="~> 4.0" CHECK=spec + rvm: 2.1.9 + - + env: CHECK=release_checks + rvm: 2.1.9 +branches: + only: + - master + - /^v\d/ + - release notifications: email: false +deploy: + provider: puppetforge + user: puppet + password: + secure: "" + on: + tags: true + all_branches: true + condition: "$DEPLOY_TO_FORGE = yes" diff --git a/Gemfile b/Gemfile index 4ed22771fd..37597a3035 100644 --- a/Gemfile +++ b/Gemfile @@ -1,85 +1,136 @@ -#This file is generated by ModuleSync, do not edit. +source ENV['GEM_SOURCE'] || 'https://rubygems.org' -source ENV['GEM_SOURCE'] || "https://rubygems.org" +def location_for(place_or_version, fake_version = nil) + if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)} + [fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact + elsif place_or_version =~ %r{\Afile:\/\/(.*)} + ['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }] + else + [place_or_version, { require: false }] + end +end -# Determines what type of gem is requested based on place_or_version. def gem_type(place_or_version) - if place_or_version =~ /^git:/ + if place_or_version =~ %r{\Agit[:@]} :git - elsif place_or_version =~ /^file:/ + elsif !place_or_version.nil? && place_or_version.start_with?('file:') :file else :gem end end -# Find a location or specific version for a gem. place_or_version can be a -# version, which is most often used. It can also be git, which is specified as -# `git://somewhere.git#branch`. You can also use a file source location, which -# is specified as `file://some/location/on/disk`. -def location_for(place_or_version, fake_version = nil) - if place_or_version =~ /^(git[:@][^#]*)#(.*)/ - [fake_version, { :git => $1, :branch => $2, :require => false }].compact - elsif place_or_version =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false }] - else - [place_or_version, { :require => false }] - end -end - -# Used for gem conditionals ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = "#{ruby_version_segments[0]}.#{ruby_version_segments[1]}" - -# The following gems are not included by default as they require DevKit on Windows. -# You should probably include them in a Gemfile.local or a ~/.gemfile -#gem 'pry' #this may already be included in the gemfile -#gem 'pry-stack_explorer', :require => false -#if RUBY_VERSION =~ /^2/ -# gem 'pry-byebug' -#else -# gem 'pry-debugger' -#end +minor_version = ruby_version_segments[0..1].join('.') group :development do - gem "puppet-module-posix-default-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-default-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "puppet-module-posix-dev-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-dev-r#{minor_version}", '0.0.7', :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "json_pure", '<= 2.0.1', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "fast_gettext", '1.1.0', :require => false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", :require => false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') + gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-blacksmith", '~> 3.4', require: false end - group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", :require => false, :platforms => "ruby" - gem "puppet-module-win-system-r#{minor_version}", :require => false, :platforms => ["mswin", "mingw", "x64_mingw"] - gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '>= 3') - gem "beaker-pe", :require => false - gem "beaker-rspec", *location_for(ENV['BEAKER_RSPEC_VERSION']) - gem "beaker-hostgenerator", *location_for(ENV['BEAKER_HOSTGENERATOR_VERSION']) - gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') - gem "puppet-blacksmith", '~> 3.4', :require => false - gem "beaker-task_helper" + gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby] + gem "puppet-module-win-system-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 3.13') + gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1') + gem "beaker-pe", require: false + gem "beaker-hostgenerator" + gem "beaker-rspec" +end + +puppet_version = ENV['PUPPET_GEM_VERSION'] +puppet_type = gem_type(puppet_version) +facter_version = ENV['FACTER_GEM_VERSION'] +hiera_version = ENV['HIERA_GEM_VERSION'] + +def puppet_older_than?(version) + puppet_version = ENV['PUPPET_GEM_VERSION'] + !puppet_version.nil? && + Gem::Version.correct?(puppet_version) && + Gem::Requirement.new("< #{version}").satisfied_by?(Gem::Version.new(puppet_version.dup)) end -gem 'puppet', *location_for(ENV['PUPPET_GEM_VERSION']) +gems = {} -# Only explicitly specify Facter/Hiera if a version has been specified. -# Otherwise it can lead to strange bundler behavior. If you are seeing weird -# gem resolution behavior, try setting `DEBUG_RESOLVER` environment variable -# to `1` and then run bundle install. -gem 'facter', *location_for(ENV['FACTER_GEM_VERSION']) if ENV['FACTER_GEM_VERSION'] -gem 'hiera', *location_for(ENV['HIERA_GEM_VERSION']) if ENV['HIERA_GEM_VERSION'] +gems['puppet'] = location_for(puppet_version) -# Evaluate Gemfile.local if it exists -if File.exists? "#{__FILE__}.local" - eval(File.read("#{__FILE__}.local"), binding) +# If facter or hiera versions have been specified via the environment +# variables, use those versions. If not, and if the puppet version is < 3.5.0, +# use known good versions of both for puppet < 3.5.0. +if facter_version + gems['facter'] = location_for(facter_version) +elsif puppet_type == :gem && puppet_older_than?('3.5.0') + gems['facter'] = ['>= 1.6.11', '<= 1.7.5', require: false] end -# Evaluate ~/.gemfile if it exists -if File.exists?(File.join(Dir.home, '.gemfile')) - eval(File.read(File.join(Dir.home, '.gemfile')), binding) +if hiera_version + gems['hiera'] = location_for(ENV['HIERA_GEM_VERSION']) +elsif puppet_type == :gem && puppet_older_than?('3.5.0') + gems['hiera'] = ['>= 1.0.0', '<= 1.3.0', require: false] end -# vim:ft=ruby +if Gem.win_platform? && (puppet_type != :gem || puppet_older_than?('3.5.0')) + # For Puppet gems < 3.5.0 (tested as far back as 3.0.0) on Windows + if puppet_type == :gem + gems['ffi'] = ['1.9.0', require: false] + gems['minitar'] = ['0.5.4', require: false] + gems['win32-eventlog'] = ['0.5.3', '<= 0.6.5', require: false] + gems['win32-process'] = ['0.6.5', '<= 0.7.5', require: false] + gems['win32-security'] = ['~> 0.1.2', '<= 0.2.5', require: false] + gems['win32-service'] = ['0.7.2', '<= 0.8.8', require: false] + else + gems['ffi'] = ['~> 1.9.0', require: false] + gems['minitar'] = ['~> 0.5.4', require: false] + gems['win32-eventlog'] = ['~> 0.5', '<= 0.6.5', require: false] + gems['win32-process'] = ['~> 0.6', '<= 0.7.5', require: false] + gems['win32-security'] = ['~> 0.1', '<= 0.2.5', require: false] + gems['win32-service'] = ['~> 0.7', '<= 0.8.8', require: false] + end + + gems['win32-dir'] = ['~> 0.3', '<= 0.4.9', require: false] + + if RUBY_VERSION.start_with?('1.') + gems['win32console'] = ['1.3.2', require: false] + # sys-admin was removed in Puppet 3.7.0 and doesn't compile under Ruby 2.x + gems['sys-admin'] = ['1.5.6', require: false] + end + + # Puppet < 3.7.0 requires these. + # Puppet >= 3.5.0 gem includes these as requirements. + # The following versions are tested to work with 3.0.0 <= puppet < 3.7.0. + gems['win32-api'] = ['1.4.8', require: false] + gems['win32-taskscheduler'] = ['0.2.2', require: false] + gems['windows-api'] = ['0.4.3', require: false] + gems['windows-pr'] = ['1.2.3', require: false] +elsif Gem.win_platform? + # If we're using a Puppet gem on Windows which handles its own win32-xxx gem + # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). + gems['win32-dir'] = ['<= 0.4.9', require: false] + gems['win32-eventlog'] = ['<= 0.6.5', require: false] + gems['win32-process'] = ['<= 0.7.5', require: false] + gems['win32-security'] = ['<= 0.2.5', require: false] + gems['win32-service'] = ['<= 0.8.8', require: false] +end + +gems.each do |gem_name, gem_params| + gem gem_name, *gem_params +end + +# Evaluate Gemfile.local and ~/.gemfile if they exist +extra_gemfiles = [ + "#{__FILE__}.local", + File.join(Dir.home, '.gemfile'), +] + +extra_gemfiles.each do |gemfile| + if File.file?(gemfile) && File.readable?(gemfile) + eval(File.read(gemfile), binding) + end +end +# vim: syntax=ruby diff --git a/Rakefile b/Rakefile index 3994519d9d..a39cae2f03 100644 --- a/Rakefile +++ b/Rakefile @@ -1,38 +1,4 @@ require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-syntax/tasks/puppet-syntax' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('relative') -PuppetLint.configuration.send('disable_only_variable_string') - -desc 'Generate pooler nodesets' -task :gen_nodeset do - require 'beaker-hostgenerator' - require 'securerandom' - require 'fileutils' - - agent_target = ENV['TEST_TARGET'] - if ! agent_target - STDERR.puts 'TEST_TARGET environment variable is not set' - STDERR.puts 'setting to default value of "redhat-64default."' - agent_target = 'redhat-64default.' - end - - master_target = ENV['MASTER_TEST_TARGET'] - if ! master_target - STDERR.puts 'MASTER_TEST_TARGET environment variable is not set' - STDERR.puts 'setting to default value of "redhat7-64mdcl"' - master_target = 'redhat7-64mdcl' - end - - targets = "#{master_target}-#{agent_target}" - cli = BeakerHostGenerator::CLI.new([targets]) - nodeset_dir = "tmp/nodesets" - nodeset = "#{nodeset_dir}/#{targets}-#{SecureRandom.uuid}.yaml" - FileUtils.mkdir_p(nodeset_dir) - File.open(nodeset, 'w') do |fh| - fh.print(cli.execute) - end - puts nodeset -end diff --git a/metadata.json b/metadata.json index 09e61ad663..c28f081c90 100644 --- a/metadata.json +++ b/metadata.json @@ -8,10 +8,15 @@ "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 4.13.1 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 2.2.1 < 5.0.0"} + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 4.13.1 < 5.0.0" + }, + { + "name": "puppetlabs/concat", + "version_requirement": ">= 2.2.1 < 5.0.0" + } ], - "data_provider": null, "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -72,5 +77,8 @@ "version_requirement": ">= 4.7.0 < 6.0.0" } ], - "description": "Module for Apache configuration" + "description": "Module for Apache configuration", + "pdk-version": "1.4.1", + "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", + "template-ref": "1.4.1-0-g52adbbb" } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 01912b60c4..efd225b540 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,9 +1,30 @@ -# This file is generated by ModuleSync, do not edit. require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' -# put local configuration and setup into spec_helper_local begin - require 'spec_helper_local' + require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) rescue LoadError => loaderror - puts "Could not require spec_helper_local: #{loaderror.message}" + warn "Could not require spec_helper_local: #{loaderror.message}" +end + +include RspecPuppetFacts + +default_facts = { + puppetversion: Puppet.version, + facterversion: Facter.version, +} + +default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')) +default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')) + +if File.exist?(default_facts_path) && File.readable?(default_facts_path) + default_facts.merge!(YAML.safe_load(File.read(default_facts_path))) +end + +if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path) + default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path))) +end + +RSpec.configure do |c| + c.default_facts = default_facts end From 60e60d44817dce086b73bff578a465240a1102d8 Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Wed, 7 Mar 2018 14:23:03 +0000 Subject: [PATCH 7/9] Rubocop Fixes for conversion --- .rubocop_todo.yml | 18 ++++++++++++++++++ lib/puppet/parser/functions/apache_pw_hash.rb | 1 - lib/puppet/parser/functions/bool2httpd.rb | 3 --- .../functions/validate_apache_log_level.rb | 4 ---- lib/puppet/provider/a2mod/gentoo.rb | 4 +--- lib/puppet/provider/a2mod/modfix.rb | 1 - manifests/mod/passenger.pp | 2 +- manifests/vhost.pp | 3 ++- spec/acceptance/mod_fcgid_spec.rb | 2 +- spec/acceptance/mod_pagespeed_spec.rb | 2 +- spec/acceptance/mod_passenger_spec.rb | 2 -- spec/acceptance/mod_suphp_spec.rb | 2 +- spec/acceptance/vhost_spec.rb | 16 ++++++++-------- spec/classes/apache_spec.rb | 16 ++++++++-------- spec/classes/mod/authnz_ldap_spec.rb | 8 ++++---- spec/classes/mod/passenger_spec.rb | 4 ++-- spec/classes/mod/php_spec.rb | 3 +-- spec/classes/mod/proxy_balancer_spec.rb | 2 -- spec/classes/mod/status_spec.rb | 10 +++++----- spec/defines/vhost_custom_spec.rb | 2 +- spec/defines/vhost_spec.rb | 1 - spec/functions/bool2httpd_spec.rb | 4 ++-- spec/spec_helper_local.rb | 2 +- spec/unit/apache_version_spec.rb | 12 +++++------- spec/unit/provider/a2mod/gentoo_spec.rb | 12 ++---------- 25 files changed, 64 insertions(+), 72 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 91ec5a148a..7e74cd50e3 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,2 +1,20 @@ Style/GlobalVars: Enabled: false +RSpec/InstanceVariable: + Enabled: false +RSpec/RepeatedExample: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +Style/CommentedKeyword: + Enabled: false +RSpec/NamedSubject: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/AnyInstance: + Enabled: false +RSpec/FilePath: + Enabled: false +RSpec/EmptyExampleGroup: + Enabled: false diff --git a/lib/puppet/parser/functions/apache_pw_hash.rb b/lib/puppet/parser/functions/apache_pw_hash.rb index 3ff8dee86e..eda0875e59 100644 --- a/lib/puppet/parser/functions/apache_pw_hash.rb +++ b/lib/puppet/parser/functions/apache_pw_hash.rb @@ -2,7 +2,6 @@ Puppet::Parser::Functions.newfunction(:apache_pw_hash, type: :rvalue, doc: <<-DOC Hashes a password in a format suitable for htpasswd files read by apache. - Currently uses SHA-hashes, because although this format is considered insecure, its the most secure format supported by the most platforms. DOC diff --git a/lib/puppet/parser/functions/bool2httpd.rb b/lib/puppet/parser/functions/bool2httpd.rb index 71516b970b..00e4993853 100644 --- a/lib/puppet/parser/functions/bool2httpd.rb +++ b/lib/puppet/parser/functions/bool2httpd.rb @@ -1,12 +1,9 @@ Puppet::Parser::Functions.newfunction(:bool2httpd, type: :rvalue, doc: <<-DOC Transform a supposed boolean to On or Off. Pass all other values through. Given a nil value (undef), bool2httpd will return 'Off' - Example: - $trace_enable = false $server_signature = 'mail' - bool2httpd($trace_enable) # => 'Off' bool2httpd($server_signature) diff --git a/lib/puppet/parser/functions/validate_apache_log_level.rb b/lib/puppet/parser/functions/validate_apache_log_level.rb index 1e9b3c2fef..bcbf8e7c7e 100644 --- a/lib/puppet/parser/functions/validate_apache_log_level.rb +++ b/lib/puppet/parser/functions/validate_apache_log_level.rb @@ -4,16 +4,12 @@ module Puppet::Parser::Functions Perform simple validation of a string against the list of known log levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel validate_apache_loglevel('info') - Modules maybe specified with their own levels like these: validate_apache_loglevel('warn ssl:info') validate_apache_loglevel('warn mod_ssl.c:info') validate_apache_loglevel('warn ssl_module:info') - Expected to be used from the main or vhost. - Might be used from directory too later as apaceh supports that - DOC ) do |args| if args.size != 1 diff --git a/lib/puppet/provider/a2mod/gentoo.rb b/lib/puppet/provider/a2mod/gentoo.rb index 4edc3d9d35..d4c0b6d612 100644 --- a/lib/puppet/provider/a2mod/gentoo.rb +++ b/lib/puppet/provider/a2mod/gentoo.rb @@ -51,9 +51,7 @@ def self.modules apache2_opts = records.grep(%r{^\s*APACHE2_OPTS=}).first # Extract all defines - while apache2_opts.sub!(%r{-D\s+(\w+)}, '') - @modules << Regexp.last_match(1).downcase - end + @modules << Regexp.last_match(1).downcase while apache2_opts.sub!(%r{-D\s+(\w+)}, '') # Hang on to any remaining options. if apache2_opts =~ %r{APACHE2_OPTS="(.+)"} diff --git a/lib/puppet/provider/a2mod/modfix.rb b/lib/puppet/provider/a2mod/modfix.rb index e5f6009532..59fdc9296a 100644 --- a/lib/puppet/provider/a2mod/modfix.rb +++ b/lib/puppet/provider/a2mod/modfix.rb @@ -1,6 +1,5 @@ Puppet::Type.type(:a2mod).provide :modfix do desc "Dummy provider for A2mod. - Fake nil resources when there is no crontab binary available. Allows puppetd to run on a bootstrapped machine before a Cron package has been installed. Workaround for: http://projects.puppetlabs.com/issues/2384 diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp index 96bdeafd50..84f216983e 100644 --- a/manifests/mod/passenger.pp +++ b/manifests/mod/passenger.pp @@ -410,7 +410,7 @@ fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ') } if (versioncmp($passenger_installed_version, '2.0.4') < 0) { - fail('Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported') + fail("Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported") } } if $passenger_user { diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 86fa06e63a..fecc097947 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -362,8 +362,9 @@ } } } + if $add_listen { - if $ip and defined(Apache::Listen["${port}"]) { + if $ip and defined(Apache::Listen[String($port)]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } if $listen_addr_port and $ensure == 'present' { diff --git a/spec/acceptance/mod_fcgid_spec.rb b/spec/acceptance/mod_fcgid_spec.rb index 751628bb8b..7924add854 100644 --- a/spec/acceptance/mod_fcgid_spec.rb +++ b/spec/acceptance/mod_fcgid_spec.rb @@ -44,7 +44,7 @@ class { 'apache::mod::fcgid': it { is_expected.to be_running } end - it 'answers to fcgid.example.com' do # rubocop:disable RSpec/MultipleExpectations + it 'answers to fcgid.example.com' do shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| expect(r.stdout).to match(%r{^Hello world$}) expect(r.exit_code).to eq(0) diff --git a/spec/acceptance/mod_pagespeed_spec.rb b/spec/acceptance/mod_pagespeed_spec.rb index a33d42c227..3b3cea3b70 100644 --- a/spec/acceptance/mod_pagespeed_spec.rb +++ b/spec/acceptance/mod_pagespeed_spec.rb @@ -49,7 +49,7 @@ class { 'apache::mod::pagespeed': it { is_expected.to contain 'ModPagespeedForbidFilters rewrite_javascript' } end - it 'answers to pagespeed.example.com and include and be stripped of comments by mod_pagespeed' do # rubocop:disable RSpec/MultipleExpectations + it 'answers to pagespeed.example.com and include and be stripped of comments by mod_pagespeed' do shell('/usr/bin/curl pagespeed.example.com:80') do |r| expect(r.stdout).to match(%r{head\/}) expect(r.stdout).not_to match(%r{}) diff --git a/spec/acceptance/mod_passenger_spec.rb b/spec/acceptance/mod_passenger_spec.rb index e3ecd28b36..5321454ccc 100644 --- a/spec/acceptance/mod_passenger_spec.rb +++ b/spec/acceptance/mod_passenger_spec.rb @@ -134,8 +134,6 @@ class { 'apache::mod::passenger': } describe file(conf_file) do it { is_expected.to contain %(PassengerRoot "#{passenger_root}") } - - # rubocop:disable RSpec/RepeatedExample case fact('operatingsystem') when 'Ubuntu' case fact('lsbdistrelease') diff --git a/spec/acceptance/mod_suphp_spec.rb b/spec/acceptance/mod_suphp_spec.rb index dc156a55d4..a2dd791f5a 100644 --- a/spec/acceptance/mod_suphp_spec.rb +++ b/spec/acceptance/mod_suphp_spec.rb @@ -37,7 +37,7 @@ class { 'apache::mod::suphp': } it { is_expected.to be_running } end - it 'answers to suphp.example.com #timeout' do # rubocop:disable RSpec/ExampleLength + it 'answers to suphp.example.com #timeout' do timeout = 0 loop do r = shell('curl suphp.example.com:80') diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 555a6ece63..e8e520072b 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -469,7 +469,7 @@ class { 'apache': } apply_manifest(pp, catch_failures: true) end - describe service($service_name) do # rubocop:disable RSpec/NestedGroups + describe service($service_name) do if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' pending 'Should be enabled - Bug 760616 on Debian 8' else @@ -533,7 +533,7 @@ class { 'apache': } apply_manifest(pp_one, catch_failures: true) end - describe service($service_name) do # rubocop:disable RSpec/NestedGroups + describe service($service_name) do if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' pending 'Should be enabled - Bug 760616 on Debian 8' else @@ -577,7 +577,7 @@ class { 'apache': } apply_manifest(pp_two, catch_failures: true) end - describe service($service_name) do # rubocop:disable RSpec/NestedGroups + describe service($service_name) do if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' pending 'Should be enabled - Bug 760616 on Debian 8' else @@ -657,7 +657,7 @@ class { 'apache': } apply_manifest(pp_two, catch_failures: true) end - describe service($service_name) do # rubocop:disable RSpec/NestedGroups + describe service($service_name) do if fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8' pending 'Should be enabled - Bug 760616 on Debian 8' else @@ -665,7 +665,7 @@ class { 'apache': } end it { is_expected.to be_running } - it 'answers to files.example.net' do # rubocop:disable RSpec/ExampleLength + it 'answers to files.example.net' do shell('/usr/bin/curl -sSf files.example.net:80/foo/index.html', acceptable_exit_codes: 22).stderr.should match(%r{curl: \(22\) The requested URL returned error: 401}) shell('/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html').stdout.should eq("Hello World\n") shell('/usr/bin/curl -sSf files.example.net:80/bar/index.html').stdout.should eq("Hello World\n") @@ -757,7 +757,7 @@ class { 'apache': } end context 'proxy_pass for alternative vhost' do - it 'configures a local vhost and a proxy vhost' do # rubocop:disable RSpec/ExampleLength + it 'configures a local vhost and a proxy vhost' do apply_manifest(%( class { 'apache': default_vhost => false, } apache::vhost { 'localhost': @@ -807,7 +807,7 @@ class { 'apache': default_vhost => false, } unless fact('operatingsystem') == 'SLES' && fact('operatingsystemmajorrelease') <= '10' context 'proxy_pass_match for alternative vhost' do - it 'configures a local vhost and a proxy vhost' do # rubocop:disable RSpec/ExampleLength + it 'configures a local vhost and a proxy vhost' do apply_manifest(%( class { 'apache': default_vhost => false, } apache::vhost { 'localhost': @@ -1517,7 +1517,7 @@ class { 'apache::mod::wsgi': } apply_manifest(pp, catch_failures: true) end - describe file("#{$vhost_dir}/25-test.server.conf") do # rubocop:disable RSpec/NestedGroups + describe file("#{$vhost_dir}/25-test.server.conf") do it { is_expected.to be_file } it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 5c341f8541..a0091554dc 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -69,13 +69,13 @@ dav env ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file', ) } - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', @@ -148,13 +148,13 @@ negotiation setenvif ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file', ) } - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', @@ -389,7 +389,7 @@ dav env ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load", ) @@ -412,7 +412,7 @@ negotiation setenvif ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load", ) @@ -784,7 +784,7 @@ dav env ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file', @@ -804,7 +804,7 @@ negotiation setenvif ].each do |modname| - it { # rubocop:disable RSpec/RepeatedExample + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file', diff --git a/spec/classes/mod/authnz_ldap_spec.rb b/spec/classes/mod/authnz_ldap_spec.rb index 22dfce0d15..9ca8cbef42 100644 --- a/spec/classes/mod/authnz_ldap_spec.rb +++ b/spec/classes/mod/authnz_ldap_spec.rb @@ -35,8 +35,8 @@ context 'verify_server_cert = wrong' do let(:params) { { verify_server_cert: 'wrong' } } - it 'raises an error' do # rubocop:disable RSpec/MultipleExpectations - expect { is_expected.to raise_error Puppet::Error } # rubocop:disable RSpec/VoidExpect + it 'raises an error' do + expect { is_expected.to raise_error Puppet::Error } end end end # Debian @@ -72,8 +72,8 @@ context 'verify_server_cert = wrong' do let(:params) { { verify_server_cert: 'wrong' } } - it 'raises an error' do # rubocop:disable RSpec/MultipleExpectations - expect { is_expected.to raise_error Puppet::Error } # rubocop:disable RSpec/VoidExpect + it 'raises an error' do + expect { is_expected.to raise_error Puppet::Error } end end end # Redhat diff --git a/spec/classes/mod/passenger_spec.rb b/spec/classes/mod/passenger_spec.rb index a666b1aadd..30d993eb08 100644 --- a/spec/classes/mod/passenger_spec.rb +++ b/spec/classes/mod/passenger_spec.rb @@ -460,14 +460,14 @@ } it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRoot}) } it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - describe "with passenger_root => '/usr/lib/example'" do # rubocop:disable RSpec/NestedGroups + describe "with passenger_root => '/usr/lib/example'" do let :params do { passenger_root: '/usr/lib/example' } end it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRoot "\/usr\/lib\/example"$}) } end - describe 'with passenger_ruby => /usr/lib/example/ruby' do # rubocop:disable RSpec/NestedGroups + describe 'with passenger_ruby => /usr/lib/example/ruby' do let :params do { passenger_ruby: '/usr/lib/example/ruby' } end diff --git a/spec/classes/mod/php_spec.rb b/spec/classes/mod/php_spec.rb index 704d51c501..f0eb3f1bd2 100644 --- a/spec/classes/mod/php_spec.rb +++ b/spec/classes/mod/php_spec.rb @@ -371,8 +371,7 @@ 'class { "apache": mpm_module => worker, }' end - it 'raises an error' do # rubocop:disable RSpec/MultipleExpectations - # rubocop:disable RSpec/NamedSubject + it 'raises an error' do expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, %r{mpm_module => 'prefork' or mpm_module => 'itk'} end end diff --git a/spec/classes/mod/proxy_balancer_spec.rb b/spec/classes/mod/proxy_balancer_spec.rb index 19568ffedd..88d8cf5ea7 100644 --- a/spec/classes/mod/proxy_balancer_spec.rb +++ b/spec/classes/mod/proxy_balancer_spec.rb @@ -62,8 +62,6 @@ def balancer_manager_conf_spec(allow_from, manager_path) it { is_expected.not_to contain_file('proxy_balancer.conf symlink') } end end - - # rubocop:disable RSpec/EmptyExampleGroup context "default configuration with custom parameters $manager => true, $allow_from => ['10.10.10.10','11.11.11.11'], $status_path => '/custom-manager' on a Debian OS" do let :facts do { diff --git a/spec/classes/mod/status_spec.rb b/spec/classes/mod/status_spec.rb index 05b081e82a..7f906b6e73 100644 --- a/spec/classes/mod/status_spec.rb +++ b/spec/classes/mod/status_spec.rb @@ -206,7 +206,7 @@ def status_conf_spec_require(requires, extended_status, status_path) end end - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do # rubocop:disable RSpec/EmptyExampleGroup + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do let :facts do { osfamily: 'Debian', @@ -249,7 +249,7 @@ def status_conf_spec_require(requires, extended_status, status_path) { allow_from: ['10.10.10.10'] } end - it 'expects to succeed array validation' do # rubocop:disable RSpec/MultipleExpectations + it 'expects to succeed array validation' do expect { is_expected.to contain_file('status.conf') }.not_to raise_error @@ -273,7 +273,7 @@ def status_conf_spec_require(requires, extended_status, status_path) { allow_from: '10.10.10.10' } end - it 'expects to fail array validation' do # rubocop:disable RSpec/MultipleExpectations + it 'expects to fail array validation' do expect { is_expected.to contain_file('status.conf') }.to raise_error(Puppet::Error) @@ -300,7 +300,7 @@ def status_conf_spec_require(requires, extended_status, status_path) { extended_status: valid_param } end - it 'expects to succeed regular expression validation' do # rubocop:disable RSpec/MultipleExpectations + it 'expects to succeed regular expression validation' do expect { is_expected.to contain_file('status.conf') }.not_to raise_error @@ -326,7 +326,7 @@ def status_conf_spec_require(requires, extended_status, status_path) { extended_status: invalid_param } end - it 'expects to fail regular expression validation' do # rubocop:disable RSpec/MultipleExpectations + it 'expects to fail regular expression validation' do expect { is_expected.to contain_file('status.conf') }.to raise_error(Puppet::Error) diff --git a/spec/defines/vhost_custom_spec.rb b/spec/defines/vhost_custom_spec.rb index 5da38f600b..9f7296a813 100644 --- a/spec/defines/vhost_custom_spec.rb +++ b/spec/defines/vhost_custom_spec.rb @@ -11,7 +11,7 @@ end describe 'os-dependent items' do - context 'on RedHat based systems' do # rubocop:disable RSpec/EmptyExampleGroup + context 'on RedHat based systems' do let :default_facts do { osfamily: 'RedHat', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 8edc95eece..ffc9773eb8 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -1824,7 +1824,6 @@ } end - # rubocop:disable RSpec/NestedGroups context 'status' do let(:params) { dparams.merge(redirectmatch_status: '404') } diff --git a/spec/functions/bool2httpd_spec.rb b/spec/functions/bool2httpd_spec.rb index a0a2b728f9..9d37d6b74d 100644 --- a/spec/functions/bool2httpd_spec.rb +++ b/spec/functions/bool2httpd_spec.rb @@ -6,11 +6,11 @@ it { is_expected.to run.with_params('1', '2').and_raise_error(ArgumentError) } it { is_expected.to run.with_params(true).and_return('On') } it 'expected to return a string "On"' do - expect(subject.execute(true)).to be_an_instance_of(String) # rubocop:disable RSpec/NamedSubject + expect(subject.execute(true)).to be_an_instance_of(String) end it { is_expected.to run.with_params(false).and_return('Off') } it 'expected to return a string "Off"' do - expect(subject.execute(false)).to be_an_instance_of(String) # rubocop:disable RSpec/NamedSubject + expect(subject.execute(false)).to be_an_instance_of(String) end it { is_expected.to run.with_params('mail').and_return('mail') } it { is_expected.to run.with_params(nil).and_return('Off') } diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index cac4ff779a..9c9cca461f 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -2,7 +2,7 @@ c.before :each do # Ensure that we don't accidentally cache facts and environment # between test cases. - Facter::Util::Loader.any_instance.stubs(:load_all) # rubocop:disable RSpec/AnyInstance + Facter::Util::Loader.any_instance.stubs(:load_all) Facter.clear Facter.clear_messages end diff --git a/spec/unit/apache_version_spec.rb b/spec/unit/apache_version_spec.rb index 1f348fd8a0..c2db7a2217 100644 --- a/spec/unit/apache_version_spec.rb +++ b/spec/unit/apache_version_spec.rb @@ -1,16 +1,14 @@ require 'spec_helper' -describe Facter::Util::Fact do # rubocop:disable RSpec/FilePath +describe Facter::Util::Fact do before(:each) do Facter.clear end - - # rubocop:disable RSpec/MessageSpies describe 'apache_version' do context 'with value' do before :each do - expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } # rubocop:disable RSpec/ExpectInHook - expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { # rubocop:disable RSpec/ExpectInHook + expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } + expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { 'Server version: Apache/2.4.16 (Unix) Server built: Jul 31 2015 15:53:26' } @@ -24,8 +22,8 @@ describe 'apache_version with empty OS' do context 'with value' do before :each do - expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } # rubocop:disable RSpec/ExpectInHook - expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { # rubocop:disable RSpec/ExpectInHook + expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } + expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { 'Server version: Apache/2.4.6 () Server built: Nov 21 2015 05:34:59' } diff --git a/spec/unit/provider/a2mod/gentoo_spec.rb b/spec/unit/provider/a2mod/gentoo_spec.rb index 96fbcae484..b157fa020c 100644 --- a/spec/unit/provider/a2mod/gentoo_spec.rb +++ b/spec/unit/provider/a2mod/gentoo_spec.rb @@ -12,21 +12,19 @@ expect(provider_class).to respond_to(method) end end - - # rubocop:disable RSpec/MessageSpies describe 'when fetching modules' do let(:filetype) do double end - it 'returns a sorted array of the defined parameters' do # rubocop:disable RSpec/MultipleExpectations + it 'returns a sorted array of the defined parameters' do expect(filetype).to receive(:read).and_return(%(APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n)) expect(provider_class).to receive(:filetype) { filetype } expect(provider_class.modules).to eq(%w[bar baz foo]) end - it 'caches the module list' do # rubocop:disable RSpec/MultipleExpectations + it 'caches the module list' do expect(filetype).to receive(:read).once { %(APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n) } # rubocop:disable Lint/AmbiguousBlockAssociation expect(provider_class).to receive(:filetype).once { filetype } # rubocop:disable Lint/AmbiguousBlockAssociation @@ -51,8 +49,6 @@ provider_class.prefetch('ssl' => resource) end end - - # rubocop:disable RSpec/InstanceVariable describe 'when flushing' do before :each do @filetype = double @@ -71,8 +67,6 @@ allow(@ssl).to receive(:[]).with(:name) { 'ssl' } allow(@ssl).to receive(:provider=) end - - # rubocop:disable RSpec/MultipleExpectations it 'adds modules whose ensure is present' do expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="") } expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="-D INFO")) @@ -82,8 +76,6 @@ provider_class.flush end - - # rubocop:disable RSpec/ExampleLength it 'removes modules whose ensure is present' do expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="-D INFO") } expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="")) From 3c4f123b2f8a467e99469425d38d74b9cbea221b Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Fri, 9 Mar 2018 16:56:51 +0000 Subject: [PATCH 8/9] Release Prep 3.1.0 --- CHANGELOG.md | 13 +++++++++++++ metadata.json | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f1f29b4da8..e2ff16ed7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## Supported Release [3.1.0] +### Summary +This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added. + +#### Added +- Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331)) +- Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String. +- Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String. + +#### Fixed +- Documentation updates. +- Updates to the Japanese translation based on documentation update. + ## Supported Release [3.0.0] ### Summary This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes. diff --git a/metadata.json b/metadata.json index c28f081c90..00f41e9117 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-apache", - "version": "3.0.0", + "version": "3.1.0", "author": "puppet", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", From de290646f97e04b4b8e42c70f6e01e860c394ce7 Mon Sep 17 00:00:00 2001 From: transifex-bot Date: Mon, 19 Mar 2018 11:00:40 -0700 Subject: [PATCH 9/9] Updating translations for readmes/README_ja_JP.md --- readmes/README_ja_JP.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/readmes/README_ja_JP.md b/readmes/README_ja_JP.md index 81a119259f..b8ac3f5913 100644 --- a/readmes/README_ja_JP.md +++ b/readmes/README_ja_JP.md @@ -1376,6 +1376,22 @@ HTTPDサービスの再起動にあたり、Puppetが特定のコマンドを使 デフォルト値: `undef`。 +##### `ssl_cert` + +特定の SSLCertificateFile を指定できるようになります。 + +詳細については、[SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile)を参照してください。 + +デフォルト値: `undef`。 + +##### `ssl_key` +特定の SSLCertificateKey を指定できるようになります。 + +詳細については、[SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile)を参照してください。 + +デフォルト値: `undef`。 + + ##### `ssl_ca` SSL証明書認証局を指定します。[SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)を使用してSSLクライアント認証で使用する証明書を確認します。 @@ -2727,6 +2743,8 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします - `ssl_cryptodevice`: デフォルト値: 'builtin' - `ssl_honorcipherorder`: デフォルト値: true - `ssl_openssl_conf_cmd`: デフォルト値: undef +- `ssl_cert`: デフォルト値: undef。 +- `ssl_key`: デフォルト値: undef。 - `ssl_options`: デフォルト値: ['StdEnvVars'] - `ssl_pass_phrase_dialog`: デフォルト値: 'builtin' - `ssl_protocol`: デフォルト値: ['all', '-SSLv2', '-SSLv3']。 @@ -2760,6 +2778,14 @@ Apacheモジュール`mod_rewrite`をインストールして有効にします デフォルト値: `undef`。 +* `ssl_cert` + + デフォルト値: `undef`。 + +* `ssl_key` + + デフォルト値: `undef`。 + * `ssl_options` デフォルト値: ['StdEnvVars']